diff --git a/.gitignore b/.gitignore index 0792920a8b..26986d60c1 100644 --- a/.gitignore +++ b/.gitignore @@ -41,6 +41,9 @@ massif-* # Generated documentation: /apidoc +# PSA Crypto compliance test repo, cloned by test_psa_compliance.py +/psa-arch-tests + # Editor navigation files: /GPATH /GRTAGS diff --git a/.travis.yml b/.travis.yml index 48faa4846c..39ae19c190 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,6 +14,8 @@ jobs: - graphviz - gcc-arm-none-eabi - libnewlib-arm-none-eabi + - gcc-arm-linux-gnueabi + - libc6-dev-armel-cross language: python # Needed to get pip for Python 3 python: 3.5 # version from Ubuntu 16.04 install: @@ -22,7 +24,7 @@ jobs: - tests/scripts/all.sh -k 'check_*' - tests/scripts/all.sh -k test_default_out_of_box - tests/scripts/all.sh -k test_ref_configs - - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus + - tests/scripts/all.sh -k build_arm_linux_gnueabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus - name: full configuration script: diff --git a/BRANCHES.md b/BRANCHES.md index a63f070341..60218b099a 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -62,7 +62,7 @@ had to break ABI compatibility in an LTS branch, but we occasionally had to increase code size for a security fix.) For contributors, see the [Backwards Compatibility section of -CONTRIBUTING](CONTRIBUTING.md#cackwords-compatibility). +CONTRIBUTING](CONTRIBUTING.md#backwards-compatibility). ## Current Branches diff --git a/CMakeLists.txt b/CMakeLists.txt index cf74af53c4..cd990abe88 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -46,6 +46,11 @@ option(ENABLE_PROGRAMS "Build mbed TLS programs." ON) option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF) option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON) +if(WIN32) + option(GEN_FILES "Generate the auto-generated files as needed" OFF) +else() + option(GEN_FILES "Generate the auto-generated files as needed" ON) +endif() string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}") string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}") @@ -135,6 +140,22 @@ function(link_to_source base_name) endif() endfunction(link_to_source) +# Get the filename without the final extension (i.e. convert "a.b.c" to "a.b") +function(get_name_without_last_ext dest_var full_name) + # Split into a list on '.' (but a cmake list is just a ';'-separated string) + string(REPLACE "." ";" ext_parts "${full_name}") + # Remove the last item if there are more than one + list(LENGTH ext_parts ext_parts_len) + if (${ext_parts_len} GREATER "1") + math(EXPR ext_parts_last_item "${ext_parts_len} - 1") + list(REMOVE_AT ext_parts ${ext_parts_last_item}) + endif() + # Convert back to a string by replacing separators with '.' + string(REPLACE ";" "." no_ext_name "${ext_parts}") + # Copy into the desired variable + set(${dest_var} ${no_ext_name} PARENT_SCOPE) +endfunction(get_name_without_last_ext) + string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}") include(CheckCCompilerFlag) @@ -330,7 +351,7 @@ install( DESTINATION "cmake" FILE "MbedTLSTargets.cmake") -if(CMAKE_VERSION VERSION_GREATER 3.14) +if(CMAKE_VERSION VERSION_GREATER 3.15 OR CMAKE_VERSION VERSION_EQUAL 3.15) # Do not export the package by default cmake_policy(SET CMP0090 NEW) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b3a9547a51..dcaa3603b9 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -52,8 +52,7 @@ It would be highly appreciated if contributions are backported to LTS branches i The list of maintained branches can be found in the [Current Branches section of BRANCHES.md](BRANCHES.md#current-branches). -Currently maintained LTS branches are: -1. [mbedtls-2.7](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.7) +The only currently maintained LTS branch is: 1. [mbedtls-2.16](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.16) diff --git a/ChangeLog.d/add_psa_m_aead.txt b/ChangeLog.d/add_psa_m_aead.txt new file mode 100644 index 0000000000..fa4e7ac61b --- /dev/null +++ b/ChangeLog.d/add_psa_m_aead.txt @@ -0,0 +1,3 @@ +Features + * Implement the PSA multipart AEAD interface, currently supporting + ChaChaPoly and GCM. diff --git a/ChangeLog.d/base64-ranges.txt b/ChangeLog.d/base64-ranges.txt new file mode 100644 index 0000000000..e3f3862bfb --- /dev/null +++ b/ChangeLog.d/base64-ranges.txt @@ -0,0 +1,4 @@ +Changes + * Improve the performance of base64 constant-flow code. The result is still + slower than the original non-constant-flow implementation, but much faster + than the previous constant-flow implementation. Fixes #4814. diff --git a/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt b/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt new file mode 100644 index 0000000000..c04c4aa182 --- /dev/null +++ b/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix a bug in mbedtls_gcm_starts() when bits of iv are longer than 2^32. + * Fix #4884. + diff --git a/ChangeLog.d/ccm_star_no_tag.txt b/ChangeLog.d/ccm_star_no_tag.txt new file mode 100644 index 0000000000..dbd25d1eec --- /dev/null +++ b/ChangeLog.d/ccm_star_no_tag.txt @@ -0,0 +1,10 @@ +Changes + * Ignore plaintext/ciphertext lengths for CCM*-no-tag operations. + For CCM* encryption/decryption without authentication, input + length will be ignored. + +Features + * Add support for CCM*-no-tag cipher to the PSA. + Currently only 13-byte long IV's are supported. + For decryption a minimum of 16-byte long input is expected. + These restrictions may be subject to change. diff --git a/ChangeLog.d/chacha20-poly1305-invalid-nonce.txt b/ChangeLog.d/chacha20-poly1305-invalid-nonce.txt new file mode 100644 index 0000000000..ca3f9aceea --- /dev/null +++ b/ChangeLog.d/chacha20-poly1305-invalid-nonce.txt @@ -0,0 +1,3 @@ +Changes + * Indicate in the error returned if the nonce length used with + ChaCha20-Poly1305 is invalid, and not just unsupported. diff --git a/ChangeLog.d/check-return.txt b/ChangeLog.d/check-return.txt new file mode 100644 index 0000000000..045b1805ec --- /dev/null +++ b/ChangeLog.d/check-return.txt @@ -0,0 +1,17 @@ +Bugfix + * Failures of alternative implementations of AES or DES single-block + functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT, + MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored. + This does not concern the implementation provided with Mbed TLS, + where this function cannot fail, or full-module replacements with + MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092. + +Features + * Warn if errors from certain functions are ignored. This is currently + supported on GCC-like compilers and on MSVC and can be configured through + the macro MBEDTLS_CHECK_RETURN. The warnings are always enabled + (where supported) for critical functions where ignoring the return + value is almost always a bug. Enable the new configuration option + MBEDTLS_CHECK_RETURN_WARNING to get warnings for other functions. This + is currently implemented in the AES and DES modules, and will be extended + to other modules in the future. diff --git a/ChangeLog.d/chunked_ccm.txt b/ChangeLog.d/chunked_ccm.txt new file mode 100644 index 0000000000..67faecca5e --- /dev/null +++ b/ChangeLog.d/chunked_ccm.txt @@ -0,0 +1,8 @@ +Changes + * Implement multi-part CCM API. + The multi-part functions: mbedtls_ccm_starts(), mbedtls_ccm_set_lengths(), + mbedtls_ccm_update_ad(), mbedtls_ccm_update(), mbedtls_ccm_finish() + were introduced in mbedTLS 3.0 release, however their implementation was + postponed until now. + Implemented functions support chunked data input for both CCM and CCM* + algorithms. diff --git a/ChangeLog.d/do-not-use-obsolete-header.txt b/ChangeLog.d/do-not-use-obsolete-header.txt new file mode 100644 index 0000000000..9a57ef16b2 --- /dev/null +++ b/ChangeLog.d/do-not-use-obsolete-header.txt @@ -0,0 +1,5 @@ +Bugfix + * Don't use the obsolete header path sys/fcntl.h in unit tests. + These header files cause compilation errors in musl. + Fixes #4969. + diff --git a/ChangeLog.d/fix-mbedtls_cipher_crypt-aes-ecb.txt b/ChangeLog.d/fix-mbedtls_cipher_crypt-aes-ecb.txt new file mode 100644 index 0000000000..6dc47244fe --- /dev/null +++ b/ChangeLog.d/fix-mbedtls_cipher_crypt-aes-ecb.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix mbedtls_cipher_crypt: AES-ECB when MBEDTLS_USE_PSA_CRYPTO is enabled. diff --git a/ChangeLog.d/fix-needed-shared-libraries-linux.txt b/ChangeLog.d/fix-needed-shared-libraries-linux.txt new file mode 100644 index 0000000000..74ad3bc753 --- /dev/null +++ b/ChangeLog.d/fix-needed-shared-libraries-linux.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries + not to list other shared libraries they need. diff --git a/ChangeLog.d/fix-psa_gen_key-status.txt b/ChangeLog.d/fix-psa_gen_key-status.txt new file mode 100644 index 0000000000..78609882f9 --- /dev/null +++ b/ChangeLog.d/fix-psa_gen_key-status.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix the error returned by psa_generate_key() for a public key. Fixes #4551. diff --git a/ChangeLog.d/issue5065.txt b/ChangeLog.d/issue5065.txt new file mode 100644 index 0000000000..943ee47d91 --- /dev/null +++ b/ChangeLog.d/issue5065.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix compile-time or run-time errors in PSA + AEAD functions when ChachaPoly is disabled. Fixes #5065. diff --git a/ChangeLog.d/muladdc-memory.txt b/ChangeLog.d/muladdc-memory.txt new file mode 100644 index 0000000000..218be5a605 --- /dev/null +++ b/ChangeLog.d/muladdc-memory.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix missing constraints on x86_64 and aarch64 assembly code + for bignum multiplication that broke some bignum operations with + (at least) Clang 12. + Fixes #4116, #4786, #4917, #4962. diff --git a/ChangeLog.d/no-strerror.txt b/ChangeLog.d/no-strerror.txt new file mode 100644 index 0000000000..69743a8715 --- /dev/null +++ b/ChangeLog.d/no-strerror.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor + MBEDTLS_ERROR_STRERROR_DUMMY is enabled. diff --git a/ChangeLog.d/psa_alg_rsa_pss.txt b/ChangeLog.d/psa_alg_rsa_pss.txt new file mode 100644 index 0000000000..5c6048fe6c --- /dev/null +++ b/ChangeLog.d/psa_alg_rsa_pss.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length. + This algorithm now accepts only the same salt length for verification + that it produces when signing, as documented. Use the new algorithm + PSA_ALG_RSA_PSS_ANY_SALT to accept any salt length. Fixes #4946. diff --git a/ChangeLog.d/psa_cipher_update_ecp.txt b/ChangeLog.d/psa_cipher_update_ecp.txt new file mode 100644 index 0000000000..1c3fbc6b18 --- /dev/null +++ b/ChangeLog.d/psa_cipher_update_ecp.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix a parameter set but unused in psa_crypto_cipher.c. Fixes #4935. diff --git a/ChangeLog.d/psa_crypto_api_macros.txt b/ChangeLog.d/psa_crypto_api_macros.txt new file mode 100644 index 0000000000..ff53e33c2d --- /dev/null +++ b/ChangeLog.d/psa_crypto_api_macros.txt @@ -0,0 +1,11 @@ +Features + * Add missing PSA macros declared by PSA Crypto API 1.0.0: + PSA_ALG_IS_SIGN_HASH, PSA_ALG_NONE, PSA_HASH_BLOCK_LENGTH, PSA_KEY_ID_NULL. + +Bugfix + * The existing predicate macro name PSA_ALG_IS_HASH_AND_SIGN is now reserved + for algorithm values that fully encode the hashing step, as per the PSA + Crypto API specification. This excludes PSA_ALG_RSA_PKCS1V15_SIGN_RAW and + PSA_ALG_ECDSA_ANY. The new predicate macro PSA_ALG_IS_SIGN_HASH covers + all algorithms that can be used with psa_{sign,verify}_hash(), including + these two. diff --git a/ChangeLog.d/psa_gcm_buffer_limitation.txt b/ChangeLog.d/psa_gcm_buffer_limitation.txt new file mode 100644 index 0000000000..0c07e24154 --- /dev/null +++ b/ChangeLog.d/psa_gcm_buffer_limitation.txt @@ -0,0 +1,16 @@ +Bugfix + * Remove PSA'a AEAD finish/verify output buffer limitation for GCM. + The requirement of minimum 15 bytes for output buffer in + psa_aead_finish() and psa_aead_verify() does not apply to the built-in + implementation of GCM. + * Move GCM's update output buffer length verification from PSA AEAD to + the built-in implementation of the GCM. + The requirement for output buffer size to be equal or greater then + input buffer size is valid only for the built-in implementation of GCM. + Alternative GCM implementations can process whole blocks only. + +API changes + * New error code for GCM: MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL. + Alternative GCM implementations are expected to verify + the length of the provided output buffers and to return the + MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the buffer length is too small. diff --git a/ChangeLog.d/remove-greentea-support.txt b/ChangeLog.d/remove-greentea-support.txt new file mode 100644 index 0000000000..af4df4baa1 --- /dev/null +++ b/ChangeLog.d/remove-greentea-support.txt @@ -0,0 +1,3 @@ +Removals + * Remove the partial support for running unit tests via Greentea on Mbed OS, + which had been unmaintained since 2018. diff --git a/ChangeLog.d/remove-ssl-export-keys.txt b/ChangeLog.d/remove-ssl-export-keys.txt new file mode 100644 index 0000000000..1a4b31dcaa --- /dev/null +++ b/ChangeLog.d/remove-ssl-export-keys.txt @@ -0,0 +1,5 @@ +Changes + * Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on and increasing the + code size by about 80B on an M0 build. This option only gated an ability + to set a callback, but was deemed unnecessary as it was yet another define + to remember when writing tests, or test configurations. Fixes #4653. diff --git a/ChangeLog.d/tls_ext_cid-config.txt b/ChangeLog.d/tls_ext_cid-config.txt new file mode 100644 index 0000000000..b7b1e72443 --- /dev/null +++ b/ChangeLog.d/tls_ext_cid-config.txt @@ -0,0 +1,3 @@ +Features + * The identifier of the CID TLS extension can be configured by defining + MBEDTLS_TLS_EXT_CID at compile time. diff --git a/README.md b/README.md index b80ee115aa..c8d94500e2 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ There are currently three active build systems used within Mbed TLS releases: The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically. -The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using dlopen(), you'll need to load libmbedcrypto first, then libmbedx509, before you can load libmbedtls. +The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. ### Tool versions @@ -67,6 +67,7 @@ If you are cross-compiling, you must set the `CC` environment variable to a C co Any of the following methods are available to generate the configuration-independent files: * If not cross-compiling, running `make` with any target, or just `make`, will automatically generate required files. +* On non-Windows systems, when not cross-compiling, CMake will generate the required files automatically. * Run `make generated_files` to generate all the configuration-independent files. * On Unix/POSIX systems, run `tests/scripts/check-generated-files.sh -u` to generate all the configuration-independent files. * On Windows, run `scripts\make_generated_files.bat` to generate all the configuration-independent files. @@ -298,3 +299,10 @@ Contributing ------------ We gratefully accept bug reports and contributions from the community. Please see the [contributing guidelines](CONTRIBUTING.md) for details on how to do this. + +Contact +------- + +* To report a security vulnerability in Mbed TLS, please email . For more information, see [`SECURITY.md`](SECURITY.md). +* To report a bug or request a feature in Mbed TLS, please [file an issue on GitHub](https://github.com/ARMmbed/mbedtls/issues/new/choose). +* Please see [`SUPPORT.md`](SUPPORT.md) for other channels for discussion and support about Mbed TLS. diff --git a/configs/config-thread.h b/configs/config-thread.h index be889a1874..36d8245106 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -45,7 +45,6 @@ #define MBEDTLS_SSL_PROTO_DTLS #define MBEDTLS_SSL_DTLS_ANTI_REPLAY #define MBEDTLS_SSL_DTLS_HELLO_VERIFY -#define MBEDTLS_SSL_EXPORT_KEYS /* mbed TLS modules */ #define MBEDTLS_AES_C diff --git a/docs/.gitignore b/docs/.gitignore index 33ae5acf64..23f832b734 100644 --- a/docs/.gitignore +++ b/docs/.gitignore @@ -1,3 +1,2 @@ *.html *.pdf -!PSACryptoDriverModelSpec.pdf diff --git a/docs/PSACryptoDriverModelSpec.pdf b/docs/PSACryptoDriverModelSpec.pdf deleted file mode 100644 index cf11380e84..0000000000 Binary files a/docs/PSACryptoDriverModelSpec.pdf and /dev/null differ diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md index 0009c68180..88d0b73ddc 100644 --- a/docs/architecture/tls13-experimental.md +++ b/docs/architecture/tls13-experimental.md @@ -66,3 +66,342 @@ together with their level of testing: as part of `MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL`: - Reader ([`library/mps_reader.h`](../../library/mps_reader.h)) + + +MVP definition +-------------- + +- Overview + + - The TLS 1.3 MVP implements only the client side of the protocol. + + - The TLS 1.3 MVP supports ECDHE key establishment. + + - The TLS 1.3 MVP does not support DHE key establishment. + + - The TLS 1.3 MVP does not support pre-shared keys, including any form of + session resumption. This implies that it does not support sending early + data (0-RTT data). + + - The TLS 1.3 MVP supports the authentication of the server by the client + but does not support authentication of the client by the server. In terms + of TLS 1.3 authentication messages, this means that the TLS 1.3 MVP + supports the processing of the Certificate and CertificateVerify messages + but not of the CertificateRequest message. + + - The TLS 1.3 MVP does not support the handling of server HelloRetryRequest + message. In practice, this means that the handshake will fail if the MVP + does not provide in its ClientHello the shared secret associated to the + group selected by the server for key establishement. For more information, + see the comment associated to the `key_share` extension below. + + - If the TLS 1.3 MVP receives a HelloRetryRequest or a CertificateRequest + message, it aborts the handshake with an handshake_failure closure alert + and the `mbedtls_ssl_handshake()` returns in error with the + `MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE` error code. + +- Supported cipher suites: depends on the library configuration. Potentially + all of them: + TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, + TLS_AES_128_CCM_SHA256 and TLS_AES_128_CCM_8_SHA256. + +- Supported ClientHello extensions: + + | Extension | MVP | Prototype (1) | + | ---------------------------- | ------- | ------------- | + | server_name | YES | YES | + | max_fragment_length | no | YES | + | status_request | no | no | + | supported_groups | YES | YES | + | signature_algorithms | YES | YES | + | use_srtp | no | no | + | heartbeat | no | no | + | apln | no | YES | + | signed_certificate_timestamp | no | no | + | client_certificate_type | no | no | + | server_certificate_type | no | no | + | padding | no | no | + | key_share | YES (2) | YES | + | pre_shared_key | no | YES | + | psk_key_exchange_modes | no | YES | + | early_data | no | YES | + | cookie | no | YES | + | supported_versions | YES (3) | YES | + | certificate_authorities | no | no | + | post_handshake_auth | no | no | + | signature_algorithms_cert | no | no | + + (1) This is just for comparison. + + (2) The MVP sends one shared secret corresponding to the configured preferred + group. The preferred group is the group of the first curve in the list of + allowed curves as defined by the configuration. The allowed curves are + by default ordered as follow: `secp256r1`, `x25519`, `secp384r1` + and finally `secp521r1`. This default order is aligned with the + list of mandatory-to-implement groups (in absence of an application + profile standard specifying otherwise) defined in section 9.1 of the + specification. The list of allowed curves can be changed through the + `mbedtls_ssl_conf_curves()` API. + + (3) The MVP proposes only TLS 1.3 and does not support version negociation. + Out-of-protocol fallback is supported though if the Mbed TLS library + has been built to support both TLS 1.3 and TLS 1.2: just set the + maximum of the minor version of the SSL configuration to + MBEDTLS_SSL_MINOR_VERSION_3 (`mbedtls_ssl_conf_min_version()` API) and + re-initiate a server handshake. + +- Supported groups: depends on the library configuration. + Potentially all ECDHE groups but x448: + secp256r1, x25519, secp384r1 and secp521r1. + + Finite field groups (DHE) are not supported. + +- Supported signature algorithms (both for certificates and CertificateVerify): + depends on the library configuration. + Potentially: + rsa_pkcs1_sha256, rsa_pss_rsae_sha256, ecdsa_secp256r1_sha256, + ecdsa_secp384r1_sha384 and ecdsa_secp521r1_sha512. + + Note that in absence of an application profile standard specifying otherwise + the three first ones in the list above are mandatory (see section 9.1 of the + specification). + +- Supported versions: only TLS 1.3, version negotiation is not supported. + +- Compatibility with existing SSL/TLS build options: + + The TLS 1.3 MVP is compatible with all TLS 1.2 configuration options in the + sense that when enabling the TLS 1.3 MVP in the library there is no need to + modify the configuration for TLS 1.2. Mbed TLS SSL/TLS related features are + not supported or not applicable to the TLS 1.3 MVP: + + | Mbed TLS configuration option | Support | + | ---------------------------------------- | ------- | + | MBEDTLS_SSL_ALL_ALERT_MESSAGES | no | + | MBEDTLS_SSL_ASYNC_PRIVATE | no | + | MBEDTLS_SSL_CONTEXT_SERIALIZATION | no | + | MBEDTLS_SSL_DEBUG_ALL | no | + | MBEDTLS_SSL_ENCRYPT_THEN_MAC | n/a | + | MBEDTLS_SSL_EXTENDED_MASTER_SECRET | n/a | + | MBEDTLS_SSL_KEEP_PEER_CERTIFICATE | no | + | MBEDTLS_SSL_RENEGOTIATION | n/a | + | MBEDTLS_SSL_MAX_FRAGMENT_LENGTH | no | + | | | + | MBEDTLS_SSL_SESSION_TICKETS | no | + | MBEDTLS_SSL_EXPORT_KEYS | no (1) | + | MBEDTLS_SSL_SERVER_NAME_INDICATION | no | + | MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH | no | + | | | + | MBEDTLS_ECP_RESTARTABLE | no | + | MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED | no | + | | | + | MBEDTLS_KEY_EXCHANGE_PSK_ENABLED | n/a (2) | + | MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED | n/a | + | MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED | n/a | + | MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED | n/a | + | MBEDTLS_KEY_EXCHANGE_RSA_ENABLED | n/a | + | MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED | n/a | + | MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED | n/a | + | MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED | n/a | + | MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED | n/a | + | MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED | n/a | + | MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED | n/a | + | | | + | MBEDTLS_USE_PSA_CRYPTO | no | + + (1) Some support has already been upstreamed but it is incomplete. + (2) Key exchange configuration options for TLS 1.3 will likely to be + organized around the notion of key exchange mode along the line + of the MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_NONE/PSK/PSK_EPHEMERAL/EPHEMERAL + runtime configuration macros. + +- Quality considerations + - Standard Mbed TLS review bar + - Interoperability testing with OpenSSL and GnuTLS. Test with all the + cipher suites and signature algorithms supported by OpenSSL/GnuTLS server. + - Negative testing against OpenSSL/GnuTLS servers with which the + handshake fails due to incompatibility with the capabilities of the + MVP: TLS 1.2 or 1.1 server, server sending an HelloRetryRequest message in + response to the MVP ClientHello, server sending a CertificateRequest + message ... + +Coding rules checklist for TLS 1.3 +---------------------------------- + +The following coding rules are aimed to be a checklist for TLS 1.3 upstreaming +work to reduce review rounds and the number of comments in each round. They +come along (do NOT replace) the project coding rules +(https://tls.mbed.org/kb/development/mbedtls-coding-standards). They have been +established and discussed following the review of #4882 that was the +PR upstreaming the first part of TLS 1.3 ClientHello writing code. + +TLS 1.3 specific coding rules: + + - TLS 1.3 specific C modules, headers, static functions names are prefixed + with `ssl_tls13_`. The same applies to structures and types that are + internal to C modules. + + - TLS 1.3 specific exported functions, structures and types are + prefixed with `mbedtls_ssl_tls13_`. + + - Use TLS1_3 in TLS 1.3 specific macros. + + - The names of macros and variables related to a field or structure in the + TLS 1.3 specification should contain as far as possible the field name as + it is in the specification. If the field name is "too long" and we prefer + to introduce some kind of abbreviation of it, use the same abbreviation + everywhere in the code. + + Example 1: #define CLIENT_HELLO_RANDOM_LEN 32, macro for the length of the + `random` field of the ClientHello message. + + Example 2 (consistent abbreviation): `mbedtls_ssl_tls13_write_sig_alg_ext()` + and `MBEDTLS_TLS_EXT_SIG_ALG`, `sig_alg` standing for + `signature_algorithms`. + + - Regarding vectors that are represented by a length followed by their value + in the data exchanged between servers and clients: + + - Use `_len` for the name of a variable used to compute the + length in bytes of the vector, where is the name of the + vector as defined in the TLS 1.3 specification. + + - Use `p__len` for the name of a variable intended to hold + the address of the first byte of the vector length. + + - Use `` for the name of a variable intended to hold the + address of the first byte of the vector value. + + - Use `_end` for the name of a variable intended to hold + the address of the first byte past the vector value. + + Those idioms should lower the risk of mis-using one of the address in place + of another one which could potentially lead to some nasty issues. + + Example: `cipher_suites` vector of ClientHello in + `ssl_tls13_write_client_hello_cipher_suites()` + ``` + size_t cipher_suites_len; + unsigned char *p_cipher_suites_len; + unsigned char *cipher_suites; + ``` + + - Where applicable, use: + - the macros to extract a byte from a multi-byte integer MBEDTLS_BYTE_{0-8}. + - the macros to write in memory in big-endian order a multi-byte integer + MBEDTLS_PUT_UINT{8|16|32|64}_BE. + - the macros to read from memory a multi-byte integer in big-endian order + MBEDTLS_GET_UINT{8|16|32|64}_BE. + - the macro to check for space when writing into an output buffer + `MBEDTLS_SSL_CHK_BUF_PTR`. + - the macro to check for data when reading from an input buffer + `MBEDTLS_SSL_CHK_BUF_READ_PTR`. + + These macros were introduced after the prototype was written thus are + likely not to be used in prototype where we now would use them in + development. + + The three first types, MBEDTLS_BYTE_{0-8}, MBEDTLS_PUT_UINT{8|16|32|64}_BE + and MBEDTLS_GET_UINT{8|16|32|64}_BE improve the readability of the code and + reduce the risk of writing or reading bytes in the wrong order. + + The two last types, `MBEDTLS_SSL_CHK_BUF_PTR` and + `MBEDTLS_SSL_CHK_BUF_READ_PTR`, improve the readability of the code and + reduce the risk of error in the non-completely-trivial arithmetic to + check that we do not write or read past the end of a data buffer. The + usage of those macros combined with the following rule mitigate the risk + to read/write past the end of a data buffer. + + Examples: + ``` + hs_hdr[1] = MBEDTLS_BYTE_2( total_hs_len ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0 ); + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 ); + ``` + + - To mitigate what happened here + (https://github.com/ARMmbed/mbedtls/pull/4882#discussion_r701704527) from + happening again, use always a local variable named `p` for the reading + pointer in functions parsing TLS 1.3 data, and for the writing pointer in + functions writing data into an output buffer and only that variable. The + name `p` has been chosen as it was already widely used in TLS code. + + - When an TLS 1.3 structure is written or read by a function or as part of + a function, provide as documentation the definition of the structure as + it is in the TLS 1.3 specification. + +General coding rules: + + - We prefer grouping "related statement lines" by not adding blank lines + between them. + + Example 1: + ``` + ret = ssl_tls13_write_client_hello_cipher_suites( ssl, buf, end, &output_len ); + if( ret != 0 ) + return( ret ); + buf += output_len; + ``` + + Example 2: + ``` + MBEDTLS_SSL_CHK_BUF_PTR( cipher_suites_iter, end, 2 ); + MBEDTLS_PUT_UINT16_BE( cipher_suite, cipher_suites_iter, 0 ); + cipher_suites_iter += 2; + ``` + + - Use macros for constants that are used in different functions, different + places in the code. When a constant is used only locally in a function + (like the length in bytes of the vector lengths in functions reading and + writing TLS handshake message) there is no need to define a macro for it. + + Example: `#define CLIENT_HELLO_RANDOM_LEN 32` + + - When declaring a pointer the dereferencing operator should be prepended to + the pointer name not appended to the pointer type: + + Example: `mbedtls_ssl_context *ssl;` + + - Maximum line length is 80 characters. + + Exceptions: + + - string literals can extend beyond 80 characters as we do not want to + split them to ease their search in the code base. + + - A line can be more than 80 characters by a few characters if just looking + at the 80 first characters is enough to fully understand the line. For + example it is generally fine if some closure characters like ";" or ")" + are beyond the 80 characters limit. + + If a line becomes too long due to a refactoring (for example renaming a + function to a longer name, or indenting a block more), avoid rewrapping + lines in the same commit: it makes the review harder. Make one commit with + the longer lines and another commit with just the rewrapping. + + - When in successive lines, functions and macros parameters should be aligned + vertically. + + Example: + ``` + int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, + unsigned hs_type, + unsigned char **buf, + size_t *buf_len ); + ``` + + - When a function's parameters span several lines, group related parameters + together if possible. + + For example, prefer: + + ``` + mbedtls_ssl_tls13_start_handshake_msg( ssl, hs_type, + buf, buf_len ); + ``` + over + ``` + mbedtls_ssl_tls13_start_handshake_msg( ssl, hs_type, buf, + buf_len ); + ``` + even if it fits. diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md new file mode 100644 index 0000000000..6ec2dcaa1b --- /dev/null +++ b/docs/use-psa-crypto.md @@ -0,0 +1,204 @@ +This document describes the compile-time configuration option +`MBEDTLS_USE_PSA_CRYPTO` from a user's perspective, more specifically its +current effects as well as the parts that aren't covered yet. + +Current effects +=============== + +General limitations +------------------- + +Compile-time: enabling `MBEDTLS_USE_PSA_CRYPTO` requires +`MBEDTLS_ECP_RESTARTABLE` and +`MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER` to be disabled. + +Effect: `MBEDTLS_USE_PSA_CRYPTO` currently has no effect on TLS 1.3 (which is +itself experimental and only partially supported so far): TLS 1.3 always uses +the legacy APIs even when this option is set. + +Stability: any API that's only available when `MBEDTLS_USE_PSA_CRYPTO` is +defined is considered experimental and may change in incompatible ways at any +time. Said otherwise, these APIs are explicitly excluded from the usual API +stability promises. + +New APIs / API extensions +------------------------- + +Some of these APIs are meant for the application to use in place of +pre-existing APIs, in order to get access to the benefits; in the sub-sections +below these are indicated by "Use in (X.509 and) TLS: opt-in", meaning that +this requires changes to the application code for the (X.509 and) TLS layers +to pick up the improvements. + +Some of these APIs are mostly meant for internal use by the TLS (and X.509) +layers; they are indicated below by "Use in (X.509 and) TLS: automatic", +meaning that no changes to the application code are required for the TLS (and +X.509) layers to pick up the improvements. + +### PSA-held (opaque) keys in the PK layer + +There is a new API function `mbedtls_pk_setup_opaque()` that can be used to +wrap a PSA keypair into a PK context. The key can be used for private-key +operations and its public part can be exported. + +Benefits: isolation of long-term secrets, use of PSA Crypto drivers. + +Limitations: only for private keys, only ECC. (That is, only ECDSA signature +generation. Note: currently this will use randomized ECDSA while Mbed TLS uses +deterministic ECDSA by default.) The following operations are not supported +with a context set this way, while they would be available with a normal +`ECKEY` context: `mbedtls_pk_verify()`, `mbedtls_pk_check_pair()`, +`mbedtls_pk_debug()`. + +Use in X.509 and TLS: opt-in. The application needs to construct the PK context +using the new API in order to get the benefits; it can then pass the +resulting context to the following existing APIs: + +- `mbedtls_ssl_conf_own_cert()` or `mbedtls_ssl_set_hs_own_cert()` to use the + key together with a certificate for ECDSA-based key exchanges (note: while +this is supported on both sides, it's currently only tested client-side); +- `mbedtls_x509write_csr_set_key()` to generate a CSR (certificate signature + request). + +In the TLS and X.509 API, there are two other functions which accept a key or +keypair as a PK context: `mbedtls_x509write_crt_set_subject_key()` and +`mbedtls_x509write_crt_set_issuer_key()`. Use of opaque contexts here probably +works but is so far untested. + +### PSA-held (opaque) keys for TLS pre-shared keys (PSK) + +There are two new API functions `mbedtls_ssl_conf_psk_opaque()` and +`mbedtls_ssl_set_hs_psk_opaque()`. Call one of these from an application to +register a PSA key for use with a PSK key exchange. + +Benefits: isolation of long-term secrets. + +Limitations: the key can only be used with "pure" +PSK key exchanges (ciphersuites starting with `TLS_PSK_WITH_`), to the +exclusion of RSA-PSK, DHE-PSK and ECDHE-PSK key exchanges. It is the responsibility of +the user to make sure that when provisioning an opaque pre-shared key, the +only PSK ciphersuites that can be negotiated are "pure" PSK; other XXX-PSK key +exchanges will result in a handshake failure with the handshake function +returning `MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE`. + +Use in TLS: opt-in. The application needs to register the key using the new +APIs to get the benefits. + +### PSA-based operations in the Cipher layer + +There is a new API function `mbedtls_cipher_setup_psa()` to set up a context +that will call PSA to store the key and perform the operations. + +Benefits: use of PSA Crypto drivers; partial isolation of short-term secrets +(still generated outside of PSA, but then held by PSA). + +Limitations: the key is still passed in the clear by the application. The +multi-part APIs are not supported, only the one-shot APIs. The only modes +supported are ECB, CBC without padding, GCM and CCM (this excludes stream +ciphers and ChachaPoly); the only cipher supported is AES (this excludes Aria, +Camellia, and ChachaPoly). (Note: ECB is currently not tested.) (Note: it is +possible to perform multiple one-shot operations with the same context; +however this is not unit-tested, only tested via usage in TLS.) + +Use in TLS: automatic. Used when the cipher and mode is supported (with +gracious fallback to the legacy API otherwise) in all places where a cipher is +used. There are two such places: in `ssl_tls.c` for record protection, and in +`ssl_ticket.c` for protecting tickets we issue. + +Internal changes +---------------- + +All of these internal changes are active as soon as `MBEDTLS_USE_PSA_CRYPTO` +is enabled, no change required on the application side. + +### TLS: cipher operations based on PSA + +See "PSA-based operations in the Cipher layer" above. + +### PK layer: ECDSA verification based on PSA + +Scope: `mbedtls_pk_verify()` will call to PSA for ECDSA signature +verification. + +Benefits: use of PSA Crypto drivers. + +Use in TLS and X.509: in all places where an ECDSA signature is verified. + +### TLS: ECDHE computation based on PSA + +Scope: Client-side, for ECDHE-RSA and ECDHE-ECDSA key exchanges, the +computation of the ECDHE key exchange is done by PSA. + +Limitations: client-side only, ECDHE-PSK not covered + +Benefits: use of PSA Crypto drivers. + +### TLS: handshake hashes and PRF computed with PSA + +Scope: with TLS 1.2, the following are computed with PSA: +- the running handshake hashes; +- the hash of the ServerKeyExchange part that is signed; +- the `verify_data` part of the Finished message; +- the TLS PRF. + +Benefits: use of PSA Crypto drivers. + +### X.509: some hashes computed with PSA + +Scope: the following hashes are computed with PSA: +- when verifying a certificate chain, hash of the child for verifying the + parent's signature; +- when writing a CSR, hash of the request for self-signing the request. + +Benefits: use of PSA Crypto drivers. + +Parts that are not covered yet +============================== + +This is only a high-level overview, grouped by theme + +TLS: 1.3 experimental support +----------------------------- + +No part of the experimental support for TLS 1.3 is covered at the moment. + +TLS: key exchanges / asymmetric crypto +-------------------------------------- + +The following key exchanges are not covered at all: + +- RSA +- DHE-RSA +- DHE-PSK +- RSA-PSK +- ECDHE-PSK +- ECDH-RSA +- ECDH-ECDSA +- ECJPAKE + +The following key exchanges are only partially covered: + +- ECDHE-RSA: RSA operations are not covered and, server-side, the ECDHE + operation isn't either +- ECDHE-ECDSA: server-side, the ECDHE operation isn't covered. (ECDSA + signature generation is only covered if using `mbedtls_pk_setup_opaque()`.) + +PSK if covered when the application uses `mbedtls_ssl_conf_psk_opaque()` or +`mbedtls_ssl_set_hs_psk_opaque()`. + +TLS: symmetric crypto +--------------------- + +- some ciphers not supported via PSA yet: ARIA, Camellia, ChachaPoly (silent + fallback to the legacy APIs) +- the HMAC part of the CBC and NULL ciphersuites +- the HMAC computation in `ssl_cookie.c` + +X.509 +----- + +- most hash operations are still done via the legacy API, except the few that + are documented above as using PSA +- RSA PKCS#1 v1.5 signature generation (from PSA-held keys) +- RSA PKCS#1 v1.5 signature verification +- RSA-PSS signature verification diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 879c3f2a14..e381c11838 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -42,6 +42,7 @@ #include "mbedtls/private_access.h" #include "mbedtls/build_info.h" +#include "mbedtls/platform_util.h" #include #include @@ -163,6 +164,7 @@ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); * \return \c 0 on success. * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits ); @@ -181,6 +183,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, * \return \c 0 on success. * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits ); @@ -201,6 +204,7 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, * \return \c 0 on success. * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, const unsigned char *key, unsigned int keybits ); @@ -221,6 +225,7 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, * \return \c 0 on success. * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, const unsigned char *key, unsigned int keybits ); @@ -249,6 +254,7 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, * \return \c 0 on success. */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, int mode, const unsigned char input[16], @@ -296,6 +302,7 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH * on failure. */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, int mode, size_t length, @@ -340,6 +347,7 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, * smaller than an AES block in size (16 Bytes) or if \p * length is larger than 2^20 blocks (16 MiB). */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, int mode, size_t length, @@ -388,6 +396,7 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, * * \return \c 0 on success. */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, int mode, size_t length, @@ -432,6 +441,7 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, * * \return \c 0 on success. */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, int mode, size_t length, @@ -486,6 +496,7 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, * * \return \c 0 on success. */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, size_t length, size_t *iv_off, @@ -500,10 +511,6 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, * \brief This function performs an AES-CTR encryption or decryption * operation. * - * This function performs the operation defined in the \p mode - * parameter (encrypt/decrypt), on the input data buffer - * defined in the \p input parameter. - * * Due to the nature of CTR, you must use the same key schedule * for both encryption and decryption operations. Therefore, you * must use the context initialized with mbedtls_aes_setkey_enc() @@ -572,6 +579,7 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, * * \return \c 0 on success. */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, size_t length, size_t *nc_off, @@ -592,6 +600,7 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, * * \return \c 0 on success. */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ); @@ -607,6 +616,7 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, * * \return \c 0 on success. */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ); @@ -618,6 +628,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, * \return \c 0 on success. * \return \c 1 on failure. */ +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_aes_self_test( int verbose ); #endif /* MBEDTLS_SELF_TEST */ diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index f45fc17511..4746c1cb4d 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -152,9 +152,9 @@ extern "C" { */ typedef struct mbedtls_asn1_buf { - int MBEDTLS_PRIVATE(tag); /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */ - size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */ - unsigned char *MBEDTLS_PRIVATE(p); /**< ASN1 data, e.g. in ASCII. */ + int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */ + size_t len; /**< ASN1 length, in octets. */ + unsigned char *p; /**< ASN1 data, e.g. in ASCII. */ } mbedtls_asn1_buf; @@ -163,9 +163,9 @@ mbedtls_asn1_buf; */ typedef struct mbedtls_asn1_bitstring { - size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */ - unsigned char MBEDTLS_PRIVATE(unused_bits); /**< Number of unused bits at the end of the string */ - unsigned char *MBEDTLS_PRIVATE(p); /**< Raw ASN1 data for the bit string */ + size_t len; /**< ASN1 length, in octets. */ + unsigned char unused_bits; /**< Number of unused bits at the end of the string */ + unsigned char *p; /**< Raw ASN1 data for the bit string */ } mbedtls_asn1_bitstring; @@ -174,8 +174,16 @@ mbedtls_asn1_bitstring; */ typedef struct mbedtls_asn1_sequence { - mbedtls_asn1_buf MBEDTLS_PRIVATE(buf); /**< Buffer containing the given ASN.1 item. */ - struct mbedtls_asn1_sequence *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */ + mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */ + + /** The next entry in the sequence. + * + * The details of memory management for sequences are not documented and + * may change in future versions. Set this field to \p NULL when + * initializing a structure, and do not modify it except via Mbed TLS + * library functions. + */ + struct mbedtls_asn1_sequence *next; } mbedtls_asn1_sequence; @@ -184,10 +192,24 @@ mbedtls_asn1_sequence; */ typedef struct mbedtls_asn1_named_data { - mbedtls_asn1_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */ - mbedtls_asn1_buf MBEDTLS_PRIVATE(val); /**< The named value. */ - struct mbedtls_asn1_named_data *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */ - unsigned char MBEDTLS_PRIVATE(next_merged); /**< Merge next item into the current one? */ + mbedtls_asn1_buf oid; /**< The object identifier. */ + mbedtls_asn1_buf val; /**< The named value. */ + + /** The next entry in the sequence. + * + * The details of memory management for named data sequences are not + * documented and may change in future versions. Set this field to \p NULL + * when initializing a structure, and do not modify it except via Mbed TLS + * library functions. + */ + struct mbedtls_asn1_named_data *next; + + /** Merge next item into the current one? + * + * This field exists for the sake of Mbed TLS's X.509 certificate parsing + * code and may change in future versions of the library. + */ + unsigned char MBEDTLS_PRIVATE(next_merged); } mbedtls_asn1_named_data; diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index b3adecc4fb..1be1689df1 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -76,7 +76,27 @@ extern "C" { */ typedef struct mbedtls_ccm_context { + unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working buffer */ + unsigned char MBEDTLS_PRIVATE(ctr)[16]; /*!< The counter buffer */ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ + size_t MBEDTLS_PRIVATE(plaintext_len); /*!< Total plaintext length */ + size_t MBEDTLS_PRIVATE(add_len); /*!< Total authentication data length */ + size_t MBEDTLS_PRIVATE(tag_len); /*!< Total tag length */ + size_t MBEDTLS_PRIVATE(processed); /*!< Track how many bytes of input data + were processed (chunked input). + Used independently for both auth data + and plaintext/ciphertext. + This variable is set to zero after + auth data input is finished. */ + unsigned char MBEDTLS_PRIVATE(q); /*!< The Q working value */ + unsigned char MBEDTLS_PRIVATE(mode); /*!< The operation to perform: + #MBEDTLS_CCM_ENCRYPT or + #MBEDTLS_CCM_DECRYPT or + #MBEDTLS_CCM_STAR_ENCRYPT or + #MBEDTLS_CCM_STAR_DECRYPT. */ + int MBEDTLS_PRIVATE(state); /*!< Working value holding context's + state. Used for chunked data + input */ } mbedtls_ccm_context; @@ -178,6 +198,7 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \param ctx The CCM context to use for encryption. This must be * initialized and bound to a key. * \param length The length of the input data in Bytes. + * For tag length = 0, input length is ignored. * \param iv The initialization vector (nonce). This must be a readable * buffer of at least \p iv_len Bytes. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, @@ -259,6 +280,7 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, * \param ctx The CCM context to use for decryption. This must be * initialized and bound to a key. * \param length The length of the input data in Bytes. + * For tag length = 0, input length is ignored. * \param iv The initialization vector (nonce). This must be a readable * buffer of at least \p iv_len Bytes. * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 9c9a2e88cd..892771e638 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -140,9 +140,15 @@ typedef enum { MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */ MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */ MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */ + MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, /**< AES cipher with 128-bit CCM_STAR_NO_TAG mode. */ + MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, /**< AES cipher with 192-bit CCM_STAR_NO_TAG mode. */ + MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG, /**< AES cipher with 256-bit CCM_STAR_NO_TAG mode. */ MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode. */ MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode. */ MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode. */ + MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG, /**< Camellia cipher with 128-bit CCM_STAR_NO_TAG mode. */ + MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG, /**< Camellia cipher with 192-bit CCM_STAR_NO_TAG mode. */ + MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG, /**< Camellia cipher with 256-bit CCM_STAR_NO_TAG mode. */ MBEDTLS_CIPHER_ARIA_128_ECB, /**< Aria cipher with 128-bit key and ECB mode. */ MBEDTLS_CIPHER_ARIA_192_ECB, /**< Aria cipher with 192-bit key and ECB mode. */ MBEDTLS_CIPHER_ARIA_256_ECB, /**< Aria cipher with 256-bit key and ECB mode. */ @@ -161,6 +167,9 @@ typedef enum { MBEDTLS_CIPHER_ARIA_128_CCM, /**< Aria cipher with 128-bit key and CCM mode. */ MBEDTLS_CIPHER_ARIA_192_CCM, /**< Aria cipher with 192-bit key and CCM mode. */ MBEDTLS_CIPHER_ARIA_256_CCM, /**< Aria cipher with 256-bit key and CCM mode. */ + MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG, /**< Aria cipher with 128-bit key and CCM_STAR_NO_TAG mode. */ + MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG, /**< Aria cipher with 192-bit key and CCM_STAR_NO_TAG mode. */ + MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG, /**< Aria cipher with 256-bit key and CCM_STAR_NO_TAG mode. */ MBEDTLS_CIPHER_AES_128_OFB, /**< AES 128-bit cipher in OFB mode. */ MBEDTLS_CIPHER_AES_192_OFB, /**< AES 192-bit cipher in OFB mode. */ MBEDTLS_CIPHER_AES_256_OFB, /**< AES 256-bit cipher in OFB mode. */ @@ -187,6 +196,7 @@ typedef enum { MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */ MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */ MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */ + MBEDTLS_MODE_CCM_STAR_NO_TAG, /**< The CCM*-no-tag cipher mode. */ MBEDTLS_MODE_XTS, /**< The XTS cipher mode. */ MBEDTLS_MODE_CHACHAPOLY, /**< The ChaCha-Poly cipher mode. */ MBEDTLS_MODE_KW, /**< The SP800-38F KW mode */ @@ -258,6 +268,13 @@ typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t; /** * Cipher information. Allows calling cipher functions * in a generic way. + * + * \note The library does not support custom cipher info structures, + * only built-in structures returned by the functions + * mbedtls_cipher_info_from_string(), + * mbedtls_cipher_info_from_type(), + * mbedtls_cipher_info_from_values(), + * mbedtls_cipher_info_from_psa(). */ typedef struct mbedtls_cipher_info_t { @@ -414,6 +431,82 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_ciph int key_bitlen, const mbedtls_cipher_mode_t mode ); +/** + * \brief Retrieve the identifier for a cipher info structure. + * + * \param[in] info The cipher info structure to query. + * This may be \c NULL. + * + * \return The full cipher identifier (\c MBEDTLS_CIPHER_xxx). + * \return #MBEDTLS_CIPHER_NONE if \p info is \c NULL. + */ +static inline mbedtls_cipher_type_t mbedtls_cipher_info_get_type( + const mbedtls_cipher_info_t *info ) +{ + if( info == NULL ) + return( MBEDTLS_CIPHER_NONE ); + else + return( info->MBEDTLS_PRIVATE(type) ); +} + +/** + * \brief Retrieve the operation mode for a cipher info structure. + * + * \param[in] info The cipher info structure to query. + * This may be \c NULL. + * + * \return The cipher mode (\c MBEDTLS_MODE_xxx). + * \return #MBEDTLS_MODE_NONE if \p info is \c NULL. + */ +static inline mbedtls_cipher_mode_t mbedtls_cipher_info_get_mode( + const mbedtls_cipher_info_t *info ) +{ + if( info == NULL ) + return( MBEDTLS_MODE_NONE ); + else + return( info->MBEDTLS_PRIVATE(mode) ); +} + +/** + * \brief Retrieve the key size for a cipher info structure. + * + * \param[in] info The cipher info structure to query. + * This may be \c NULL. + * + * \return The key length in bits. + * For variable-sized ciphers, this is the default length. + * For DES, this includes the parity bits. + * \return \c 0 if \p info is \c NULL. + */ +static inline size_t mbedtls_cipher_info_get_key_bitlen( + const mbedtls_cipher_info_t *info ) +{ + if( info == NULL ) + return( 0 ); + else + return( info->MBEDTLS_PRIVATE(key_bitlen) ); +} + +/** + * \brief Retrieve the human-readable name for a + * cipher info structure. + * + * \param[in] info The cipher info structure to query. + * This may be \c NULL. + * + * \return The cipher name, which is a human readable string, + * with static storage duration. + * \return \c NULL if \c info is \p NULL. + */ +static inline const char *mbedtls_cipher_info_get_name( + const mbedtls_cipher_info_t *info ) +{ + if( info == NULL ) + return( NULL ); + else + return( info->MBEDTLS_PRIVATE(name) ); +} + /** * \brief This function initializes a \p cipher_context as NONE. * diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 9080cd19bc..5615a6858d 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -56,6 +56,12 @@ extern "C" { #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN #endif +#if defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && !defined(PSA_WANT_ALG_RSA_PSS) +#define PSA_WANT_ALG_RSA_PSS PSA_WANT_ALG_RSA_PSS_ANY_SALT +#elif !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && defined(PSA_WANT_ALG_RSA_PSS) +#define PSA_WANT_ALG_RSA_PSS_ANY_SALT PSA_WANT_ALG_RSA_PSS +#endif + /****************************************************************/ @@ -267,6 +273,18 @@ extern "C" { #endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */ #endif /* PSA_WANT_KEY_TYPE_AES */ +#if defined(PSA_WANT_KEY_TYPE_ARIA) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA) +#define PSA_HAVE_SOFT_KEY_TYPE_ARIA 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA */ +#if defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \ + defined(PSA_HAVE_SOFT_BLOCK_MODE) || \ + defined(PSA_HAVE_SOFT_BLOCK_AEAD) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1 +#define MBEDTLS_ARIA_C +#endif /* PSA_HAVE_SOFT_KEY_TYPE_ARIA || PSA_HAVE_SOFT_BLOCK_MODE */ +#endif /* PSA_WANT_KEY_TYPE_ARIA */ + #if defined(PSA_WANT_KEY_TYPE_CAMELLIA) #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA) #define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1 @@ -301,6 +319,7 @@ extern "C" { * PSA_HAVE_SOFT_BLOCK_CIPHER, which can be used in any of these * situations. */ #if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ + defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \ defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \ defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) #define PSA_HAVE_SOFT_BLOCK_CIPHER 1 @@ -381,6 +400,7 @@ extern "C" { #if defined(PSA_WANT_ALG_CCM) #if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \ defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ + defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \ defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) #define MBEDTLS_PSA_BUILTIN_ALG_CCM 1 #define MBEDTLS_CCM_C @@ -390,6 +410,7 @@ extern "C" { #if defined(PSA_WANT_ALG_GCM) #if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \ defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ + defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \ defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) #define MBEDTLS_PSA_BUILTIN_ALG_GCM 1 #define MBEDTLS_GCM_C @@ -586,7 +607,7 @@ extern "C" { #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1 -#endif /* MBEDTLSS_PKCS1_V15 */ +#endif /* MBEDTLS_PKCS1_V15 */ #if defined(MBEDTLS_PKCS1_V21) #define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1 #define PSA_WANT_ALG_RSA_OAEP 1 @@ -629,6 +650,11 @@ extern "C" { #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 #endif +#if defined(MBEDTLS_ARIA_C) +#define PSA_WANT_KEY_TYPE_ARIA 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1 +#endif + #if defined(MBEDTLS_CAMELLIA_C) #define PSA_WANT_KEY_TYPE_CAMELLIA 1 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1 @@ -660,7 +686,7 @@ extern "C" { #endif #if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \ - defined(MBEDTLS_CAMELLIA_C) + defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C) #define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1 #define PSA_WANT_ALG_ECB_NO_PADDING 1 #endif diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index 63a8e00d1c..be74cb111e 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -29,6 +29,7 @@ #include "mbedtls/private_access.h" #include "mbedtls/build_info.h" +#include "mbedtls/platform_util.h" #include #include @@ -139,6 +140,7 @@ void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] ); * security risk. We recommend considering stronger ciphers * instead. */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); /** @@ -152,6 +154,7 @@ int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SI * security risk. We recommend considering stronger ciphers * instead. */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); /** @@ -166,6 +169,7 @@ int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); * security risk. We recommend considering stronger ciphers * instead. */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); /** @@ -180,6 +184,7 @@ int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MB * security risk. We recommend considering stronger ciphers * instead. */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); /** @@ -190,6 +195,7 @@ int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MB * * \return 0 */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ); @@ -201,6 +207,7 @@ int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx, * * \return 0 */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ); @@ -212,6 +219,7 @@ int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx, * * \return 0 */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ); @@ -223,6 +231,7 @@ int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx, * * \return 0 */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ); @@ -239,6 +248,7 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx, * security risk. We recommend considering stronger ciphers * instead. */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx, const unsigned char input[8], unsigned char output[8] ); @@ -266,6 +276,7 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx, * security risk. We recommend considering stronger ciphers * instead. */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, int mode, size_t length, @@ -283,6 +294,7 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, * * \return 0 if successful */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx, const unsigned char input[8], unsigned char output[8] ); @@ -308,6 +320,7 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx, * * \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH */ +MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, int mode, size_t length, @@ -338,6 +351,7 @@ void mbedtls_des_setkey( uint32_t SK[32], * * \return 0 if successful, or 1 if the test failed */ +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_des_self_test( int verbose ); #endif /* MBEDTLS_SELF_TEST */ diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 384d0608a7..5b26084d45 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -130,10 +130,8 @@ typedef enum /** * The number of supported curves, plus one for #MBEDTLS_ECP_DP_NONE. - * - * \note Montgomery curves are currently excluded. */ -#define MBEDTLS_ECP_DP_MAX 12 +#define MBEDTLS_ECP_DP_MAX 14 /* * Curve types @@ -147,13 +145,17 @@ typedef enum /** * Curve information, for use by other modules. + * + * The fields of this structure are part of the public API and can be + * accessed directly by applications. Future versions of the library may + * add extra fields or reorder existing fields. */ typedef struct mbedtls_ecp_curve_info { - mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id); /*!< An internal identifier. */ - uint16_t MBEDTLS_PRIVATE(tls_id); /*!< The TLS NamedCurve identifier. */ - uint16_t MBEDTLS_PRIVATE(bit_size); /*!< The curve size in bits. */ - const char *MBEDTLS_PRIVATE(name); /*!< A human-friendly name. */ + mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */ + uint16_t tls_id; /*!< The TLS NamedCurve identifier. */ + uint16_t bit_size; /*!< The curve size in bits. */ + const char *name; /*!< A human-friendly name. */ } mbedtls_ecp_curve_info; /** diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 27420ce4fc..8b2b9ea580 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -56,7 +56,7 @@ * Module Nr Codes assigned * ERROR 2 0x006E 0x0001 * MPI 7 0x0002-0x0010 - * GCM 3 0x0012-0x0014 0x0013-0x0013 + * GCM 3 0x0012-0x0016 0x0013-0x0013 * THREADING 3 0x001A-0x001E * AES 5 0x0020-0x0022 0x0021-0x0025 * CAMELLIA 3 0x0024-0x0026 0x0027-0x0027 diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 9d9155fc5b..7dc9dfb8ec 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -45,6 +45,8 @@ #define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 /** Bad input parameters to function. */ #define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 +/** An output buffer is too small. */ +#define MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL -0x0016 #ifdef __cplusplus extern "C" { diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index a60db7e930..c2f4587f8b 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -520,6 +520,29 @@ */ //#define MBEDTLS_CAMELLIA_SMALL_MEMORY +/** + * \def MBEDTLS_CHECK_RETURN_WARNING + * + * If this macro is defined, emit a compile-time warning if application code + * calls a function without checking its return value, but the return value + * should generally be checked in portable applications. + * + * This is only supported on platforms where #MBEDTLS_CHECK_RETURN is + * implemented. Otherwise this option has no effect. + * + * Uncomment to get warnings on using fallible functions without checking + * their return value. + * + * \note This feature is a work in progress. + * Warnings will be added to more functions in the future. + * + * \note A few functions are considered critical, and ignoring the return + * value of these functions will trigger a warning even if this + * macro is not defined. To completely disable return value check + * warnings, define #MBEDTLS_CHECK_RETURN with an empty expansion. + */ +//#define MBEDTLS_CHECK_RETURN_WARNING + /** * \def MBEDTLS_CIPHER_MODE_CBC * @@ -1598,16 +1621,6 @@ */ #define MBEDTLS_SSL_SESSION_TICKETS -/** - * \def MBEDTLS_SSL_EXPORT_KEYS - * - * Enable support for exporting key block and master secret. - * This is required for certain users of TLS, e.g. EAP-TLS. - * - * Comment this macro to disable support for key export - */ -#define MBEDTLS_SSL_EXPORT_KEYS - /** * \def MBEDTLS_SSL_SERVER_NAME_INDICATION * @@ -1718,15 +1731,13 @@ * will still continue to work as usual, so enabling this option should not * break backwards compatibility. * - * \warning The PSA Crypto API is in beta stage. While you're welcome to - * experiment using it, incompatible API changes are still possible, and some - * parts may not have reached the same quality as the rest of Mbed TLS yet. + * \note See docs/use-psa-crypto.md for a complete description of what this + * option currently does, and of parts that are not affected by it so far. * - * \warning This option enables new Mbed TLS APIs that are dependent on the - * PSA Crypto API, so can't come with the same stability guarantees as the - * rest of the Mbed TLS APIs. You're welcome to experiment with them, but for - * now, access to these APIs is opt-in (via enabling the present option), in - * order to clearly differentiate them from the stable Mbed TLS APIs. + * \warning This option enables new Mbed TLS APIs which are currently + * considered experimental and may change in incompatible ways at any time. + * That is, the APIs enabled by this option are not covered by the usual + * promises of API stability. * * Requires: MBEDTLS_PSA_CRYPTO_C. * @@ -2592,10 +2603,6 @@ * * Enable the Platform Security Architecture cryptography API. * - * \warning The PSA Crypto API is still beta status. While you're welcome to - * experiment using it, incompatible API changes are still possible, and some - * parts may not have reached the same quality as the rest of Mbed TLS yet. - * * Module: library/psa_crypto.c * * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C, @@ -3073,6 +3080,29 @@ //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ +/** \def MBEDTLS_CHECK_RETURN + * + * This macro is used at the beginning of the declaration of a function + * to indicate that its return value should be checked. It should + * instruct the compiler to emit a warning or an error if the function + * is called without checking its return value. + * + * There is a default implementation for popular compilers in platform_util.h. + * You can override the default implementation by defining your own here. + * + * If the implementation here is empty, this will effectively disable the + * checking of functions' return values. + */ +//#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__)) + +/** \def MBEDTLS_IGNORE_RETURN + * + * This macro requires one argument, which should be a C function call. + * If that function call would cause a #MBEDTLS_CHECK_RETURN warning, this + * warning is suppressed. + */ +//#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result)) + /* PSA options */ /** * Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the @@ -3179,7 +3209,7 @@ * Maximum number of heap-allocated bytes for the purpose of * DTLS handshake message reassembly and future message buffering. * - * This should be at least 9/8 * MBEDTLSSL_IN_CONTENT_LEN + * This should be at least 9/8 * MBEDTLS_SSL_IN_CONTENT_LEN * to account for a reassembled handshake message of maximum size, * together with its reassembly bitmap. * @@ -3194,6 +3224,17 @@ //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ +/** \def MBEDTLS_TLS_EXT_CID + * + * At the time of writing, the CID extension has not been assigned its + * final value. Set this configuration option to make Mbed TLS use a + * different value. + * + * A future minor revision of Mbed TLS may change the default value of + * this option to match evolving standards and usage. + */ +//#define MBEDTLS_TLS_EXT_CID 254 + /** * Complete list of ciphersuites to use, in order of preference. * diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index c8214a2335..0c754b122c 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -94,7 +94,13 @@ extern "C" { */ typedef struct mbedtls_net_context { - int MBEDTLS_PRIVATE(fd); /**< The underlying file descriptor */ + /** The underlying file descriptor. + * + * This field is only guaranteed to be present on POSIX/Unix-like platforms. + * On other platforms, it may have a different type, have a different + * meaning, or be absent altogether. + */ + int fd; } mbedtls_net_context; diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index ded52225f2..5f9f29ff6d 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -186,6 +186,10 @@ typedef struct mbedtls_pk_debug_item /** * \brief Public key information and operations + * + * \note The library does not support custom pk info structures, + * only built-in structures returned by + * mbedtls_cipher_info_from_type(). */ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t; diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 1a0a13513e..5d2fefc36f 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -42,10 +42,6 @@ extern "C" { /* Internal helper macros for deprecating API constants. */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) -/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here - * to avoid conflict with other headers which define and use - * it, too. We might want to move all these definitions here at - * some point for uniformity. */ #define MBEDTLS_DEPRECATED __attribute__((deprecated)) MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t; #define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \ @@ -53,13 +49,102 @@ MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t; MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t; #define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \ ( (mbedtls_deprecated_numeric_constant_t) ( VAL ) ) -#undef MBEDTLS_DEPRECATED #else /* MBEDTLS_DEPRECATED_WARNING */ +#define MBEDTLS_DEPRECATED #define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL #define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL #endif /* MBEDTLS_DEPRECATED_WARNING */ #endif /* MBEDTLS_DEPRECATED_REMOVED */ +/* Implementation of the check-return facility. + * See the user documentation in mbedtls_config.h. + * + * Do not use this macro directly to annotate function: instead, + * use one of MBEDTLS_CHECK_RETURN_CRITICAL or MBEDTLS_CHECK_RETURN_TYPICAL + * depending on how important it is to check the return value. + */ +#if !defined(MBEDTLS_CHECK_RETURN) +#if defined(__GNUC__) +#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__)) +#elif defined(_MSC_VER) && _MSC_VER >= 1700 +#include +#define MBEDTLS_CHECK_RETURN _Check_return_ +#else +#define MBEDTLS_CHECK_RETURN +#endif +#endif + +/** Critical-failure function + * + * This macro appearing at the beginning of the declaration of a function + * indicates that its return value should be checked in all applications. + * Omitting the check is very likely to indicate a bug in the application + * and will result in a compile-time warning if #MBEDTLS_CHECK_RETURN + * is implemented for the compiler in use. + * + * \note The use of this macro is a work in progress. + * This macro may be added to more functions in the future. + * Such an extension is not considered an API break, provided that + * there are near-unavoidable circumstances under which the function + * can fail. For example, signature/MAC/AEAD verification functions, + * and functions that require a random generator, are considered + * return-check-critical. + */ +#define MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN + +/** Ordinary-failure function + * + * This macro appearing at the beginning of the declaration of a function + * indicates that its return value should be generally be checked in portable + * applications. Omitting the check will result in a compile-time warning if + * #MBEDTLS_CHECK_RETURN is implemented for the compiler in use and + * #MBEDTLS_CHECK_RETURN_WARNING is enabled in the compile-time configuration. + * + * You can use #MBEDTLS_IGNORE_RETURN to explicitly ignore the return value + * of a function that is annotated with #MBEDTLS_CHECK_RETURN. + * + * \note The use of this macro is a work in progress. + * This macro will be added to more functions in the future. + * Eventually this should appear before most functions returning + * an error code (as \c int in the \c mbedtls_xxx API or + * as ::psa_status_t in the \c psa_xxx API). + */ +#if defined(MBEDTLS_CHECK_RETURN_WARNING) +#define MBEDTLS_CHECK_RETURN_TYPICAL MBEDTLS_CHECK_RETURN +#else +#define MBEDTLS_CHECK_RETURN_TYPICAL +#endif + +/** Benign-failure function + * + * This macro appearing at the beginning of the declaration of a function + * indicates that it is rarely useful to check its return value. + * + * This macro has an empty expansion. It exists for documentation purposes: + * a #MBEDTLS_CHECK_RETURN_OPTIONAL annotation indicates that the function + * has been analyzed for return-check usefuless, whereas the lack of + * an annotation indicates that the function has not been analyzed and its + * return-check usefulness is unknown. + */ +#define MBEDTLS_CHECK_RETURN_OPTIONAL + +/** \def MBEDTLS_IGNORE_RETURN + * + * Call this macro with one argument, a function call, to suppress a warning + * from #MBEDTLS_CHECK_RETURN due to that function call. + */ +#if !defined(MBEDTLS_IGNORE_RETURN) +/* GCC doesn't silence the warning with just (void)(result). + * (void)!(result) is known to work up at least up to GCC 10, as well + * as with Clang and MSVC. + * + * https://gcc.gnu.org/onlinedocs/gcc-3.4.6/gcc/Non_002dbugs.html + * https://stackoverflow.com/questions/40576003/ignoring-warning-wunused-result + * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425#c34 + */ +#define MBEDTLS_IGNORE_RETURN(result) ( (void) !( result ) ) +#endif + /** * \brief Securely zeroize a buffer * diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index f6f2e58054..c54c035c37 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -51,18 +51,27 @@ static inline psa_key_type_t mbedtls_psa_translate_cipher_type( case MBEDTLS_CIPHER_AES_128_CCM: case MBEDTLS_CIPHER_AES_192_CCM: case MBEDTLS_CIPHER_AES_256_CCM: + case MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG: + case MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG: + case MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG: case MBEDTLS_CIPHER_AES_128_GCM: case MBEDTLS_CIPHER_AES_192_GCM: case MBEDTLS_CIPHER_AES_256_GCM: case MBEDTLS_CIPHER_AES_128_CBC: case MBEDTLS_CIPHER_AES_192_CBC: case MBEDTLS_CIPHER_AES_256_CBC: + case MBEDTLS_CIPHER_AES_128_ECB: + case MBEDTLS_CIPHER_AES_192_ECB: + case MBEDTLS_CIPHER_AES_256_ECB: return( PSA_KEY_TYPE_AES ); /* ARIA not yet supported in PSA. */ /* case MBEDTLS_CIPHER_ARIA_128_CCM: case MBEDTLS_CIPHER_ARIA_192_CCM: case MBEDTLS_CIPHER_ARIA_256_CCM: + case MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG: + case MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG: + case MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG: case MBEDTLS_CIPHER_ARIA_128_GCM: case MBEDTLS_CIPHER_ARIA_192_GCM: case MBEDTLS_CIPHER_ARIA_256_GCM: @@ -87,6 +96,8 @@ static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode( return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, taglen ) ); case MBEDTLS_MODE_CCM: return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) ); + case MBEDTLS_MODE_CCM_STAR_NO_TAG: + return PSA_ALG_CCM_STAR_NO_TAG; case MBEDTLS_MODE_CBC: if( taglen == 0 ) return( PSA_ALG_CBC_NO_PADDING ); @@ -369,7 +380,7 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group( if( curve_info == NULL ) return( 0 ); return( PSA_KEY_TYPE_ECC_KEY_PAIR( - mbedtls_ecc_group_to_psa( curve_info->MBEDTLS_PRIVATE(grp_id), bits ) ) ); + mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) ); } #endif /* MBEDTLS_ECP_C */ diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 9e6f59dc4b..0cbbac11f2 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -167,6 +167,9 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, * for SHA-256, \c 28 bytes for SHA-224. * \param is224 Determines which function to use. This must be * either \c 0 for SHA-256, or \c 1 for SHA-224. + * + * \return \c 0 on success. + * \return A negative error code on failure. */ int mbedtls_sha256( const unsigned char *input, size_t ilen, diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 221cee3379..45e05447be 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_SSL_H #define MBEDTLS_SSL_H +#include "mbedtls/platform_util.h" #include "mbedtls/private_access.h" #include "mbedtls/build_info.h" @@ -169,6 +170,76 @@ /** Invalid value in SSL config */ #define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 +/* + * TLS 1.3 NamedGroup values + * + * From RF 8446 + * enum { + * // Elliptic Curve Groups (ECDHE) + * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019), + * x25519(0x001D), x448(0x001E), + * // Finite Field Groups (DHE) + * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102), + * ffdhe6144(0x0103), ffdhe8192(0x0104), + * // Reserved Code Points + * ffdhe_private_use(0x01FC..0x01FF), + * ecdhe_private_use(0xFE00..0xFEFF), + * (0xFFFF) + * } NamedGroup; + * + */ + +/* Elliptic Curve Groups (ECDHE) */ +#define MBEDTLS_SSL_IANA_TLS_GROUP_NONE 0 +#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 0x0012 +#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 0x0013 +#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 0x0014 +#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 0x0015 +#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 0x0016 +#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 0x0017 +#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 0x0018 +#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 0x0019 +#define MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1 0x001A +#define MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 0x001B +#define MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 0x001C +#define MBEDTLS_SSL_IANA_TLS_GROUP_X25519 0x001D +#define MBEDTLS_SSL_IANA_TLS_GROUP_X448 0x001E +/* Finite Field Groups (DHE) */ +#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 0x0100 +#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072 0x0101 +#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096 0x0102 +#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144 0x0103 +#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 0x0104 + +/* + * TLS 1.3 Key Exchange Modes + * + * Mbed TLS internal identifiers for use with the SSL configuration API + * mbedtls_ssl_conf_tls13_key_exchange_modes(). + */ + +#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ( 1u << 0 ) /*!< Pure-PSK TLS 1.3 key exchange, + * encompassing both externally agreed PSKs + * as well as resumption PSKs. */ +#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ( 1u << 1 ) /*!< Pure-Ephemeral TLS 1.3 key exchanges, + * including for example ECDHE and DHE + * key exchanges. */ +#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ( 1u << 2 ) /*!< PSK-Ephemeral TLS 1.3 key exchanges, + * using both a PSK and an ephemeral + * key exchange. */ + +/* Convenience macros for sets of key exchanges. */ +#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL \ + ( MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK | \ + MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL | \ + MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) /*!< All TLS 1.3 key exchanges */ +#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL \ + ( MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK | \ + MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) /*!< All PSK-based TLS 1.3 key exchanges */ +#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL \ + ( MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL | \ + MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) /*!< All ephemeral TLS 1.3 key exchanges */ + /* * Various constants */ @@ -337,6 +408,41 @@ #define MBEDTLS_SSL_SIG_RSA 1 #define MBEDTLS_SSL_SIG_ECDSA 3 +/* + * TLS 1.3 signature algorithms + * RFC 8446, Section 4.2.2 + */ + +/* RSASSA-PKCS1-v1_5 algorithms */ +#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256 0x0401 +#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA384 0x0501 +#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA512 0x0601 + +/* ECDSA algorithms */ +#define MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256 0x0403 +#define MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384 0x0503 +#define MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512 0x0603 + +/* RSASSA-PSS algorithms with public key OID rsaEncryption */ +#define MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256 0x0804 +#define MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA384 0x0805 +#define MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA512 0x0806 + +/* EdDSA algorithms */ +#define MBEDTLS_TLS13_SIG_ED25519 0x0807 +#define MBEDTLS_TLS13_SIG_ED448 0x0808 + +/* RSASSA-PSS algorithms with public key OID RSASSA-PSS */ +#define MBEDTLS_TLS13_SIG_RSA_PSS_PSS_SHA256 0x0809 +#define MBEDTLS_TLS13_SIG_RSA_PSS_PSS_SHA384 0x080A +#define MBEDTLS_TLS13_SIG_RSA_PSS_PSS_SHA512 0x080B + +/* LEGACY ALGORITHMS */ +#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA1 0x0201 +#define MBEDTLS_TLS13_SIG_ECDSA_SHA1 0x0203 + +#define MBEDTLS_TLS13_SIG_NONE 0x0 + /* * Client Certificate Types * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5 @@ -391,6 +497,7 @@ #define MBEDTLS_SSL_HS_SERVER_HELLO 2 #define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3 #define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4 +#define MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS 8 // NEW IN TLS 1.3 #define MBEDTLS_SSL_HS_CERTIFICATE 11 #define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12 #define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13 @@ -408,25 +515,48 @@ #define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1 #define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4 +#define MBEDTLS_TLS_EXT_STATUS_REQUEST 5 /* RFC 6066 TLS 1.2 and 1.3 */ #define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10 +#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS 10 /* RFC 8422,7919 TLS 1.2 and 1.3 */ #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11 -#define MBEDTLS_TLS_EXT_SIG_ALG 13 - +#define MBEDTLS_TLS_EXT_SIG_ALG 13 /* RFC 8446 TLS 1.3 */ #define MBEDTLS_TLS_EXT_USE_SRTP 14 - +#define MBEDTLS_TLS_EXT_HEARTBEAT 15 /* RFC 6520 TLS 1.2 and 1.3 */ #define MBEDTLS_TLS_EXT_ALPN 16 +#define MBEDTLS_TLS_EXT_SCT 18 /* RFC 6962 TLS 1.2 and 1.3 */ +#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE 19 /* RFC 7250 TLS 1.2 and 1.3 */ +#define MBEDTLS_TLS_EXT_SERV_CERT_TYPE 20 /* RFC 7250 TLS 1.2 and 1.3 */ +#define MBEDTLS_TLS_EXT_PADDING 21 /* RFC 7685 TLS 1.2 and 1.3 */ #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */ #define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */ #define MBEDTLS_TLS_EXT_SESSION_TICKET 35 +#define MBEDTLS_TLS_EXT_PRE_SHARED_KEY 41 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_EARLY_DATA 42 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS 43 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_COOKIE 44 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES 45 /* RFC 8446 TLS 1.3 */ + +#define MBEDTLS_TLS_EXT_CERT_AUTH 47 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_OID_FILTERS 48 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH 49 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_SIG_ALG_CERT 50 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_KEY_SHARE 51 /* RFC 8446 TLS 1.3 */ + /* The value of the CID extension is still TBD as of * draft-ietf-tls-dtls-connection-id-05 - * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) */ + * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05). + * + * A future minor revision of Mbed TLS may change the default value of + * this option to match evolving standards and usage. + */ +#if !defined(MBEDTLS_TLS_EXT_CID) #define MBEDTLS_TLS_EXT_CID 254 /* TBD */ +#endif #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */ @@ -475,6 +605,11 @@ union mbedtls_ssl_premaster_secret #define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret ) +#define MBEDTLS_TLS1_3_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE + +/* Length in number of bytes of the TLS sequence number */ +#define MBEDTLS_SSL_SEQUENCE_NUMBER_LEN 8 + #ifdef __cplusplus extern "C" { #endif @@ -503,6 +638,10 @@ typedef enum MBEDTLS_SSL_HANDSHAKE_OVER, MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT, +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + MBEDTLS_SSL_ENCRYPTED_EXTENSIONS, + MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY, +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ } mbedtls_ssl_states; @@ -537,10 +676,11 @@ typedef int mbedtls_ssl_send_t( void *ctx, * \param buf Buffer to write the received data to * \param len Length of the receive buffer * - * \return The callback must return the number of bytes received, - * or a non-zero error code. - * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ + * \returns If data has been received, the positive number of bytes received. + * \returns \c 0 if the connection has been closed. + * \returns If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ * must be returned when the operation would block. + * \returns Another negative error code on other kinds of failures. * * \note The callback may receive fewer bytes than the length of the * buffer. It must always return the number of bytes actually @@ -560,7 +700,7 @@ typedef int mbedtls_ssl_recv_t( void *ctx, * \param ctx Context for the receive callback (typically a file descriptor) * \param buf Buffer to write the received data to * \param len Length of the receive buffer - * \param timeout Maximum nomber of millisecondes to wait for data + * \param timeout Maximum number of milliseconds to wait for data * 0 means no timeout (potentially waiting forever) * * \return The callback must return the number of bytes received, @@ -912,6 +1052,14 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +typedef struct +{ + unsigned char client_application_traffic_secret_N[ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; + unsigned char server_application_traffic_secret_N[ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; + unsigned char exporter_master_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; + unsigned char resumption_master_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; +} mbedtls_ssl_tls1_3_application_secrets; + #if defined(MBEDTLS_SSL_DTLS_SRTP) #define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255 @@ -1002,6 +1150,10 @@ struct mbedtls_ssl_session #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */ #endif + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + mbedtls_ssl_tls1_3_application_secrets MBEDTLS_PRIVATE(app_secrets); +#endif }; /* @@ -1017,7 +1169,6 @@ typedef enum } mbedtls_tls_prf_types; -#if defined(MBEDTLS_SSL_EXPORT_KEYS) typedef enum { MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET = 0, @@ -1053,7 +1204,6 @@ typedef void mbedtls_ssl_export_keys_t( void *p_expkey, const unsigned char client_random[32], const unsigned char server_random[32], mbedtls_tls_prf_types tls_prf_type ); -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ /** * SSL/TLS configuration to be shared between mbedtls_ssl_context structures. @@ -1069,6 +1219,11 @@ struct mbedtls_ssl_config /** Allowed ciphersuites for (D)TLS 1.2 (0-terminated) */ const int *MBEDTLS_PRIVATE(ciphersuite_list); +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + /** Allowed TLS 1.3 key exchange modes. */ + int MBEDTLS_PRIVATE(tls13_kex_modes); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + /** Callback for printing debug output */ void (*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *); void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */ @@ -1147,12 +1302,18 @@ struct mbedtls_ssl_config #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + const uint16_t *MBEDTLS_PRIVATE(tls13_sig_algs); /*!< allowed signature algorithms for TLS 1.3 */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */ #endif + const uint16_t *MBEDTLS_PRIVATE(group_list); /*!< allowed IANA NamedGroups */ + #if defined(MBEDTLS_DHM_C) mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */ mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */ @@ -1328,10 +1489,24 @@ struct mbedtls_ssl_context /* * Record layer transformations */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (in) */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation */ + mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) + * This is always a reference, + * never an owning pointer. */ + mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (out) + * This is always a reference, + * never an owning pointer. */ + mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params + * This pointer owns the transform + * it references. */ + mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation + * This pointer owns the transform + * it references. */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + /*! The application data transform in TLS 1.3. + * This pointer owns the transform it references. */ + mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_application); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* * Timers @@ -1381,6 +1556,19 @@ struct mbedtls_ssl_context int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message on next call to record layer? */ + /* The following three variables indicate if and, if yes, + * what kind of alert is pending to be sent. + */ + unsigned char MBEDTLS_PRIVATE(send_alert); /*!< Determines if a fatal alert + should be sent. Values: + - \c 0 , no alert is to be sent. + - \c 1 , alert is to be sent. */ + unsigned char MBEDTLS_PRIVATE(alert_type); /*!< Type of alert if send_alert + != 0 */ + int MBEDTLS_PRIVATE(alert_reason); /*!< The error code to be returned + to the user once the fatal alert + has been sent. */ + #if defined(MBEDTLS_SSL_PROTO_DTLS) uint8_t MBEDTLS_PRIVATE(disable_datagram_packing); /*!< Disable packing multiple records * within a single datagram. */ @@ -1407,7 +1595,7 @@ struct mbedtls_ssl_context size_t MBEDTLS_PRIVATE(out_buf_len); /*!< length of output buffer */ #endif - unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[8]; /*!< Outgoing record sequence number. */ + unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /*!< Outgoing record sequence number. */ #if defined(MBEDTLS_SSL_PROTO_DTLS) uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing messages */ @@ -1472,11 +1660,9 @@ struct mbedtls_ssl_context * and #MBEDTLS_SSL_CID_DISABLED. */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_EXPORT_KEYS) /** Callback to export key block and master secret */ mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys); void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */ -#endif }; /** @@ -2049,7 +2235,6 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, void *p_ticket ); #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ -#if defined(MBEDTLS_SSL_EXPORT_KEYS) /** * \brief Configure a key export callback. * (Default: none.) @@ -2071,7 +2256,6 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl, mbedtls_ssl_export_keys_t *f_export_keys, void *p_export_keys ); -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) /** @@ -2519,23 +2703,93 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, /** * \brief Set the list of allowed ciphersuites and the preference * order. First in the list has the highest preference. - * (Overrides all version-specific lists) * - * The ciphersuites array is not copied, and must remain - * valid for the lifetime of the ssl_config. + * For TLS 1.2, the notion of ciphersuite determines both + * the key exchange mechanism and the suite of symmetric + * algorithms to be used during and after the handshake. * - * Note: By default, the server chooses its preferred + * For TLS 1.3 (in development), the notion of ciphersuite + * only determines the suite of symmetric algorithms to be + * used during and after the handshake, while key exchange + * mechanisms are configured separately. + * + * In Mbed TLS, ciphersuites for both TLS 1.2 and TLS 1.3 + * are configured via this function. For users of TLS 1.3, + * there will be separate API for the configuration of key + * exchange mechanisms. + * + * The list of ciphersuites passed to this function may + * contain a mixture of TLS 1.2 and TLS 1.3 ciphersuite + * identifiers. This is useful if negotiation of TLS 1.3 + * should be attempted, but a fallback to TLS 1.2 would + * be tolerated. + * + * \note By default, the server chooses its preferred * ciphersuite among those that the client supports. If * mbedtls_ssl_conf_preference_order() is called to prefer * the client's preferences, the server instead chooses * the client's preferred ciphersuite among those that * the server supports. * - * \param conf SSL configuration - * \param ciphersuites 0-terminated list of allowed ciphersuites + * \warning The ciphersuites array \p ciphersuites is not copied. + * It must remain valid for the lifetime of the SSL + * configuration \p conf. + * + * \param conf The SSL configuration to modify. + * \param ciphersuites A 0-terminated list of IANA identifiers of supported + * ciphersuites, accessible through \c MBEDTLS_TLS_XXX + * and \c MBEDTLS_TLS1_3_XXX macros defined in + * ssl_ciphersuites.h. */ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, - const int *ciphersuites ); + const int *ciphersuites ); + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) +/** + * \brief Set the supported key exchange modes for TLS 1.3 connections. + * + * In contrast to TLS 1.2, the ciphersuite concept in TLS 1.3 does not + * include the choice of key exchange mechanism. It is therefore not + * covered by the API mbedtls_ssl_conf_ciphersuites(). See the + * documentation of mbedtls_ssl_conf_ciphersuites() for more + * information on the ciphersuite concept in TLS 1.2 and TLS 1.3. + * + * The present function is specific to TLS 1.3 and allows users to + * configure the set of supported key exchange mechanisms in TLS 1.3. + * + * \param conf The SSL configuration the change should apply to. + * \param kex_modes A bitwise combination of one or more of the following: + * - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK + * This flag enables pure-PSK key exchanges. + * - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL + * This flag enables combined PSK-ephemeral key exchanges. + * - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL + * This flag enables pure-ephemeral key exchanges. + * For convenience, the following pre-defined macros are + * available for combinations of the above: + * - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL + * Includes all of pure-PSK, PSK-ephemeral and pure-ephemeral. + * - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL + * Includes both pure-PSK and combined PSK-ephemeral + * key exchanges, but excludes pure-ephemeral key exchanges. + * - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL + * Includes both pure-ephemeral and combined PSK-ephemeral + * key exchanges. + * + * \note If a PSK-based key exchange mode shall be supported, applications + * must also use the APIs mbedtls_ssl_conf_psk() or + * mbedtls_ssl_conf_psk_cb() or mbedtls_ssl_conf_psk_opaque() + * to configure the PSKs to be used. + * + * \note If a pure-ephemeral key exchange mode shall be supported, + * server-side applications must also provide a certificate via + * mbedtls_ssl_conf_own_cert(). + * + */ + +void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config* conf, + const int kex_modes ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0 @@ -2916,6 +3170,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_ECP_C) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) /** * \brief Set the allowed curves in order of preference. * @@ -2929,6 +3184,8 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, * Both sides: limits the set of curves accepted for use in * ECDHE and in the peer's end-entity certificate. * + * \deprecated Superseeded by mbedtls_ssl_conf_groups(). + * * \note This has no influence on which curves are allowed inside the * certificate chains, see \c mbedtls_ssl_conf_cert_profile() * for that. For the end-entity certificate however, the key @@ -2955,10 +3212,51 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, * \param curves Ordered list of allowed curves, * terminated by MBEDTLS_ECP_DP_NONE. */ -void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, - const mbedtls_ecp_group_id *curves ); +void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, + const mbedtls_ecp_group_id *curves ); +#endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_ECP_C */ +/** + * \brief Set the allowed groups in order of preference. + * + * On server: This only affects the choice of key agreement mechanism + * + * On client: this affects the list of groups offered for any + * use. The server can override our preference order. + * + * Both sides: limits the set of groups accepted for use in + * key sharing. + * + * \note This function replaces the deprecated mbedtls_ssl_conf_curves(), + * which only allows ECP curves to be configured. + * + * \note The most recent invocation of either mbedtls_ssl_conf_curves() + * or mbedtls_ssl_conf_groups() nullifies all previous invocations + * of both. + * + * \note This list should be ordered by decreasing preference + * (preferred group first). + * + * \note When this function is not called, a default list is used, + * consisting of all supported curves at 255 bits and above, + * and all supported finite fields at 2048 bits and above. + * The order favors groups with the lowest resource usage. + * + * \note New minor versions of Mbed TLS will not remove items + * from the default list unless serious security concerns require it. + * New minor versions of Mbed TLS may change the order in + * keeping with the general principle of favoring the lowest + * resource usage. + * + * \param conf SSL configuration + * \param groups List of allowed groups ordered by preference, terminated by 0. + * Must contain valid IANA NamedGroup IDs (provided via either an integer + * or using MBEDTLS_TLS13_NAMED_GROUP_XXX macros). + */ +void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf, + const uint16_t *groups ); + #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /** * \brief Set the allowed hashes for signatures during the handshake. @@ -2991,6 +3289,20 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, */ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, const int *hashes ); + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) +/** + * \brief Configure allowed signature algorithms for use in TLS 1.3 + * + * \param conf The SSL configuration to use. + * \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms, + * terminated by \c MBEDTLS_TLS13_SIG_NONE. The list must remain + * available throughout the lifetime of the conf object. Supported + * values are available as \c MBEDTLS_TLS13_SIG_XXXX + */ +void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf, + const uint16_t* sig_algs ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 812560c8a1..18e7c98767 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -256,6 +256,13 @@ extern "C" { #define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD /**< TLS 1.2 */ #define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE /**< TLS 1.2 */ +/* RFC 8446, Appendix B.4 */ +#define MBEDTLS_TLS1_3_AES_128_GCM_SHA256 0x1301 /**< TLS 1.3 */ +#define MBEDTLS_TLS1_3_AES_256_GCM_SHA384 0x1302 /**< TLS 1.3 */ +#define MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256 0x1303 /**< TLS 1.3 */ +#define MBEDTLS_TLS1_3_AES_128_CCM_SHA256 0x1304 /**< TLS 1.3 */ +#define MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256 0x1305 /**< TLS 1.3 */ + /* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange. * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below */ diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index df187cb098..9a4be95a3e 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -246,8 +246,8 @@ typedef mbedtls_asn1_sequence mbedtls_x509_sequence; /** Container for date and time (precision in seconds). */ typedef struct mbedtls_x509_time { - int MBEDTLS_PRIVATE(year), MBEDTLS_PRIVATE(mon), MBEDTLS_PRIVATE(day); /**< Date. */ - int MBEDTLS_PRIVATE(hour), MBEDTLS_PRIVATE(min), MBEDTLS_PRIVATE(sec); /**< Time. */ + int year, mon, day; /**< Date. */ + int hour, min, sec; /**< Time. */ } mbedtls_x509_time; diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index 9331827bb2..52bd43cd3c 100644 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -43,18 +43,30 @@ extern "C" { /** * Certificate revocation list entry. * Contains the CA-specific serial numbers and revocation dates. + * + * Some fields of this structure are publicly readable. Do not modify + * them except via Mbed TLS library functions: the effect of modifying + * those fields or the data that those fields points to is unspecified. */ typedef struct mbedtls_x509_crl_entry { - mbedtls_x509_buf MBEDTLS_PRIVATE(raw); + /** Direct access to the whole entry inside the containing buffer. */ + mbedtls_x509_buf raw; + /** The serial number of the revoked certificate. */ + mbedtls_x509_buf serial; + /** The revocation date of this entry. */ + mbedtls_x509_time revocation_date; + /** Direct access to the list of CRL entry extensions + * (an ASN.1 constructed sequence). + * + * If there are no extensions, `entry_ext.len == 0` and + * `entry_ext.p == NULL`. */ + mbedtls_x509_buf entry_ext; - mbedtls_x509_buf MBEDTLS_PRIVATE(serial); - - mbedtls_x509_time MBEDTLS_PRIVATE(revocation_date); - - mbedtls_x509_buf MBEDTLS_PRIVATE(entry_ext); - - struct mbedtls_x509_crl_entry *MBEDTLS_PRIVATE(next); + /** Next element in the linked list of entries. + * \p NULL indicates the end of the list. + * Do not modify this field directly. */ + struct mbedtls_x509_crl_entry *next; } mbedtls_x509_crl_entry; @@ -64,22 +76,22 @@ mbedtls_x509_crl_entry; */ typedef struct mbedtls_x509_crl { - mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */ - mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */ + mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ + mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ - int MBEDTLS_PRIVATE(version); /**< CRL version (1=v1, 2=v2) */ - mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< CRL signature type identifier */ + int version; /**< CRL version (1=v1, 2=v2) */ + mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */ - mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). */ + mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */ - mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */ + mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ - mbedtls_x509_time MBEDTLS_PRIVATE(this_update); - mbedtls_x509_time MBEDTLS_PRIVATE(next_update); + mbedtls_x509_time this_update; + mbedtls_x509_time next_update; - mbedtls_x509_crl_entry MBEDTLS_PRIVATE(entry); /**< The CRL entries containing the certificate revocation times for this CA. */ + mbedtls_x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */ - mbedtls_x509_buf MBEDTLS_PRIVATE(crl_ext); + mbedtls_x509_buf crl_ext; mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2); mbedtls_x509_buf MBEDTLS_PRIVATE(sig); @@ -87,7 +99,10 @@ typedef struct mbedtls_x509_crl mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ - struct mbedtls_x509_crl *MBEDTLS_PRIVATE(next); + /** Next element in the linked list of CRL. + * \p NULL indicates the end of the list. + * Do not modify this field directly. */ + struct mbedtls_x509_crl *next; } mbedtls_x509_crl; diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 49211a948f..3c11a99899 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -45,36 +45,40 @@ extern "C" { /** * Container for an X.509 certificate. The certificate may be chained. + * + * Some fields of this structure are publicly readable. Do not modify + * them except via Mbed TLS library functions: the effect of modifying + * those fields or the data that those fields points to is unspecified. */ typedef struct mbedtls_x509_crt { int MBEDTLS_PRIVATE(own_buffer); /**< Indicates if \c raw is owned * by the structure or not. */ - mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */ - mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */ + mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ + mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ - int MBEDTLS_PRIVATE(version); /**< The X.509 version. (1=v1, 2=v2, 3=v3) */ - mbedtls_x509_buf MBEDTLS_PRIVATE(serial); /**< Unique id for certificate issued by a specific CA. */ - mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< Signature algorithm, e.g. sha1RSA */ + int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */ + mbedtls_x509_buf serial; /**< Unique id for certificate issued by a specific CA. */ + mbedtls_x509_buf sig_oid; /**< Signature algorithm, e.g. sha1RSA */ - mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). Used for quick comparison. */ - mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). Used for quick comparison. */ + mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */ + mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */ - mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */ - mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */ + mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ + mbedtls_x509_name subject; /**< The parsed subject data (named information object). */ - mbedtls_x509_time MBEDTLS_PRIVATE(valid_from); /**< Start time of certificate validity. */ - mbedtls_x509_time MBEDTLS_PRIVATE(valid_to); /**< End time of certificate validity. */ + mbedtls_x509_time valid_from; /**< Start time of certificate validity. */ + mbedtls_x509_time valid_to; /**< End time of certificate validity. */ - mbedtls_x509_buf MBEDTLS_PRIVATE(pk_raw); - mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */ + mbedtls_x509_buf pk_raw; + mbedtls_pk_context pk; /**< Container for the public key context. */ - mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_id); /**< Optional X.509 v2/v3 issuer unique identifier. */ - mbedtls_x509_buf MBEDTLS_PRIVATE(subject_id); /**< Optional X.509 v2/v3 subject unique identifier. */ - mbedtls_x509_buf MBEDTLS_PRIVATE(v3_ext); /**< Optional X.509 v3 extensions. */ - mbedtls_x509_sequence MBEDTLS_PRIVATE(subject_alt_names); /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */ + mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */ + mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */ + mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */ + mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */ - mbedtls_x509_sequence MBEDTLS_PRIVATE(certificate_policies); /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */ + mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */ int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */ int MBEDTLS_PRIVATE(ca_istrue); /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */ @@ -82,7 +86,7 @@ typedef struct mbedtls_x509_crt unsigned int MBEDTLS_PRIVATE(key_usage); /**< Optional key usage extension value: See the values in x509.h */ - mbedtls_x509_sequence MBEDTLS_PRIVATE(ext_key_usage); /**< Optional list of extended key usage OIDs. */ + mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */ unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape certificate type extension value: See the values in x509.h */ @@ -91,7 +95,10 @@ typedef struct mbedtls_x509_crt mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ - struct mbedtls_x509_crt *MBEDTLS_PRIVATE(next); /**< Next certificate in the CA-chain. */ + /** Next certificate in the linked list that constitutes the CA chain. + * \p NULL indicates the end of the list. + * Do not modify this field directly. */ + struct mbedtls_x509_crt *next; } mbedtls_x509_crt; @@ -100,6 +107,9 @@ mbedtls_x509_crt; * OtherName ::= SEQUENCE { * type-id OBJECT IDENTIFIER, * value [0] EXPLICIT ANY DEFINED BY type-id } + * + * Future versions of the library may add new fields to this structure or + * to its embedded union and structure. */ typedef struct mbedtls_x509_san_other_name { @@ -108,7 +118,7 @@ typedef struct mbedtls_x509_san_other_name * To check the value of the type id, you should use * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf. */ - mbedtls_x509_buf MBEDTLS_PRIVATE(type_id); /**< The type id. */ + mbedtls_x509_buf type_id; /**< The type id. */ union { /** @@ -119,26 +129,30 @@ typedef struct mbedtls_x509_san_other_name */ struct { - mbedtls_x509_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */ - mbedtls_x509_buf MBEDTLS_PRIVATE(val); /**< The named value. */ + mbedtls_x509_buf oid; /**< The object identifier. */ + mbedtls_x509_buf val; /**< The named value. */ } - MBEDTLS_PRIVATE(hardware_module_name); + hardware_module_name; } - MBEDTLS_PRIVATE(value); + value; } mbedtls_x509_san_other_name; /** - * A structure for holding the parsed Subject Alternative Name, according to type + * A structure for holding the parsed Subject Alternative Name, + * according to type. + * + * Future versions of the library may add new fields to this structure or + * to its embedded union and structure. */ typedef struct mbedtls_x509_subject_alternative_name { - int MBEDTLS_PRIVATE(type); /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */ + int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */ union { - mbedtls_x509_san_other_name MBEDTLS_PRIVATE(other_name); /**< The otherName supported type. */ - mbedtls_x509_buf MBEDTLS_PRIVATE(unstructured_name); /**< The buffer for the un constructed types. Only dnsName currently supported */ + mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */ + mbedtls_x509_buf unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */ } - MBEDTLS_PRIVATE(san); /**< A union of the supported SAN types */ + san; /**< A union of the supported SAN types */ } mbedtls_x509_subject_alternative_name; diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 674f9ce793..f80a1a1307 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -42,20 +42,24 @@ extern "C" { /** * Certificate Signing Request (CSR) structure. + * + * Some fields of this structure are publicly readable. Do not modify + * them except via Mbed TLS library functions: the effect of modifying + * those fields or the data that those fields point to is unspecified. */ typedef struct mbedtls_x509_csr { - mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw CSR data (DER). */ - mbedtls_x509_buf MBEDTLS_PRIVATE(cri); /**< The raw CertificateRequestInfo body (DER). */ + mbedtls_x509_buf raw; /**< The raw CSR data (DER). */ + mbedtls_x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */ - int MBEDTLS_PRIVATE(version); /**< CSR version (1=v1). */ + int version; /**< CSR version (1=v1). */ - mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). */ - mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */ + mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). */ + mbedtls_x509_name subject; /**< The parsed subject data (named information object). */ - mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */ + mbedtls_pk_context pk; /**< Container for the public key context. */ - mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); + mbedtls_x509_buf sig_oid; mbedtls_x509_buf MBEDTLS_PRIVATE(sig); mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ diff --git a/include/psa/crypto.h b/include/psa/crypto.h index b3ef3631d4..ee4b54cbf9 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2990,7 +2990,9 @@ psa_status_t psa_verify_message( mbedtls_svc_key_id_t key, * \param key Identifier of the key to use for the operation. * It must be an asymmetric key pair. The key must * allow the usage #PSA_KEY_USAGE_SIGN_HASH. - * \param alg A signature algorithm that is compatible with + * \param alg A signature algorithm (PSA_ALG_XXX + * value such that #PSA_ALG_IS_SIGN_HASH(\p alg) + * is true), that is compatible with * the type of \p key. * \param[in] hash The hash or message to sign. * \param hash_length Size of the \p hash buffer in bytes. @@ -3043,7 +3045,9 @@ psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key, * must be a public key or an asymmetric key pair. The * key must allow the usage * #PSA_KEY_USAGE_VERIFY_HASH. - * \param alg A signature algorithm that is compatible with + * \param alg A signature algorithm (PSA_ALG_XXX + * value such that #PSA_ALG_IS_SIGN_HASH(\p alg) + * is true), that is compatible with * the type of \p key. * \param[in] hash The hash or message whose signature is to be * verified. @@ -3682,6 +3686,7 @@ psa_status_t psa_key_derivation_output_bytes( * The following key types defined in this specification follow this scheme: * * - #PSA_KEY_TYPE_AES; + * - #PSA_KEY_TYPE_ARIA; * - #PSA_KEY_TYPE_CAMELLIA; * - #PSA_KEY_TYPE_DERIVE; * - #PSA_KEY_TYPE_HMAC; diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index b05660f7e1..8075caf660 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -77,6 +77,41 @@ typedef struct #define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}} +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) +#define MBEDTLS_PSA_BUILTIN_AEAD 1 +#endif + +/* Context structure for the Mbed TLS AEAD implementation. */ +typedef struct +{ + psa_algorithm_t MBEDTLS_PRIVATE(alg); + psa_key_type_t MBEDTLS_PRIVATE(key_type); + + unsigned int MBEDTLS_PRIVATE(is_encrypt) : 1; + + uint8_t MBEDTLS_PRIVATE(tag_length); + + union + { + unsigned dummy; /* Enable easier initializing of the union. */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + mbedtls_ccm_context MBEDTLS_PRIVATE(ccm); +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + mbedtls_gcm_context MBEDTLS_PRIVATE(gcm); +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + mbedtls_chachapoly_context MBEDTLS_PRIVATE(chachapoly); +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + + } ctx; + +} mbedtls_psa_aead_operation_t; + +#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, {0}} + /* * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY. */ @@ -88,6 +123,10 @@ typedef mbedtls_psa_mac_operation_t mbedtls_opaque_test_driver_mac_operation_t; #define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT #define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT +typedef mbedtls_psa_aead_operation_t mbedtls_transparent_test_driver_aead_operation_t; + +#define MBEDTLS_TRANSPARENT_TEST_DRIVER_AEAD_OPERATION_INIT MBEDTLS_PSA_AEAD_OPERATION_INIT + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */ diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 64d8c58169..6476e3cffb 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -111,6 +111,7 @@ #define PSA_WANT_KEY_TYPE_DERIVE 1 #define PSA_WANT_KEY_TYPE_HMAC 1 #define PSA_WANT_KEY_TYPE_AES 1 +#define PSA_WANT_KEY_TYPE_ARIA 1 #define PSA_WANT_KEY_TYPE_CAMELLIA 1 #define PSA_WANT_KEY_TYPE_CHACHA20 1 #define PSA_WANT_KEY_TYPE_DES 1 diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h index 239fdcb337..957986c22f 100644 --- a/include/psa/crypto_driver_contexts_composites.h +++ b/include/psa/crypto_driver_contexts_composites.h @@ -58,5 +58,13 @@ typedef union { #endif } psa_driver_mac_context_t; +typedef union { + unsigned dummy; /* Make sure this union is always non-empty */ + mbedtls_psa_aead_operation_t mbedtls_ctx; +#if defined(PSA_CRYPTO_DRIVER_TEST) + mbedtls_transparent_test_driver_aead_operation_t transparent_test_driver_ctx; +#endif +} psa_driver_aead_context_t; + #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */ /* End of automatically generated file. */ diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 4c67f10afa..af8a4a69ed 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -79,6 +79,38 @@ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \ 0) +/** The input block size of a hash algorithm, in bytes. + * + * Hash algorithms process their input data in blocks. Hash operations will + * retain any partial blocks until they have enough input to fill the block or + * until the operation is finished. + * This affects the output from psa_hash_suspend(). + * + * \param alg A hash algorithm (\c PSA_ALG_XXX value such that + * PSA_ALG_IS_HASH(\p alg) is true). + * + * \return The block size in bytes for the specified hash algorithm. + * If the hash algorithm is not recognized, return 0. + * An implementation can return either 0 or the correct size for a + * hash algorithm that it recognizes, but does not support. + */ +#define PSA_HASH_BLOCK_LENGTH(alg) \ + ( \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72 : \ + 0) + /** \def PSA_HASH_MAX_SIZE * * Maximum size of a hash. @@ -959,7 +991,8 @@ (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \ (key_type) == PSA_KEY_TYPE_CHACHA20 && \ (alg) == PSA_ALG_STREAM_CIPHER ? 12 : \ - 0) + (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13 : \ + 0) /** The maximum IV size for all supported cipher algorithms, in bytes. * diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 381abf9605..26894156c5 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -72,6 +72,8 @@ extern "C" { #include "mbedtls/cmac.h" #include "mbedtls/gcm.h" +#include "mbedtls/ccm.h" +#include "mbedtls/chachapoly.h" /* Include the context definition for the compiled-in drivers for the primitive * algorithms. */ @@ -148,19 +150,31 @@ static inline struct psa_mac_operation_s psa_mac_operation_init( void ) struct psa_aead_operation_s { + + /** Unique ID indicating which driver got assigned to do the + * operation. Since driver contexts are driver-specific, swapping + * drivers halfway through the operation is not supported. + * ID values are auto-generated in psa_crypto_driver_wrappers.h + * ID value zero means the context is not valid or not assigned to + * any driver (i.e. none of the driver contexts are active). */ + unsigned int MBEDTLS_PRIVATE(id); + psa_algorithm_t MBEDTLS_PRIVATE(alg); - unsigned int MBEDTLS_PRIVATE(key_set) : 1; - unsigned int MBEDTLS_PRIVATE(iv_set) : 1; - uint8_t MBEDTLS_PRIVATE(iv_size); - uint8_t MBEDTLS_PRIVATE(block_size); - union - { - unsigned MBEDTLS_PRIVATE(dummy); /* Enable easier initializing of the union. */ - mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher); - } MBEDTLS_PRIVATE(ctx); + psa_key_type_t MBEDTLS_PRIVATE(key_type); + + size_t MBEDTLS_PRIVATE(ad_remaining); + size_t MBEDTLS_PRIVATE(body_remaining); + + unsigned int MBEDTLS_PRIVATE(nonce_set) : 1; + unsigned int MBEDTLS_PRIVATE(lengths_set) : 1; + unsigned int MBEDTLS_PRIVATE(ad_started) : 1; + unsigned int MBEDTLS_PRIVATE(body_started) : 1; + unsigned int MBEDTLS_PRIVATE(is_encrypt) : 1; + + psa_driver_aead_context_t MBEDTLS_PRIVATE(ctx); }; -#define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, { 0 } } +#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}} static inline struct psa_aead_operation_s psa_aead_operation_init( void ) { const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT; diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index daef9416cc..5a903f86ab 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -466,6 +466,10 @@ */ #define PSA_KEY_TYPE_AES ((psa_key_type_t)0x2400) +/** Key for a cipher, AEAD or MAC algorithm based on the + * ARIA block cipher. */ +#define PSA_KEY_TYPE_ARIA ((psa_key_type_t)0x2406) + /** Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES). * * The size of the key can be 64 bits (single DES), 128 bits (2-key 3DES) or @@ -843,6 +847,9 @@ (PSA_ALG_IS_KEY_DERIVATION(alg) && \ (alg) & PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG) +/** An invalid algorithm identifier value. */ +#define PSA_ALG_NONE ((psa_algorithm_t)0) + #define PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff) /** MD5 */ #define PSA_ALG_MD5 ((psa_algorithm_t)0x02000003) @@ -886,7 +893,7 @@ * algorithm parametrized with any supported hash. * * That is, suppose that `PSA_xxx_SIGNATURE` is one of the following macros: - * - #PSA_ALG_RSA_PKCS1V15_SIGN, #PSA_ALG_RSA_PSS, + * - #PSA_ALG_RSA_PKCS1V15_SIGN, #PSA_ALG_RSA_PSS, #PSA_ALG_RSA_PSS_ANY_SALT, * - #PSA_ALG_ECDSA, #PSA_ALG_DETERMINISTIC_ECDSA. * Then you may create and use a key as follows: * - Set the key usage field using #PSA_ALG_ANY_HASH, for example: @@ -1195,6 +1202,17 @@ */ #define PSA_ALG_CCM ((psa_algorithm_t)0x05500100) +/** The CCM* cipher mode without authentication. + * + * This is CCM* as specified in IEEE 802.15.4 §7, with a tag length of 0. + * For CCM* with a nonzero tag length, use the AEAD algorithm #PSA_ALG_CCM. + * + * The underlying block cipher is determined by the key type. + * + * Currently only 13-byte long IV's are supported. + */ +#define PSA_ALG_CCM_STAR_NO_TAG ((psa_algorithm_t)0x04c01300) + /** The GCM authenticated encryption algorithm. * * The underlying block cipher is determined by the key type. @@ -1341,6 +1359,7 @@ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE) #define PSA_ALG_RSA_PSS_BASE ((psa_algorithm_t)0x06000300) +#define PSA_ALG_RSA_PSS_ANY_SALT_BASE ((psa_algorithm_t)0x06001300) /** RSA PSS signature with hashing. * * This is the signature scheme defined by RFC 8017 @@ -1361,9 +1380,72 @@ */ #define PSA_ALG_RSA_PSS(hash_alg) \ (PSA_ALG_RSA_PSS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) -#define PSA_ALG_IS_RSA_PSS(alg) \ + +/** RSA PSS signature with hashing with relaxed verification. + * + * This algorithm has the same behavior as #PSA_ALG_RSA_PSS when signing, + * but allows an arbitrary salt length (including \c 0) when verifying a + * signature. + * + * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_HASH(\p hash_alg) is true). + * This includes #PSA_ALG_ANY_HASH + * when specifying the algorithm in a usage policy. + * + * \return The corresponding RSA PSS signature algorithm. + * \return Unspecified if \p hash_alg is not a supported + * hash algorithm. + */ +#define PSA_ALG_RSA_PSS_ANY_SALT(hash_alg) \ + (PSA_ALG_RSA_PSS_ANY_SALT_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) + +/** Whether the specified algorithm is RSA PSS with standard salt. + * + * \param alg An algorithm value or an algorithm policy wildcard. + * + * \return 1 if \p alg is of the form + * #PSA_ALG_RSA_PSS(\c hash_alg), + * where \c hash_alg is a hash algorithm or + * #PSA_ALG_ANY_HASH. 0 otherwise. + * This macro may return either 0 or 1 if \p alg is not + * a supported algorithm identifier or policy. + */ +#define PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) \ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE) +/** Whether the specified algorithm is RSA PSS with any salt. + * + * \param alg An algorithm value or an algorithm policy wildcard. + * + * \return 1 if \p alg is of the form + * #PSA_ALG_RSA_PSS_ANY_SALT_BASE(\c hash_alg), + * where \c hash_alg is a hash algorithm or + * #PSA_ALG_ANY_HASH. 0 otherwise. + * This macro may return either 0 or 1 if \p alg is not + * a supported algorithm identifier or policy. + */ +#define PSA_ALG_IS_RSA_PSS_ANY_SALT(alg) \ + (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_ANY_SALT_BASE) + +/** Whether the specified algorithm is RSA PSS. + * + * This includes any of the RSA PSS algorithm variants, regardless of the + * constraints on salt length. + * + * \param alg An algorithm value or an algorithm policy wildcard. + * + * \return 1 if \p alg is of the form + * #PSA_ALG_RSA_PSS(\c hash_alg) or + * #PSA_ALG_RSA_PSS_ANY_SALT_BASE(\c hash_alg), + * where \c hash_alg is a hash algorithm or + * #PSA_ALG_ANY_HASH. 0 otherwise. + * This macro may return either 0 or 1 if \p alg is not + * a supported algorithm identifier or policy. + */ +#define PSA_ALG_IS_RSA_PSS(alg) \ + (PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) || \ + PSA_ALG_IS_RSA_PSS_ANY_SALT(alg)) + #define PSA_ALG_ECDSA_BASE ((psa_algorithm_t)0x06000600) /** ECDSA signature with hashing. * @@ -1521,20 +1603,24 @@ * file. */ #define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) 0 -/** Whether the specified algorithm is a hash-and-sign algorithm. +/** Whether the specified algorithm is a signature algorithm that can be used + * with psa_sign_hash() and psa_verify_hash(). * - * Hash-and-sign algorithms are asymmetric (public-key) signature algorithms - * structured in two parts: first the calculation of a hash in a way that - * does not depend on the key, then the calculation of a signature from the - * hash value and the key. + * This encompasses all strict hash-and-sign algorithms categorized by + * PSA_ALG_IS_HASH_AND_SIGN(), as well as algorithms that follow the + * paradigm more loosely: + * - #PSA_ALG_RSA_PKCS1V15_SIGN_RAW (expects its input to be an encoded hash) + * - #PSA_ALG_ECDSA_ANY (doesn't specify what kind of hash the input is) * - * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * \param alg An algorithm identifier (value of type psa_algorithm_t). * - * \return 1 if \p alg is a hash-and-sign algorithm, 0 otherwise. - * This macro may return either 0 or 1 if \p alg is not a supported - * algorithm identifier. + * \return 1 if alg is a signature algorithm that can be used to sign a + * hash. 0 if alg is a signature algorithm that can only be used + * to sign a message. 0 if alg is not a signature algorithm. + * This macro can return either 0 or 1 if alg is not a + * supported algorithm identifier. */ -#define PSA_ALG_IS_HASH_AND_SIGN(alg) \ +#define PSA_ALG_IS_SIGN_HASH(alg) \ (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \ PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) || \ PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg)) @@ -1551,7 +1637,37 @@ * supported algorithm identifier. */ #define PSA_ALG_IS_SIGN_MESSAGE(alg) \ - (PSA_ALG_IS_HASH_AND_SIGN(alg) || (alg) == PSA_ALG_PURE_EDDSA ) + (PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA ) + +/** Whether the specified algorithm is a hash-and-sign algorithm. + * + * Hash-and-sign algorithms are asymmetric (public-key) signature algorithms + * structured in two parts: first the calculation of a hash in a way that + * does not depend on the key, then the calculation of a signature from the + * hash value and the key. Hash-and-sign algorithms encode the hash + * used for the hashing step, and you can call #PSA_ALG_SIGN_GET_HASH + * to extract this algorithm. + * + * Thus, for a hash-and-sign algorithm, + * `psa_sign_message(key, alg, input, ...)` is equivalent to + * ``` + * psa_hash_compute(PSA_ALG_SIGN_GET_HASH(alg), input, ..., hash, ...); + * psa_sign_hash(key, alg, hash, ..., signature, ...); + * ``` + * Most usefully, separating the hash from the signature allows the hash + * to be calculated in multiple steps with psa_hash_setup(), psa_hash_update() + * and psa_hash_finish(). Likewise psa_verify_message() is equivalent to + * calculating the hash and then calling psa_verify_hash(). + * + * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * + * \return 1 if \p alg is a hash-and-sign algorithm, 0 otherwise. + * This macro may return either 0 or 1 if \p alg is not a supported + * algorithm identifier. + */ +#define PSA_ALG_IS_HASH_AND_SIGN(alg) \ + (PSA_ALG_IS_SIGN_HASH(alg) && \ + ((alg) & PSA_ALG_HASH_MASK) != 0) /** Get the hash used by a hash-and-sign signature algorithm. * @@ -1573,7 +1689,6 @@ */ #define PSA_ALG_SIGN_GET_HASH(alg) \ (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \ - ((alg) & PSA_ALG_HASH_MASK) == 0 ? /*"raw" algorithm*/ 0 : \ ((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \ 0) @@ -2064,6 +2179,9 @@ #define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000) +/** The null key identifier. + */ +#define PSA_KEY_ID_NULL ((psa_key_id_t)0) /** The minimum value for a key identifier chosen by the application. */ #define PSA_KEY_ID_USER_MIN ((psa_key_id_t)0x00000001) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index bad8839f3e..caac2d5210 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -107,8 +107,47 @@ set(src_tls ssl_tls13_keys.c ssl_tls13_server.c ssl_tls13_client.c + ssl_tls13_generic.c ) +if(GEN_FILES) + find_package(Perl REQUIRED) + + file(GLOB error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/*.h) + add_custom_command( + OUTPUT + ${CMAKE_CURRENT_BINARY_DIR}/error.c + COMMAND + ${PERL_EXECUTABLE} + ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl + ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls + ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files + ${CMAKE_CURRENT_BINARY_DIR}/error.c + DEPENDS + ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl + ${error_headers} + ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/error.fmt + ) + + add_custom_command( + OUTPUT + ${CMAKE_CURRENT_BINARY_DIR}/version_features.c + COMMAND + ${PERL_EXECUTABLE} + ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl + ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls + ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files + ${CMAKE_CURRENT_BINARY_DIR}/version_features.c + DEPENDS + ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl + ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h + ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/version_features.fmt + ) +else() + link_to_source(error.c) + link_to_source(version_features.c) +endif() + if(CMAKE_COMPILER_IS_GNUCC) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes") endif(CMAKE_COMPILER_IS_GNUCC) diff --git a/library/Makefile b/library/Makefile index 1677a29675..bd116be82c 100644 --- a/library/Makefile +++ b/library/Makefile @@ -170,6 +170,7 @@ OBJS_TLS= \ ssl_tls13_keys.o \ ssl_tls13_client.o \ ssl_tls13_server.o \ + ssl_tls13_generic.o \ # This line is intentionally left blank .SILENT: @@ -186,6 +187,14 @@ static: libmbedcrypto.a libmbedx509.a libmbedtls.a shared: libmbedcrypto.$(DLEXT) libmbedx509.$(DLEXT) libmbedtls.$(DLEXT) +# Windows builds under Mingw can fail if make tries to create archives in the same +# directory at the same time - see https://bugs.launchpad.net/gcc-arm-embedded/+bug/1848002. +# This forces builds of the .a files to be serialised. +ifdef WINDOWS +libmbedtls.a: | libmbedx509.a +libmbedx509.a: | libmbedcrypto.a +endif + # tls libmbedtls.a: $(OBJS_TLS) echo " AR $@" @@ -199,7 +208,7 @@ endif libmbedtls.$(SOEXT_TLS): $(OBJS_TLS) libmbedx509.so echo " LD $@" - $(CC) -shared -Wl,-soname,$@ -L. -lmbedcrypto -lmbedx509 $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_TLS) + $(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_TLS) -L. -lmbedx509 -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) libmbedtls.so: libmbedtls.$(SOEXT_TLS) echo " LN $@ -> $<" @@ -207,11 +216,11 @@ libmbedtls.so: libmbedtls.$(SOEXT_TLS) libmbedtls.dylib: $(OBJS_TLS) libmbedx509.dylib echo " LD $@" - $(CC) -dynamiclib -L. -lmbedcrypto -lmbedx509 $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_TLS) + $(CC) -dynamiclib -o $@ $(OBJS_TLS) -L. -lmbedx509 -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll echo " LD $@" - $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_TLS) -lws2_32 -lwinmm -lgdi32 -L. -lmbedcrypto -lmbedx509 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS) + $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_TLS) -lws2_32 -lwinmm -lgdi32 -L. -lmbedx509 -lmbedcrypto -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS) # x509 libmbedx509.a: $(OBJS_X509) @@ -226,7 +235,7 @@ endif libmbedx509.$(SOEXT_X509): $(OBJS_X509) libmbedcrypto.so echo " LD $@" - $(CC) -shared -Wl,-soname,$@ -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509) + $(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_X509) -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) libmbedx509.so: libmbedx509.$(SOEXT_X509) echo " LN $@ -> $<" @@ -234,7 +243,7 @@ libmbedx509.so: libmbedx509.$(SOEXT_X509) libmbedx509.dylib: $(OBJS_X509) libmbedcrypto.dylib echo " LD $@" - $(CC) -dynamiclib -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509) + $(CC) -dynamiclib -o $@ $(OBJS_X509) -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll echo " LD $@" @@ -253,7 +262,7 @@ endif libmbedcrypto.$(SOEXT_CRYPTO): $(OBJS_CRYPTO) echo " LD $@" - $(CC) -shared -Wl,-soname,$@ $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_CRYPTO) + $(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_CRYPTO) $(LOCAL_LDFLAGS) $(LDFLAGS) libmbedcrypto.so: libmbedcrypto.$(SOEXT_CRYPTO) echo " LN $@ -> $<" @@ -261,7 +270,7 @@ libmbedcrypto.so: libmbedcrypto.$(SOEXT_CRYPTO) libmbedcrypto.dylib: $(OBJS_CRYPTO) echo " LD $@" - $(CC) -dynamiclib $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_CRYPTO) + $(CC) -dynamiclib -o $@ $(OBJS_CRYPTO) $(LOCAL_LDFLAGS) $(LDFLAGS) libmbedcrypto.dll: $(OBJS_CRYPTO) echo " LD $@" diff --git a/library/aes.c b/library/aes.c index a15a80924a..4afc3c48ae 100644 --- a/library/aes.c +++ b/library/aes.c @@ -57,29 +57,6 @@ #define AES_VALIDATE( cond ) \ MBEDTLS_INTERNAL_VALIDATE( cond ) -/* - * 32-bit integer manipulation macros (little endian) - */ -#ifndef GET_UINT32_LE -#define GET_UINT32_LE(n,b,i) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] ) \ - | ( (uint32_t) (b)[(i) + 1] << 8 ) \ - | ( (uint32_t) (b)[(i) + 2] << 16 ) \ - | ( (uint32_t) (b)[(i) + 3] << 24 ); \ -} -#endif - -#ifndef PUT_UINT32_LE -#define PUT_UINT32_LE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \ - (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \ - (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \ - (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \ -} -#endif - #if defined(MBEDTLS_PADLOCK_C) && \ ( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) ) static int aes_padlock_ace = -1; @@ -409,7 +386,7 @@ static void aes_gen_tables( void ) { pow[i] = x; log[x] = i; - x = ( x ^ XTIME( x ) ) & 0xFF; + x = MBEDTLS_BYTE_0( x ^ XTIME( x ) ); } /* @@ -418,7 +395,7 @@ static void aes_gen_tables( void ) for( i = 0, x = 1; i < 10; i++ ) { RCON[i] = (uint32_t) x; - x = XTIME( x ) & 0xFF; + x = MBEDTLS_BYTE_0( XTIME( x ) ); } /* @@ -431,10 +408,10 @@ static void aes_gen_tables( void ) { x = pow[255 - log[i]]; - y = x; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF; - x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF; - x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF; - x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF; + y = x; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) ); + x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) ); + x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) ); + x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) ); x ^= y ^ 0x63; FSb[i] = (unsigned char) x; @@ -447,8 +424,8 @@ static void aes_gen_tables( void ) for( i = 0; i < 256; i++ ) { x = FSb[i]; - y = XTIME( x ) & 0xFF; - z = ( y ^ x ) & 0xFF; + y = MBEDTLS_BYTE_0( XTIME( x ) ); + z = MBEDTLS_BYTE_0( y ^ x ); FT0[i] = ( (uint32_t) y ) ^ ( (uint32_t) x << 8 ) ^ @@ -590,7 +567,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, for( i = 0; i < ( keybits >> 5 ); i++ ) { - GET_UINT32_LE( RK[i], key, i << 2 ); + RK[i] = MBEDTLS_GET_UINT32_LE( key, i << 2 ); } switch( ctx->nr ) @@ -600,10 +577,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, for( i = 0; i < 10; i++, RK += 4 ) { RK[4] = RK[0] ^ RCON[i] ^ - ( (uint32_t) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( RK[3] ) & 0xFF ] << 24 ); + ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[3] ) ] ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[3] ) ] << 8 ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[3] ) ] << 16 ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[3] ) ] << 24 ); RK[5] = RK[1] ^ RK[4]; RK[6] = RK[2] ^ RK[5]; @@ -616,10 +593,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, for( i = 0; i < 8; i++, RK += 6 ) { RK[6] = RK[0] ^ RCON[i] ^ - ( (uint32_t) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( RK[5] ) & 0xFF ] << 24 ); + ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[5] ) ] ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[5] ) ] << 8 ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[5] ) ] << 16 ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[5] ) ] << 24 ); RK[7] = RK[1] ^ RK[6]; RK[8] = RK[2] ^ RK[7]; @@ -634,20 +611,20 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, for( i = 0; i < 7; i++, RK += 8 ) { RK[8] = RK[0] ^ RCON[i] ^ - ( (uint32_t) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( RK[7] ) & 0xFF ] << 24 ); + ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[7] ) ] ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[7] ) ] << 8 ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[7] ) ] << 16 ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[7] ) ] << 24 ); RK[9] = RK[1] ^ RK[8]; RK[10] = RK[2] ^ RK[9]; RK[11] = RK[3] ^ RK[10]; RK[12] = RK[4] ^ - ( (uint32_t) FSb[ ( RK[11] ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 ); + ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[11] ) ] ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[11] ) ] << 8 ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[11] ) ] << 16 ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[11] ) ] << 24 ); RK[13] = RK[5] ^ RK[12]; RK[14] = RK[6] ^ RK[13]; @@ -713,10 +690,10 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, { for( j = 0; j < 4; j++, SK++ ) { - *RK++ = AES_RT0( FSb[ ( *SK ) & 0xFF ] ) ^ - AES_RT1( FSb[ ( *SK >> 8 ) & 0xFF ] ) ^ - AES_RT2( FSb[ ( *SK >> 16 ) & 0xFF ] ) ^ - AES_RT3( FSb[ ( *SK >> 24 ) & 0xFF ] ); + *RK++ = AES_RT0( FSb[ MBEDTLS_BYTE_0( *SK ) ] ) ^ + AES_RT1( FSb[ MBEDTLS_BYTE_1( *SK ) ] ) ^ + AES_RT2( FSb[ MBEDTLS_BYTE_2( *SK ) ] ) ^ + AES_RT3( FSb[ MBEDTLS_BYTE_3( *SK ) ] ); } } @@ -809,52 +786,52 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, } #endif /* MBEDTLS_CIPHER_MODE_XTS */ -#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ - do \ - { \ - (X0) = *RK++ ^ AES_FT0( ( (Y0) ) & 0xFF ) ^ \ - AES_FT1( ( (Y1) >> 8 ) & 0xFF ) ^ \ - AES_FT2( ( (Y2) >> 16 ) & 0xFF ) ^ \ - AES_FT3( ( (Y3) >> 24 ) & 0xFF ); \ - \ - (X1) = *RK++ ^ AES_FT0( ( (Y1) ) & 0xFF ) ^ \ - AES_FT1( ( (Y2) >> 8 ) & 0xFF ) ^ \ - AES_FT2( ( (Y3) >> 16 ) & 0xFF ) ^ \ - AES_FT3( ( (Y0) >> 24 ) & 0xFF ); \ - \ - (X2) = *RK++ ^ AES_FT0( ( (Y2) ) & 0xFF ) ^ \ - AES_FT1( ( (Y3) >> 8 ) & 0xFF ) ^ \ - AES_FT2( ( (Y0) >> 16 ) & 0xFF ) ^ \ - AES_FT3( ( (Y1) >> 24 ) & 0xFF ); \ - \ - (X3) = *RK++ ^ AES_FT0( ( (Y3) ) & 0xFF ) ^ \ - AES_FT1( ( (Y0) >> 8 ) & 0xFF ) ^ \ - AES_FT2( ( (Y1) >> 16 ) & 0xFF ) ^ \ - AES_FT3( ( (Y2) >> 24 ) & 0xFF ); \ +#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ + do \ + { \ + (X0) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y0 ) ) ^ \ + AES_FT1( MBEDTLS_BYTE_1( Y1 ) ) ^ \ + AES_FT2( MBEDTLS_BYTE_2( Y2 ) ) ^ \ + AES_FT3( MBEDTLS_BYTE_3( Y3 ) ); \ + \ + (X1) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y1 ) ) ^ \ + AES_FT1( MBEDTLS_BYTE_1( Y2 ) ) ^ \ + AES_FT2( MBEDTLS_BYTE_2( Y3 ) ) ^ \ + AES_FT3( MBEDTLS_BYTE_3( Y0 ) ); \ + \ + (X2) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y2 ) ) ^ \ + AES_FT1( MBEDTLS_BYTE_1( Y3 ) ) ^ \ + AES_FT2( MBEDTLS_BYTE_2( Y0 ) ) ^ \ + AES_FT3( MBEDTLS_BYTE_3( Y1 ) ); \ + \ + (X3) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y3 ) ) ^ \ + AES_FT1( MBEDTLS_BYTE_1( Y0 ) ) ^ \ + AES_FT2( MBEDTLS_BYTE_2( Y1 ) ) ^ \ + AES_FT3( MBEDTLS_BYTE_3( Y2 ) ); \ } while( 0 ) #define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ do \ { \ - (X0) = *RK++ ^ AES_RT0( ( (Y0) ) & 0xFF ) ^ \ - AES_RT1( ( (Y3) >> 8 ) & 0xFF ) ^ \ - AES_RT2( ( (Y2) >> 16 ) & 0xFF ) ^ \ - AES_RT3( ( (Y1) >> 24 ) & 0xFF ); \ + (X0) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y0 ) ) ^ \ + AES_RT1( MBEDTLS_BYTE_1( Y3 ) ) ^ \ + AES_RT2( MBEDTLS_BYTE_2( Y2 ) ) ^ \ + AES_RT3( MBEDTLS_BYTE_3( Y1 ) ); \ \ - (X1) = *RK++ ^ AES_RT0( ( (Y1) ) & 0xFF ) ^ \ - AES_RT1( ( (Y0) >> 8 ) & 0xFF ) ^ \ - AES_RT2( ( (Y3) >> 16 ) & 0xFF ) ^ \ - AES_RT3( ( (Y2) >> 24 ) & 0xFF ); \ + (X1) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y1 ) ) ^ \ + AES_RT1( MBEDTLS_BYTE_1( Y0 ) ) ^ \ + AES_RT2( MBEDTLS_BYTE_2( Y3 ) ) ^ \ + AES_RT3( MBEDTLS_BYTE_3( Y2 ) ); \ \ - (X2) = *RK++ ^ AES_RT0( ( (Y2) ) & 0xFF ) ^ \ - AES_RT1( ( (Y1) >> 8 ) & 0xFF ) ^ \ - AES_RT2( ( (Y0) >> 16 ) & 0xFF ) ^ \ - AES_RT3( ( (Y3) >> 24 ) & 0xFF ); \ + (X2) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y2 ) ) ^ \ + AES_RT1( MBEDTLS_BYTE_1( Y1 ) ) ^ \ + AES_RT2( MBEDTLS_BYTE_2( Y0 ) ) ^ \ + AES_RT3( MBEDTLS_BYTE_3( Y3 ) ); \ \ - (X3) = *RK++ ^ AES_RT0( ( (Y3) ) & 0xFF ) ^ \ - AES_RT1( ( (Y2) >> 8 ) & 0xFF ) ^ \ - AES_RT2( ( (Y1) >> 16 ) & 0xFF ) ^ \ - AES_RT3( ( (Y0) >> 24 ) & 0xFF ); \ + (X3) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y3 ) ) ^ \ + AES_RT1( MBEDTLS_BYTE_1( Y2 ) ) ^ \ + AES_RT2( MBEDTLS_BYTE_2( Y1 ) ) ^ \ + AES_RT3( MBEDTLS_BYTE_3( Y0 ) ); \ } while( 0 ) /* @@ -873,10 +850,10 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, uint32_t Y[4]; } t; - GET_UINT32_LE( t.X[0], input, 0 ); t.X[0] ^= *RK++; - GET_UINT32_LE( t.X[1], input, 4 ); t.X[1] ^= *RK++; - GET_UINT32_LE( t.X[2], input, 8 ); t.X[2] ^= *RK++; - GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++; + t.X[0] = MBEDTLS_GET_UINT32_LE( input, 0 ); t.X[0] ^= *RK++; + t.X[1] = MBEDTLS_GET_UINT32_LE( input, 4 ); t.X[1] ^= *RK++; + t.X[2] = MBEDTLS_GET_UINT32_LE( input, 8 ); t.X[2] ^= *RK++; + t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++; for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- ) { @@ -887,33 +864,33 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); t.X[0] = *RK++ ^ \ - ( (uint32_t) FSb[ ( t.Y[0] ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 ); + ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[0] ) ] ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] << 8 ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 ); t.X[1] = *RK++ ^ \ - ( (uint32_t) FSb[ ( t.Y[1] ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 ); + ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[1] ) ] ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] << 8 ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 ); t.X[2] = *RK++ ^ \ - ( (uint32_t) FSb[ ( t.Y[2] ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 ); + ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[2] ) ] ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] << 8 ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 ); t.X[3] = *RK++ ^ \ - ( (uint32_t) FSb[ ( t.Y[3] ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 ); + ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[3] ) ] ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] << 8 ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^ + ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 ); - PUT_UINT32_LE( t.X[0], output, 0 ); - PUT_UINT32_LE( t.X[1], output, 4 ); - PUT_UINT32_LE( t.X[2], output, 8 ); - PUT_UINT32_LE( t.X[3], output, 12 ); + MBEDTLS_PUT_UINT32_LE( t.X[0], output, 0 ); + MBEDTLS_PUT_UINT32_LE( t.X[1], output, 4 ); + MBEDTLS_PUT_UINT32_LE( t.X[2], output, 8 ); + MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 ); mbedtls_platform_zeroize( &t, sizeof( t ) ); @@ -937,10 +914,10 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, uint32_t Y[4]; } t; - GET_UINT32_LE( t.X[0], input, 0 ); t.X[0] ^= *RK++; - GET_UINT32_LE( t.X[1], input, 4 ); t.X[1] ^= *RK++; - GET_UINT32_LE( t.X[2], input, 8 ); t.X[2] ^= *RK++; - GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++; + t.X[0] = MBEDTLS_GET_UINT32_LE( input, 0 ); t.X[0] ^= *RK++; + t.X[1] = MBEDTLS_GET_UINT32_LE( input, 4 ); t.X[1] ^= *RK++; + t.X[2] = MBEDTLS_GET_UINT32_LE( input, 8 ); t.X[2] ^= *RK++; + t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++; for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- ) { @@ -951,33 +928,33 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); t.X[0] = *RK++ ^ \ - ( (uint32_t) RSb[ ( t.Y[0] ) & 0xFF ] ) ^ - ( (uint32_t) RSb[ ( t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) RSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) RSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 ); + ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[0] ) ] ) ^ + ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] << 8 ) ^ + ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^ + ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 ); t.X[1] = *RK++ ^ \ - ( (uint32_t) RSb[ ( t.Y[1] ) & 0xFF ] ) ^ - ( (uint32_t) RSb[ ( t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) RSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) RSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 ); + ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[1] ) ] ) ^ + ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] << 8 ) ^ + ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^ + ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 ); t.X[2] = *RK++ ^ \ - ( (uint32_t) RSb[ ( t.Y[2] ) & 0xFF ] ) ^ - ( (uint32_t) RSb[ ( t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) RSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) RSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 ); + ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[2] ) ] ) ^ + ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] << 8 ) ^ + ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^ + ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 ); t.X[3] = *RK++ ^ \ - ( (uint32_t) RSb[ ( t.Y[3] ) & 0xFF ] ) ^ - ( (uint32_t) RSb[ ( t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) RSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) RSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 ); + ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[3] ) ] ) ^ + ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] << 8 ) ^ + ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^ + ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 ); - PUT_UINT32_LE( t.X[0], output, 0 ); - PUT_UINT32_LE( t.X[1], output, 4 ); - PUT_UINT32_LE( t.X[2], output, 8 ); - PUT_UINT32_LE( t.X[3], output, 12 ); + MBEDTLS_PUT_UINT32_LE( t.X[0], output, 0 ); + MBEDTLS_PUT_UINT32_LE( t.X[1], output, 4 ); + MBEDTLS_PUT_UINT32_LE( t.X[2], output, 8 ); + MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 ); mbedtls_platform_zeroize( &t, sizeof( t ) ); @@ -1034,6 +1011,7 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, unsigned char *output ) { int i; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char temp[16]; AES_VALIDATE_RET( ctx != NULL ); @@ -1063,7 +1041,9 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, while( length > 0 ) { memcpy( temp, input, 16 ); - mbedtls_aes_crypt_ecb( ctx, mode, input, output ); + ret = mbedtls_aes_crypt_ecb( ctx, mode, input, output ); + if( ret != 0 ) + goto exit; for( i = 0; i < 16; i++ ) output[i] = (unsigned char)( output[i] ^ iv[i] ); @@ -1082,7 +1062,9 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, for( i = 0; i < 16; i++ ) output[i] = (unsigned char)( input[i] ^ iv[i] ); - mbedtls_aes_crypt_ecb( ctx, mode, output, output ); + ret = mbedtls_aes_crypt_ecb( ctx, mode, output, output ); + if( ret != 0 ) + goto exit; memcpy( iv, output, 16 ); input += 16; @@ -1090,42 +1072,15 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, length -= 16; } } + ret = 0; - return( 0 ); +exit: + return( ret ); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_XTS) -/* Endianess with 64 bits values */ -#ifndef GET_UINT64_LE -#define GET_UINT64_LE(n,b,i) \ -{ \ - (n) = ( (uint64_t) (b)[(i) + 7] << 56 ) \ - | ( (uint64_t) (b)[(i) + 6] << 48 ) \ - | ( (uint64_t) (b)[(i) + 5] << 40 ) \ - | ( (uint64_t) (b)[(i) + 4] << 32 ) \ - | ( (uint64_t) (b)[(i) + 3] << 24 ) \ - | ( (uint64_t) (b)[(i) + 2] << 16 ) \ - | ( (uint64_t) (b)[(i) + 1] << 8 ) \ - | ( (uint64_t) (b)[(i) ] ); \ -} -#endif - -#ifndef PUT_UINT64_LE -#define PUT_UINT64_LE(n,b,i) \ -{ \ - (b)[(i) + 7] = (unsigned char) ( (n) >> 56 ); \ - (b)[(i) + 6] = (unsigned char) ( (n) >> 48 ); \ - (b)[(i) + 5] = (unsigned char) ( (n) >> 40 ); \ - (b)[(i) + 4] = (unsigned char) ( (n) >> 32 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) ] = (unsigned char) ( (n) ); \ -} -#endif - typedef unsigned char mbedtls_be128[16]; /* @@ -1141,14 +1096,14 @@ static void mbedtls_gf128mul_x_ble( unsigned char r[16], { uint64_t a, b, ra, rb; - GET_UINT64_LE( a, x, 0 ); - GET_UINT64_LE( b, x, 8 ); + a = MBEDTLS_GET_UINT64_LE( x, 0 ); + b = MBEDTLS_GET_UINT64_LE( x, 8 ); ra = ( a << 1 ) ^ 0x0087 >> ( 8 - ( ( b >> 63 ) << 3 ) ); rb = ( a >> 63 ) | ( b << 1 ); - PUT_UINT64_LE( ra, r, 0 ); - PUT_UINT64_LE( rb, r, 8 ); + MBEDTLS_PUT_UINT64_LE( ra, r, 0 ); + MBEDTLS_PUT_UINT64_LE( rb, r, 8 ); } /* @@ -1274,6 +1229,7 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, unsigned char *output ) { int c; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; AES_VALIDATE_RET( ctx != NULL ); @@ -1294,7 +1250,11 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, while( length-- ) { if( n == 0 ) - mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); + { + ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); + if( ret != 0 ) + goto exit; + } c = *input++; *output++ = (unsigned char)( c ^ iv[n] ); @@ -1308,7 +1268,11 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, while( length-- ) { if( n == 0 ) - mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); + { + ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); + if( ret != 0 ) + goto exit; + } iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); @@ -1317,8 +1281,10 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, } *iv_off = n; + ret = 0; - return( 0 ); +exit: + return( ret ); } /* @@ -1331,6 +1297,7 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, const unsigned char *input, unsigned char *output ) { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char c; unsigned char ov[17]; @@ -1343,7 +1310,9 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, while( length-- ) { memcpy( ov, iv, 16 ); - mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); + ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); + if( ret != 0 ) + goto exit; if( mode == MBEDTLS_AES_DECRYPT ) ov[16] = *input; @@ -1355,8 +1324,10 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, memcpy( iv, ov + 1, 16 ); } + ret = 0; - return( 0 ); +exit: + return( ret ); } #endif /* MBEDTLS_CIPHER_MODE_CFB */ @@ -1418,6 +1389,7 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, unsigned char *output ) { int c, i; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; AES_VALIDATE_RET( ctx != NULL ); @@ -1435,7 +1407,9 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, while( length-- ) { if( n == 0 ) { - mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block ); + ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block ); + if( ret != 0 ) + goto exit; for( i = 16; i > 0; i-- ) if( ++nonce_counter[i - 1] != 0 ) @@ -1448,8 +1422,10 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, } *nc_off = n; + ret = 0; - return( 0 ); +exit: + return( ret ); } #endif /* MBEDTLS_CIPHER_MODE_CTR */ diff --git a/library/aria.c b/library/aria.c index a5786b37ab..bc05c4a319 100644 --- a/library/aria.c +++ b/library/aria.c @@ -55,29 +55,6 @@ #define ARIA_VALIDATE( cond ) \ MBEDTLS_INTERNAL_VALIDATE( cond ) -/* - * 32-bit integer manipulation macros (little endian) - */ -#ifndef GET_UINT32_LE -#define GET_UINT32_LE( n, b, i ) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] ) \ - | ( (uint32_t) (b)[(i) + 1] << 8 ) \ - | ( (uint32_t) (b)[(i) + 2] << 16 ) \ - | ( (uint32_t) (b)[(i) + 3] << 24 ); \ -} -#endif - -#ifndef PUT_UINT32_LE -#define PUT_UINT32_LE( n, b, i ) \ -{ \ - (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \ - (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \ - (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \ - (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \ -} -#endif - /* * modify byte order: ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes * @@ -235,22 +212,22 @@ static inline void aria_sl( uint32_t *a, uint32_t *b, const uint8_t sa[256], const uint8_t sb[256], const uint8_t sc[256], const uint8_t sd[256] ) { - *a = ( (uint32_t) sa[ *a & 0xFF] ) ^ - (((uint32_t) sb[(*a >> 8) & 0xFF]) << 8) ^ - (((uint32_t) sc[(*a >> 16) & 0xFF]) << 16) ^ - (((uint32_t) sd[ *a >> 24 ]) << 24); - *b = ( (uint32_t) sa[ *b & 0xFF] ) ^ - (((uint32_t) sb[(*b >> 8) & 0xFF]) << 8) ^ - (((uint32_t) sc[(*b >> 16) & 0xFF]) << 16) ^ - (((uint32_t) sd[ *b >> 24 ]) << 24); - *c = ( (uint32_t) sa[ *c & 0xFF] ) ^ - (((uint32_t) sb[(*c >> 8) & 0xFF]) << 8) ^ - (((uint32_t) sc[(*c >> 16) & 0xFF]) << 16) ^ - (((uint32_t) sd[ *c >> 24 ]) << 24); - *d = ( (uint32_t) sa[ *d & 0xFF] ) ^ - (((uint32_t) sb[(*d >> 8) & 0xFF]) << 8) ^ - (((uint32_t) sc[(*d >> 16) & 0xFF]) << 16) ^ - (((uint32_t) sd[ *d >> 24 ]) << 24); + *a = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *a ) ] ) ^ + (((uint32_t) sb[ MBEDTLS_BYTE_1( *a ) ]) << 8) ^ + (((uint32_t) sc[ MBEDTLS_BYTE_2( *a ) ]) << 16) ^ + (((uint32_t) sd[ MBEDTLS_BYTE_3( *a ) ]) << 24); + *b = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *b ) ] ) ^ + (((uint32_t) sb[ MBEDTLS_BYTE_1( *b ) ]) << 8) ^ + (((uint32_t) sc[ MBEDTLS_BYTE_2( *b ) ]) << 16) ^ + (((uint32_t) sd[ MBEDTLS_BYTE_3( *b ) ]) << 24); + *c = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *c ) ] ) ^ + (((uint32_t) sb[ MBEDTLS_BYTE_1( *c ) ]) << 8) ^ + (((uint32_t) sc[ MBEDTLS_BYTE_2( *c ) ]) << 16) ^ + (((uint32_t) sd[ MBEDTLS_BYTE_3( *c ) ]) << 24); + *d = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *d ) ] ) ^ + (((uint32_t) sb[ MBEDTLS_BYTE_1( *d ) ]) << 8) ^ + (((uint32_t) sc[ MBEDTLS_BYTE_2( *d ) ]) << 16) ^ + (((uint32_t) sd[ MBEDTLS_BYTE_3( *d ) ]) << 24); } /* @@ -408,7 +385,8 @@ static void aria_fe_xor( uint32_t r[4], const uint32_t p[4], * Big endian 128-bit rotation: r = a ^ (b <<< n), used only in key setup. * * We chose to store bytes into 32-bit words in little-endian format (see - * GET/PUT_UINT32_LE) so we need to reverse bytes here. + * MBEDTLS_GET_UINT32_LE / MBEDTLS_PUT_UINT32_LE ) so we need to reverse + * bytes here. */ static void aria_rot128( uint32_t r[4], const uint32_t a[4], const uint32_t b[4], uint8_t n ) @@ -456,21 +434,21 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ); /* Copy key to W0 (and potential remainder to W1) */ - GET_UINT32_LE( w[0][0], key, 0 ); - GET_UINT32_LE( w[0][1], key, 4 ); - GET_UINT32_LE( w[0][2], key, 8 ); - GET_UINT32_LE( w[0][3], key, 12 ); + w[0][0] = MBEDTLS_GET_UINT32_LE( key, 0 ); + w[0][1] = MBEDTLS_GET_UINT32_LE( key, 4 ); + w[0][2] = MBEDTLS_GET_UINT32_LE( key, 8 ); + w[0][3] = MBEDTLS_GET_UINT32_LE( key, 12 ); memset( w[1], 0, 16 ); if( keybits >= 192 ) { - GET_UINT32_LE( w[1][0], key, 16 ); // 192 bit key - GET_UINT32_LE( w[1][1], key, 20 ); + w[1][0] = MBEDTLS_GET_UINT32_LE( key, 16 ); // 192 bit key + w[1][1] = MBEDTLS_GET_UINT32_LE( key, 20 ); } if( keybits == 256 ) { - GET_UINT32_LE( w[1][2], key, 24 ); // 256 bit key - GET_UINT32_LE( w[1][3], key, 28 ); + w[1][2] = MBEDTLS_GET_UINT32_LE( key, 24 ); // 256 bit key + w[1][3] = MBEDTLS_GET_UINT32_LE( key, 28 ); } i = ( keybits - 128 ) >> 6; // index: 0, 1, 2 @@ -547,10 +525,10 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, ARIA_VALIDATE_RET( input != NULL ); ARIA_VALIDATE_RET( output != NULL ); - GET_UINT32_LE( a, input, 0 ); - GET_UINT32_LE( b, input, 4 ); - GET_UINT32_LE( c, input, 8 ); - GET_UINT32_LE( d, input, 12 ); + a = MBEDTLS_GET_UINT32_LE( input, 0 ); + b = MBEDTLS_GET_UINT32_LE( input, 4 ); + c = MBEDTLS_GET_UINT32_LE( input, 8 ); + d = MBEDTLS_GET_UINT32_LE( input, 12 ); i = 0; while( 1 ) @@ -582,10 +560,10 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, c ^= ctx->rk[i][2]; d ^= ctx->rk[i][3]; - PUT_UINT32_LE( a, output, 0 ); - PUT_UINT32_LE( b, output, 4 ); - PUT_UINT32_LE( c, output, 8 ); - PUT_UINT32_LE( d, output, 12 ); + MBEDTLS_PUT_UINT32_LE( a, output, 0 ); + MBEDTLS_PUT_UINT32_LE( b, output, 4 ); + MBEDTLS_PUT_UINT32_LE( c, output, 8 ); + MBEDTLS_PUT_UINT32_LE( d, output, 12 ); return( 0 ); } diff --git a/library/asn1write.c b/library/asn1write.c index 0289e89491..dc61854137 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -60,8 +60,8 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_ if( *p - start < 3 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - *--(*p) = ( len ) & 0xFF; - *--(*p) = ( len >> 8 ) & 0xFF; + *--(*p) = MBEDTLS_BYTE_0( len ); + *--(*p) = MBEDTLS_BYTE_1( len ); *--(*p) = 0x82; return( 3 ); } @@ -71,9 +71,9 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_ if( *p - start < 4 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - *--(*p) = ( len ) & 0xFF; - *--(*p) = ( len >> 8 ) & 0xFF; - *--(*p) = ( len >> 16 ) & 0xFF; + *--(*p) = MBEDTLS_BYTE_0( len ); + *--(*p) = MBEDTLS_BYTE_1( len ); + *--(*p) = MBEDTLS_BYTE_2( len ); *--(*p) = 0x83; return( 4 ); } @@ -85,10 +85,10 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_ if( *p - start < 5 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - *--(*p) = ( len ) & 0xFF; - *--(*p) = ( len >> 8 ) & 0xFF; - *--(*p) = ( len >> 16 ) & 0xFF; - *--(*p) = ( len >> 24 ) & 0xFF; + *--(*p) = MBEDTLS_BYTE_0( len ); + *--(*p) = MBEDTLS_BYTE_1( len ); + *--(*p) = MBEDTLS_BYTE_2( len ); + *--(*p) = MBEDTLS_BYTE_3( len ); *--(*p) = 0x84; return( 5 ); } diff --git a/library/base64.c b/library/base64.c index 1a05226efa..a516c1d4a3 100644 --- a/library/base64.c +++ b/library/base64.c @@ -22,6 +22,7 @@ #if defined(MBEDTLS_BASE64_C) #include "mbedtls/base64.h" +#include "base64_invasive.h" #include @@ -35,127 +36,41 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ -static const unsigned char base64_enc_map[64] = -{ - 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', - 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', - 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', - 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', - 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', - 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', - '8', '9', '+', '/' -}; - -static const unsigned char base64_dec_map[128] = -{ - 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, - 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, - 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, - 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, - 127, 127, 127, 62, 127, 127, 127, 63, 52, 53, - 54, 55, 56, 57, 58, 59, 60, 61, 127, 127, - 127, 64, 127, 127, 127, 0, 1, 2, 3, 4, - 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, - 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, - 25, 127, 127, 127, 127, 127, 127, 26, 27, 28, - 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, - 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, - 49, 50, 51, 127, 127, 127, 127, 127 -}; - #define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ -/* - * Constant flow conditional assignment to unsigned char +/* Return 0xff if low <= c <= high, 0 otherwise. + * + * Constant flow with respect to c. */ -static void mbedtls_base64_cond_assign_uchar( unsigned char * dest, const unsigned char * const src, - unsigned char condition ) +MBEDTLS_STATIC_TESTABLE +unsigned char mbedtls_base64_mask_of_range( unsigned char low, + unsigned char high, + unsigned char c ) { - /* MSVC has a warning about unary minus on unsigned integer types, - * but this is well-defined and precisely what we want to do here. */ -#if defined(_MSC_VER) -#pragma warning( push ) -#pragma warning( disable : 4146 ) -#endif - - /* Generate bitmask from condition, mask will either be 0xFF or 0 */ - unsigned char mask = ( condition | -condition ); - mask >>= 7; - mask = -mask; - -#if defined(_MSC_VER) -#pragma warning( pop ) -#endif - - *dest = ( ( *src ) & mask ) | ( ( *dest ) & ~mask ); + /* low_mask is: 0 if low <= c, 0x...ff if low > c */ + unsigned low_mask = ( (unsigned) c - low ) >> 8; + /* high_mask is: 0 if c <= high, 0x...ff if c > high */ + unsigned high_mask = ( (unsigned) high - c ) >> 8; + return( ~( low_mask | high_mask ) & 0xff ); } -/* - * Constant flow conditional assignment to uint_32 +/* Given a value in the range 0..63, return the corresponding Base64 digit. + * The implementation assumes that letters are consecutive (e.g. ASCII + * but not EBCDIC). */ -static void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t src, - uint32_t condition ) +MBEDTLS_STATIC_TESTABLE +unsigned char mbedtls_base64_enc_char( unsigned char val ) { - /* MSVC has a warning about unary minus on unsigned integer types, - * but this is well-defined and precisely what we want to do here. */ -#if defined(_MSC_VER) -#pragma warning( push ) -#pragma warning( disable : 4146 ) -#endif - - /* Generate bitmask from condition, mask will either be 0xFFFFFFFF or 0 */ - uint32_t mask = ( condition | -condition ); - mask >>= 31; - mask = -mask; - -#if defined(_MSC_VER) -#pragma warning( pop ) -#endif - - *dest = ( src & mask ) | ( ( *dest ) & ~mask ); -} - -/* - * Constant flow check for equality - */ -static unsigned char mbedtls_base64_eq( size_t in_a, size_t in_b ) -{ - size_t difference = in_a ^ in_b; - - /* MSVC has a warning about unary minus on unsigned integer types, - * but this is well-defined and precisely what we want to do here. */ -#if defined(_MSC_VER) -#pragma warning( push ) -#pragma warning( disable : 4146 ) -#endif - - difference |= -difference; - -#if defined(_MSC_VER) -#pragma warning( pop ) -#endif - - /* cope with the varying size of size_t per platform */ - difference >>= ( sizeof( difference ) * 8 - 1 ); - - return (unsigned char) ( 1 ^ difference ); -} - -/* - * Constant flow lookup into table. - */ -static unsigned char mbedtls_base64_table_lookup( const unsigned char * const table, - const size_t table_size, const size_t table_index ) -{ - size_t i; - unsigned char result = 0; - - for( i = 0; i < table_size; ++i ) - { - mbedtls_base64_cond_assign_uchar( &result, &table[i], mbedtls_base64_eq( i, table_index ) ); - } - - return result; + unsigned char digit = 0; + /* For each range of values, if val is in that range, mask digit with + * the corresponding value. Since val can only be in a single range, + * only at most one masking will change digit. */ + digit |= mbedtls_base64_mask_of_range( 0, 25, val ) & ( 'A' + val ); + digit |= mbedtls_base64_mask_of_range( 26, 51, val ) & ( 'a' + val - 26 ); + digit |= mbedtls_base64_mask_of_range( 52, 61, val ) & ( '0' + val - 52 ); + digit |= mbedtls_base64_mask_of_range( 62, 62, val ) & '+'; + digit |= mbedtls_base64_mask_of_range( 63, 63, val ) & '/'; + return( digit ); } /* @@ -198,17 +113,12 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, C2 = *src++; C3 = *src++; - *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), - ( ( C1 >> 2 ) & 0x3F ) ); - - *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), - ( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) ); - - *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), - ( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) ) & 0x3F ) ); - - *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), - ( C3 & 0x3F ) ); + *p++ = mbedtls_base64_enc_char( ( C1 >> 2 ) & 0x3F ); + *p++ = mbedtls_base64_enc_char( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) + & 0x3F ); + *p++ = mbedtls_base64_enc_char( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) ) + & 0x3F ); + *p++ = mbedtls_base64_enc_char( C3 & 0x3F ); } if( i < slen ) @@ -216,15 +126,12 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, C1 = *src++; C2 = ( ( i + 1 ) < slen ) ? *src++ : 0; - *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), - ( ( C1 >> 2 ) & 0x3F ) ); - - *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), - ( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) ); + *p++ = mbedtls_base64_enc_char( ( C1 >> 2 ) & 0x3F ); + *p++ = mbedtls_base64_enc_char( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) + & 0x3F ); if( ( i + 1 ) < slen ) - *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), - ( ( ( C2 & 15 ) << 2 ) & 0x3F ) ); + *p++ = mbedtls_base64_enc_char( ( ( C2 & 15 ) << 2 ) & 0x3F ); else *p++ = '='; *p++ = '='; @@ -236,26 +143,58 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, return( 0 ); } +/* Given a Base64 digit, return its value. + * If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'), + * return -1. + * + * The implementation assumes that letters are consecutive (e.g. ASCII + * but not EBCDIC). + * + * The implementation is constant-flow (no branch or memory access depending + * on the value of c) unless the compiler inlines and optimizes a specific + * access. + */ +MBEDTLS_STATIC_TESTABLE +signed char mbedtls_base64_dec_value( unsigned char c ) +{ + unsigned char val = 0; + /* For each range of digits, if c is in that range, mask val with + * the corresponding value. Since c can only be in a single range, + * only at most one masking will change val. Set val to one plus + * the desired value so that it stays 0 if c is in none of the ranges. */ + val |= mbedtls_base64_mask_of_range( 'A', 'Z', c ) & ( c - 'A' + 0 + 1 ); + val |= mbedtls_base64_mask_of_range( 'a', 'z', c ) & ( c - 'a' + 26 + 1 ); + val |= mbedtls_base64_mask_of_range( '0', '9', c ) & ( c - '0' + 52 + 1 ); + val |= mbedtls_base64_mask_of_range( '+', '+', c ) & ( c - '+' + 62 + 1 ); + val |= mbedtls_base64_mask_of_range( '/', '/', c ) & ( c - '/' + 63 + 1 ); + /* At this point, val is 0 if c is an invalid digit and v+1 if c is + * a digit with the value v. */ + return( val - 1 ); +} + /* * Decode a base64-formatted buffer */ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, const unsigned char *src, size_t slen ) { - size_t i, n; - uint32_t j, x; + size_t i; /* index in source */ + size_t n; /* number of digits or trailing = in source */ + uint32_t x; /* value accumulator */ + unsigned accumulated_digits = 0; + unsigned equals = 0; + int spaces_present = 0; unsigned char *p; - unsigned char dec_map_lookup; /* First pass: check for validity and get output length */ - for( i = n = j = 0; i < slen; i++ ) + for( i = n = 0; i < slen; i++ ) { /* Skip spaces before checking for EOL */ - x = 0; + spaces_present = 0; while( i < slen && src[i] == ' ' ) { ++i; - ++x; + spaces_present = 1; } /* Spaces at end of buffer are OK */ @@ -270,20 +209,24 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, continue; /* Space inside a line is an error */ - if( x != 0 ) + if( spaces_present ) return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); - if( src[i] == '=' && ++j > 2 ) - return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); - - dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), src[i] ); - - if( src[i] > 127 || dec_map_lookup == 127 ) - return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); - - if( dec_map_lookup < 64 && j != 0 ) + if( src[i] > 127 ) return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); + if( src[i] == '=' ) + { + if( ++equals > 2 ) + return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); + } + else + { + if( equals != 0 ) + return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); + if( mbedtls_base64_dec_value( src[i] ) < 0 ) + return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); + } n++; } @@ -298,7 +241,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, * n = ( ( n * 6 ) + 7 ) >> 3; */ n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); - n -= j; + n -= equals; if( dst == NULL || dlen < n ) { @@ -306,22 +249,24 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); } - for( j = 3, n = x = 0, p = dst; i > 0; i--, src++ ) - { + equals = 0; + for( x = 0, p = dst; i > 0; i--, src++ ) + { if( *src == '\r' || *src == '\n' || *src == ' ' ) continue; - dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), *src ); + x = x << 6; + if( *src == '=' ) + ++equals; + else + x |= mbedtls_base64_dec_value( *src ); - mbedtls_base64_cond_assign_uint32( &j, j - 1, mbedtls_base64_eq( dec_map_lookup, 64 ) ); - x = ( x << 6 ) | ( dec_map_lookup & 0x3F ); - - if( ++n == 4 ) + if( ++accumulated_digits == 4 ) { - n = 0; - if( j > 0 ) *p++ = (unsigned char)( x >> 16 ); - if( j > 1 ) *p++ = (unsigned char)( x >> 8 ); - if( j > 2 ) *p++ = (unsigned char)( x ); + accumulated_digits = 0; + *p++ = MBEDTLS_BYTE_2( x ); + if( equals <= 1 ) *p++ = MBEDTLS_BYTE_1( x ); + if( equals <= 0 ) *p++ = MBEDTLS_BYTE_0( x ); } } diff --git a/library/base64_invasive.h b/library/base64_invasive.h new file mode 100644 index 0000000000..ed5f7cb824 --- /dev/null +++ b/library/base64_invasive.h @@ -0,0 +1,55 @@ +/** + * \file base_invasive.h + * + * \brief Base64 module: interfaces for invasive testing only. + * + * The interfaces in this file are intended for testing purposes only. + * They SHOULD NOT be made available in library integrations except when + * building the library for testing. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef MBEDTLS_BASE64_INVASIVE_H +#define MBEDTLS_BASE64_INVASIVE_H + +#include "common.h" + +#if defined(MBEDTLS_TEST_HOOKS) +/* Return 0xff if low <= c <= high, 0 otherwise. + * + * Constant flow with respect to c. + */ +unsigned char mbedtls_base64_mask_of_range( unsigned char low, + unsigned char high, + unsigned char c ); + +/* Given a value in the range 0..63, return the corresponding Base64 digit. + * + * Operates in constant time (no branches or memory access depending on val). + */ +unsigned char mbedtls_base64_enc_char( unsigned char val ); + +/* Given a Base64 digit, return its value. + * If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'), + * return -1. + * + * Operates in constant time (no branches or memory access depending on c). + */ +signed char mbedtls_base64_dec_value( unsigned char c ); +#endif /* MBEDTLS_TEST_HOOKS */ + +#endif /* MBEDTLS_BASE64_INVASIVE_H */ diff --git a/library/bn_mul.h b/library/bn_mul.h index 6ddffc4765..b71ddd881a 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -224,10 +224,10 @@ "adcq %%rdx, %%rcx\n" \ "addq $8, %%rdi\n" -#define MULADDC_STOP \ - : "+c" (c), "+D" (d), "+S" (s) \ - : "b" (b) \ - : "rax", "rdx", "r8" \ +#define MULADDC_STOP \ + : "+c" (c), "+D" (d), "+S" (s), "+m" (*(uint64_t (*)[16]) d) \ + : "b" (b), "m" (*(const uint64_t (*)[16]) s) \ + : "rax", "rdx", "r8" \ ); #endif /* AMD64 */ @@ -240,18 +240,18 @@ #define MULADDC_CORE \ "ldr x4, [%2], #8 \n\t" \ "ldr x5, [%1] \n\t" \ - "mul x6, x4, %3 \n\t" \ - "umulh x7, x4, %3 \n\t" \ + "mul x6, x4, %4 \n\t" \ + "umulh x7, x4, %4 \n\t" \ "adds x5, x5, x6 \n\t" \ "adc x7, x7, xzr \n\t" \ "adds x5, x5, %0 \n\t" \ "adc %0, x7, xzr \n\t" \ "str x5, [%1], #8 \n\t" -#define MULADDC_STOP \ - : "+r" (c), "+r" (d), "+r" (s) \ - : "r" (b) \ - : "x4", "x5", "x6", "x7", "cc" \ +#define MULADDC_STOP \ + : "+r" (c), "+r" (d), "+r" (s), "+m" (*(uint64_t (*)[16]) d) \ + : "r" (b), "m" (*(const uint64_t (*)[16]) s) \ + : "x4", "x5", "x6", "x7", "cc" \ ); #endif /* Aarch64 */ diff --git a/library/camellia.c b/library/camellia.c index f7e013611b..29d730ab53 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -49,29 +49,6 @@ #define CAMELLIA_VALIDATE( cond ) \ MBEDTLS_INTERNAL_VALIDATE( cond ) -/* - * 32-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} -#endif - -#ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) ); \ -} -#endif - static const unsigned char SIGMA_CHARS[6][8] = { { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b }, @@ -301,14 +278,14 @@ static void camellia_feistel( const uint32_t x[2], const uint32_t k[2], I0 = x[0] ^ k[0]; I1 = x[1] ^ k[1]; - I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) | - ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) | - ((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) | - ((uint32_t) SBOX4((I0 ) & 0xFF) ); - I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) | - ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) | - ((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) | - ((uint32_t) SBOX1((I1 ) & 0xFF) ); + I0 = ((uint32_t) SBOX1( MBEDTLS_BYTE_3( I0 )) << 24) | + ((uint32_t) SBOX2( MBEDTLS_BYTE_2( I0 )) << 16) | + ((uint32_t) SBOX3( MBEDTLS_BYTE_1( I0 )) << 8) | + ((uint32_t) SBOX4( MBEDTLS_BYTE_0( I0 )) ); + I1 = ((uint32_t) SBOX2( MBEDTLS_BYTE_3( I1 )) << 24) | + ((uint32_t) SBOX3( MBEDTLS_BYTE_2( I1 )) << 16) | + ((uint32_t) SBOX4( MBEDTLS_BYTE_1( I1 )) << 8) | + ((uint32_t) SBOX1( MBEDTLS_BYTE_0( I1 )) ); I0 ^= (I1 << 8) | (I1 >> 24); I1 ^= (I0 << 16) | (I0 >> 16); @@ -376,8 +353,8 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, * Prepare SIGMA values */ for( i = 0; i < 6; i++ ) { - GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 ); - GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 ); + SIGMA[i][0] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 0 ); + SIGMA[i][1] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 4 ); } /* @@ -388,7 +365,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, /* Store KL, KR */ for( i = 0; i < 8; i++ ) - GET_UINT32_BE( KC[i], t, i * 4 ); + KC[i] = MBEDTLS_GET_UINT32_BE( t, i * 4 ); /* Generate KA */ for( i = 0; i < 4; ++i ) @@ -514,10 +491,10 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, NR = ctx->nr; RK = ctx->rk; - GET_UINT32_BE( X[0], input, 0 ); - GET_UINT32_BE( X[1], input, 4 ); - GET_UINT32_BE( X[2], input, 8 ); - GET_UINT32_BE( X[3], input, 12 ); + X[0] = MBEDTLS_GET_UINT32_BE( input, 0 ); + X[1] = MBEDTLS_GET_UINT32_BE( input, 4 ); + X[2] = MBEDTLS_GET_UINT32_BE( input, 8 ); + X[3] = MBEDTLS_GET_UINT32_BE( input, 12 ); X[0] ^= *RK++; X[1] ^= *RK++; @@ -552,10 +529,10 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, X[0] ^= *RK++; X[1] ^= *RK++; - PUT_UINT32_BE( X[2], output, 0 ); - PUT_UINT32_BE( X[3], output, 4 ); - PUT_UINT32_BE( X[0], output, 8 ); - PUT_UINT32_BE( X[1], output, 12 ); + MBEDTLS_PUT_UINT32_BE( X[2], output, 0 ); + MBEDTLS_PUT_UINT32_BE( X[3], output, 4 ); + MBEDTLS_PUT_UINT32_BE( X[0], output, 8 ); + MBEDTLS_PUT_UINT32_BE( X[1], output, 12 ); return( 0 ); } diff --git a/library/ccm.c b/library/ccm.c index 424ee77b69..e062678569 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -36,31 +36,23 @@ #include -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) #include #define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ +#endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_CCM_ALT) -#define CCM_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CCM_BAD_INPUT ) -#define CCM_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) - -#define CCM_ENCRYPT 0 -#define CCM_DECRYPT 1 /* * Initialize context */ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ) { - CCM_VALIDATE( ctx != NULL ); memset( ctx, 0, sizeof( mbedtls_ccm_context ) ); } @@ -72,9 +64,6 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info; - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( key != NULL ); - cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB ); if( cipher_info == NULL ) @@ -108,82 +97,78 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ) mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) ); } -/* - * Macros for common operations. - * Results in smaller compiled code than static inline functions. - */ - -/* - * Update the CBC-MAC state in y using a block in b - * (Always using b as the source helps the compiler optimise a bit better.) - */ -#define UPDATE_CBC_MAC \ - for( i = 0; i < 16; i++ ) \ - y[i] ^= b[i]; \ - \ - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, y, 16, y, &olen ) ) != 0 ) \ - return( ret ); +#define CCM_STATE__CLEAR 0 +#define CCM_STATE__STARTED (1 << 0) +#define CCM_STATE__LENGHTS_SET (1 << 1) +#define CCM_STATE__AUTH_DATA_STARTED (1 << 2) +#define CCM_STATE__AUTH_DATA_FINISHED (1 << 3) +#define CCM_STATE__ERROR (1 << 4) /* * Encrypt or decrypt a partial block with CTR - * Warning: using b for temporary storage! src and dst must not be b! - * This avoids allocating one more 16 bytes buffer while allowing src == dst. */ -#define CTR_CRYPT( dst, src, len ) \ - do \ - { \ - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctr, \ - 16, b, &olen ) ) != 0 ) \ - { \ - return( ret ); \ - } \ - \ - for( i = 0; i < (len); i++ ) \ - (dst)[i] = (src)[i] ^ b[i]; \ - } while( 0 ) +static int mbedtls_ccm_crypt( mbedtls_ccm_context *ctx, + size_t offset, size_t use_len, + const unsigned char *input, + unsigned char *output ) +{ + size_t i; + size_t olen = 0; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char tmp_buf[16] = {0}; -/* - * Authenticated encryption or decryption - */ -static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - unsigned char *tag, size_t tag_len ) + if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->ctr, 16, tmp_buf, + &olen ) ) != 0 ) + { + ctx->state |= CCM_STATE__ERROR; + mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf)); + return ret; + } + + for( i = 0; i < use_len; i++ ) + output[i] = input[i] ^ tmp_buf[offset + i]; + + mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf)); + return ret; +} + +static void mbedtls_ccm_clear_state(mbedtls_ccm_context *ctx) { + ctx->state = CCM_STATE__CLEAR; + memset( ctx->y, 0, 16); + memset( ctx->ctr, 0, 16); +} + +static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char i; - unsigned char q; size_t len_left, olen; - unsigned char b[16]; - unsigned char y[16]; - unsigned char ctr[16]; - const unsigned char *src; - unsigned char *dst; - /* - * Check length requirements: SP800-38C A.1 - * Additional requirement: a < 2^16 - 2^8 to simplify the code. - * 'length' checked later (when writing it to the first block) - * - * Also, loosen the requirements to enable support for CCM* (IEEE 802.15.4). + /* length calulcation can be done only after both + * mbedtls_ccm_starts() and mbedtls_ccm_set_lengths() have been executed */ - if( tag_len == 2 || tag_len > 16 || tag_len % 2 != 0 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); + if( !(ctx->state & CCM_STATE__STARTED) || !(ctx->state & CCM_STATE__LENGHTS_SET) ) + return 0; - /* Also implies q is within bounds */ - if( iv_len < 7 || iv_len > 13 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); - - if( add_len >= 0xFF00 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); - - q = 16 - 1 - (unsigned char) iv_len; + /* CCM expects non-empty tag. + * CCM* allows empty tag. For CCM* without tag, ignore plaintext length. + */ + if( ctx->tag_len == 0 ) + { + if( ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT || ctx->mode == MBEDTLS_CCM_STAR_DECRYPT ) + { + ctx->plaintext_len = 0; + } + else + { + return( MBEDTLS_ERR_CCM_BAD_INPUT ); + } + } /* - * First block B_0: + * First block: * 0 .. 0 flags - * 1 .. iv_len nonce (aka iv) + * 1 .. iv_len nonce (aka iv) - set by: mbedtls_ccm_starts() * iv_len+1 .. 15 length * * With flags as (bits): @@ -192,57 +177,40 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, * 5 .. 3 (t - 2) / 2 * 2 .. 0 q - 1 */ - b[0] = 0; - b[0] |= ( add_len > 0 ) << 6; - b[0] |= ( ( tag_len - 2 ) / 2 ) << 3; - b[0] |= q - 1; + ctx->y[0] |= ( ctx->add_len > 0 ) << 6; + ctx->y[0] |= ( ( ctx->tag_len - 2 ) / 2 ) << 3; + ctx->y[0] |= ctx->q - 1; - memcpy( b + 1, iv, iv_len ); - - for( i = 0, len_left = length; i < q; i++, len_left >>= 8 ) - b[15-i] = (unsigned char)( len_left & 0xFF ); + for( i = 0, len_left = ctx->plaintext_len; i < ctx->q; i++, len_left >>= 8 ) + ctx->y[15-i] = MBEDTLS_BYTE_0( len_left ); if( len_left > 0 ) + { + ctx->state |= CCM_STATE__ERROR; + return( MBEDTLS_ERR_CCM_BAD_INPUT ); + } + + /* Start CBC-MAC with first block*/ + if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 ) + { + ctx->state |= CCM_STATE__ERROR; + return( ret ); + } + + return (0); +} + +int mbedtls_ccm_starts( mbedtls_ccm_context *ctx, + int mode, + const unsigned char *iv, + size_t iv_len ) +{ + /* Also implies q is within bounds */ + if( iv_len < 7 || iv_len > 13 ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); - - /* Start CBC-MAC with first block */ - memset( y, 0, 16 ); - UPDATE_CBC_MAC; - - /* - * If there is additional data, update CBC-MAC with - * add_len, add, 0 (padding to a block boundary) - */ - if( add_len > 0 ) - { - size_t use_len; - len_left = add_len; - src = add; - - memset( b, 0, 16 ); - b[0] = (unsigned char)( ( add_len >> 8 ) & 0xFF ); - b[1] = (unsigned char)( ( add_len ) & 0xFF ); - - use_len = len_left < 16 - 2 ? len_left : 16 - 2; - memcpy( b + 2, src, use_len ); - len_left -= use_len; - src += use_len; - - UPDATE_CBC_MAC; - - while( len_left > 0 ) - { - use_len = len_left > 16 ? 16 : len_left; - - memset( b, 0, 16 ); - memcpy( b, src, use_len ); - UPDATE_CBC_MAC; - - len_left -= use_len; - src += use_len; - } - } + ctx->mode = mode; + ctx->q = 16 - 1 - (unsigned char) iv_len; /* * Prepare counter block for encryption: @@ -254,62 +222,293 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, * 7 .. 3 0 * 2 .. 0 q - 1 */ - ctr[0] = q - 1; - memcpy( ctr + 1, iv, iv_len ); - memset( ctr + 1 + iv_len, 0, q ); - ctr[15] = 1; + memset( ctx->ctr, 0, 16); + ctx->ctr[0] = ctx->q - 1; + memcpy( ctx->ctr + 1, iv, iv_len ); + memset( ctx->ctr + 1 + iv_len, 0, ctx->q ); + ctx->ctr[15] = 1; /* - * Authenticate and {en,de}crypt the message. - * - * The only difference between encryption and decryption is - * the respective order of authentication and {en,de}cryption. + * See ccm_calculate_first_block_if_ready() for block layout description */ - len_left = length; - src = input; - dst = output; + memcpy( ctx->y + 1, iv, iv_len ); - while( len_left > 0 ) + ctx->state |= CCM_STATE__STARTED; + return ccm_calculate_first_block_if_ready(ctx); +} + +int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx, + size_t total_ad_len, + size_t plaintext_len, + size_t tag_len ) +{ + /* + * Check length requirements: SP800-38C A.1 + * Additional requirement: a < 2^16 - 2^8 to simplify the code. + * 'length' checked later (when writing it to the first block) + * + * Also, loosen the requirements to enable support for CCM* (IEEE 802.15.4). + */ + if( tag_len == 2 || tag_len > 16 || tag_len % 2 != 0 ) + return( MBEDTLS_ERR_CCM_BAD_INPUT ); + + if( total_ad_len >= 0xFF00 ) + return( MBEDTLS_ERR_CCM_BAD_INPUT ); + + ctx->plaintext_len = plaintext_len; + ctx->add_len = total_ad_len; + ctx->tag_len = tag_len; + ctx->processed = 0; + + ctx->state |= CCM_STATE__LENGHTS_SET; + return ccm_calculate_first_block_if_ready(ctx); +} + +int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx, + const unsigned char *add, + size_t add_len ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char i; + size_t olen, use_len, offset; + + if( ctx->state & CCM_STATE__ERROR ) { - size_t use_len = len_left > 16 ? 16 : len_left; + return MBEDTLS_ERR_CCM_BAD_INPUT; + } - if( mode == CCM_ENCRYPT ) + if( add_len > 0 ) + { + if( ctx->state & CCM_STATE__AUTH_DATA_FINISHED ) { - memset( b, 0, 16 ); - memcpy( b, src, use_len ); - UPDATE_CBC_MAC; + return MBEDTLS_ERR_CCM_BAD_INPUT; } - CTR_CRYPT( dst, src, use_len ); - - if( mode == CCM_DECRYPT ) + if( !(ctx->state & CCM_STATE__AUTH_DATA_STARTED) ) { - memset( b, 0, 16 ); - memcpy( b, dst, use_len ); - UPDATE_CBC_MAC; + if ( add_len > ctx->add_len ) + { + return MBEDTLS_ERR_CCM_BAD_INPUT; + } + + ctx->y[0] ^= (unsigned char)( ( ctx->add_len >> 8 ) & 0xFF ); + ctx->y[1] ^= (unsigned char)( ( ctx->add_len ) & 0xFF ); + + ctx->state |= CCM_STATE__AUTH_DATA_STARTED; + } + else if ( ctx->processed + add_len > ctx->add_len ) + { + return MBEDTLS_ERR_CCM_BAD_INPUT; } - dst += use_len; - src += use_len; - len_left -= use_len; + while( add_len > 0 ) + { + offset = (ctx->processed + 2) % 16; /* account for y[0] and y[1] + * holding total auth data length */ + use_len = 16 - offset; - /* - * Increment counter. - * No need to check for overflow thanks to the length check above. - */ - for( i = 0; i < q; i++ ) - if( ++ctr[15-i] != 0 ) + if( use_len > add_len ) + use_len = add_len; + + for( i = 0; i < use_len; i++ ) + ctx->y[i + offset] ^= add[i]; + + ctx->processed += use_len; + add_len -= use_len; + add += use_len; + + if( use_len + offset == 16 || ctx->processed == ctx->add_len ) + { + if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 ) + { + ctx->state |= CCM_STATE__ERROR; + return( ret ); + } + } + } + + if( ctx->processed == ctx->add_len ) + { + ctx->state |= CCM_STATE__AUTH_DATA_FINISHED; + ctx->processed = 0; // prepare for mbedtls_ccm_update() + } + } + + return (0); +} + +int mbedtls_ccm_update( mbedtls_ccm_context *ctx, + const unsigned char *input, size_t input_len, + unsigned char *output, size_t output_size, + size_t *output_len ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char i; + size_t use_len, offset, olen; + + unsigned char local_output[16]; + + if( ctx->state & CCM_STATE__ERROR ) + { + return MBEDTLS_ERR_CCM_BAD_INPUT; + } + + /* Check against plaintext length only if performing operation with + * authentication + */ + if( ctx->tag_len != 0 && ctx->processed + input_len > ctx->plaintext_len ) + { + return MBEDTLS_ERR_CCM_BAD_INPUT; + } + + if( output_size < input_len ) + return( MBEDTLS_ERR_CCM_BAD_INPUT ); + *output_len = input_len; + + ret = 0; + + while ( input_len > 0 ) + { + offset = ctx->processed % 16; + + use_len = 16 - offset; + + if( use_len > input_len ) + use_len = input_len; + + ctx->processed += use_len; + + if( ctx->mode == MBEDTLS_CCM_ENCRYPT || \ + ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT ) + { + for( i = 0; i < use_len; i++ ) + ctx->y[i + offset] ^= input[i]; + + if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len ) + { + if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 ) + { + ctx->state |= CCM_STATE__ERROR; + goto exit; + } + } + + ret = mbedtls_ccm_crypt( ctx, offset, use_len, input, output ); + if( ret != 0 ) + goto exit; + } + + if( ctx->mode == MBEDTLS_CCM_DECRYPT || \ + ctx->mode == MBEDTLS_CCM_STAR_DECRYPT ) + { + /* Since output may be in shared memory, we cannot be sure that + * it will contain what we wrote to it. Therefore, we should avoid using + * it as input to any operations. + * Write decrypted data to local_output to avoid using output variable as + * input in the XOR operation for Y. + */ + ret = mbedtls_ccm_crypt( ctx, offset, use_len, input, local_output ); + if( ret != 0 ) + goto exit; + + for( i = 0; i < use_len; i++ ) + ctx->y[i + offset] ^= local_output[i]; + + memcpy( output, local_output, use_len ); + mbedtls_platform_zeroize( local_output, 16 ); + + if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len ) + { + if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 ) + { + ctx->state |= CCM_STATE__ERROR; + goto exit; + } + } + } + + if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len ) + { + for( i = 0; i < ctx->q; i++ ) + if( ++(ctx->ctr)[15-i] != 0 ) break; + } + + input_len -= use_len; + input += use_len; + output += use_len; + } + +exit: + mbedtls_platform_zeroize( local_output, 16 ); + + return ret; +} + +int mbedtls_ccm_finish( mbedtls_ccm_context *ctx, + unsigned char *tag, size_t tag_len ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char i; + + if( ctx->state & CCM_STATE__ERROR ) + { + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } + + if( ctx->add_len > 0 && !( ctx->state & CCM_STATE__AUTH_DATA_FINISHED ) ) + { + return MBEDTLS_ERR_CCM_BAD_INPUT; + } + + if( ctx->plaintext_len > 0 && ctx->processed != ctx->plaintext_len ) + { + return MBEDTLS_ERR_CCM_BAD_INPUT; } /* * Authentication: reset counter and crypt/mask internal tag */ - for( i = 0; i < q; i++ ) - ctr[15-i] = 0; + for( i = 0; i < ctx->q; i++ ) + ctx->ctr[15-i] = 0; - CTR_CRYPT( y, y, 16 ); - memcpy( tag, y, tag_len ); + ret = mbedtls_ccm_crypt( ctx, 0, 16, ctx->y, ctx->y ); + if( ret != 0 ) + return ret; + if( tag != NULL ) + memcpy( tag, ctx->y, tag_len ); + mbedtls_ccm_clear_state(ctx); + + return( 0 ); +} + +/* + * Authenticated encryption or decryption + */ +static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + unsigned char *tag, size_t tag_len ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t olen; + + if( ( ret = mbedtls_ccm_starts( ctx, mode, iv, iv_len ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_ccm_set_lengths( ctx, add_len, length, tag_len ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_ccm_update_ad( ctx, add, add_len ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_ccm_update( ctx, input, length, + output, length, &olen ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_ccm_finish( ctx, tag, tag_len ) ) != 0 ) + return( ret ); return( 0 ); } @@ -323,13 +522,7 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len ) { - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( iv != NULL ); - CCM_VALIDATE_RET( add_len == 0 || add != NULL ); - CCM_VALIDATE_RET( length == 0 || input != NULL ); - CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); - return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len, + return( ccm_auth_crypt( ctx, MBEDTLS_CCM_STAR_ENCRYPT, length, iv, iv_len, add, add_len, input, output, tag, tag_len ) ); } @@ -339,78 +532,75 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len ) { - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( iv != NULL ); - CCM_VALIDATE_RET( add_len == 0 || add != NULL ); - CCM_VALIDATE_RET( length == 0 || input != NULL ); - CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); - if( tag_len == 0 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); - - return( mbedtls_ccm_star_encrypt_and_tag( ctx, length, iv, iv_len, add, - add_len, input, output, tag, tag_len ) ); + return( ccm_auth_crypt( ctx, MBEDTLS_CCM_ENCRYPT, length, iv, iv_len, + add, add_len, input, output, tag, tag_len ) ); } /* * Authenticated decryption */ -int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - const unsigned char *tag, size_t tag_len ) +static int mbedtls_ccm_compare_tags(const unsigned char *tag1, const unsigned char *tag2, size_t tag_len) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char check_tag[16]; unsigned char i; int diff; - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( iv != NULL ); - CCM_VALIDATE_RET( add_len == 0 || add != NULL ); - CCM_VALIDATE_RET( length == 0 || input != NULL ); - CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); + /* Check tag in "constant-time" */ + for( diff = 0, i = 0; i < tag_len; i++ ) + diff |= tag1[i] ^ tag2[i]; - if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length, + if( diff != 0 ) + { + return( MBEDTLS_ERR_CCM_AUTH_FAILED ); + } + + return( 0 ); +} + +static int ccm_auth_decrypt( mbedtls_ccm_context *ctx, int mode, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + const unsigned char *tag, size_t tag_len ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char check_tag[16]; + + if( ( ret = ccm_auth_crypt( ctx, mode, length, iv, iv_len, add, add_len, input, output, check_tag, tag_len ) ) != 0 ) { return( ret ); } - /* Check tag in "constant-time" */ - for( diff = 0, i = 0; i < tag_len; i++ ) - diff |= tag[i] ^ check_tag[i]; - - if( diff != 0 ) + if( ( ret = mbedtls_ccm_compare_tags( tag, check_tag, tag_len ) ) != 0 ) { mbedtls_platform_zeroize( output, length ); - return( MBEDTLS_ERR_CCM_AUTH_FAILED ); + return( ret ); } return( 0 ); } +int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + const unsigned char *tag, size_t tag_len ) +{ + return ccm_auth_decrypt( ctx, MBEDTLS_CCM_STAR_DECRYPT, length, + iv, iv_len, add, add_len, + input, output, tag, tag_len ); +} + int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len ) { - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( iv != NULL ); - CCM_VALIDATE_RET( add_len == 0 || add != NULL ); - CCM_VALIDATE_RET( length == 0 || input != NULL ); - CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); - - if( tag_len == 0 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); - - return( mbedtls_ccm_star_auth_decrypt( ctx, length, iv, iv_len, add, - add_len, input, output, tag, tag_len ) ); + return ccm_auth_decrypt( ctx, MBEDTLS_CCM_DECRYPT, length, + iv, iv_len, add, add_len, + input, output, tag, tag_len ); } #endif /* !MBEDTLS_CCM_ALT */ diff --git a/library/chacha20.c b/library/chacha20.c index 78467d3fc6..658f046901 100644 --- a/library/chacha20.c +++ b/library/chacha20.c @@ -54,13 +54,6 @@ #define CHACHA20_VALIDATE( cond ) \ MBEDTLS_INTERNAL_VALIDATE( cond ) -#define BYTES_TO_U32_LE( data, offset ) \ - ( (uint32_t) (data)[offset] \ - | (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 ) \ - | (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 ) \ - | (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 ) \ - ) - #define ROTL32( value, amount ) \ ( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) ) @@ -171,10 +164,7 @@ static void chacha20_block( const uint32_t initial_state[16], { size_t offset = i * 4U; - keystream[offset ] = (unsigned char)( working_state[i] ); - keystream[offset + 1U] = (unsigned char)( working_state[i] >> 8 ); - keystream[offset + 2U] = (unsigned char)( working_state[i] >> 16 ); - keystream[offset + 3U] = (unsigned char)( working_state[i] >> 24 ); + MBEDTLS_PUT_UINT32_LE(working_state[i], keystream, offset); } mbedtls_platform_zeroize( working_state, sizeof( working_state ) ); @@ -212,14 +202,14 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx, ctx->state[3] = 0x6b206574; /* Set key */ - ctx->state[4] = BYTES_TO_U32_LE( key, 0 ); - ctx->state[5] = BYTES_TO_U32_LE( key, 4 ); - ctx->state[6] = BYTES_TO_U32_LE( key, 8 ); - ctx->state[7] = BYTES_TO_U32_LE( key, 12 ); - ctx->state[8] = BYTES_TO_U32_LE( key, 16 ); - ctx->state[9] = BYTES_TO_U32_LE( key, 20 ); - ctx->state[10] = BYTES_TO_U32_LE( key, 24 ); - ctx->state[11] = BYTES_TO_U32_LE( key, 28 ); + ctx->state[4] = MBEDTLS_GET_UINT32_LE( key, 0 ); + ctx->state[5] = MBEDTLS_GET_UINT32_LE( key, 4 ); + ctx->state[6] = MBEDTLS_GET_UINT32_LE( key, 8 ); + ctx->state[7] = MBEDTLS_GET_UINT32_LE( key, 12 ); + ctx->state[8] = MBEDTLS_GET_UINT32_LE( key, 16 ); + ctx->state[9] = MBEDTLS_GET_UINT32_LE( key, 20 ); + ctx->state[10] = MBEDTLS_GET_UINT32_LE( key, 24 ); + ctx->state[11] = MBEDTLS_GET_UINT32_LE( key, 28 ); return( 0 ); } @@ -235,9 +225,9 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx, ctx->state[12] = counter; /* Nonce */ - ctx->state[13] = BYTES_TO_U32_LE( nonce, 0 ); - ctx->state[14] = BYTES_TO_U32_LE( nonce, 4 ); - ctx->state[15] = BYTES_TO_U32_LE( nonce, 8 ); + ctx->state[13] = MBEDTLS_GET_UINT32_LE( nonce, 0 ); + ctx->state[14] = MBEDTLS_GET_UINT32_LE( nonce, 4 ); + ctx->state[15] = MBEDTLS_GET_UINT32_LE( nonce, 8 ); mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) ); diff --git a/library/chachapoly.c b/library/chachapoly.c index 77d547731c..dc75b2030a 100644 --- a/library/chachapoly.c +++ b/library/chachapoly.c @@ -263,22 +263,8 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, /* The lengths of the AAD and ciphertext are processed by * Poly1305 as the final 128-bit block, encoded as little-endian integers. */ - len_block[ 0] = (unsigned char)( ctx->aad_len ); - len_block[ 1] = (unsigned char)( ctx->aad_len >> 8 ); - len_block[ 2] = (unsigned char)( ctx->aad_len >> 16 ); - len_block[ 3] = (unsigned char)( ctx->aad_len >> 24 ); - len_block[ 4] = (unsigned char)( ctx->aad_len >> 32 ); - len_block[ 5] = (unsigned char)( ctx->aad_len >> 40 ); - len_block[ 6] = (unsigned char)( ctx->aad_len >> 48 ); - len_block[ 7] = (unsigned char)( ctx->aad_len >> 56 ); - len_block[ 8] = (unsigned char)( ctx->ciphertext_len ); - len_block[ 9] = (unsigned char)( ctx->ciphertext_len >> 8 ); - len_block[10] = (unsigned char)( ctx->ciphertext_len >> 16 ); - len_block[11] = (unsigned char)( ctx->ciphertext_len >> 24 ); - len_block[12] = (unsigned char)( ctx->ciphertext_len >> 32 ); - len_block[13] = (unsigned char)( ctx->ciphertext_len >> 40 ); - len_block[14] = (unsigned char)( ctx->ciphertext_len >> 48 ); - len_block[15] = (unsigned char)( ctx->ciphertext_len >> 56 ); + MBEDTLS_PUT_UINT64_LE(ctx->aad_len, len_block, 0); + MBEDTLS_PUT_UINT64_LE(ctx->ciphertext_len, len_block, 8); ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U ); if( ret != 0 ) diff --git a/library/cipher.c b/library/cipher.c index 5078d36339..0d9d71068d 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -404,6 +404,31 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, } #endif +#if defined(MBEDTLS_CCM_C) + if( MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode ) + { + int set_lengths_result; + int ccm_star_mode; + + set_lengths_result = mbedtls_ccm_set_lengths( + (mbedtls_ccm_context *) ctx->cipher_ctx, + 0, 0, 0 ); + if( set_lengths_result != 0 ) + return set_lengths_result; + + if( ctx->operation == MBEDTLS_DECRYPT ) + ccm_star_mode = MBEDTLS_CCM_STAR_DECRYPT; + else if( ctx->operation == MBEDTLS_ENCRYPT ) + ccm_star_mode = MBEDTLS_CCM_STAR_ENCRYPT; + else + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + + return( mbedtls_ccm_starts( (mbedtls_ccm_context *) ctx->cipher_ctx, + ccm_star_mode, + iv, iv_len ) ); + } +#endif + if ( actual_iv_size != 0 ) { memcpy( ctx->iv, iv, actual_iv_size ); @@ -540,6 +565,15 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i } #endif +#if defined(MBEDTLS_CCM_C) + if( ctx->cipher_info->mode == MBEDTLS_MODE_CCM_STAR_NO_TAG ) + { + return( mbedtls_ccm_update( (mbedtls_ccm_context *) ctx->cipher_ctx, + input, ilen, + output, ilen, olen ) ); + } +#endif + #if defined(MBEDTLS_CHACHAPOLY_C) if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) { @@ -927,6 +961,7 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, MBEDTLS_MODE_OFB == ctx->cipher_info->mode || MBEDTLS_MODE_CTR == ctx->cipher_info->mode || MBEDTLS_MODE_GCM == ctx->cipher_info->mode || + MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode || MBEDTLS_MODE_XTS == ctx->cipher_info->mode || MBEDTLS_MODE_STREAM == ctx->cipher_info->mode ) { @@ -1246,9 +1281,12 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, if( status != PSA_SUCCESS ) return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - status = psa_cipher_set_iv( &cipher_op, iv, iv_len ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + if( ctx->cipher_info->mode != MBEDTLS_MODE_ECB ) + { + status = psa_cipher_set_iv( &cipher_op, iv, iv_len ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + } status = psa_cipher_update( &cipher_op, input, ilen, diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 5776d5e45d..7da7d9d522 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -639,6 +639,39 @@ static const mbedtls_cipher_info_t aes_256_ccm_info = { 16, &ccm_aes_info }; + +static const mbedtls_cipher_info_t aes_128_ccm_star_no_tag_info = { + MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, + MBEDTLS_MODE_CCM_STAR_NO_TAG, + 128, + "AES-128-CCM*-NO-TAG", + 12, + MBEDTLS_CIPHER_VARIABLE_IV_LEN, + 16, + &ccm_aes_info +}; + +static const mbedtls_cipher_info_t aes_192_ccm_star_no_tag_info = { + MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, + MBEDTLS_MODE_CCM_STAR_NO_TAG, + 192, + "AES-192-CCM*-NO-TAG", + 12, + MBEDTLS_CIPHER_VARIABLE_IV_LEN, + 16, + &ccm_aes_info +}; + +static const mbedtls_cipher_info_t aes_256_ccm_star_no_tag_info = { + MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG, + MBEDTLS_MODE_CCM_STAR_NO_TAG, + 256, + "AES-256-CCM*-NO-TAG", + 12, + MBEDTLS_CIPHER_VARIABLE_IV_LEN, + 16, + &ccm_aes_info +}; #endif /* MBEDTLS_CCM_C */ #endif /* MBEDTLS_AES_C */ @@ -1014,6 +1047,39 @@ static const mbedtls_cipher_info_t camellia_256_ccm_info = { 16, &ccm_camellia_info }; + +static const mbedtls_cipher_info_t camellia_128_ccm_star_no_tag_info = { + MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG, + MBEDTLS_MODE_CCM_STAR_NO_TAG, + 128, + "CAMELLIA-128-CCM*-NO-TAG", + 12, + MBEDTLS_CIPHER_VARIABLE_IV_LEN, + 16, + &ccm_camellia_info +}; + +static const mbedtls_cipher_info_t camellia_192_ccm_star_no_tag_info = { + MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG, + MBEDTLS_MODE_CCM_STAR_NO_TAG, + 192, + "CAMELLIA-192-CCM*-NO-TAG", + 12, + MBEDTLS_CIPHER_VARIABLE_IV_LEN, + 16, + &ccm_camellia_info +}; + +static const mbedtls_cipher_info_t camellia_256_ccm_star_no_tag_info = { + MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG, + MBEDTLS_MODE_CCM_STAR_NO_TAG, + 256, + "CAMELLIA-256-CCM*-NO-TAG", + 12, + MBEDTLS_CIPHER_VARIABLE_IV_LEN, + 16, + &ccm_camellia_info +}; #endif /* MBEDTLS_CCM_C */ #endif /* MBEDTLS_CAMELLIA_C */ @@ -1390,6 +1456,39 @@ static const mbedtls_cipher_info_t aria_256_ccm_info = { 16, &ccm_aria_info }; + +static const mbedtls_cipher_info_t aria_128_ccm_star_no_tag_info = { + MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG, + MBEDTLS_MODE_CCM_STAR_NO_TAG, + 128, + "ARIA-128-CCM*-NO-TAG", + 12, + MBEDTLS_CIPHER_VARIABLE_IV_LEN, + 16, + &ccm_aria_info +}; + +static const mbedtls_cipher_info_t aria_192_ccm_star_no_tag_info = { + MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG, + MBEDTLS_MODE_CCM_STAR_NO_TAG, + 192, + "ARIA-192-CCM*-NO-TAG", + 12, + MBEDTLS_CIPHER_VARIABLE_IV_LEN, + 16, + &ccm_aria_info +}; + +static const mbedtls_cipher_info_t aria_256_ccm_star_no_tag_info = { + MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG, + MBEDTLS_MODE_CCM_STAR_NO_TAG, + 256, + "ARIA-256-CCM*-NO-TAG", + 12, + MBEDTLS_CIPHER_VARIABLE_IV_LEN, + 16, + &ccm_aria_info +}; #endif /* MBEDTLS_CCM_C */ #endif /* MBEDTLS_ARIA_C */ @@ -2055,6 +2154,9 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] = { MBEDTLS_CIPHER_AES_128_CCM, &aes_128_ccm_info }, { MBEDTLS_CIPHER_AES_192_CCM, &aes_192_ccm_info }, { MBEDTLS_CIPHER_AES_256_CCM, &aes_256_ccm_info }, + { MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, &aes_128_ccm_star_no_tag_info }, + { MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, &aes_192_ccm_star_no_tag_info }, + { MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG, &aes_256_ccm_star_no_tag_info }, #endif #endif /* MBEDTLS_AES_C */ @@ -2086,6 +2188,9 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] = { MBEDTLS_CIPHER_CAMELLIA_128_CCM, &camellia_128_ccm_info }, { MBEDTLS_CIPHER_CAMELLIA_192_CCM, &camellia_192_ccm_info }, { MBEDTLS_CIPHER_CAMELLIA_256_CCM, &camellia_256_ccm_info }, + { MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG, &camellia_128_ccm_star_no_tag_info }, + { MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG, &camellia_192_ccm_star_no_tag_info }, + { MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG, &camellia_256_ccm_star_no_tag_info }, #endif #endif /* MBEDTLS_CAMELLIA_C */ @@ -2117,6 +2222,9 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] = { MBEDTLS_CIPHER_ARIA_128_CCM, &aria_128_ccm_info }, { MBEDTLS_CIPHER_ARIA_192_CCM, &aria_192_ccm_info }, { MBEDTLS_CIPHER_ARIA_256_CCM, &aria_256_ccm_info }, + { MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG, &aria_128_ccm_star_no_tag_info }, + { MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG, &aria_192_ccm_star_no_tag_info }, + { MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG, &aria_256_ccm_star_no_tag_info }, #endif #endif /* MBEDTLS_ARIA_C */ diff --git a/library/common.h b/library/common.h index 9e4b0312b1..a630fcc456 100644 --- a/library/common.h +++ b/library/common.h @@ -25,6 +25,8 @@ #include "mbedtls/build_info.h" +#include + /** Helper to define a function as static except when building invasive tests. * * If a function is only used inside its own source file and should be @@ -66,4 +68,334 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS +/** Byte Reading Macros + * + * Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th + * byte from x, where byte 0 is the least significant byte. + */ +#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) ) +#define MBEDTLS_BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8 ) & 0xff ) ) +#define MBEDTLS_BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) ) +#define MBEDTLS_BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) ) +#define MBEDTLS_BYTE_4( x ) ( (uint8_t) ( ( ( x ) >> 32 ) & 0xff ) ) +#define MBEDTLS_BYTE_5( x ) ( (uint8_t) ( ( ( x ) >> 40 ) & 0xff ) ) +#define MBEDTLS_BYTE_6( x ) ( (uint8_t) ( ( ( x ) >> 48 ) & 0xff ) ) +#define MBEDTLS_BYTE_7( x ) ( (uint8_t) ( ( ( x ) >> 56 ) & 0xff ) ) + +/** + * Get the unsigned 32 bits integer corresponding to four bytes in + * big-endian order (MSB first). + * + * \param data Base address of the memory to get the four bytes from. + * \param offset Offset from \p data of the first and most significant + * byte of the four bytes to build the 32 bits unsigned + * integer from. + */ +#ifndef MBEDTLS_GET_UINT32_BE +#define MBEDTLS_GET_UINT32_BE( data , offset ) \ + ( \ + ( (uint32_t) ( data )[( offset ) ] << 24 ) \ + | ( (uint32_t) ( data )[( offset ) + 1] << 16 ) \ + | ( (uint32_t) ( data )[( offset ) + 2] << 8 ) \ + | ( (uint32_t) ( data )[( offset ) + 3] ) \ + ) +#endif + +/** + * Put in memory a 32 bits unsigned integer in big-endian order. + * + * \param n 32 bits unsigned integer to put in memory. + * \param data Base address of the memory where to put the 32 + * bits unsigned integer in. + * \param offset Offset from \p data where to put the most significant + * byte of the 32 bits unsigned integer \p n. + */ +#ifndef MBEDTLS_PUT_UINT32_BE +#define MBEDTLS_PUT_UINT32_BE( n, data, offset ) \ +{ \ + ( data )[( offset ) ] = MBEDTLS_BYTE_3( n ); \ + ( data )[( offset ) + 1] = MBEDTLS_BYTE_2( n ); \ + ( data )[( offset ) + 2] = MBEDTLS_BYTE_1( n ); \ + ( data )[( offset ) + 3] = MBEDTLS_BYTE_0( n ); \ +} +#endif + +/** + * Get the unsigned 32 bits integer corresponding to four bytes in + * little-endian order (LSB first). + * + * \param data Base address of the memory to get the four bytes from. + * \param offset Offset from \p data of the first and least significant + * byte of the four bytes to build the 32 bits unsigned + * integer from. + */ +#ifndef MBEDTLS_GET_UINT32_LE +#define MBEDTLS_GET_UINT32_LE( data, offset ) \ + ( \ + ( (uint32_t) ( data )[( offset ) ] ) \ + | ( (uint32_t) ( data )[( offset ) + 1] << 8 ) \ + | ( (uint32_t) ( data )[( offset ) + 2] << 16 ) \ + | ( (uint32_t) ( data )[( offset ) + 3] << 24 ) \ + ) +#endif + +/** + * Put in memory a 32 bits unsigned integer in little-endian order. + * + * \param n 32 bits unsigned integer to put in memory. + * \param data Base address of the memory where to put the 32 + * bits unsigned integer in. + * \param offset Offset from \p data where to put the least significant + * byte of the 32 bits unsigned integer \p n. + */ +#ifndef MBEDTLS_PUT_UINT32_LE +#define MBEDTLS_PUT_UINT32_LE( n, data, offset ) \ +{ \ + ( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \ + ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \ + ( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n ); \ + ( data )[( offset ) + 3] = MBEDTLS_BYTE_3( n ); \ +} +#endif + +/** + * Get the unsigned 16 bits integer corresponding to two bytes in + * little-endian order (LSB first). + * + * \param data Base address of the memory to get the two bytes from. + * \param offset Offset from \p data of the first and least significant + * byte of the two bytes to build the 16 bits unsigned + * integer from. + */ +#ifndef MBEDTLS_GET_UINT16_LE +#define MBEDTLS_GET_UINT16_LE( data, offset ) \ + ( \ + ( (uint16_t) ( data )[( offset ) ] ) \ + | ( (uint16_t) ( data )[( offset ) + 1] << 8 ) \ + ) +#endif + +/** + * Put in memory a 16 bits unsigned integer in little-endian order. + * + * \param n 16 bits unsigned integer to put in memory. + * \param data Base address of the memory where to put the 16 + * bits unsigned integer in. + * \param offset Offset from \p data where to put the least significant + * byte of the 16 bits unsigned integer \p n. + */ +#ifndef MBEDTLS_PUT_UINT16_LE +#define MBEDTLS_PUT_UINT16_LE( n, data, offset ) \ +{ \ + ( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \ + ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \ +} +#endif + +/** + * Get the unsigned 16 bits integer corresponding to two bytes in + * big-endian order (MSB first). + * + * \param data Base address of the memory to get the two bytes from. + * \param offset Offset from \p data of the first and most significant + * byte of the two bytes to build the 16 bits unsigned + * integer from. + */ +#ifndef MBEDTLS_GET_UINT16_BE +#define MBEDTLS_GET_UINT16_BE( data, offset ) \ + ( \ + ( (uint16_t) ( data )[( offset ) ] << 8 ) \ + | ( (uint16_t) ( data )[( offset ) + 1] ) \ + ) +#endif + +/** + * Put in memory a 16 bits unsigned integer in big-endian order. + * + * \param n 16 bits unsigned integer to put in memory. + * \param data Base address of the memory where to put the 16 + * bits unsigned integer in. + * \param offset Offset from \p data where to put the most significant + * byte of the 16 bits unsigned integer \p n. + */ +#ifndef MBEDTLS_PUT_UINT16_BE +#define MBEDTLS_PUT_UINT16_BE( n, data, offset ) \ +{ \ + ( data )[( offset ) ] = MBEDTLS_BYTE_1( n ); \ + ( data )[( offset ) + 1] = MBEDTLS_BYTE_0( n ); \ +} +#endif + +/** + * Get the unsigned 24 bits integer corresponding to three bytes in + * big-endian order (MSB first). + * + * \param data Base address of the memory to get the three bytes from. + * \param offset Offset from \p data of the first and most significant + * byte of the three bytes to build the 24 bits unsigned + * integer from. + */ +#ifndef MBEDTLS_GET_UINT24_BE +#define MBEDTLS_GET_UINT24_BE( data , offset ) \ + ( \ + ( (uint32_t) ( data )[( offset ) ] << 16 ) \ + | ( (uint32_t) ( data )[( offset ) + 1] << 8 ) \ + | ( (uint32_t) ( data )[( offset ) + 2] ) \ + ) +#endif + +/** + * Put in memory a 24 bits unsigned integer in big-endian order. + * + * \param n 24 bits unsigned integer to put in memory. + * \param data Base address of the memory where to put the 24 + * bits unsigned integer in. + * \param offset Offset from \p data where to put the most significant + * byte of the 24 bits unsigned integer \p n. + */ +#ifndef MBEDTLS_PUT_UINT24_BE +#define MBEDTLS_PUT_UINT24_BE( n, data, offset ) \ +{ \ + ( data )[( offset ) ] = MBEDTLS_BYTE_2( n ); \ + ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \ + ( data )[( offset ) + 2] = MBEDTLS_BYTE_0( n ); \ +} +#endif + +/** + * Get the unsigned 24 bits integer corresponding to three bytes in + * little-endian order (LSB first). + * + * \param data Base address of the memory to get the three bytes from. + * \param offset Offset from \p data of the first and least significant + * byte of the three bytes to build the 24 bits unsigned + * integer from. + */ +#ifndef MBEDTLS_GET_UINT24_LE +#define MBEDTLS_GET_UINT24_LE( data, offset ) \ + ( \ + ( (uint32_t) ( data )[( offset ) ] ) \ + | ( (uint32_t) ( data )[( offset ) + 1] << 8 ) \ + | ( (uint32_t) ( data )[( offset ) + 2] << 16 ) \ + ) +#endif + +/** + * Put in memory a 24 bits unsigned integer in little-endian order. + * + * \param n 24 bits unsigned integer to put in memory. + * \param data Base address of the memory where to put the 24 + * bits unsigned integer in. + * \param offset Offset from \p data where to put the least significant + * byte of the 24 bits unsigned integer \p n. + */ +#ifndef MBEDTLS_PUT_UINT24_LE +#define MBEDTLS_PUT_UINT24_LE( n, data, offset ) \ +{ \ + ( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \ + ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \ + ( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n ); \ +} +#endif + +/** + * Get the unsigned 64 bits integer corresponding to eight bytes in + * big-endian order (MSB first). + * + * \param data Base address of the memory to get the eight bytes from. + * \param offset Offset from \p data of the first and most significant + * byte of the eight bytes to build the 64 bits unsigned + * integer from. + */ +#ifndef MBEDTLS_GET_UINT64_BE +#define MBEDTLS_GET_UINT64_BE( data, offset ) \ + ( \ + ( (uint64_t) ( data )[( offset ) ] << 56 ) \ + | ( (uint64_t) ( data )[( offset ) + 1] << 48 ) \ + | ( (uint64_t) ( data )[( offset ) + 2] << 40 ) \ + | ( (uint64_t) ( data )[( offset ) + 3] << 32 ) \ + | ( (uint64_t) ( data )[( offset ) + 4] << 24 ) \ + | ( (uint64_t) ( data )[( offset ) + 5] << 16 ) \ + | ( (uint64_t) ( data )[( offset ) + 6] << 8 ) \ + | ( (uint64_t) ( data )[( offset ) + 7] ) \ + ) +#endif + +/** + * Put in memory a 64 bits unsigned integer in big-endian order. + * + * \param n 64 bits unsigned integer to put in memory. + * \param data Base address of the memory where to put the 64 + * bits unsigned integer in. + * \param offset Offset from \p data where to put the most significant + * byte of the 64 bits unsigned integer \p n. + */ +#ifndef MBEDTLS_PUT_UINT64_BE +#define MBEDTLS_PUT_UINT64_BE( n, data, offset ) \ +{ \ + ( data )[( offset ) ] = MBEDTLS_BYTE_7( n ); \ + ( data )[( offset ) + 1] = MBEDTLS_BYTE_6( n ); \ + ( data )[( offset ) + 2] = MBEDTLS_BYTE_5( n ); \ + ( data )[( offset ) + 3] = MBEDTLS_BYTE_4( n ); \ + ( data )[( offset ) + 4] = MBEDTLS_BYTE_3( n ); \ + ( data )[( offset ) + 5] = MBEDTLS_BYTE_2( n ); \ + ( data )[( offset ) + 6] = MBEDTLS_BYTE_1( n ); \ + ( data )[( offset ) + 7] = MBEDTLS_BYTE_0( n ); \ +} +#endif + +/** + * Get the unsigned 64 bits integer corresponding to eight bytes in + * little-endian order (LSB first). + * + * \param data Base address of the memory to get the eight bytes from. + * \param offset Offset from \p data of the first and least significant + * byte of the eight bytes to build the 64 bits unsigned + * integer from. + */ +#ifndef MBEDTLS_GET_UINT64_LE +#define MBEDTLS_GET_UINT64_LE( data, offset ) \ + ( \ + ( (uint64_t) ( data )[( offset ) + 7] << 56 ) \ + | ( (uint64_t) ( data )[( offset ) + 6] << 48 ) \ + | ( (uint64_t) ( data )[( offset ) + 5] << 40 ) \ + | ( (uint64_t) ( data )[( offset ) + 4] << 32 ) \ + | ( (uint64_t) ( data )[( offset ) + 3] << 24 ) \ + | ( (uint64_t) ( data )[( offset ) + 2] << 16 ) \ + | ( (uint64_t) ( data )[( offset ) + 1] << 8 ) \ + | ( (uint64_t) ( data )[( offset ) ] ) \ + ) +#endif + +/** + * Put in memory a 64 bits unsigned integer in little-endian order. + * + * \param n 64 bits unsigned integer to put in memory. + * \param data Base address of the memory where to put the 64 + * bits unsigned integer in. + * \param offset Offset from \p data where to put the least significant + * byte of the 64 bits unsigned integer \p n. + */ +#ifndef MBEDTLS_PUT_UINT64_LE +#define MBEDTLS_PUT_UINT64_LE( n, data, offset ) \ +{ \ + ( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \ + ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \ + ( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n ); \ + ( data )[( offset ) + 3] = MBEDTLS_BYTE_3( n ); \ + ( data )[( offset ) + 4] = MBEDTLS_BYTE_4( n ); \ + ( data )[( offset ) + 5] = MBEDTLS_BYTE_5( n ); \ + ( data )[( offset ) + 6] = MBEDTLS_BYTE_6( n ); \ + ( data )[( offset ) + 7] = MBEDTLS_BYTE_7( n ); \ +} +#endif + +/* Fix MSVC C99 compatible issue + * MSVC support __func__ from visual studio 2015( 1900 ) + * Use MSVC predefine macro to avoid name check fail. + */ +#if (defined(_MSC_VER) && ( _MSC_VER <= 1900 )) +#define /*no-check-names*/ __func__ __FUNCTION__ +#endif + #endif /* MBEDTLS_LIBRARY_COMMON_H */ diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index b664fb0fc7..93a7cdcd1f 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -152,11 +152,8 @@ static int block_cipher_df( unsigned char *output, * (Total is padded to a multiple of 16-bytes with zeroes) */ p = buf + MBEDTLS_CTR_DRBG_BLOCKSIZE; - *p++ = ( data_len >> 24 ) & 0xff; - *p++ = ( data_len >> 16 ) & 0xff; - *p++ = ( data_len >> 8 ) & 0xff; - *p++ = ( data_len ) & 0xff; - p += 3; + MBEDTLS_PUT_UINT32_BE( data_len, p, 0); + p += 4 + 3; *p++ = MBEDTLS_CTR_DRBG_SEEDLEN; memcpy( p, data, data_len ); p[data_len] = 0x80; diff --git a/library/des.c b/library/des.c index eddf55e789..91d22b5d90 100644 --- a/library/des.c +++ b/library/des.c @@ -28,6 +28,7 @@ #if defined(MBEDTLS_DES_C) #include "mbedtls/des.h" +#include "mbedtls/error.h" #include "mbedtls/platform_util.h" #include @@ -43,29 +44,6 @@ #if !defined(MBEDTLS_DES_ALT) -/* - * 32-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} -#endif - -#ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) ); \ -} -#endif - /* * Expanded DES S-boxes */ @@ -423,8 +401,8 @@ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KE int i; uint32_t X, Y, T; - GET_UINT32_BE( X, key, 0 ); - GET_UINT32_BE( Y, key, 4 ); + X = MBEDTLS_GET_UINT32_BE( key, 0 ); + Y = MBEDTLS_GET_UINT32_BE( key, 4 ); /* * Permuted Choice 1 @@ -633,8 +611,8 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx, SK = ctx->sk; - GET_UINT32_BE( X, input, 0 ); - GET_UINT32_BE( Y, input, 4 ); + X = MBEDTLS_GET_UINT32_BE( input, 0 ); + Y = MBEDTLS_GET_UINT32_BE( input, 4 ); DES_IP( X, Y ); @@ -646,8 +624,8 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx, DES_FP( Y, X ); - PUT_UINT32_BE( Y, output, 0 ); - PUT_UINT32_BE( X, output, 4 ); + MBEDTLS_PUT_UINT32_BE( Y, output, 0 ); + MBEDTLS_PUT_UINT32_BE( X, output, 4 ); return( 0 ); } @@ -665,6 +643,7 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, unsigned char *output ) { int i; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char temp[8]; if( length % 8 ) @@ -677,7 +656,9 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, for( i = 0; i < 8; i++ ) output[i] = (unsigned char)( input[i] ^ iv[i] ); - mbedtls_des_crypt_ecb( ctx, output, output ); + ret = mbedtls_des_crypt_ecb( ctx, output, output ); + if( ret != 0 ) + goto exit; memcpy( iv, output, 8 ); input += 8; @@ -690,7 +671,9 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, while( length > 0 ) { memcpy( temp, input, 8 ); - mbedtls_des_crypt_ecb( ctx, input, output ); + ret = mbedtls_des_crypt_ecb( ctx, input, output ); + if( ret != 0 ) + goto exit; for( i = 0; i < 8; i++ ) output[i] = (unsigned char)( output[i] ^ iv[i] ); @@ -702,8 +685,10 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, length -= 8; } } + ret = 0; - return( 0 ); +exit: + return( ret ); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -720,8 +705,8 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx, SK = ctx->sk; - GET_UINT32_BE( X, input, 0 ); - GET_UINT32_BE( Y, input, 4 ); + X = MBEDTLS_GET_UINT32_BE( input, 0 ); + Y = MBEDTLS_GET_UINT32_BE( input, 4 ); DES_IP( X, Y ); @@ -745,8 +730,8 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx, DES_FP( Y, X ); - PUT_UINT32_BE( Y, output, 0 ); - PUT_UINT32_BE( X, output, 4 ); + MBEDTLS_PUT_UINT32_BE( Y, output, 0 ); + MBEDTLS_PUT_UINT32_BE( X, output, 4 ); return( 0 ); } @@ -764,6 +749,7 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, unsigned char *output ) { int i; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char temp[8]; if( length % 8 ) @@ -776,7 +762,9 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, for( i = 0; i < 8; i++ ) output[i] = (unsigned char)( input[i] ^ iv[i] ); - mbedtls_des3_crypt_ecb( ctx, output, output ); + ret = mbedtls_des3_crypt_ecb( ctx, output, output ); + if( ret != 0 ) + goto exit; memcpy( iv, output, 8 ); input += 8; @@ -789,7 +777,9 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, while( length > 0 ) { memcpy( temp, input, 8 ); - mbedtls_des3_crypt_ecb( ctx, input, output ); + ret = mbedtls_des3_crypt_ecb( ctx, input, output ); + if( ret != 0 ) + goto exit; for( i = 0; i < 8; i++ ) output[i] = (unsigned char)( output[i] ^ iv[i] ); @@ -801,8 +791,10 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, length -= 8; } } + ret = 0; - return( 0 ); +exit: + return( ret ); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -895,39 +887,43 @@ int mbedtls_des_self_test( int verbose ) switch( i ) { case 0: - mbedtls_des_setkey_dec( &ctx, des3_test_keys ); + ret = mbedtls_des_setkey_dec( &ctx, des3_test_keys ); break; case 1: - mbedtls_des_setkey_enc( &ctx, des3_test_keys ); + ret = mbedtls_des_setkey_enc( &ctx, des3_test_keys ); break; case 2: - mbedtls_des3_set2key_dec( &ctx3, des3_test_keys ); + ret = mbedtls_des3_set2key_dec( &ctx3, des3_test_keys ); break; case 3: - mbedtls_des3_set2key_enc( &ctx3, des3_test_keys ); + ret = mbedtls_des3_set2key_enc( &ctx3, des3_test_keys ); break; case 4: - mbedtls_des3_set3key_dec( &ctx3, des3_test_keys ); + ret = mbedtls_des3_set3key_dec( &ctx3, des3_test_keys ); break; case 5: - mbedtls_des3_set3key_enc( &ctx3, des3_test_keys ); + ret = mbedtls_des3_set3key_enc( &ctx3, des3_test_keys ); break; default: return( 1 ); } + if( ret != 0 ) + goto exit; for( j = 0; j < 100; j++ ) { if( u == 0 ) - mbedtls_des_crypt_ecb( &ctx, buf, buf ); + ret = mbedtls_des_crypt_ecb( &ctx, buf, buf ); else - mbedtls_des3_crypt_ecb( &ctx3, buf, buf ); + ret = mbedtls_des3_crypt_ecb( &ctx3, buf, buf ); + if( ret != 0 ) + goto exit; } if( ( v == MBEDTLS_DES_DECRYPT && @@ -970,41 +966,45 @@ int mbedtls_des_self_test( int verbose ) switch( i ) { case 0: - mbedtls_des_setkey_dec( &ctx, des3_test_keys ); + ret = mbedtls_des_setkey_dec( &ctx, des3_test_keys ); break; case 1: - mbedtls_des_setkey_enc( &ctx, des3_test_keys ); + ret = mbedtls_des_setkey_enc( &ctx, des3_test_keys ); break; case 2: - mbedtls_des3_set2key_dec( &ctx3, des3_test_keys ); + ret = mbedtls_des3_set2key_dec( &ctx3, des3_test_keys ); break; case 3: - mbedtls_des3_set2key_enc( &ctx3, des3_test_keys ); + ret = mbedtls_des3_set2key_enc( &ctx3, des3_test_keys ); break; case 4: - mbedtls_des3_set3key_dec( &ctx3, des3_test_keys ); + ret = mbedtls_des3_set3key_dec( &ctx3, des3_test_keys ); break; case 5: - mbedtls_des3_set3key_enc( &ctx3, des3_test_keys ); + ret = mbedtls_des3_set3key_enc( &ctx3, des3_test_keys ); break; default: return( 1 ); } + if( ret != 0 ) + goto exit; if( v == MBEDTLS_DES_DECRYPT ) { for( j = 0; j < 100; j++ ) { if( u == 0 ) - mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); + ret = mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); else - mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); + ret = mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); + if( ret != 0 ) + goto exit; } } else @@ -1014,9 +1014,11 @@ int mbedtls_des_self_test( int verbose ) unsigned char tmp[8]; if( u == 0 ) - mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); + ret = mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); else - mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); + ret = mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); + if( ret != 0 ) + goto exit; memcpy( tmp, prv, 8 ); memcpy( prv, buf, 8 ); @@ -1050,6 +1052,8 @@ exit: mbedtls_des_free( &ctx ); mbedtls_des3_free( &ctx3 ); + if( ret != 0 ) + ret = 1; return( ret ); } diff --git a/library/dhm.c b/library/dhm.c index 29ce75598c..2ce0ed4fde 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -270,8 +270,8 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( ( X ), \ p + 2, \ ( n ) ) ); \ - *p++ = (unsigned char)( ( n ) >> 8 ); \ - *p++ = (unsigned char)( ( n ) ); \ + *p++ = MBEDTLS_BYTE_1( n ); \ + *p++ = MBEDTLS_BYTE_0( n ); \ p += ( n ); \ } while( 0 ) diff --git a/library/ecdh.c b/library/ecdh.c index 9dfa868063..ddd4ef545e 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -32,6 +32,8 @@ #include "mbedtls/platform_util.h" #include "mbedtls/error.h" +#include "ecdh_misc.h" + #include /* Parameter validation macros based on platform_util.h */ @@ -726,4 +728,138 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, #endif } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + +static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx, + size_t *olen, int point_format, unsigned char *buf, size_t blen, + int ( *f_rng )( void *, unsigned char *, size_t), void *p_rng ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + if( ctx->grp.pbits == 0 ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, + f_rng, p_rng ) ) != 0 ) + return( ret ); + + ret = mbedtls_ecp_point_write_binary( &ctx->grp, &ctx->Q, point_format, + olen, buf, blen ); + if( ret != 0 ) + return( ret ); + + return( 0 ); +} + +int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int ( *f_rng )( void *, unsigned char *, size_t ), + void *p_rng ) +{ + ECDH_VALIDATE_RET( ctx != NULL ); + ECDH_VALIDATE_RET( olen != NULL ); + ECDH_VALIDATE_RET( buf != NULL ); + ECDH_VALIDATE_RET( f_rng != NULL ); + + +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( ctx-> restart_enabled ) + return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); +#endif + +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + return( ecdh_tls13_make_params_internal( ctx, olen, ctx->point_format, + buf, blen, f_rng, p_rng ) ); +#else + switch( ctx->var ) + { +#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) + case MBEDTLS_ECDH_VARIANT_EVEREST: + return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); +#endif + case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: + return( ecdh_tls13_make_params_internal( &ctx->ctx.mbed_ecdh, olen, + ctx->point_format, buf, blen, + f_rng, p_rng ) ); + default: + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } +#endif +} + +/* + * Setup context without Everest + */ +int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx, + mbedtls_ecp_group_id grp_id ) +{ + ECDH_VALIDATE_RET( ctx != NULL ); + +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + return( ecdh_setup_internal( ctx, grp_id ) ); +#else + ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; + ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0; + ctx->grp_id = grp_id; + ecdh_init_internal( &ctx->ctx.mbed_ecdh ); + return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) ); +#endif +} + +static int ecdh_tls13_read_public_internal( mbedtls_ecdh_context_mbed *ctx, + const unsigned char *buf, + size_t buf_len ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + const unsigned char *p = buf; + size_t data_len; + + if( buf_len < 3 ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + data_len = MBEDTLS_GET_UINT16_BE( p, 0 ); + p += 2; + + if( data_len < 1 || data_len != ( buf_len - 2 ) ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + if( ( ret = mbedtls_ecp_point_read_binary( &ctx->grp, + &ctx->Qp, p, data_len ) ) != 0) + { + return( ret ); + } + + return( 0 ); +} + +/* + * Parse and import the client's TLS 1.3 public value + */ +int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx, + const unsigned char *buf, + size_t buf_len ) +{ + ECDH_VALIDATE_RET( ctx != NULL ); + ECDH_VALIDATE_RET( buf != NULL ); + +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + return( ecdh_tls13_read_public_internal( ctx, buf, buf_len ) ); +#else + switch( ctx->var ) + { +#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) + case MBEDTLS_ECDH_VARIANT_EVEREST: + return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); +#endif + case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: + return( ecdh_tls13_read_public_internal( &ctx->ctx.mbed_ecdh, + buf, buf_len ) ); + default: + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } +#endif +} + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + #endif /* MBEDTLS_ECDH_C */ diff --git a/library/ecdh_misc.h b/library/ecdh_misc.h new file mode 100644 index 0000000000..d0f338a837 --- /dev/null +++ b/library/ecdh_misc.h @@ -0,0 +1,57 @@ +/** + * \file ecdh_misc.h + * + * \brief Internal functions shared by the ECDH module + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 ( the "License" ); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#if !defined(MBEDTLS_ECDH_MISC_H) +#define MBEDTLS_ECDH_MISC_H + +#include "mbedtls/ecdh.h" +#include "mbedtls/ecp.h" + +#if defined(MBEDTLS_ECDH_C) + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + +/* + * Setup context without Everest + */ +int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx, + mbedtls_ecp_group_id grp_id ); + +/* + * TLS 1.3 version of mbedtls_ecdh_make_params + */ +int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t buf_len, + int ( *f_rng )( void *, unsigned char *, size_t ), + void *p_rng ); + +/* + * TLS 1.3 version of mbedtls_ecdh_read_public + */ +int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx, + const unsigned char *buf, + size_t buf_len ); + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + +#endif /* MBEDTLS_ECDH_C */ + +#endif /* !MBEDTLS_ECDH_MISC_H */ diff --git a/library/ecjpake.c b/library/ecjpake.c index d229311420..738a97719c 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -180,10 +180,7 @@ static int ecjpake_write_len_point( unsigned char **p, if( ret != 0 ) return( ret ); - (*p)[0] = (unsigned char)( ( len >> 24 ) & 0xFF ); - (*p)[1] = (unsigned char)( ( len >> 16 ) & 0xFF ); - (*p)[2] = (unsigned char)( ( len >> 8 ) & 0xFF ); - (*p)[3] = (unsigned char)( ( len ) & 0xFF ); + MBEDTLS_PUT_UINT32_BE( len, *p, 0 ); *p += 4 + len; @@ -223,10 +220,8 @@ static int ecjpake_hash( const mbedtls_md_info_t *md_info, if( end - p < 4 ) return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); - *p++ = (unsigned char)( ( id_len >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( id_len >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( id_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( id_len ) & 0xFF ); + MBEDTLS_PUT_UINT32_BE( id_len, p, 0 ); + p += 4; if( end < p || (size_t)( end - p ) < id_len ) return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); @@ -366,7 +361,7 @@ static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info, goto cleanup; } - *(*p)++ = (unsigned char)( len & 0xFF ); + *(*p)++ = MBEDTLS_BYTE_0( len ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, *p, len ) ); /* r */ *p += len; diff --git a/library/ecp.c b/library/ecp.c index b608ff1bd7..0212069c83 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1012,8 +1012,7 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, /* * Next two bytes are the namedcurve value */ - buf[0] = curve_info->tls_id >> 8; - buf[1] = curve_info->tls_id & 0xFF; + MBEDTLS_PUT_UINT16_BE( curve_info->tls_id, buf, 0 ); return( 0 ); } diff --git a/library/gcm.c b/library/gcm.c index 835b1b2853..8505cf4e07 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -58,29 +58,6 @@ #define GCM_VALIDATE( cond ) \ MBEDTLS_INTERNAL_VALIDATE( cond ) -/* - * 32-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} -#endif - -#ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) ); \ -} -#endif - /* * Initialize a context */ @@ -111,12 +88,12 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx ) return( ret ); /* pack h as two 64-bits ints, big-endian */ - GET_UINT32_BE( hi, h, 0 ); - GET_UINT32_BE( lo, h, 4 ); + hi = MBEDTLS_GET_UINT32_BE( h, 0 ); + lo = MBEDTLS_GET_UINT32_BE( h, 4 ); vh = (uint64_t) hi << 32 | lo; - GET_UINT32_BE( hi, h, 8 ); - GET_UINT32_BE( lo, h, 12 ); + hi = MBEDTLS_GET_UINT32_BE( h, 8 ); + lo = MBEDTLS_GET_UINT32_BE( h, 12 ); vl = (uint64_t) hi << 32 | lo; /* 8 = 1000 corresponds to 1 in GF(2^128) */ @@ -223,10 +200,10 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16], if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) ) { unsigned char h[16]; - PUT_UINT32_BE( ctx->HH[8] >> 32, h, 0 ); - PUT_UINT32_BE( ctx->HH[8], h, 4 ); - PUT_UINT32_BE( ctx->HL[8] >> 32, h, 8 ); - PUT_UINT32_BE( ctx->HL[8], h, 12 ); + MBEDTLS_PUT_UINT32_BE( ctx->HH[8] >> 32, h, 0 ); + MBEDTLS_PUT_UINT32_BE( ctx->HH[8], h, 4 ); + MBEDTLS_PUT_UINT32_BE( ctx->HL[8] >> 32, h, 8 ); + MBEDTLS_PUT_UINT32_BE( ctx->HL[8], h, 12 ); mbedtls_aesni_gcm_mult( output, x, h ); return; @@ -262,10 +239,10 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16], zl ^= ctx->HL[hi]; } - PUT_UINT32_BE( zh >> 32, output, 0 ); - PUT_UINT32_BE( zh, output, 4 ); - PUT_UINT32_BE( zl >> 32, output, 8 ); - PUT_UINT32_BE( zl, output, 12 ); + MBEDTLS_PUT_UINT32_BE( zh >> 32, output, 0 ); + MBEDTLS_PUT_UINT32_BE( zh, output, 4 ); + MBEDTLS_PUT_UINT32_BE( zl >> 32, output, 8 ); + MBEDTLS_PUT_UINT32_BE( zl, output, 12 ); } int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, @@ -277,6 +254,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, size_t i; const unsigned char *p; size_t use_len, olen = 0; + uint64_t iv_bits; GCM_VALIDATE_RET( ctx != NULL ); GCM_VALIDATE_RET( iv != NULL ); @@ -301,7 +279,8 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, else { memset( work_buf, 0x00, 16 ); - PUT_UINT32_BE( iv_len * 8, work_buf, 12 ); + iv_bits = (uint64_t)iv_len * 8; + MBEDTLS_PUT_UINT64_BE( iv_bits, work_buf, 8 ); p = iv; while( iv_len > 0 ) @@ -454,7 +433,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, unsigned char ectr[16]; if( output_size < input_length ) - return( MBEDTLS_ERR_GCM_BAD_INPUT ); + return( MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL ); GCM_VALIDATE_RET( output_length != NULL ); *output_length = input_length; @@ -569,10 +548,10 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, { memset( work_buf, 0x00, 16 ); - PUT_UINT32_BE( ( orig_add_len >> 32 ), work_buf, 0 ); - PUT_UINT32_BE( ( orig_add_len ), work_buf, 4 ); - PUT_UINT32_BE( ( orig_len >> 32 ), work_buf, 8 ); - PUT_UINT32_BE( ( orig_len ), work_buf, 12 ); + MBEDTLS_PUT_UINT32_BE( ( orig_add_len >> 32 ), work_buf, 0 ); + MBEDTLS_PUT_UINT32_BE( ( orig_add_len ), work_buf, 4 ); + MBEDTLS_PUT_UINT32_BE( ( orig_len >> 32 ), work_buf, 8 ); + MBEDTLS_PUT_UINT32_BE( ( orig_len ), work_buf, 12 ); for( i = 0; i < 16; i++ ) ctx->buf[i] ^= work_buf[i]; diff --git a/library/md5.c b/library/md5.c index d7f8cee468..a9bbcb488b 100644 --- a/library/md5.c +++ b/library/md5.c @@ -43,29 +43,6 @@ #if !defined(MBEDTLS_MD5_ALT) -/* - * 32-bit integer manipulation macros (little endian) - */ -#ifndef GET_UINT32_LE -#define GET_UINT32_LE(n,b,i) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] ) \ - | ( (uint32_t) (b)[(i) + 1] << 8 ) \ - | ( (uint32_t) (b)[(i) + 2] << 16 ) \ - | ( (uint32_t) (b)[(i) + 3] << 24 ); \ -} -#endif - -#ifndef PUT_UINT32_LE -#define PUT_UINT32_LE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \ - (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \ - (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \ - (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \ -} -#endif - void mbedtls_md5_init( mbedtls_md5_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_md5_context ) ); @@ -110,22 +87,22 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, uint32_t X[16], A, B, C, D; } local; - GET_UINT32_LE( local.X[ 0], data, 0 ); - GET_UINT32_LE( local.X[ 1], data, 4 ); - GET_UINT32_LE( local.X[ 2], data, 8 ); - GET_UINT32_LE( local.X[ 3], data, 12 ); - GET_UINT32_LE( local.X[ 4], data, 16 ); - GET_UINT32_LE( local.X[ 5], data, 20 ); - GET_UINT32_LE( local.X[ 6], data, 24 ); - GET_UINT32_LE( local.X[ 7], data, 28 ); - GET_UINT32_LE( local.X[ 8], data, 32 ); - GET_UINT32_LE( local.X[ 9], data, 36 ); - GET_UINT32_LE( local.X[10], data, 40 ); - GET_UINT32_LE( local.X[11], data, 44 ); - GET_UINT32_LE( local.X[12], data, 48 ); - GET_UINT32_LE( local.X[13], data, 52 ); - GET_UINT32_LE( local.X[14], data, 56 ); - GET_UINT32_LE( local.X[15], data, 60 ); + local.X[ 0] = MBEDTLS_GET_UINT32_LE( data, 0 ); + local.X[ 1] = MBEDTLS_GET_UINT32_LE( data, 4 ); + local.X[ 2] = MBEDTLS_GET_UINT32_LE( data, 8 ); + local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 ); + local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 ); + local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 ); + local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 ); + local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 ); + local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 ); + local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 ); + local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 ); + local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 ); + local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 ); + local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 ); + local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 ); + local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 ); #define S(x,n) \ ( ( (x) << (n) ) | ( ( (x) & 0xFFFFFFFF) >> ( 32 - (n) ) ) ) @@ -330,8 +307,8 @@ int mbedtls_md5_finish( mbedtls_md5_context *ctx, | ( ctx->total[1] << 3 ); low = ( ctx->total[0] << 3 ); - PUT_UINT32_LE( low, ctx->buffer, 56 ); - PUT_UINT32_LE( high, ctx->buffer, 60 ); + MBEDTLS_PUT_UINT32_LE( low, ctx->buffer, 56 ); + MBEDTLS_PUT_UINT32_LE( high, ctx->buffer, 60 ); if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); @@ -339,10 +316,10 @@ int mbedtls_md5_finish( mbedtls_md5_context *ctx, /* * Output final state */ - PUT_UINT32_LE( ctx->state[0], output, 0 ); - PUT_UINT32_LE( ctx->state[1], output, 4 ); - PUT_UINT32_LE( ctx->state[2], output, 8 ); - PUT_UINT32_LE( ctx->state[3], output, 12 ); + MBEDTLS_PUT_UINT32_LE( ctx->state[0], output, 0 ); + MBEDTLS_PUT_UINT32_LE( ctx->state[1], output, 4 ); + MBEDTLS_PUT_UINT32_LE( ctx->state[2], output, 8 ); + MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 ); return( 0 ); } diff --git a/library/nist_kw.c b/library/nist_kw.c index b9f45531c0..1aea0b6345 100644 --- a/library/nist_kw.c +++ b/library/nist_kw.c @@ -58,26 +58,6 @@ static const unsigned char NIST_KW_ICV1[] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, /*! The 32-bit default integrity check value (ICV) for KWP mode. */ static const unsigned char NIST_KW_ICV2[] = {0xA6, 0x59, 0x59, 0xA6}; -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -do { \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} while( 0 ) -#endif - -#ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n,b,i) \ -do { \ - (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) ); \ -} while( 0 ) -#endif - /* * Initialize context */ @@ -224,7 +204,7 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, } memcpy( output, NIST_KW_ICV2, KW_SEMIBLOCK_LENGTH / 2 ); - PUT_UINT32_BE( ( in_len & 0xffffffff ), output, + MBEDTLS_PUT_UINT32_BE( ( in_len & 0xffffffff ), output, KW_SEMIBLOCK_LENGTH / 2 ); memcpy( output + KW_SEMIBLOCK_LENGTH, input, in_len ); @@ -455,7 +435,7 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; } - GET_UINT32_BE( Plen, A, KW_SEMIBLOCK_LENGTH / 2 ); + Plen = MBEDTLS_GET_UINT32_BE( A, KW_SEMIBLOCK_LENGTH / 2 ); /* * Plen is the length of the plaintext, when the input is valid. diff --git a/library/pkcs12.c b/library/pkcs12.c index 04b1a6dab3..8f64bc6395 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -285,8 +285,8 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, for( i = v; i > 0; i-- ) { j = salt_block[i - 1] + hash_block[i - 1] + c; - c = (unsigned char) (j >> 8); - salt_block[i - 1] = j & 0xFF; + c = MBEDTLS_BYTE_1( j ); + salt_block[i - 1] = MBEDTLS_BYTE_0( j ); } // pwd_block += B @@ -294,8 +294,8 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, for( i = v; i > 0; i-- ) { j = pwd_block[i - 1] + hash_block[i - 1] + c; - c = (unsigned char) (j >> 8); - pwd_block[i - 1] = j & 0xFF; + c = MBEDTLS_BYTE_1( j ); + pwd_block[i - 1] = MBEDTLS_BYTE_0( j ); } } diff --git a/library/pkparse.c b/library/pkparse.c index fe6aaca338..b2d3bb0747 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1370,8 +1370,8 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, } #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ - if( ( ret = pk_parse_key_pkcs8_unencrypted_der( - pk, key, keylen, f_rng, p_rng ) ) == 0 ) + ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen, f_rng, p_rng ); + if( ret == 0 ) { return( 0 ); } diff --git a/library/poly1305.c b/library/poly1305.c index 492d1457d4..7375a0c572 100644 --- a/library/poly1305.c +++ b/library/poly1305.c @@ -52,13 +52,6 @@ #define POLY1305_BLOCK_SIZE_BYTES ( 16U ) -#define BYTES_TO_U32_LE( data, offset ) \ - ( (uint32_t) (data)[offset] \ - | (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 ) \ - | (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 ) \ - | (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 ) \ - ) - /* * Our implementation is tuned for 32-bit platforms with a 64-bit multiplier. * However we provided an alternative for platforms without such a multiplier. @@ -129,10 +122,10 @@ static void poly1305_process( mbedtls_poly1305_context *ctx, for( i = 0U; i < nblocks; i++ ) { /* The input block is treated as a 128-bit little-endian integer */ - d0 = BYTES_TO_U32_LE( input, offset + 0 ); - d1 = BYTES_TO_U32_LE( input, offset + 4 ); - d2 = BYTES_TO_U32_LE( input, offset + 8 ); - d3 = BYTES_TO_U32_LE( input, offset + 12 ); + d0 = MBEDTLS_GET_UINT32_LE( input, offset + 0 ); + d1 = MBEDTLS_GET_UINT32_LE( input, offset + 4 ); + d2 = MBEDTLS_GET_UINT32_LE( input, offset + 8 ); + d3 = MBEDTLS_GET_UINT32_LE( input, offset + 12 ); /* Compute: acc += (padded) block as a 130-bit integer */ d0 += (uint64_t) acc0; @@ -257,22 +250,10 @@ static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx, acc3 += ctx->s[3] + (uint32_t) ( d >> 32U ); /* Compute MAC (128 least significant bits of the accumulator) */ - mac[ 0] = (unsigned char)( acc0 ); - mac[ 1] = (unsigned char)( acc0 >> 8 ); - mac[ 2] = (unsigned char)( acc0 >> 16 ); - mac[ 3] = (unsigned char)( acc0 >> 24 ); - mac[ 4] = (unsigned char)( acc1 ); - mac[ 5] = (unsigned char)( acc1 >> 8 ); - mac[ 6] = (unsigned char)( acc1 >> 16 ); - mac[ 7] = (unsigned char)( acc1 >> 24 ); - mac[ 8] = (unsigned char)( acc2 ); - mac[ 9] = (unsigned char)( acc2 >> 8 ); - mac[10] = (unsigned char)( acc2 >> 16 ); - mac[11] = (unsigned char)( acc2 >> 24 ); - mac[12] = (unsigned char)( acc3 ); - mac[13] = (unsigned char)( acc3 >> 8 ); - mac[14] = (unsigned char)( acc3 >> 16 ); - mac[15] = (unsigned char)( acc3 >> 24 ); + MBEDTLS_PUT_UINT32_LE( acc0, mac, 0 ); + MBEDTLS_PUT_UINT32_LE( acc1, mac, 4 ); + MBEDTLS_PUT_UINT32_LE( acc2, mac, 8 ); + MBEDTLS_PUT_UINT32_LE( acc3, mac, 12 ); } void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx ) @@ -297,15 +278,15 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx, POLY1305_VALIDATE_RET( key != NULL ); /* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */ - ctx->r[0] = BYTES_TO_U32_LE( key, 0 ) & 0x0FFFFFFFU; - ctx->r[1] = BYTES_TO_U32_LE( key, 4 ) & 0x0FFFFFFCU; - ctx->r[2] = BYTES_TO_U32_LE( key, 8 ) & 0x0FFFFFFCU; - ctx->r[3] = BYTES_TO_U32_LE( key, 12 ) & 0x0FFFFFFCU; + ctx->r[0] = MBEDTLS_GET_UINT32_LE( key, 0 ) & 0x0FFFFFFFU; + ctx->r[1] = MBEDTLS_GET_UINT32_LE( key, 4 ) & 0x0FFFFFFCU; + ctx->r[2] = MBEDTLS_GET_UINT32_LE( key, 8 ) & 0x0FFFFFFCU; + ctx->r[3] = MBEDTLS_GET_UINT32_LE( key, 12 ) & 0x0FFFFFFCU; - ctx->s[0] = BYTES_TO_U32_LE( key, 16 ); - ctx->s[1] = BYTES_TO_U32_LE( key, 20 ); - ctx->s[2] = BYTES_TO_U32_LE( key, 24 ); - ctx->s[3] = BYTES_TO_U32_LE( key, 28 ); + ctx->s[0] = MBEDTLS_GET_UINT32_LE( key, 16 ); + ctx->s[1] = MBEDTLS_GET_UINT32_LE( key, 20 ); + ctx->s[2] = MBEDTLS_GET_UINT32_LE( key, 24 ); + ctx->s[3] = MBEDTLS_GET_UINT32_LE( key, 28 ); /* Initial accumulator state */ ctx->acc[0] = 0U; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3574b9842a..0a04ba1061 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -201,6 +201,8 @@ psa_status_t mbedtls_to_psa_error( int ret ) case MBEDTLS_ERR_GCM_AUTH_FAILED: return( PSA_ERROR_INVALID_SIGNATURE ); + case MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL: + return( PSA_ERROR_BUFFER_TOO_SMALL ); case MBEDTLS_ERR_GCM_BAD_INPUT: return( PSA_ERROR_INVALID_ARGUMENT ); @@ -322,13 +324,6 @@ psa_status_t mbedtls_to_psa_error( int ret ) /* Key management */ /****************************************************************/ -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) -static inline int psa_key_slot_is_external( const psa_key_slot_t *slot ) -{ - return( psa_key_lifetime_is_external( slot->attr.lifetime ) ); -} -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - /* For now the MBEDTLS_PSA_ACCEL_ guards are also used here since the * current test driver in key_management.c is using this function * when accelerators are used for ECC key pair and public key. @@ -437,8 +432,8 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, * defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || * defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) */ -static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type, - size_t bits ) +psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type, + size_t bits ) { /* Check that the bit size is acceptable for the key type */ switch( type ) @@ -453,6 +448,12 @@ static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type, return( PSA_ERROR_INVALID_ARGUMENT ); break; #endif +#if defined(PSA_WANT_KEY_TYPE_ARIA) + case PSA_KEY_TYPE_ARIA: + if( bits != 128 && bits != 192 && bits != 256 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + break; +#endif #if defined(PSA_WANT_KEY_TYPE_CAMELLIA) case PSA_KEY_TYPE_CAMELLIA: if( bits != 128 && bits != 192 && bits != 256 ) @@ -565,16 +566,8 @@ psa_status_t psa_import_key_into_slot( { *bits = PSA_BYTES_TO_BITS( data_length ); - /* Ensure that the bytes-to-bits conversion hasn't overflown. */ - if( data_length > SIZE_MAX / 8 ) - return( PSA_ERROR_NOT_SUPPORTED ); - - /* Enforce a size limit, and in particular ensure that the bit - * size fits in its representation type. */ - if( ( *bits ) > PSA_MAX_KEY_BITS ) - return( PSA_ERROR_NOT_SUPPORTED ); - - status = validate_unstructured_key_bit_size( type, *bits ); + status = psa_validate_unstructured_key_bit_size( attributes->core.type, + *bits ); if( status != PSA_SUCCESS ) return( status ); @@ -630,8 +623,8 @@ static psa_algorithm_t psa_key_policy_algorithm_intersection( return( alg1 ); /* If the policies are from the same hash-and-sign family, check * if one is a wildcard. If so the other has the specific algorithm. */ - if( PSA_ALG_IS_HASH_AND_SIGN( alg1 ) && - PSA_ALG_IS_HASH_AND_SIGN( alg2 ) && + if( PSA_ALG_IS_SIGN_HASH( alg1 ) && + PSA_ALG_IS_SIGN_HASH( alg2 ) && ( alg1 & ~PSA_ALG_HASH_MASK ) == ( alg2 & ~PSA_ALG_HASH_MASK ) ) { if( PSA_ALG_SIGN_GET_HASH( alg1 ) == PSA_ALG_ANY_HASH ) @@ -733,7 +726,7 @@ static int psa_key_algorithm_permits( psa_key_type_t key_type, /* If policy_alg is a hash-and-sign with a wildcard for the hash, * and requested_alg is the same hash-and-sign family with any hash, * then requested_alg is compliant with policy_alg. */ - if( PSA_ALG_IS_HASH_AND_SIGN( requested_alg ) && + if( PSA_ALG_IS_SIGN_HASH( requested_alg ) && PSA_ALG_SIGN_GET_HASH( policy_alg ) == PSA_ALG_ANY_HASH ) { return( ( policy_alg & ~PSA_ALG_HASH_MASK ) == @@ -944,16 +937,16 @@ error: /** Get a key slot containing a transparent key and lock it. * * A transparent key is a key for which the key material is directly - * available, as opposed to a key in a secure element. + * available, as opposed to a key in a secure element and/or to be used + * by a secure element. * - * This is a temporary function to use instead of - * psa_get_and_lock_key_slot_with_policy() until secure element support is - * fully implemented. + * This is a temporary function that may be used instead of + * psa_get_and_lock_key_slot_with_policy() when there is no opaque key support + * for a cryptographic operation. * * On success, the returned key slot is locked. It is the responsibility of the * caller to unlock the key slot when it does not access it anymore. */ -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot, @@ -965,7 +958,7 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( if( status != PSA_SUCCESS ) return( status ); - if( psa_key_slot_is_external( *p_slot ) ) + if( psa_key_lifetime_is_external( (*p_slot)->attr.lifetime ) ) { psa_unlock_key_slot( *p_slot ); *p_slot = NULL; @@ -974,11 +967,6 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( return( PSA_SUCCESS ); } -#else /* MBEDTLS_PSA_CRYPTO_SE_C */ -/* With no secure element support, all keys are transparent. */ -#define psa_get_and_lock_transparent_key_slot_with_policy( key, p_slot, usage, alg ) \ - psa_get_and_lock_key_slot_with_policy( key, p_slot, usage, alg ) -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot ) { @@ -1206,7 +1194,7 @@ psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key, MBEDTLS_PSA_KA_MASK_DUAL_USE ); #if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( psa_key_slot_is_external( slot ) ) + if( psa_get_se_driver_entry( slot->attr.lifetime ) != NULL ) psa_set_key_slot_number( attributes, psa_key_slot_get_slot_number( slot ) ); #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ @@ -1217,14 +1205,11 @@ psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key, defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) case PSA_KEY_TYPE_RSA_KEY_PAIR: case PSA_KEY_TYPE_RSA_PUBLIC_KEY: -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) /* TODO: reporting the public exponent for opaque keys * is not yet implemented. * https://github.com/ARMmbed/mbed-crypto/issues/216 */ - if( psa_key_slot_is_external( slot ) ) - break; -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + if( ! psa_key_lifetime_is_external( slot->attr.lifetime ) ) { mbedtls_rsa_context *rsa = NULL; @@ -1906,6 +1891,7 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes, psa_key_slot_t *slot = NULL; psa_se_drv_table_entry_t *driver = NULL; size_t bits; + size_t storage_size = data_length; *key = MBEDTLS_SVC_KEY_ID_INIT; @@ -1915,18 +1901,29 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes, if( data_length == 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); + /* Ensure that the bytes-to-bits conversion cannot overflow. */ + if( data_length > SIZE_MAX / 8 ) + return( PSA_ERROR_NOT_SUPPORTED ); + status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes, &slot, &driver ); if( status != PSA_SUCCESS ) goto exit; /* In the case of a transparent key or an opaque key stored in local - * storage (thus not in the case of generating a key in a secure element - * or cryptoprocessor with storage), we have to allocate a buffer to - * hold the generated key material. */ + * storage ( thus not in the case of importing a key in a secure element + * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a + * buffer to hold the imported key material. */ if( slot->key.data == NULL ) { - status = psa_allocate_buffer_to_slot( slot, data_length ); + if( psa_key_lifetime_is_external( attributes->core.lifetime ) ) + { + status = psa_driver_wrapper_get_key_buffer_size_from_key_data( + attributes, data, data_length, &storage_size ); + if( status != PSA_SUCCESS ) + goto exit; + } + status = psa_allocate_buffer_to_slot( slot, storage_size ); if( status != PSA_SUCCESS ) goto exit; } @@ -1948,6 +1945,13 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes, goto exit; } + /* Enforce a size limit, and in particular ensure that the bit + * size fits in its representation type.*/ + if( bits > PSA_MAX_KEY_BITS ) + { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } status = psa_validate_optional_attributes( slot, attributes ); if( status != PSA_SUCCESS ) goto exit; @@ -1995,21 +1999,6 @@ exit: } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ -static psa_status_t psa_copy_key_material( const psa_key_slot_t *source, - psa_key_slot_t *target ) -{ - psa_status_t status = psa_copy_key_material_into_slot( target, - source->key.data, - source->key.bytes ); - if( status != PSA_SUCCESS ) - return( status ); - - target->attr.type = source->attr.type; - target->attr.bits = source->attr.bits; - - return( PSA_SUCCESS ); -} - psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key, const psa_key_attributes_t *specified_attributes, mbedtls_svc_key_id_t *target_key ) @@ -2020,10 +2009,11 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key, psa_key_slot_t *target_slot = NULL; psa_key_attributes_t actual_attributes = *specified_attributes; psa_se_drv_table_entry_t *driver = NULL; + size_t storage_size = 0; *target_key = MBEDTLS_SVC_KEY_ID_INIT; - status = psa_get_and_lock_transparent_key_slot_with_policy( + status = psa_get_and_lock_key_slot_with_policy( source_key, &source_slot, PSA_KEY_USAGE_COPY, 0 ); if( status != PSA_SUCCESS ) goto exit; @@ -2033,6 +2023,15 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key, if( status != PSA_SUCCESS ) goto exit; + /* The target key type and number of bits have been validated by + * psa_validate_optional_attributes() to be either equal to zero or + * equal to the ones of the source key. So it is safe to inherit + * them from the source key now." + * */ + actual_attributes.core.bits = source_slot->attr.bits; + actual_attributes.core.type = source_slot->attr.type; + + status = psa_restrict_key_policy( source_slot->attr.type, &actual_attributes.core.policy, &source_slot->attr.policy ); @@ -2043,31 +2042,53 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key, &target_slot, &driver ); if( status != PSA_SUCCESS ) goto exit; - -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( driver != NULL ) + if( PSA_KEY_LIFETIME_GET_LOCATION( target_slot->attr.lifetime ) != + PSA_KEY_LIFETIME_GET_LOCATION( source_slot->attr.lifetime ) ) { - /* Copying to a secure element is not implemented yet. */ + /* + * If the source and target keys are stored in different locations, + * the source key would need to be exported as plaintext and re-imported + * in the other location. This has security implications which have not + * been fully mapped. For now, this can be achieved through + * appropriate API invocations from the application, if needed. + * */ status = PSA_ERROR_NOT_SUPPORTED; goto exit; } -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - + /* + * When the source and target keys are within the same location, + * - For transparent keys it is a blind copy without any driver invocation, + * - For opaque keys this translates to an invocation of the drivers' + * copy_key entry point through the dispatch layer. + * */ if( psa_key_lifetime_is_external( actual_attributes.core.lifetime ) ) { - /* - * Copying through an opaque driver is not implemented yet, consider - * a lifetime with an external location as an invalid parameter for - * now. - */ - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; + status = psa_driver_wrapper_get_key_buffer_size( &actual_attributes, + &storage_size ); + if( status != PSA_SUCCESS ) + goto exit; + + status = psa_allocate_buffer_to_slot( target_slot, storage_size ); + if( status != PSA_SUCCESS ) + goto exit; + + status = psa_driver_wrapper_copy_key( &actual_attributes, + source_slot->key.data, + source_slot->key.bytes, + target_slot->key.data, + target_slot->key.bytes, + &target_slot->key.bytes ); + if( status != PSA_SUCCESS ) + goto exit; + } + else + { + status = psa_copy_key_material_into_slot( target_slot, + source_slot->key.data, + source_slot->key.bytes ); + if( status != PSA_SUCCESS ) + goto exit; } - - status = psa_copy_key_material( source_slot, target_slot ); - if( status != PSA_SUCCESS ) - goto exit; - status = psa_finish_key_creation( target_slot, driver, target_key ); exit: if( status != PSA_SUCCESS ) @@ -2329,7 +2350,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, status = psa_get_and_lock_key_slot_with_policy( key, &slot, - is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH, + is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE, alg ); if( status != PSA_SUCCESS ) goto exit; @@ -2514,8 +2535,9 @@ static psa_status_t psa_mac_compute_internal( mbedtls_svc_key_id_t key, uint8_t operation_mac_size = 0; status = psa_get_and_lock_key_slot_with_policy( - key, &slot, - is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH, + key, + &slot, + is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE, alg ); if( status != PSA_SUCCESS ) goto exit; @@ -2622,7 +2644,7 @@ static psa_status_t psa_sign_verify_check_alg( int input_is_message, if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) return( PSA_ERROR_INVALID_ARGUMENT ); - if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + if ( PSA_ALG_IS_SIGN_HASH( alg ) ) { if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -2630,7 +2652,7 @@ static psa_status_t psa_sign_verify_check_alg( int input_is_message, } else { - if( ! PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + if( ! PSA_ALG_IS_SIGN_HASH( alg ) ) return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -2780,7 +2802,7 @@ psa_status_t psa_sign_message_builtin( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + if ( PSA_ALG_IS_SIGN_HASH( alg ) ) { size_t hash_length; uint8_t hash[PSA_HASH_MAX_SIZE]; @@ -2827,7 +2849,7 @@ psa_status_t psa_verify_message_builtin( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + if ( PSA_ALG_IS_SIGN_HASH( alg ) ) { size_t hash_length; uint8_t hash[PSA_HASH_MAX_SIZE]; @@ -3573,7 +3595,12 @@ psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key, .core = slot->attr }; - if( input_length < PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ) ) + if( alg == PSA_ALG_CCM_STAR_NO_TAG && input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH( slot->attr.type ) ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + else if ( input_length < PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ) ) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; @@ -3595,6 +3622,53 @@ exit: /* AEAD */ /****************************************************************/ +/* Helper function to get the base algorithm from its variants. */ +static psa_algorithm_t psa_aead_get_base_algorithm( psa_algorithm_t alg ) +{ + return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg ); +} + +/* Helper function to perform common nonce length checks. */ +static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg, + size_t nonce_length ) +{ + psa_algorithm_t base_alg = psa_aead_get_base_algorithm( alg ); + + switch(base_alg) + { +#if defined(PSA_WANT_ALG_GCM) + case PSA_ALG_GCM: + /* Not checking max nonce size here as GCM spec allows almost + * arbitrarily large nonces. Please note that we do not generally + * recommend the usage of nonces of greater length than + * PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter + * size, which can then lead to collisions if you encrypt a very + * large number of messages.*/ + if( nonce_length != 0 ) + return( PSA_SUCCESS ); + break; +#endif /* PSA_WANT_ALG_GCM */ +#if defined(PSA_WANT_ALG_CCM) + case PSA_ALG_CCM: + if( nonce_length >= 7 && nonce_length <= 13 ) + return( PSA_SUCCESS ); + break; +#endif /* PSA_WANT_ALG_CCM */ +#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) + case PSA_ALG_CHACHA20_POLY1305: + if( nonce_length == 12 ) + return( PSA_SUCCESS ); + else if( nonce_length == 8 ) + return( PSA_ERROR_NOT_SUPPORTED ); + break; +#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *nonce, @@ -3624,6 +3698,10 @@ psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key, .core = slot->attr }; + status = psa_aead_check_nonce_length( alg, nonce_length ); + if( status != PSA_SUCCESS ) + goto exit; + status = psa_driver_wrapper_aead_encrypt( &attributes, slot->key.data, slot->key.bytes, alg, @@ -3635,6 +3713,7 @@ psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key, if( status != PSA_SUCCESS && ciphertext_size != 0 ) memset( ciphertext, 0, ciphertext_size ); +exit: psa_unlock_key_slot( slot ); return( status ); @@ -3669,6 +3748,10 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key, .core = slot->attr }; + status = psa_aead_check_nonce_length( alg, nonce_length ); + if( status != PSA_SUCCESS ) + goto exit; + status = psa_driver_wrapper_aead_decrypt( &attributes, slot->key.data, slot->key.bytes, alg, @@ -3680,11 +3763,474 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key, if( status != PSA_SUCCESS && plaintext_size != 0 ) memset( plaintext, 0, plaintext_size ); +exit: psa_unlock_key_slot( slot ); return( status ); } +/* Set the key for a multipart authenticated operation. */ +static psa_status_t psa_aead_setup( psa_aead_operation_t *operation, + int is_encrypt, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_slot_t *slot = NULL; + psa_key_usage_t key_usage = 0; + + if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + if( operation->id != 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( operation->nonce_set || operation->lengths_set || + operation->ad_started || operation->body_started ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( is_encrypt ) + key_usage = PSA_KEY_USAGE_ENCRYPT; + else + key_usage = PSA_KEY_USAGE_DECRYPT; + + status = psa_get_and_lock_key_slot_with_policy( key, &slot, key_usage, + alg ); + if( status != PSA_SUCCESS ) + goto exit; + + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + if( is_encrypt ) + status = psa_driver_wrapper_aead_encrypt_setup( operation, + &attributes, + slot->key.data, + slot->key.bytes, + alg ); + else + status = psa_driver_wrapper_aead_decrypt_setup( operation, + &attributes, + slot->key.data, + slot->key.bytes, + alg ); + if( status != PSA_SUCCESS ) + goto exit; + + operation->key_type = psa_get_key_type( &attributes ); + +exit: + unlock_status = psa_unlock_key_slot( slot ); + + if( status == PSA_SUCCESS ) + { + status = unlock_status; + operation->alg = psa_aead_get_base_algorithm( alg ); + operation->is_encrypt = is_encrypt; + } + else + psa_aead_abort( operation ); + + return( status ); +} + +/* Set the key for a multipart authenticated encryption operation. */ +psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg ) +{ + return( psa_aead_setup( operation, 1, key, alg ) ); +} + +/* Set the key for a multipart authenticated decryption operation. */ +psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg ) +{ + return( psa_aead_setup( operation, 0, key, alg ) ); +} + +/* Generate a random nonce / IV for multipart AEAD operation */ +psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, + uint8_t *nonce, + size_t nonce_size, + size_t *nonce_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t required_nonce_size; + + *nonce_length = 0; + + if( operation->id == 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( operation->nonce_set || !operation->is_encrypt ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + required_nonce_size = PSA_AEAD_NONCE_LENGTH( operation->key_type, + operation->alg ); + if( nonce_size < required_nonce_size ) + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto exit; + } + + status = psa_generate_random( nonce, required_nonce_size ); + if( status != PSA_SUCCESS ) + goto exit; + + status = psa_aead_set_nonce( operation, nonce, required_nonce_size ); + +exit: + if( status == PSA_SUCCESS ) + *nonce_length = required_nonce_size; + else + psa_aead_abort( operation ); + + return( status ); +} + +/* Set the nonce for a multipart authenticated encryption or decryption + operation.*/ +psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if( operation->id == 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( operation->nonce_set ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + status = psa_aead_check_nonce_length( operation->alg, nonce_length ); + if( status != PSA_SUCCESS ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + status = psa_driver_wrapper_aead_set_nonce( operation, nonce, + nonce_length ); + +exit: + if( status == PSA_SUCCESS ) + operation->nonce_set = 1; + else + psa_aead_abort( operation ); + + return( status ); +} + +/* Declare the lengths of the message and additional data for multipart AEAD. */ +psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if( operation->id == 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( operation->lengths_set || operation->ad_started || + operation->body_started ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + switch(operation->alg) + { +#if defined(PSA_WANT_ALG_GCM) + case PSA_ALG_GCM: + /* Lengths can only be too large for GCM if size_t is bigger than 32 + * bits. Without the guard this code will generate warnings on 32bit + * builds. */ +#if SIZE_MAX > UINT32_MAX + if( (( uint64_t ) ad_length ) >> 61 != 0 || + (( uint64_t ) plaintext_length ) > 0xFFFFFFFE0ull ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } +#endif + break; +#endif /* PSA_WANT_ALG_GCM */ +#if defined(PSA_WANT_ALG_CCM) + case PSA_ALG_CCM: + if( ad_length > 0xFF00 ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + break; +#endif /* PSA_WANT_ALG_CCM */ +#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) + case PSA_ALG_CHACHA20_POLY1305: + /* No length restrictions for ChaChaPoly. */ + break; +#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ + default: + break; + } + + status = psa_driver_wrapper_aead_set_lengths( operation, ad_length, + plaintext_length ); + +exit: + if( status == PSA_SUCCESS ) + { + operation->ad_remaining = ad_length; + operation->body_remaining = plaintext_length; + operation->lengths_set = 1; + } + else + psa_aead_abort( operation ); + + return( status ); +} + +/* Pass additional data to an active multipart AEAD operation. */ +psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if( operation->id == 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( !operation->nonce_set || operation->body_started ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( operation->lengths_set ) + { + if( operation->ad_remaining < input_length ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + operation->ad_remaining -= input_length; + } + + status = psa_driver_wrapper_aead_update_ad( operation, input, + input_length ); + +exit: + if( status == PSA_SUCCESS ) + operation->ad_started = 1; + else + psa_aead_abort( operation ); + + return( status ); +} + +/* Encrypt or decrypt a message fragment in an active multipart AEAD + operation.*/ +psa_status_t psa_aead_update( psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + *output_length = 0; + + if( operation->id == 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( !operation->nonce_set ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( operation->lengths_set ) + { + /* Additional data length was supplied, but not all the additional + data was supplied.*/ + if( operation->ad_remaining != 0 ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + /* Too much data provided. */ + if( operation->body_remaining < input_length ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + operation->body_remaining -= input_length; + } + + status = psa_driver_wrapper_aead_update( operation, input, input_length, + output, output_size, + output_length ); + +exit: + if( status == PSA_SUCCESS ) + operation->body_started = 1; + else + psa_aead_abort( operation ); + + return( status ); +} + +static psa_status_t psa_aead_final_checks( const psa_aead_operation_t *operation ) +{ + if( operation->id == 0 || !operation->nonce_set ) + return( PSA_ERROR_BAD_STATE ); + + if( operation->lengths_set && ( operation->ad_remaining != 0 || + operation->body_remaining != 0 ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + return( PSA_SUCCESS ); +} + +/* Finish encrypting a message in a multipart AEAD operation. */ +psa_status_t psa_aead_finish( psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + *ciphertext_length = 0; + *tag_length = tag_size; + + status = psa_aead_final_checks( operation ); + if( status != PSA_SUCCESS ) + goto exit; + + if( !operation->is_encrypt ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + status = psa_driver_wrapper_aead_finish( operation, ciphertext, + ciphertext_size, + ciphertext_length, + tag, tag_size, tag_length ); + +exit: + /* In case the operation fails and the user fails to check for failure or + * the zero tag size, make sure the tag is set to something implausible. + * Even if the operation succeeds, make sure we clear the rest of the + * buffer to prevent potential leakage of anything previously placed in + * the same buffer.*/ + if( tag != NULL ) + { + if( status != PSA_SUCCESS ) + memset( tag, '!', tag_size ); + else if( *tag_length < tag_size ) + memset( tag + *tag_length, '!', ( tag_size - *tag_length ) ); + } + + psa_aead_abort( operation ); + + return( status ); +} + +/* Finish authenticating and decrypting a message in a multipart AEAD + operation.*/ +psa_status_t psa_aead_verify( psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + *plaintext_length = 0; + + status = psa_aead_final_checks( operation ); + if( status != PSA_SUCCESS ) + goto exit; + + if( operation->is_encrypt ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + status = psa_driver_wrapper_aead_verify( operation, plaintext, + plaintext_size, + plaintext_length, + tag, tag_length ); + +exit: + psa_aead_abort( operation ); + + return( status ); +} + +/* Abort an AEAD operation. */ +psa_status_t psa_aead_abort( psa_aead_operation_t *operation ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if( operation->id == 0 ) + { + /* The object has (apparently) been initialized but it is not (yet) + * in use. It's ok to call abort on such an object, and there's + * nothing to do. */ + return( PSA_SUCCESS ); + } + + status = psa_driver_wrapper_aead_abort( operation ); + + memset( operation, 0, sizeof( *operation ) ); + + return( status ); +} + /****************************************************************/ /* Generators */ /****************************************************************/ @@ -4156,6 +4702,7 @@ static psa_status_t psa_generate_derived_key_internal( { uint8_t *data = NULL; size_t bytes = PSA_BITS_TO_BYTES( bits ); + size_t storage_size = bytes; psa_status_t status; if( ! key_type_is_raw_bytes( slot->attr.type ) ) @@ -4174,15 +4721,22 @@ static psa_status_t psa_generate_derived_key_internal( psa_des_set_key_parity( data, bytes ); #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */ - status = psa_allocate_buffer_to_slot( slot, bytes ); - if( status != PSA_SUCCESS ) - goto exit; - slot->attr.bits = (psa_key_bits_t) bits; psa_key_attributes_t attributes = { .core = slot->attr }; + if( psa_key_lifetime_is_external( attributes.core.lifetime ) ) + { + status = psa_driver_wrapper_get_key_buffer_size( &attributes, + &storage_size ); + if( status != PSA_SUCCESS ) + goto exit; + } + status = psa_allocate_buffer_to_slot( slot, storage_size ); + if( status != PSA_SUCCESS ) + goto exit; + status = psa_driver_wrapper_import_key( &attributes, data, bytes, slot->key.data, @@ -4211,6 +4765,9 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut if( psa_get_key_bits( attributes ) == 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); + if( operation->alg == PSA_ALG_NONE ) + return( PSA_ERROR_BAD_STATE ); + if( ! operation->can_output_key ) return( PSA_ERROR_NOT_PERMITTED ); @@ -4506,8 +5063,8 @@ static psa_status_t psa_tls12_prf_psk_to_ms_set_key( * uint16 with the value N, and the PSK itself. */ - *cur++ = ( data_length >> 8 ) & 0xff; - *cur++ = ( data_length >> 0 ) & 0xff; + *cur++ = MBEDTLS_BYTE_1( data_length ); + *cur++ = MBEDTLS_BYTE_0( data_length ); memset( cur, 0, data_length ); cur += data_length; *cur++ = pms[0]; @@ -5061,7 +5618,7 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation( if( key_type_is_raw_bytes( type ) ) { - status = validate_unstructured_key_bit_size( type, bits ); + status = psa_validate_unstructured_key_bit_size( type, bits ); if( status != PSA_SUCCESS ) return( status ); } @@ -5165,15 +5722,19 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes, if( psa_get_key_bits( attributes ) == 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); + /* Reject any attempt to create a public key. */ + if( PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->core.type) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE, attributes, &slot, &driver ); if( status != PSA_SUCCESS ) goto exit; /* In the case of a transparent key or an opaque key stored in local - * storage (thus not in the case of generating a key in a secure element - * or cryptoprocessor with storage), we have to allocate a buffer to - * hold the generated key material. */ + * storage ( thus not in the case of generating a key in a secure element + * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a + * buffer to hold the generated key material. */ if( slot->key.data == NULL ) { if ( PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ) == diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 356679c38f..c7f7352fbd 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -25,58 +25,24 @@ #include "psa_crypto_aead.h" #include "psa_crypto_core.h" +#include +#include "mbedtls/platform.h" +#if !defined(MBEDTLS_PLATFORM_C) +#define mbedtls_calloc calloc +#define mbedtls_free free +#endif + #include "mbedtls/ccm.h" #include "mbedtls/chachapoly.h" #include "mbedtls/cipher.h" #include "mbedtls/gcm.h" - -typedef struct -{ - union - { - unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - mbedtls_ccm_context ccm; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - mbedtls_gcm_context gcm; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - mbedtls_chachapoly_context chachapoly; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ - } ctx; - psa_algorithm_t core_alg; - uint8_t tag_length; -} aead_operation_t; - -#define AEAD_OPERATION_INIT {{0}, 0, 0} - -static void psa_aead_abort_internal( aead_operation_t *operation ) -{ - switch( operation->core_alg ) - { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - case PSA_ALG_CCM: - mbedtls_ccm_free( &operation->ctx.ccm ); - break; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - case PSA_ALG_GCM: - mbedtls_gcm_free( &operation->ctx.gcm ); - break; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - case PSA_ALG_CHACHA20_POLY1305: - mbedtls_chachapoly_free( &operation->ctx.chachapoly ); - break; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ - } -} +#include "mbedtls/error.h" static psa_status_t psa_aead_setup( - aead_operation_t *operation, + mbedtls_psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -85,6 +51,8 @@ static psa_status_t psa_aead_setup( mbedtls_cipher_id_t cipher_id; size_t full_tag_length = 0; + ( void ) key_buffer_size; + key_bits = attributes->core.bits; cipher_info = mbedtls_cipher_info_from_psa( alg, @@ -97,7 +65,7 @@ static psa_status_t psa_aead_setup( { #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ): - operation->core_alg = PSA_ALG_CCM; + operation->alg = PSA_ALG_CCM; full_tag_length = 16; /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16. * The call to mbedtls_ccm_encrypt_and_tag or @@ -116,7 +84,7 @@ static psa_status_t psa_aead_setup( #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ): - operation->core_alg = PSA_ALG_GCM; + operation->alg = PSA_ALG_GCM; full_tag_length = 16; /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16. * The call to mbedtls_gcm_crypt_and_tag or @@ -135,7 +103,7 @@ static psa_status_t psa_aead_setup( #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ): - operation->core_alg = PSA_ALG_CHACHA20_POLY1305; + operation->alg = PSA_ALG_CHACHA20_POLY1305; full_tag_length = 16; /* We only support the default tag length. */ if( alg != PSA_ALG_CHACHA20_POLY1305 ) @@ -159,7 +127,9 @@ static psa_status_t psa_aead_setup( > full_tag_length ) return( PSA_ERROR_INVALID_ARGUMENT ); - operation->tag_length = PSA_AEAD_TAG_LENGTH( attributes->core.type, + operation->key_type = psa_get_key_type( attributes ); + + operation->tag_length = PSA_AEAD_TAG_LENGTH( operation->key_type, key_bits, alg ); @@ -176,11 +146,12 @@ psa_status_t mbedtls_psa_aead_encrypt( uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - aead_operation_t operation = AEAD_OPERATION_INIT; + mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT; uint8_t *tag; - (void) key_buffer_size; - status = psa_aead_setup( &operation, attributes, key_buffer, alg ); + status = psa_aead_setup( &operation, attributes, key_buffer, + key_buffer_size, alg ); + if( status != PSA_SUCCESS ) goto exit; @@ -194,7 +165,7 @@ psa_status_t mbedtls_psa_aead_encrypt( tag = ciphertext + plaintext_length; #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - if( operation.core_alg == PSA_ALG_CCM ) + if( operation.alg == PSA_ALG_CCM ) { status = mbedtls_to_psa_error( mbedtls_ccm_encrypt_and_tag( &operation.ctx.ccm, @@ -208,7 +179,7 @@ psa_status_t mbedtls_psa_aead_encrypt( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - if( operation.core_alg == PSA_ALG_GCM ) + if( operation.alg == PSA_ALG_GCM ) { status = mbedtls_to_psa_error( mbedtls_gcm_crypt_and_tag( &operation.ctx.gcm, @@ -222,9 +193,9 @@ psa_status_t mbedtls_psa_aead_encrypt( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 ) + if( operation.alg == PSA_ALG_CHACHA20_POLY1305 ) { - if( nonce_length != 12 || operation.tag_length != 16 ) + if( operation.tag_length != 16 ) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; @@ -250,7 +221,7 @@ psa_status_t mbedtls_psa_aead_encrypt( *ciphertext_length = plaintext_length + operation.tag_length; exit: - psa_aead_abort_internal( &operation ); + mbedtls_psa_aead_abort( &operation ); return( status ); } @@ -286,11 +257,12 @@ psa_status_t mbedtls_psa_aead_decrypt( uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - aead_operation_t operation = AEAD_OPERATION_INIT; + mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT; const uint8_t *tag = NULL; - (void) key_buffer_size; - status = psa_aead_setup( &operation, attributes, key_buffer, alg ); + status = psa_aead_setup( &operation, attributes, key_buffer, + key_buffer_size, alg ); + if( status != PSA_SUCCESS ) goto exit; @@ -301,7 +273,7 @@ psa_status_t mbedtls_psa_aead_decrypt( goto exit; #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - if( operation.core_alg == PSA_ALG_CCM ) + if( operation.alg == PSA_ALG_CCM ) { status = mbedtls_to_psa_error( mbedtls_ccm_auth_decrypt( &operation.ctx.ccm, @@ -315,7 +287,7 @@ psa_status_t mbedtls_psa_aead_decrypt( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - if( operation.core_alg == PSA_ALG_GCM ) + if( operation.alg == PSA_ALG_GCM ) { status = mbedtls_to_psa_error( mbedtls_gcm_auth_decrypt( &operation.ctx.gcm, @@ -329,9 +301,9 @@ psa_status_t mbedtls_psa_aead_decrypt( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 ) + if( operation.alg == PSA_ALG_CHACHA20_POLY1305 ) { - if( nonce_length != 12 || operation.tag_length != 16 ) + if( operation.tag_length != 16 ) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; @@ -356,12 +328,314 @@ psa_status_t mbedtls_psa_aead_decrypt( *plaintext_length = ciphertext_length - operation.tag_length; exit: - psa_aead_abort_internal( &operation ); + mbedtls_psa_aead_abort( &operation ); if( status == PSA_SUCCESS ) *plaintext_length = ciphertext_length - operation.tag_length; return( status ); } +/* Set the key and algorithm for a multipart authenticated encryption + * operation. */ +psa_status_t mbedtls_psa_aead_encrypt_setup( + mbedtls_psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + if( operation->alg == PSA_ALG_CCM ) + { + return( PSA_ERROR_NOT_SUPPORTED ); + } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ + + status = psa_aead_setup( operation, attributes, key_buffer, + key_buffer_size, alg ); + + if( status == PSA_SUCCESS ) + operation->is_encrypt = 1; + + return ( status ); +} + +/* Set the key and algorithm for a multipart authenticated decryption + * operation. */ +psa_status_t mbedtls_psa_aead_decrypt_setup( + mbedtls_psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + if( operation->alg == PSA_ALG_CCM ) + { + return( PSA_ERROR_NOT_SUPPORTED ); + } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ + + status = psa_aead_setup( operation, attributes, key_buffer, + key_buffer_size, alg ); + + if( status == PSA_SUCCESS ) + operation->is_encrypt = 0; + + return ( status ); +} + +/* Set a nonce for the multipart AEAD operation*/ +psa_status_t mbedtls_psa_aead_set_nonce( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation->alg == PSA_ALG_GCM ) + { + status = mbedtls_to_psa_error( + mbedtls_gcm_starts( &operation->ctx.gcm, + operation->is_encrypt ? + MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT, + nonce, + nonce_length ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + /* Note - ChaChaPoly allows an 8 byte nonce, but we would have to + * allocate a buffer in the operation, copy the nonce to it and pad + * it, so for now check the nonce is 12 bytes, as + * mbedtls_chachapoly_starts() assumes it can read 12 bytes from the + * passed in buffer. */ + if( nonce_length != 12 ) + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } + + status = mbedtls_to_psa_error( + mbedtls_chachapoly_starts( &operation->ctx.chachapoly, + nonce, + operation->is_encrypt ? + MBEDTLS_CHACHAPOLY_ENCRYPT : + MBEDTLS_CHACHAPOLY_DECRYPT ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + { + ( void ) nonce; + + return ( PSA_ERROR_NOT_SUPPORTED ); + } + + return( status ); +} + + /* Declare the lengths of the message and additional data for AEAD. */ +psa_status_t mbedtls_psa_aead_set_lengths( + mbedtls_psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ) +{ + /* Nothing here yet, work is currently done in PSA Core, however support + * for CCM will require this function. */ + ( void ) operation; + ( void ) ad_length; + ( void ) plaintext_length; + + return ( PSA_SUCCESS ); +} + +/* Pass additional data to an active multipart AEAD operation. */ +psa_status_t mbedtls_psa_aead_update_ad( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation->alg == PSA_ALG_GCM ) + { + status = mbedtls_to_psa_error( + mbedtls_gcm_update_ad( &operation->ctx.gcm, input, input_length ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + status = mbedtls_to_psa_error( + mbedtls_chachapoly_update_aad( &operation->ctx.chachapoly, + input, + input_length ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + { + ( void ) operation; + ( void ) input; + ( void ) input_length; + + return ( PSA_ERROR_NOT_SUPPORTED ); + } + + return ( status ); +} + +/* Encrypt or decrypt a message fragment in an active multipart AEAD + * operation.*/ +psa_status_t mbedtls_psa_aead_update( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + size_t update_output_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + update_output_length = input_length; + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation->alg == PSA_ALG_GCM ) + { + status = mbedtls_to_psa_error( + mbedtls_gcm_update( &operation->ctx.gcm, + input, input_length, + output, output_size, + &update_output_length ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + if( output_size < input_length ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + status = mbedtls_to_psa_error( + mbedtls_chachapoly_update( &operation->ctx.chachapoly, + input_length, + input, + output ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + { + ( void ) input; + ( void ) input_length; + + return ( PSA_ERROR_NOT_SUPPORTED ); + } + + if( status == PSA_SUCCESS ) + *output_length = update_output_length; + + return( status ); +} + +/* Finish encrypting a message in a multipart AEAD operation. */ +psa_status_t mbedtls_psa_aead_finish( + mbedtls_psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t finish_output_size = 0; + + if( tag_size < operation->tag_length ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation->alg == PSA_ALG_GCM ) + { + status = mbedtls_to_psa_error( + mbedtls_gcm_finish( &operation->ctx.gcm, + ciphertext, ciphertext_size, ciphertext_length, + tag, operation->tag_length ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + /* Belt and braces. Although the above tag_size check should have + * already done this, if we later start supporting smaller tag sizes + * for chachapoly, then passing a tag buffer smaller than 16 into here + * could cause a buffer overflow, so better safe than sorry. */ + if( tag_size < 16 ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + status = mbedtls_to_psa_error( + mbedtls_chachapoly_finish( &operation->ctx.chachapoly, + tag ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + { + ( void ) ciphertext; + ( void ) ciphertext_size; + ( void ) ciphertext_length; + ( void ) tag; + ( void ) tag_size; + ( void ) tag_length; + + return ( PSA_ERROR_NOT_SUPPORTED ); + } + + if( status == PSA_SUCCESS ) + { + /* This will be zero for all supported algorithms currently, but left + * here for future support. */ + *ciphertext_length = finish_output_size; + *tag_length = operation->tag_length; + } + + return ( status ); +} + +/* Abort an AEAD operation */ +psa_status_t mbedtls_psa_aead_abort( + mbedtls_psa_aead_operation_t *operation ) +{ + switch( operation->alg ) + { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + case PSA_ALG_CCM: + mbedtls_ccm_free( &operation->ctx.ccm ); + break; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + case PSA_ALG_GCM: + mbedtls_gcm_free( &operation->ctx.gcm ); + break; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + case PSA_ALG_CHACHA20_POLY1305: + mbedtls_chachapoly_free( &operation->ctx.chachapoly ); + break; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + } + + operation->is_encrypt = 0; + + return( PSA_SUCCESS ); +} + #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index aab0f835c4..e82e1cc098 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -148,4 +148,364 @@ psa_status_t mbedtls_psa_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); +/** Set the key for a multipart authenticated encryption operation. + * + * \note The signature of this function is that of a PSA driver + * aead_encrypt_setup entry point. This function behaves as an + * aead_encrypt_setup entry point as defined in the PSA driver interface + * specification for transparent drivers. + * + * If an error occurs at any step after a call to + * mbedtls_psa_aead_encrypt_setup(), the operation is reset by the PSA core by a + * call to mbedtls_psa_aead_abort(). The PSA core may call + * mbedtls_psa_aead_abort() at any time after the operation has been + * initialized, and is required to when the operation is no longer needed. + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized as per the documentation for + * #mbedtls_psa_aead_operation_t and not yet in + * use. + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The buffer containing the key context. + * \param key_buffer_size Size of the \p key_buffer buffer in bytes. + It must be consistent with the size in bits + recorded in \p attributes. + * \param alg The AEAD algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(\p alg) is true). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * An invalid block length was supplied. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * Failed to allocate memory for key material + */ +psa_status_t mbedtls_psa_aead_encrypt_setup( + mbedtls_psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +/** Set the key for a multipart authenticated decryption operation. + * + * \note The signature of this function is that of a PSA driver + * aead_decrypt_setup entry point. This function behaves as an + * aead_decrypt_setup entry point as defined in the PSA driver interface + * specification for transparent drivers. + * + * If an error occurs at any step after a call to + * mbedtls_psa_aead_decrypt_setup(), the PSA core resets the operation by a + * call to mbedtls_psa_aead_abort(). The PSA core may call + * mbedtls_psa_aead_abort() at any time after the operation has been + * initialized, and is required to when the operation is no longer needed. + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized as per the documentation for + * #mbedtls_psa_aead_operation_t and not yet in + * use. + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The buffer containing the key context. + * \param key_buffer_size Size of the \p key_buffer buffer in bytes. + It must be consistent with the size in bits + recorded in \p attributes. + * \param alg The AEAD algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(\p alg) is true). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * An invalid block length was supplied. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * Failed to allocate memory for key material + */ +psa_status_t mbedtls_psa_aead_decrypt_setup( + mbedtls_psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +/** Set the nonce for an authenticated encryption or decryption operation. + * + * \note The signature of this function is that of a PSA driver aead_set_nonce + * entry point. This function behaves as an aead_set_nonce entry point as + * defined in the PSA driver interface specification for transparent + * drivers. + * + * This function sets the nonce for the authenticated + * encryption or decryption operation. + * + * The PSA core calls mbedtls_psa_aead_encrypt_setup() or + * mbedtls_psa_aead_decrypt_setup() before calling this function. + * + * If this function returns an error status, the PSA core will call + * mbedtls_psa_aead_abort(). + * + * \param[in,out] operation Active AEAD operation. + * \param[in] nonce Buffer containing the nonce to use. + * \param nonce_length Size of the nonce in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The size of \p nonce is not acceptable for the chosen algorithm. + * \retval #PSA_ERROR_NOT_SUPPORTED + * Algorithm previously set is not supported in this configuration of + * the library. + */ +psa_status_t mbedtls_psa_aead_set_nonce( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ); + +/** Declare the lengths of the message and additional data for AEAD. + * + * \note The signature of this function is that of a PSA driver aead_set_lengths + * entry point. This function behaves as an aead_set_lengths entry point + * as defined in the PSA driver interface specification for transparent + * drivers. + * + * The PSA core calls this function before calling mbedtls_psa_aead_update_ad() + * or mbedtls_psa_aead_update() if the algorithm for the operation requires it. + * If the algorithm does not require it, calling this function is optional, but + * if this function is called then the implementation must enforce the lengths. + * + * The PSA core may call this function before or after setting the nonce with + * mbedtls_psa_aead_set_nonce(). + * + * - For #PSA_ALG_CCM, calling this function is required. + * - For the other AEAD algorithms defined in this specification, calling + * this function is not required. + * + * If this function returns an error status, the PSA core calls + * mbedtls_psa_aead_abort(). + * + * \param[in,out] operation Active AEAD operation. + * \param ad_length Size of the non-encrypted additional + * authenticated data in bytes. + * \param plaintext_length Size of the plaintext to encrypt in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * At least one of the lengths is not acceptable for the chosen + * algorithm. + * \retval #PSA_ERROR_NOT_SUPPORTED + * Algorithm previously set is not supported in this configuration of + * the library. + */ +psa_status_t mbedtls_psa_aead_set_lengths( + mbedtls_psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ); + +/** Pass additional data to an active AEAD operation. + * + * \note The signature of this function is that of a PSA driver + * aead_update_ad entry point. This function behaves as an aead_update_ad + * entry point as defined in the PSA driver interface specification for + * transparent drivers. + * + * Additional data is authenticated, but not encrypted. + * + * The PSA core can call this function multiple times to pass successive + * fragments of the additional data. It will not call this function after + * passing data to encrypt or decrypt with mbedtls_psa_aead_update(). + * + * Before calling this function, the PSA core will: + * 1. Call either mbedtls_psa_aead_encrypt_setup() or + * mbedtls_psa_aead_decrypt_setup(). + * 2. Set the nonce with mbedtls_psa_aead_set_nonce(). + * + * If this function returns an error status, the PSA core will call + * mbedtls_psa_aead_abort(). + * + * \param[in,out] operation Active AEAD operation. + * \param[in] input Buffer containing the fragment of + * additional data. + * \param input_length Size of the \p input buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_NOT_SUPPORTED + * Algorithm previously set is not supported in this configuration of + * the library. + */ +psa_status_t mbedtls_psa_aead_update_ad( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +/** Encrypt or decrypt a message fragment in an active AEAD operation. + * + * \note The signature of this function is that of a PSA driver + * aead_update entry point. This function behaves as an aead_update entry + * point as defined in the PSA driver interface specification for + * transparent drivers. + * + * Before calling this function, the PSA core will: + * 1. Call either mbedtls_psa_aead_encrypt_setup() or + * mbedtls_psa_aead_decrypt_setup(). The choice of setup function + * determines whether this function encrypts or decrypts its input. + * 2. Set the nonce with mbedtls_psa_aead_set_nonce(). + * 3. Call mbedtls_psa_aead_update_ad() to pass all the additional data. + * + * If this function returns an error status, the PSA core will call + * mbedtls_psa_aead_abort(). + * + * This function does not require the input to be aligned to any + * particular block boundary. If the implementation can only process + * a whole block at a time, it must consume all the input provided, but + * it may delay the end of the corresponding output until a subsequent + * call to mbedtls_psa_aead_update(), mbedtls_psa_aead_finish() provides + * sufficient input. The amount of data that can be delayed in this way is + * bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE. + * + * \param[in,out] operation Active AEAD operation. + * \param[in] input Buffer containing the message fragment to + * encrypt or decrypt. + * \param input_length Size of the \p input buffer in bytes. + * \param[out] output Buffer where the output is to be written. + * \param output_size Size of the \p output buffer in bytes. + * This must be appropriate for the selected + * algorithm and key: + * - A sufficient output size is + * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, + * \c alg, \p input_length) where + * \c key_type is the type of key and \c alg is + * the algorithm that were used to set up the + * operation. + * - #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p + * input_length) evaluates to the maximum + * output size of any supported AEAD + * algorithm. + * \param[out] output_length On success, the number of bytes + * that make up the returned output. + * + * \retval #PSA_SUCCESS + * Success. + * + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p output buffer is too small. + * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or + * #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length) can be used to + * determine the required buffer size. + */ +psa_status_t mbedtls_psa_aead_update( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +/** Finish encrypting a message in an AEAD operation. + * + * \note The signature of this function is that of a PSA driver + * aead_finish entry point. This function behaves as an aead_finish entry + * point as defined in the PSA driver interface specification for + * transparent drivers. + * + * The operation must have been set up by the PSA core with + * mbedtls_psa_aead_encrypt_setup(). + * + * This function finishes the authentication of the additional data + * formed by concatenating the inputs passed to preceding calls to + * mbedtls_psa_aead_update_ad() with the plaintext formed by concatenating the + * inputs passed to preceding calls to mbedtls_psa_aead_update(). + * + * This function has two output buffers: + * - \p ciphertext contains trailing ciphertext that was buffered from + * preceding calls to mbedtls_psa_aead_update(). + * - \p tag contains the authentication tag. + * + * Whether or not this function returns successfuly, the PSA core subsequently + * calls mbedtls_psa_aead_abort() to deactivate the operation. + * + * \param[in,out] operation Active AEAD operation. + * \param[out] ciphertext Buffer where the last part of the ciphertext + * is to be written. + * \param ciphertext_size Size of the \p ciphertext buffer in bytes. + * This must be appropriate for the selected + * algorithm and key: + * - A sufficient output size is + * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, + * \c alg) where \c key_type is the type of key + * and \c alg is the algorithm that were used to + * set up the operation. + * - #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE evaluates to + * the maximum output size of any supported AEAD + * algorithm. + * \param[out] ciphertext_length On success, the number of bytes of + * returned ciphertext. + * \param[out] tag Buffer where the authentication tag is + * to be written. + * \param tag_size Size of the \p tag buffer in bytes. + * This must be appropriate for the selected + * algorithm and key: + * - The exact tag size is #PSA_AEAD_TAG_LENGTH(\c + * key_type, \c key_bits, \c alg) where + * \c key_type and \c key_bits are the type and + * bit-size of the key, and \c alg are the + * algorithm that were used in the call to + * mbedtls_psa_aead_encrypt_setup(). + * - #PSA_AEAD_TAG_MAX_SIZE evaluates to the + * maximum tag size of any supported AEAD + * algorithm. + * \param[out] tag_length On success, the number of bytes + * that make up the returned tag. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p tag buffer is too small. + * #PSA_AEAD_TAG_LENGTH(\c key_type, key_bits, \c alg) or + * #PSA_AEAD_TAG_MAX_SIZE can be used to determine the required \p tag + * buffer size. + */ +psa_status_t mbedtls_psa_aead_finish( + mbedtls_psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ); + +/** Abort an AEAD operation. + * + * \note The signature of this function is that of a PSA driver + * aead_abort entry point. This function behaves as an aead_abort entry + * point as defined in the PSA driver interface specification for + * transparent drivers. + * + * Aborting an operation frees all associated resources except for the + * \p operation structure itself. Once aborted, the operation object + * can be reused for another operation by the PSA core by it calling + * mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup() again. + * + * The PSA core may call this function any time after the operation object has + * been initialized as described in #mbedtls_psa_aead_operation_t. + * + * In particular, calling mbedtls_psa_aead_abort() after the operation has been + * terminated by a call to mbedtls_psa_aead_abort() or + * mbedtls_psa_aead_finish() is safe and has no effect. + * + * \param[in,out] operation Initialized AEAD operation. + * + * \retval #PSA_SUCCESS + * Success. + */ +psa_status_t mbedtls_psa_aead_abort( + mbedtls_psa_aead_operation_t *operation ); + #endif /* PSA_CRYPTO_AEAD */ diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index d8c722bb1b..07c6a001b6 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -92,6 +92,9 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( case PSA_ALG_CBC_PKCS7: mode = MBEDTLS_MODE_CBC; break; + case PSA_ALG_CCM_STAR_NO_TAG: + mode = MBEDTLS_MODE_CCM_STAR_NO_TAG; + break; case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ): mode = MBEDTLS_MODE_CCM; break; @@ -115,6 +118,9 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( case PSA_KEY_TYPE_AES: cipher_id_tmp = MBEDTLS_CIPHER_ID_AES; break; + case PSA_KEY_TYPE_ARIA: + cipher_id_tmp = MBEDTLS_CIPHER_ID_ARIA; + break; case PSA_KEY_TYPE_DES: /* key_bits is 64 for Single-DES, 128 for two-key Triple-DES, * and 192 for three-key Triple-DES. */ @@ -255,16 +261,34 @@ static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation, iv, iv_length ) ) ); } -/* Process input for which the algorithm is set to ECB mode. This requires - * manual processing, since the PSA API is defined as being able to process - * arbitrary-length calls to psa_cipher_update() with ECB mode, but the - * underlying mbedtls_cipher_update only takes full blocks. */ +/** Process input for which the algorithm is set to ECB mode. + * + * This requires manual processing, since the PSA API is defined as being + * able to process arbitrary-length calls to psa_cipher_update() with ECB mode, + * but the underlying mbedtls_cipher_update only takes full blocks. + * + * \param ctx The mbedtls cipher context to use. It must have been + * set up for ECB. + * \param[in] input The input plaintext or ciphertext to process. + * \param input_length The number of bytes to process from \p input. + * This does not need to be aligned to a block boundary. + * If there is a partial block at the end of the input, + * it is stored in \p ctx for future processing. + * \param output The buffer where the output is written. It must be + * at least `BS * floor((p + input_length) / BS)` bytes + * long, where `p` is the number of bytes in the + * unprocessed partial block in \p ctx (with + * `0 <= p <= BS - 1`) and `BS` is the block size. + * \param output_length On success, the number of bytes written to \p output. + * \c 0 on error. + * + * \return #PSA_SUCCESS or an error from a hardware accelerator + */ static psa_status_t psa_cipher_update_ecb( mbedtls_cipher_context_t *ctx, const uint8_t *input, size_t input_length, uint8_t *output, - size_t output_size, size_t *output_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -304,7 +328,6 @@ static psa_status_t psa_cipher_update_ecb( goto exit; output += internal_output_length; - output_size -= internal_output_length; *output_length += internal_output_length; ctx->unprocessed_len = 0; } @@ -325,7 +348,6 @@ static psa_status_t psa_cipher_update_ecb( input += block_size; output += internal_output_length; - output_size -= internal_output_length; *output_length += internal_output_length; } @@ -380,7 +402,6 @@ static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation, input, input_length, output, - output_size, output_length ); } else diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 91757b5fdb..8c91b04d03 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -528,4 +528,23 @@ psa_status_t psa_verify_hash_builtin( psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ); +/** + * \brief Validate the key bit size for unstructured keys. + * + * \note Check that the bit size is acceptable for a given key type for + * unstructured keys. + * + * \param[in] type The key type + * \param[in] bits The number of bits of the key + * + * \retval #PSA_SUCCESS + * The key type and size are valid. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The size in bits of the key is not valid. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The type and/or the size in bits of the key or the combination of + * the two is not supported. + */ +psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type, + size_t bits ); #endif /* PSA_CRYPTO_CORE_H */ diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 38d0e300e2..cfc77fbb5b 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -380,8 +380,49 @@ psa_status_t psa_driver_wrapper_verify_hash( } } +/** Calculate the key buffer size required to store the key material of a key + * associated with an opaque driver from input key data. + * + * \param[in] attributes The key attributes + * \param[in] data The input key data. + * \param[in] data_length The input data length. + * \param[out] key_buffer_size Minimum buffer size to contain the key material. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_NOT_SUPPORTED + */ +psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data( + const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *key_buffer_size ) +{ + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + psa_key_type_t key_type = attributes->core.type; + + *key_buffer_size = 0; + switch( location ) + { +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LOCATION: + *key_buffer_size = mbedtls_test_opaque_size_function( key_type, + PSA_BYTES_TO_BITS( data_length ) ); + return( ( *key_buffer_size != 0 ) ? + PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + + default: + (void)key_type; + (void)data; + (void)data_length; + return( PSA_ERROR_INVALID_ARGUMENT ); + } +} + /** Get the key buffer size required to store the key material of a key - * associated with an opaque driver without storage. + * associated with an opaque driver. * * \param[in] attributes The key attributes. * \param[out] key_buffer_size Minimum buffer size to contain the key material @@ -389,11 +430,11 @@ psa_status_t psa_driver_wrapper_verify_hash( * \retval #PSA_SUCCESS * The minimum size for a buffer to contain the key material has been * returned successfully. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The size in bits of the key is not valid. * \retval #PSA_ERROR_NOT_SUPPORTED * The type and/or the size in bits of the key or the combination of * the two is not supported. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The key is declared with a lifetime not known to us. */ psa_status_t psa_driver_wrapper_get_key_buffer_size( const psa_key_attributes_t *attributes, @@ -418,7 +459,8 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size( return( PSA_SUCCESS ); } #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ - *key_buffer_size = mbedtls_test_size_function( key_type, key_bits ); + *key_buffer_size = mbedtls_test_opaque_size_function( key_type, + key_bits ); return( ( *key_buffer_size != 0 ) ? PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -426,7 +468,7 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size( default: (void)key_type; (void)key_bits; - return( PSA_ERROR_NOT_SUPPORTED ); + return( PSA_ERROR_INVALID_ARGUMENT ); } } @@ -566,10 +608,18 @@ psa_status_t psa_driver_wrapper_import_key( data, data_length, key_buffer, key_buffer_size, key_buffer_length, bits ) ); - + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LOCATION: + return( mbedtls_test_opaque_import_key( + attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: - /* Importing a key with external storage in not yet supported. - * Return in error indicating that the lifetime is not valid. */ (void)status; return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -733,6 +783,50 @@ psa_status_t psa_driver_wrapper_get_builtin_key( } } +psa_status_t psa_driver_wrapper_copy_key( + psa_key_attributes_t *attributes, + const uint8_t *source_key, size_t source_key_length, + uint8_t *target_key_buffer, size_t target_key_buffer_size, + size_t *target_key_buffer_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + const psa_drv_se_t *drv; + psa_drv_se_context_t *drv_context; + + if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) + { + /* Copying to a secure element is not implemented yet. */ + return( PSA_ERROR_NOT_SUPPORTED ); + } +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + + switch( location ) + { +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LOCATION: + return( mbedtls_test_opaque_copy_key( attributes, source_key, + source_key_length, + target_key_buffer, + target_key_buffer_size, + target_key_buffer_length) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + (void)source_key; + (void)source_key_length; + (void)target_key_buffer; + (void)target_key_buffer_size; + (void)target_key_buffer_length; + status = PSA_ERROR_INVALID_ARGUMENT; + } + return( status ); +} + /* * Cipher functions */ @@ -1471,6 +1565,381 @@ psa_status_t psa_driver_wrapper_aead_decrypt( } } +psa_status_t psa_driver_wrapper_aead_encrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + status = mbedtls_test_transparent_aead_encrypt_setup( + &operation->ctx.transparent_test_driver_ctx, + attributes, key_buffer, key_buffer_size, + alg ); + + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + + /* Fell through, meaning no accelerator supports this operation */ + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + status = mbedtls_psa_aead_encrypt_setup( + &operation->ctx.mbedtls_ctx, attributes, + key_buffer, key_buffer_size, + alg ); + + return( status ); + + /* Add cases for opaque driver here */ + + default: + /* Key is declared with a lifetime not known to us */ + (void)status; + return( PSA_ERROR_INVALID_ARGUMENT ); + } +} + +psa_status_t psa_driver_wrapper_aead_decrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + status = mbedtls_test_transparent_aead_decrypt_setup( + &operation->ctx.transparent_test_driver_ctx, + attributes, + key_buffer, key_buffer_size, + alg ); + + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + + /* Fell through, meaning no accelerator supports this operation */ + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + status = mbedtls_psa_aead_decrypt_setup( + &operation->ctx.mbedtls_ctx, + attributes, + key_buffer, key_buffer_size, + alg ); + + return( status ); + + /* Add cases for opaque driver here */ + + default: + /* Key is declared with a lifetime not known to us */ + (void)status; + return( PSA_ERROR_INVALID_ARGUMENT ); + } +} + +psa_status_t psa_driver_wrapper_aead_set_nonce( + psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx, + nonce, + nonce_length ) ); + +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( mbedtls_test_transparent_aead_set_nonce( + &operation->ctx.transparent_test_driver_ctx, + nonce, nonce_length ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + (void)nonce; + (void)nonce_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_aead_set_lengths( + psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx, + ad_length, + plaintext_length ) ); + +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( mbedtls_test_transparent_aead_set_lengths( + &operation->ctx.transparent_test_driver_ctx, + ad_length, plaintext_length ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + (void)ad_length; + (void)plaintext_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_aead_update_ad( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx, + input, + input_length ) ); + +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( mbedtls_test_transparent_aead_update_ad( + &operation->ctx.transparent_test_driver_ctx, + input, input_length ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + (void)input; + (void)input_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_aead_update( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx, + input, input_length, + output, output_size, + output_length ) ); + +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( mbedtls_test_transparent_aead_update( + &operation->ctx.transparent_test_driver_ctx, + input, input_length, output, output_size, + output_length ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + (void)input; + (void)input_length; + (void)output; + (void)output_size; + (void)output_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_aead_finish( + psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx, + ciphertext, + ciphertext_size, + ciphertext_length, tag, + tag_size, tag_length ) ); + +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( mbedtls_test_transparent_aead_finish( + &operation->ctx.transparent_test_driver_ctx, + ciphertext, ciphertext_size, + ciphertext_length, tag, tag_size, tag_length ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + (void)ciphertext; + (void)ciphertext_size; + (void)ciphertext_length; + (void)tag; + (void)tag_size; + (void)tag_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_aead_verify( + psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; + size_t check_tag_length; + + status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx, + plaintext, + plaintext_size, + plaintext_length, + check_tag, + sizeof( check_tag ), + &check_tag_length ); + + if( status == PSA_SUCCESS ) + { + if( tag_length != check_tag_length || + mbedtls_psa_safer_memcmp( tag, check_tag, tag_length ) + != 0 ) + status = PSA_ERROR_INVALID_SIGNATURE; + } + + mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) ); + + return( status ); + } + +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( mbedtls_test_transparent_aead_verify( + &operation->ctx.transparent_test_driver_ctx, + plaintext, plaintext_size, + plaintext_length, tag, tag_length ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + (void)plaintext; + (void)plaintext_size; + (void)plaintext_length; + (void)tag; + (void)tag_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_aead_abort( + psa_aead_operation_t *operation ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) ); + +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( mbedtls_test_transparent_aead_abort( + &operation->ctx.transparent_test_driver_ctx ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + return( PSA_ERROR_INVALID_ARGUMENT ); +} /* * MAC functions diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 38a6ee82a7..0873b738d8 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -85,6 +85,12 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size( const psa_key_attributes_t *attributes, size_t *key_buffer_size ); +psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data( + const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *key_buffer_size ); + psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); @@ -94,6 +100,11 @@ psa_status_t psa_driver_wrapper_get_builtin_key( psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); +psa_status_t psa_driver_wrapper_copy_key( + psa_key_attributes_t *attributes, + const uint8_t *source_key, size_t source_key_length, + uint8_t *target_key_buffer, size_t target_key_buffer_size, + size_t *target_key_buffer_length ); /* * Cipher functions */ @@ -208,6 +219,61 @@ psa_status_t psa_driver_wrapper_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); +psa_status_t psa_driver_wrapper_aead_encrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t psa_driver_wrapper_aead_decrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t psa_driver_wrapper_aead_set_nonce( + psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ); + +psa_status_t psa_driver_wrapper_aead_set_lengths( + psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ); + +psa_status_t psa_driver_wrapper_aead_update_ad( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t psa_driver_wrapper_aead_update( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t psa_driver_wrapper_aead_finish( + psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ); + +psa_status_t psa_driver_wrapper_aead_verify( + psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length ); + +psa_status_t psa_driver_wrapper_aead_abort( + psa_aead_operation_t *operation ); + /* * MAC functions */ diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 3ce232c6b2..144ba1c1b3 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -572,7 +572,7 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash( #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) -psa_status_t mbedtls_transparent_test_driver_ecp_import_key( +psa_status_t mbedtls_test_driver_ecp_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, @@ -583,7 +583,7 @@ psa_status_t mbedtls_transparent_test_driver_ecp_import_key( key_buffer_length, bits ) ); } -psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key( +psa_status_t mbedtls_test_driver_ecp_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length ) diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h index 0c2b92895f..dc9e887eff 100644 --- a/library/psa_crypto_ecp.h +++ b/library/psa_crypto_ecp.h @@ -224,13 +224,13 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash( #if defined(PSA_CRYPTO_DRIVER_TEST) -psa_status_t mbedtls_transparent_test_driver_ecp_import_key( +psa_status_t mbedtls_test_driver_ecp_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length, size_t *bits ); -psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key( +psa_status_t mbedtls_test_driver_ecp_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length ); diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 2c079d434f..7e0a8325df 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -42,29 +42,6 @@ #endif #if defined(BUILTIN_ALG_HMAC) -static size_t psa_get_hash_block_size( psa_algorithm_t alg ) -{ - switch( alg ) - { - case PSA_ALG_MD5: - return( 64 ); - case PSA_ALG_RIPEMD160: - return( 64 ); - case PSA_ALG_SHA_1: - return( 64 ); - case PSA_ALG_SHA_224: - return( 64 ); - case PSA_ALG_SHA_256: - return( 64 ); - case PSA_ALG_SHA_384: - return( 128 ); - case PSA_ALG_SHA_512: - return( 128 ); - default: - return( 0 ); - } -} - static psa_status_t psa_hmac_abort_internal( mbedtls_psa_hmac_operation_t *hmac ) { @@ -81,7 +58,7 @@ static psa_status_t psa_hmac_setup_internal( uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; size_t i; size_t hash_size = PSA_HASH_LENGTH( hash_alg ); - size_t block_size = psa_get_hash_block_size( hash_alg ); + size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg ); psa_status_t status; hmac->alg = hash_alg; @@ -153,7 +130,7 @@ static psa_status_t psa_hmac_finish_internal( uint8_t tmp[MBEDTLS_MD_MAX_SIZE]; psa_algorithm_t hash_alg = hmac->alg; size_t hash_size = 0; - size_t block_size = psa_get_hash_block_size( hash_alg ); + size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg ); psa_status_t status; status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size ); diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index d85b86c45d..8318ef47b3 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -453,6 +453,27 @@ exit: return( status ); } +#if defined(BUILTIN_ALG_RSA_PSS) +static int rsa_pss_expected_salt_len( psa_algorithm_t alg, + const mbedtls_rsa_context *rsa, + size_t hash_length ) +{ + if( PSA_ALG_IS_RSA_PSS_ANY_SALT( alg ) ) + return( MBEDTLS_RSA_SALT_LEN_ANY ); + /* Otherwise: standard salt length, i.e. largest possible salt length + * up to the hash length. */ + int klen = (int) mbedtls_rsa_get_len( rsa ); // known to fit + int hlen = (int) hash_length; // known to fit + int room = klen - 2 - hlen; + if( room < 0 ) + return( 0 ); // there is no valid signature in this case anyway + else if( room > hlen ) + return( hlen ); + else + return( room ); +} +#endif + static psa_status_t rsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -503,11 +524,14 @@ static psa_status_t rsa_verify_hash( ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); if( ret == 0 ) { - ret = mbedtls_rsa_rsassa_pss_verify( rsa, - md_alg, - (unsigned int) hash_length, - hash, - signature ); + int slen = rsa_pss_expected_salt_len( alg, rsa, hash_length ); + ret = mbedtls_rsa_rsassa_pss_verify_ext( rsa, + md_alg, + (unsigned) hash_length, + hash, + md_alg, + slen, + signature ); } } else @@ -611,7 +635,7 @@ psa_status_t mbedtls_psa_rsa_verify_hash( #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) -psa_status_t mbedtls_transparent_test_driver_rsa_import_key( +psa_status_t mbedtls_test_driver_rsa_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, @@ -622,7 +646,7 @@ psa_status_t mbedtls_transparent_test_driver_rsa_import_key( key_buffer_length, bits ) ); } -psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key( +psa_status_t mbedtls_test_driver_rsa_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length ) diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h index 41a90f78ec..55406843d3 100644 --- a/library/psa_crypto_rsa.h +++ b/library/psa_crypto_rsa.h @@ -218,13 +218,13 @@ psa_status_t mbedtls_psa_rsa_verify_hash( #if defined(PSA_CRYPTO_DRIVER_TEST) -psa_status_t mbedtls_transparent_test_driver_rsa_import_key( +psa_status_t mbedtls_test_driver_rsa_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length, size_t *bits ); -psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key( +psa_status_t mbedtls_test_driver_rsa_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length ); diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index a5c43b1b2c..a18350ee11 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -479,7 +479,8 @@ psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime ) psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle ) { -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) +#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || \ + defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) psa_status_t status; psa_key_slot_t *slot; @@ -497,11 +498,11 @@ psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle ) return( psa_unlock_key_slot( slot ) ); -#else /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ +#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ (void) key; *handle = PSA_KEY_HANDLE_INIT; return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* !defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ +#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ } psa_status_t psa_close_key( psa_key_handle_t handle ) diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index 09cbab4c4d..c6660b9553 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -230,48 +230,6 @@ static psa_status_t psa_crypto_storage_get_data_length( return( PSA_SUCCESS ); } -/* - * 32-bit integer manipulation macros (little endian) - */ -#ifndef GET_UINT32_LE -#define GET_UINT32_LE( n, b, i ) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] ) \ - | ( (uint32_t) (b)[(i) + 1] << 8 ) \ - | ( (uint32_t) (b)[(i) + 2] << 16 ) \ - | ( (uint32_t) (b)[(i) + 3] << 24 ); \ -} -#endif - -#ifndef PUT_UINT32_LE -#define PUT_UINT32_LE( n, b, i ) \ -{ \ - (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \ - (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \ - (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \ - (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \ -} -#endif - -/* - * 16-bit integer manipulation macros (little endian) - */ -#ifndef GET_UINT16_LE -#define GET_UINT16_LE( n, b, i ) \ -{ \ - (n) = ( (uint16_t) (b)[(i) ] ) \ - | ( (uint16_t) (b)[(i) + 1] << 8 ); \ -} -#endif - -#ifndef PUT_UINT16_LE -#define PUT_UINT16_LE( n, b, i ) \ -{ \ - (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \ - (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \ -} -#endif - /** * Persistent key storage magic header. */ @@ -298,14 +256,14 @@ void psa_format_key_data_for_storage( const uint8_t *data, (psa_persistent_key_storage_format *) storage_data; memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ); - PUT_UINT32_LE( 0, storage_format->version, 0 ); - PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 ); - PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 ); - PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 ); - PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 ); - PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) ); - PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) ); - PUT_UINT32_LE( data_length, storage_format->data_len, 0 ); + MBEDTLS_PUT_UINT32_LE( 0, storage_format->version, 0 ); + MBEDTLS_PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 ); + MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 ); + MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 ); + MBEDTLS_PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 ); + MBEDTLS_PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) ); + MBEDTLS_PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) ); + MBEDTLS_PUT_UINT32_LE( data_length, storage_format->data_len, 0 ); memcpy( storage_format->key_data, data, data_length ); } @@ -335,11 +293,11 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data, if( status != PSA_SUCCESS ) return( status ); - GET_UINT32_LE( version, storage_format->version, 0 ); + version = MBEDTLS_GET_UINT32_LE( storage_format->version, 0 ); if( version != 0 ) return( PSA_ERROR_DATA_INVALID ); - GET_UINT32_LE( *key_data_length, storage_format->data_len, 0 ); + *key_data_length = MBEDTLS_GET_UINT32_LE( storage_format->data_len, 0 ); if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) || *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE ) return( PSA_ERROR_DATA_INVALID ); @@ -356,12 +314,12 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data, memcpy( *key_data, storage_format->key_data, *key_data_length ); } - GET_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 ); - GET_UINT16_LE( attr->type, storage_format->type, 0 ); - GET_UINT16_LE( attr->bits, storage_format->bits, 0 ); - GET_UINT32_LE( attr->policy.usage, storage_format->policy, 0 ); - GET_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) ); - GET_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) ); + attr->lifetime = MBEDTLS_GET_UINT32_LE( storage_format->lifetime, 0 ); + attr->type = MBEDTLS_GET_UINT16_LE( storage_format->type, 0 ); + attr->bits = MBEDTLS_GET_UINT16_LE( storage_format->bits, 0 ); + attr->policy.usage = MBEDTLS_GET_UINT32_LE( storage_format->policy, 0 ); + attr->policy.alg = MBEDTLS_GET_UINT32_LE( storage_format->policy, sizeof( uint32_t ) ); + attr->policy.alg2 = MBEDTLS_GET_UINT32_LE( storage_format->policy, 2 * sizeof( uint32_t ) ); return( PSA_SUCCESS ); } diff --git a/library/psa_its_file.c b/library/psa_its_file.c index 492be1c711..c4782cdba3 100644 --- a/library/psa_its_file.c +++ b/library/psa_its_file.c @@ -191,14 +191,8 @@ psa_status_t psa_its_set( psa_storage_uid_t uid, size_t n; memcpy( header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH ); - header.size[0] = data_length & 0xff; - header.size[1] = ( data_length >> 8 ) & 0xff; - header.size[2] = ( data_length >> 16 ) & 0xff; - header.size[3] = ( data_length >> 24 ) & 0xff; - header.flags[0] = create_flags & 0xff; - header.flags[1] = ( create_flags >> 8 ) & 0xff; - header.flags[2] = ( create_flags >> 16 ) & 0xff; - header.flags[3] = ( create_flags >> 24 ) & 0xff; + MBEDTLS_PUT_UINT32_LE( data_length, header.size, 0 ); + MBEDTLS_PUT_UINT32_LE( create_flags, header.flags, 0 ); psa_its_fill_filename( uid, filename ); stream = fopen( PSA_ITS_STORAGE_TEMP, "wb" ); diff --git a/library/ripemd160.c b/library/ripemd160.c index d2ccbbec47..41d8387226 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -44,29 +44,6 @@ #if !defined(MBEDTLS_RIPEMD160_ALT) -/* - * 32-bit integer manipulation macros (little endian) - */ -#ifndef GET_UINT32_LE -#define GET_UINT32_LE(n,b,i) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] ) \ - | ( (uint32_t) (b)[(i) + 1] << 8 ) \ - | ( (uint32_t) (b)[(i) + 2] << 16 ) \ - | ( (uint32_t) (b)[(i) + 3] << 24 ); \ -} -#endif - -#ifndef PUT_UINT32_LE -#define PUT_UINT32_LE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \ - (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \ - (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \ - (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \ -} -#endif - void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) ); @@ -115,22 +92,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16]; } local; - GET_UINT32_LE( local.X[ 0], data, 0 ); - GET_UINT32_LE( local.X[ 1], data, 4 ); - GET_UINT32_LE( local.X[ 2], data, 8 ); - GET_UINT32_LE( local.X[ 3], data, 12 ); - GET_UINT32_LE( local.X[ 4], data, 16 ); - GET_UINT32_LE( local.X[ 5], data, 20 ); - GET_UINT32_LE( local.X[ 6], data, 24 ); - GET_UINT32_LE( local.X[ 7], data, 28 ); - GET_UINT32_LE( local.X[ 8], data, 32 ); - GET_UINT32_LE( local.X[ 9], data, 36 ); - GET_UINT32_LE( local.X[10], data, 40 ); - GET_UINT32_LE( local.X[11], data, 44 ); - GET_UINT32_LE( local.X[12], data, 48 ); - GET_UINT32_LE( local.X[13], data, 52 ); - GET_UINT32_LE( local.X[14], data, 56 ); - GET_UINT32_LE( local.X[15], data, 60 ); + local.X[ 0] = MBEDTLS_GET_UINT32_LE( data, 0 ); + local.X[ 1] = MBEDTLS_GET_UINT32_LE( data, 4 ); + local.X[ 2] = MBEDTLS_GET_UINT32_LE( data, 8 ); + local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 ); + local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 ); + local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 ); + local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 ); + local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 ); + local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 ); + local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 ); + local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 ); + local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 ); + local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 ); + local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 ); + local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 ); + local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 ); local.A = local.Ap = ctx->state[0]; local.B = local.Bp = ctx->state[1]; @@ -377,8 +354,8 @@ int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, | ( ctx->total[1] << 3 ); low = ( ctx->total[0] << 3 ); - PUT_UINT32_LE( low, msglen, 0 ); - PUT_UINT32_LE( high, msglen, 4 ); + MBEDTLS_PUT_UINT32_LE( low, msglen, 0 ); + MBEDTLS_PUT_UINT32_LE( high, msglen, 4 ); last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); @@ -391,11 +368,11 @@ int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, if( ret != 0 ) return( ret ); - PUT_UINT32_LE( ctx->state[0], output, 0 ); - PUT_UINT32_LE( ctx->state[1], output, 4 ); - PUT_UINT32_LE( ctx->state[2], output, 8 ); - PUT_UINT32_LE( ctx->state[3], output, 12 ); - PUT_UINT32_LE( ctx->state[4], output, 16 ); + MBEDTLS_PUT_UINT32_LE( ctx->state[0], output, 0 ); + MBEDTLS_PUT_UINT32_LE( ctx->state[1], output, 4 ); + MBEDTLS_PUT_UINT32_LE( ctx->state[2], output, 8 ); + MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 ); + MBEDTLS_PUT_UINT32_LE( ctx->state[4], output, 16 ); return( 0 ); } diff --git a/library/sha1.c b/library/sha1.c index 545d093109..6fc9371231 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -48,29 +48,6 @@ #if !defined(MBEDTLS_SHA1_ALT) -/* - * 32-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} -#endif - -#ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) ); \ -} -#endif - void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) { SHA1_VALIDATE( ctx != NULL ); @@ -126,22 +103,22 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, SHA1_VALIDATE_RET( ctx != NULL ); SHA1_VALIDATE_RET( (const unsigned char *)data != NULL ); - GET_UINT32_BE( local.W[ 0], data, 0 ); - GET_UINT32_BE( local.W[ 1], data, 4 ); - GET_UINT32_BE( local.W[ 2], data, 8 ); - GET_UINT32_BE( local.W[ 3], data, 12 ); - GET_UINT32_BE( local.W[ 4], data, 16 ); - GET_UINT32_BE( local.W[ 5], data, 20 ); - GET_UINT32_BE( local.W[ 6], data, 24 ); - GET_UINT32_BE( local.W[ 7], data, 28 ); - GET_UINT32_BE( local.W[ 8], data, 32 ); - GET_UINT32_BE( local.W[ 9], data, 36 ); - GET_UINT32_BE( local.W[10], data, 40 ); - GET_UINT32_BE( local.W[11], data, 44 ); - GET_UINT32_BE( local.W[12], data, 48 ); - GET_UINT32_BE( local.W[13], data, 52 ); - GET_UINT32_BE( local.W[14], data, 56 ); - GET_UINT32_BE( local.W[15], data, 60 ); + local.W[ 0] = MBEDTLS_GET_UINT32_BE( data, 0 ); + local.W[ 1] = MBEDTLS_GET_UINT32_BE( data, 4 ); + local.W[ 2] = MBEDTLS_GET_UINT32_BE( data, 8 ); + local.W[ 3] = MBEDTLS_GET_UINT32_BE( data, 12 ); + local.W[ 4] = MBEDTLS_GET_UINT32_BE( data, 16 ); + local.W[ 5] = MBEDTLS_GET_UINT32_BE( data, 20 ); + local.W[ 6] = MBEDTLS_GET_UINT32_BE( data, 24 ); + local.W[ 7] = MBEDTLS_GET_UINT32_BE( data, 28 ); + local.W[ 8] = MBEDTLS_GET_UINT32_BE( data, 32 ); + local.W[ 9] = MBEDTLS_GET_UINT32_BE( data, 36 ); + local.W[10] = MBEDTLS_GET_UINT32_BE( data, 40 ); + local.W[11] = MBEDTLS_GET_UINT32_BE( data, 44 ); + local.W[12] = MBEDTLS_GET_UINT32_BE( data, 48 ); + local.W[13] = MBEDTLS_GET_UINT32_BE( data, 52 ); + local.W[14] = MBEDTLS_GET_UINT32_BE( data, 56 ); + local.W[15] = MBEDTLS_GET_UINT32_BE( data, 60 ); #define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n)))) @@ -385,8 +362,8 @@ int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, | ( ctx->total[1] << 3 ); low = ( ctx->total[0] << 3 ); - PUT_UINT32_BE( high, ctx->buffer, 56 ); - PUT_UINT32_BE( low, ctx->buffer, 60 ); + MBEDTLS_PUT_UINT32_BE( high, ctx->buffer, 56 ); + MBEDTLS_PUT_UINT32_BE( low, ctx->buffer, 60 ); if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); @@ -394,11 +371,11 @@ int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, /* * Output final state */ - PUT_UINT32_BE( ctx->state[0], output, 0 ); - PUT_UINT32_BE( ctx->state[1], output, 4 ); - PUT_UINT32_BE( ctx->state[2], output, 8 ); - PUT_UINT32_BE( ctx->state[3], output, 12 ); - PUT_UINT32_BE( ctx->state[4], output, 16 ); + MBEDTLS_PUT_UINT32_BE( ctx->state[0], output, 0 ); + MBEDTLS_PUT_UINT32_BE( ctx->state[1], output, 4 ); + MBEDTLS_PUT_UINT32_BE( ctx->state[2], output, 8 ); + MBEDTLS_PUT_UINT32_BE( ctx->state[3], output, 12 ); + MBEDTLS_PUT_UINT32_BE( ctx->state[4], output, 16 ); return( 0 ); } diff --git a/library/sha256.c b/library/sha256.c index 6ec6da296a..c3573f85fd 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -50,29 +50,6 @@ #if !defined(MBEDTLS_SHA256_ALT) -/* - * 32-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -do { \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} while( 0 ) -#endif - -#ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n,b,i) \ -do { \ - (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) ); \ -} while( 0 ) -#endif - void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) { SHA256_VALIDATE( ctx != NULL ); @@ -213,7 +190,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, for( i = 0; i < 64; i++ ) { if( i < 16 ) - GET_UINT32_BE( local.W[i], data, 4 * i ); + local.W[i] = MBEDTLS_GET_UINT32_BE( data, 4 * i ); else R( i ); @@ -228,7 +205,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, } #else /* MBEDTLS_SHA256_SMALLER */ for( i = 0; i < 16; i++ ) - GET_UINT32_BE( local.W[i], data, 4 * i ); + local.W[i] = MBEDTLS_GET_UINT32_BE( data, 4 * i ); for( i = 0; i < 16; i += 8 ) { @@ -378,8 +355,8 @@ int mbedtls_sha256_finish( mbedtls_sha256_context *ctx, | ( ctx->total[1] << 3 ); low = ( ctx->total[0] << 3 ); - PUT_UINT32_BE( high, ctx->buffer, 56 ); - PUT_UINT32_BE( low, ctx->buffer, 60 ); + MBEDTLS_PUT_UINT32_BE( high, ctx->buffer, 56 ); + MBEDTLS_PUT_UINT32_BE( low, ctx->buffer, 60 ); if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); @@ -387,18 +364,18 @@ int mbedtls_sha256_finish( mbedtls_sha256_context *ctx, /* * Output final state */ - PUT_UINT32_BE( ctx->state[0], output, 0 ); - PUT_UINT32_BE( ctx->state[1], output, 4 ); - PUT_UINT32_BE( ctx->state[2], output, 8 ); - PUT_UINT32_BE( ctx->state[3], output, 12 ); - PUT_UINT32_BE( ctx->state[4], output, 16 ); - PUT_UINT32_BE( ctx->state[5], output, 20 ); - PUT_UINT32_BE( ctx->state[6], output, 24 ); + MBEDTLS_PUT_UINT32_BE( ctx->state[0], output, 0 ); + MBEDTLS_PUT_UINT32_BE( ctx->state[1], output, 4 ); + MBEDTLS_PUT_UINT32_BE( ctx->state[2], output, 8 ); + MBEDTLS_PUT_UINT32_BE( ctx->state[3], output, 12 ); + MBEDTLS_PUT_UINT32_BE( ctx->state[4], output, 16 ); + MBEDTLS_PUT_UINT32_BE( ctx->state[5], output, 20 ); + MBEDTLS_PUT_UINT32_BE( ctx->state[6], output, 24 ); #if defined(MBEDTLS_SHA224_C) if( ctx->is224 == 0 ) #endif - PUT_UINT32_BE( ctx->state[7], output, 28 ); + MBEDTLS_PUT_UINT32_BE( ctx->state[7], output, 28 ); return( 0 ); } diff --git a/library/sha512.c b/library/sha512.c index 6511c6e36a..2b4cc547e4 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -56,44 +56,13 @@ #if !defined(MBEDTLS_SHA512_ALT) -/* - * 64-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT64_BE -#define GET_UINT64_BE(n,b,i) \ -{ \ - (n) = ( (uint64_t) (b)[(i) ] << 56 ) \ - | ( (uint64_t) (b)[(i) + 1] << 48 ) \ - | ( (uint64_t) (b)[(i) + 2] << 40 ) \ - | ( (uint64_t) (b)[(i) + 3] << 32 ) \ - | ( (uint64_t) (b)[(i) + 4] << 24 ) \ - | ( (uint64_t) (b)[(i) + 5] << 16 ) \ - | ( (uint64_t) (b)[(i) + 6] << 8 ) \ - | ( (uint64_t) (b)[(i) + 7] ); \ -} -#endif /* GET_UINT64_BE */ - -#ifndef PUT_UINT64_BE -#define PUT_UINT64_BE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) >> 56 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \ - (b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 7] = (unsigned char) ( (n) ); \ -} -#endif /* PUT_UINT64_BE */ - #if defined(MBEDTLS_SHA512_SMALLER) static void sha512_put_uint64_be( uint64_t n, unsigned char *b, uint8_t i ) { - PUT_UINT64_BE(n, b, i); + MBEDTLS_PUT_UINT64_BE(n, b, i); } #else -#define sha512_put_uint64_be PUT_UINT64_BE +#define sha512_put_uint64_be MBEDTLS_PUT_UINT64_BE #endif /* MBEDTLS_SHA512_SMALLER */ void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) @@ -261,7 +230,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, { if( i < 16 ) { - GET_UINT64_BE( local.W[i], data, i << 3 ); + local.W[i] = MBEDTLS_GET_UINT64_BE( data, i << 3 ); } else { @@ -281,7 +250,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, #else /* MBEDTLS_SHA512_SMALLER */ for( i = 0; i < 16; i++ ) { - GET_UINT64_BE( local.W[i], data, i << 3 ); + local.W[i] = MBEDTLS_GET_UINT64_BE( data, i << 3 ); } for( ; i < 80; i++ ) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index a3ee157d50..b10a9634ef 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -52,6 +52,15 @@ static const int ciphersuite_preference[] = #if defined(MBEDTLS_SSL_CIPHERSUITES) MBEDTLS_SSL_CIPHERSUITES, #else +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + /* TLS 1.3 ciphersuites */ + MBEDTLS_TLS1_3_AES_128_GCM_SHA256, + MBEDTLS_TLS1_3_AES_256_GCM_SHA384, + MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, + MBEDTLS_TLS1_3_AES_128_CCM_SHA256, + MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + /* Chacha-Poly ephemeral suites */ MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, @@ -283,6 +292,52 @@ static const int ciphersuite_preference[] = static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = { +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) +#if defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SHA384_C) + { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384", + MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, + MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4, + 0 }, +#endif /* MBEDTLS_SHA384_C */ +#if defined(MBEDTLS_SHA256_C) + { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256", + MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, + MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4, + 0 }, +#endif /* MBEDTLS_SHA256_C */ +#endif /* MBEDTLS_GCM_C */ +#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_SHA256_C) + { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256", + MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, + MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4, + 0 }, + { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256", + MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, + MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4, + MBEDTLS_CIPHERSUITE_SHORT_TAG }, +#endif /* MBEDTLS_SHA256_C && MBEDTLS_CCM_C */ +#endif /* MBEDTLS_AES_C */ +#if defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_SHA256_C) + { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, + "TLS1-3-CHACHA20-POLY1305-SHA256", + MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, + MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4, + 0 }, +#endif /* MBEDTLS_CHACHAPOLY_C && MBEDTLS_SHA256_C */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + #if defined(MBEDTLS_CHACHAPOLY_C) && \ defined(MBEDTLS_SHA256_C) && \ defined(MBEDTLS_SSL_PROTO_TLS1_2) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index d14b90e278..68d3033ced 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -90,10 +90,10 @@ static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf ) #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) +int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; size_t hostname_len; @@ -137,18 +137,19 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, * } ServerNameList; * */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SERVERNAME, p, 0 ); + p += 2; - *p++ = (unsigned char)( ( (hostname_len + 5) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( (hostname_len + 5) ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( hostname_len + 5, p, 0 ); + p += 2; - *p++ = (unsigned char)( ( (hostname_len + 3) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( (hostname_len + 3) ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( hostname_len + 3, p, 0 ); + p += 2; - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF ); - *p++ = (unsigned char)( ( hostname_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( hostname_len ) & 0xFF ); + *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ); + + MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 ); + p += 2; memcpy( p, ssl->hostname, hostname_len ); @@ -182,14 +183,12 @@ static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, /* * Secure renegotiation */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) - & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) - & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0 ); + p += 2; *p++ = 0x00; - *p++ = ( ssl->verify_data_len + 1 ) & 0xFF; - *p++ = ssl->verify_data_len & 0xFF; + *p++ = MBEDTLS_BYTE_0( ssl->verify_data_len + 1 ); + *p++ = MBEDTLS_BYTE_0( ssl->verify_data_len ); memcpy( p, ssl->own_verify_data, ssl->verify_data_len ); @@ -284,14 +283,14 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, * SignatureAndHashAlgorithm * supported_signature_algorithms<2..2^16-2>; */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, p, 0 ); + p += 2; - *p++ = (unsigned char)( ( ( sig_alg_len + 2 ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( sig_alg_len + 2 ) ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( sig_alg_len + 2, p, 0 ); + p += 2; - *p++ = (unsigned char)( ( sig_alg_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( sig_alg_len ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( sig_alg_len, p, 0 ); + p += 2; *olen = 6 + sig_alg_len; @@ -311,27 +310,32 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, unsigned char *elliptic_curve_list = p + 6; size_t elliptic_curve_len = 0; const mbedtls_ecp_curve_info *info; - const mbedtls_ecp_group_id *grp_id; - + const uint16_t *group_list = mbedtls_ssl_get_groups( ssl ); *olen = 0; + /* Check there is room for header */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) ); - if( ssl->conf->curve_list == NULL ) + if( group_list == NULL ) return( MBEDTLS_ERR_SSL_BAD_CONFIG ); - for( grp_id = ssl->conf->curve_list; - *grp_id != MBEDTLS_ECP_DP_NONE; - grp_id++ ) + for( ; *group_list != 0; group_list++ ) { - info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); + info = mbedtls_ecp_curve_info_from_tls_id( *group_list ); if( info == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) ); return( MBEDTLS_ERR_SSL_BAD_CONFIG ); } + + /* Check there is room for another curve */ + MBEDTLS_SSL_CHK_BUF_PTR( elliptic_curve_list, end, elliptic_curve_len + 2 ); + + MBEDTLS_PUT_UINT16_BE( *group_list, elliptic_curve_list, elliptic_curve_len ); elliptic_curve_len += 2; if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN ) @@ -346,29 +350,14 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, if( elliptic_curve_len == 0 ) return( MBEDTLS_ERR_SSL_BAD_CONFIG ); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES, p, 0 ); + p += 2; - elliptic_curve_len = 0; + MBEDTLS_PUT_UINT16_BE( elliptic_curve_len + 2, p, 0 ); + p += 2; - for( grp_id = ssl->conf->curve_list; - *grp_id != MBEDTLS_ECP_DP_NONE; - grp_id++ ) - { - info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); - elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8; - elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF; - } - - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) - & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) - & 0xFF ); - - *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) ) & 0xFF ); - - *p++ = (unsigned char)( ( ( elliptic_curve_len ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( elliptic_curve_len, p, 0 ); + p += 2; *olen = 6 + elliptic_curve_len; @@ -389,10 +378,8 @@ static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, ( "client hello, adding supported_point_formats extension" ) ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) - & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) - & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0 ); + p += 2; *p++ = 0x00; *p++ = 2; @@ -428,8 +415,8 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0 ); + p += 2; /* * We may need to send ClientHello multiple times for Hello verification. @@ -471,8 +458,8 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len ); } - *p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( kkpp_len ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( kkpp_len, p, 0 ); + p += 2; *olen = kkpp_len + 4; @@ -511,11 +498,11 @@ static int ssl_write_cid_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_PTR( p, end, (unsigned)( ssl->own_cid_len + 5 ) ); /* Add extension ID + size */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_CID, p, 0 ); + p += 2; ext_len = (size_t) ssl->own_cid_len + 1; - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 ); + p += 2; *p++ = (uint8_t) ssl->own_cid_len; memcpy( p, ssl->own_cid, ssl->own_cid_len ); @@ -544,10 +531,8 @@ static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) - & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) - & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0 ); + p += 2; *p++ = 0x00; *p++ = 1; @@ -578,8 +563,8 @@ static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0 ); + p += 2; *p++ = 0x00; *p++ = 0x00; @@ -608,10 +593,8 @@ static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) - & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) - & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0 ); + p += 2; *p++ = 0x00; *p++ = 0x00; @@ -642,11 +625,11 @@ static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, /* The addition is safe here since the ticket length is 16 bit. */ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + tlen ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0 ); + p += 2; - *p++ = (unsigned char)( ( tlen >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( tlen ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( tlen, p, 0 ); + p += 2; *olen = 4; @@ -686,8 +669,8 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, p, 0 ); + p += 2; /* * opaque ProtocolName<1..2^8-1>; @@ -714,12 +697,10 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, *olen = p - buf; /* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */ - buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF ); - buf[5] = (unsigned char)( ( ( *olen - 6 ) ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( *olen - 6, buf, 4 ); /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */ - buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF ); - buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( *olen - 4, buf, 2 ); return( 0 ); } @@ -771,12 +752,11 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, */ MBEDTLS_SSL_CHK_BUF_PTR( p, end, ext_len + 4 ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_USE_SRTP, p, 0 ); + p += 2; - - *p++ = (unsigned char)( ( ( ext_len & 0xFF00 ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ext_len & 0xFF ); + MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 ); + p += 2; /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */ /* micro-optimization: @@ -787,8 +767,7 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * >> 8 ) & 0xFF ); */ *p++ = 0; - *p++ = (unsigned char)( ( 2 * ssl->conf->dtls_srtp_profile_list_len ) - & 0xFF ); + *p++ = MBEDTLS_BYTE_0( 2 * ssl->conf->dtls_srtp_profile_list_len ); for( protection_profiles_index=0; protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; @@ -800,8 +779,8 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", profile_value ) ); - *p++ = ( ( profile_value >> 8 ) & 0xFF ); - *p++ = ( profile_value & 0xFF ); + MBEDTLS_PUT_UINT16_BE( profile_value, p, 0 ); + p += 2; } else { @@ -869,10 +848,8 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_HAVE_TIME) t = mbedtls_time( NULL ); - *p++ = (unsigned char)( t >> 24 ); - *p++ = (unsigned char)( t >> 16 ); - *p++ = (unsigned char)( t >> 8 ); - *p++ = (unsigned char)( t ); + MBEDTLS_PUT_UINT32_BE( t, p, 0 ); + p += 4; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG, (long long) t ) ); @@ -1155,8 +1132,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); n++; - *p++ = (unsigned char)( ciphersuites[i] >> 8 ); - *p++ = (unsigned char)( ciphersuites[i] ); + MBEDTLS_PUT_UINT16_BE( ciphersuites[i], p, 0 ); + p += 2; } MBEDTLS_SSL_DEBUG_MSG( 3, @@ -1171,8 +1148,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); - *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 ); - *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO, p, 0 ); + p += 2; n++; } @@ -1192,10 +1169,10 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if( ( ret = ssl_write_hostname_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) + if( ( ret = mbedtls_ssl_write_hostname_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_hostname_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_hostname_ext", ret ); return( ret ); } ext_len += olen; @@ -1335,9 +1312,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) { /* No need to check for space here, because the extension * writing functions already took care of that. */ - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); - p += ext_len; + MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 ); + p += 2 + ext_len; } ssl->out_msglen = p - buf; @@ -2757,8 +2733,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( len_bytes == 2 ) { - ssl->out_msg[offset+0] = (unsigned char)( *olen >> 8 ); - ssl->out_msg[offset+1] = (unsigned char)( *olen ); + MBEDTLS_PUT_UINT16_BE( *olen, ssl->out_msg, offset ); *olen += 2; } #endif @@ -3515,8 +3490,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) */ content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ); - ssl->out_msg[4] = (unsigned char)( content_len >> 8 ); - ssl->out_msg[5] = (unsigned char)( content_len ); + MBEDTLS_PUT_UINT16_BE( content_len, ssl->out_msg, 4 ); header_len = 6; ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, @@ -3731,8 +3705,8 @@ ecdh_calc_secret: return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } - ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 ); - ssl->out_msg[header_len++] = (unsigned char)( content_len ); + ssl->out_msg[header_len++] = MBEDTLS_BYTE_1( content_len ); + ssl->out_msg[header_len++] = MBEDTLS_BYTE_0( content_len ); memcpy( ssl->out_msg + header_len, ssl->conf->psk_identity, @@ -3783,8 +3757,8 @@ ecdh_calc_secret: return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } - ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 ); - ssl->out_msg[header_len++] = (unsigned char)( content_len ); + ssl->out_msg[header_len++] = MBEDTLS_BYTE_1( content_len ); + ssl->out_msg[header_len++] = MBEDTLS_BYTE_0( content_len ); ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ), @@ -4066,8 +4040,7 @@ sign: return( ret ); } - ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 ); - ssl->out_msg[5 + offset] = (unsigned char)( n ); + MBEDTLS_PUT_UINT16_BE( n, ssl->out_msg, offset + 4 ); ssl->out_msglen = 6 + n + offset; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; @@ -4211,23 +4184,8 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) { int ret = 0; - if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) ); - if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - return( ret ); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) - { - if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) - return( ret ); - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - /* Change state now, so that it is right in mbedtls_ssl_read_record(), used * by DTLS for dropping out-of-sequence ChangeCipherSpec records */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index dd46971c98..7516786def 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -166,10 +166,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx, t = ctx->serial++; #endif - (*p)[0] = (unsigned char)( t >> 24 ); - (*p)[1] = (unsigned char)( t >> 16 ); - (*p)[2] = (unsigned char)( t >> 8 ); - (*p)[3] = (unsigned char)( t ); + MBEDTLS_PUT_UINT32_BE(t, *p, 0); *p += 4; #if defined(MBEDTLS_THREADING_C) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 856dd1e16f..36a071263d 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -102,6 +102,61 @@ #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ +/* + * Mask of TLS 1.3 handshake extensions used in extensions_present + * of mbedtls_ssl_handshake_params. + */ +#define MBEDTLS_SSL_EXT_NONE 0 + +#define MBEDTLS_SSL_EXT_SERVERNAME ( 1 << 0 ) +#define MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH ( 1 << 1 ) +#define MBEDTLS_SSL_EXT_STATUS_REQUEST ( 1 << 2 ) +#define MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ( 1 << 3 ) +#define MBEDTLS_SSL_EXT_SIG_ALG ( 1 << 4 ) +#define MBEDTLS_SSL_EXT_USE_SRTP ( 1 << 5 ) +#define MBEDTLS_SSL_EXT_HEARTBEAT ( 1 << 6 ) +#define MBEDTLS_SSL_EXT_ALPN ( 1 << 7 ) +#define MBEDTLS_SSL_EXT_SCT ( 1 << 8 ) +#define MBEDTLS_SSL_EXT_CLI_CERT_TYPE ( 1 << 9 ) +#define MBEDTLS_SSL_EXT_SERV_CERT_TYPE ( 1 << 10 ) +#define MBEDTLS_SSL_EXT_PADDING ( 1 << 11 ) +#define MBEDTLS_SSL_EXT_PRE_SHARED_KEY ( 1 << 12 ) +#define MBEDTLS_SSL_EXT_EARLY_DATA ( 1 << 13 ) +#define MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ( 1 << 14 ) +#define MBEDTLS_SSL_EXT_COOKIE ( 1 << 15 ) +#define MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ( 1 << 16 ) +#define MBEDTLS_SSL_EXT_CERT_AUTH ( 1 << 17 ) +#define MBEDTLS_SSL_EXT_OID_FILTERS ( 1 << 18 ) +#define MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH ( 1 << 19 ) +#define MBEDTLS_SSL_EXT_SIG_ALG_CERT ( 1 << 20 ) +#define MBEDTLS_SSL_EXT_KEY_SHARE ( 1 << 21 ) + +/* + * Helper macros for function call with return check. + */ +/* + * Exit when return non-zero value + */ +#define MBEDTLS_SSL_PROC_CHK( f ) \ + do { \ + ret = ( f ); \ + if( ret != 0 ) \ + { \ + goto cleanup; \ + } \ + } while( 0 ) +/* + * Exit when return negative value + */ +#define MBEDTLS_SSL_PROC_CHK_NEG( f ) \ + do { \ + ret = ( f ); \ + if( ret < 0 ) \ + { \ + goto cleanup; \ + } \ + } while( 0 ) + /* * DTLS retransmission states, see RFC 6347 4.2.4 * @@ -252,6 +307,9 @@ + ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) ) #endif +#define MBEDTLS_CLIENT_HELLO_RANDOM_LEN 32 +#define MBEDTLS_SERVER_HELLO_RANDOM_LEN 32 + #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) /** * \brief Return the maximum fragment length (payload, in bytes) for @@ -354,6 +412,32 @@ static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur, } \ } while( 0 ) +/** + * \brief This macro checks if the remaining length in an input buffer is + * greater or equal than a needed length. If it is not the case, it + * returns #MBEDTLS_ERR_SSL_DECODE_ERROR error and pends a + * #MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR alert message. + * + * This is a function-like macro. It is guaranteed to evaluate each + * argument exactly once. + * + * \param cur Pointer to the current position in the buffer. + * \param end Pointer to one past the end of the buffer. + * \param need Needed length in bytes. + * + */ +#define MBEDTLS_SSL_CHK_BUF_READ_PTR( cur, end, need ) \ + do { \ + if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \ + { \ + MBEDTLS_SSL_DEBUG_MSG( 1, \ + ( "missing input data in %s", __func__ ) ); \ + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \ + MBEDTLS_ERR_SSL_DECODE_ERROR ); \ + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); \ + } \ + } while( 0 ) + #ifdef __cplusplus extern "C" { #endif @@ -423,6 +507,19 @@ struct mbedtls_ssl_key_set }; typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set; +typedef struct +{ + unsigned char binder_key [ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; + unsigned char client_early_traffic_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; + unsigned char early_exporter_master_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; +} mbedtls_ssl_tls1_3_early_secrets; + +typedef struct +{ + unsigned char client_handshake_traffic_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; + unsigned char server_handshake_traffic_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; +} mbedtls_ssl_tls1_3_handshake_secrets; + /* * This structure contains the parameters only needed during handshake. */ @@ -431,6 +528,14 @@ struct mbedtls_ssl_handshake_params /* * Handshake specific crypto variables */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + int tls1_3_kex_modes; /*!< key exchange modes for TLS 1.3 */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) + const uint16_t *group_list; + unsigned char group_list_heap_allocated; +#endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) @@ -518,8 +623,8 @@ struct mbedtls_ssl_handshake_params flight being received */ mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for resending messages */ - unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter - for resending messages */ + unsigned char alt_out_ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /*!< Alternative record epoch/counter + for resending messages */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* The state of CID configuration in this handshake. */ @@ -562,6 +667,13 @@ struct mbedtls_ssl_handshake_params uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */ #endif /* MBEDTLS_SSL_PROTO_DTLS */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + /*! TLS 1.3 transforms for 0-RTT and encrypted handshake messages. + * Those pointers own the transforms they reference. */ + mbedtls_ssl_transform *transform_handshake; + mbedtls_ssl_transform *transform_earlydata; +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + /* * Checksum contexts */ @@ -587,11 +699,55 @@ struct mbedtls_ssl_handshake_params void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); mbedtls_ssl_tls_prf_cb *tls_prf; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + uint16_t offered_group_id; /* The NamedGroup value for the group + * that is being used for ephemeral + * key exchange. + * + * On the client: Defaults to the first + * entry in the client's group list, + * but can be overwritten by the HRR. */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + + /* + * State-local variables used during the processing + * of a specific handshake state. + */ + union + { + /* Outgoing Finished message */ + struct + { + uint8_t preparation_done; + + /* Buffer holding digest of the handshake up to + * but excluding the outgoing finished message. */ + unsigned char digest[MBEDTLS_TLS1_3_MD_MAX_SIZE]; + size_t digest_len; + } finished_out; + + /* Incoming Finished message */ + struct + { + uint8_t preparation_done; + + /* Buffer holding digest of the handshake up to but + * excluding the peer's incoming finished message. */ + unsigned char digest[MBEDTLS_TLS1_3_MD_MAX_SIZE]; + size_t digest_len; + } finished_in; + + } state_local; + + /* End of state-local variables. */ + mbedtls_ssl_ciphersuite_t const *ciphersuite_info; size_t pmslen; /*!< premaster length */ - unsigned char randbytes[64]; /*!< random bytes */ + unsigned char randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN + + MBEDTLS_SERVER_HELLO_RANDOM_LEN]; + /*!< random bytes */ unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; /*!< premaster secret */ @@ -599,6 +755,20 @@ struct mbedtls_ssl_handshake_params int max_major_ver; /*!< max. major version client*/ int max_minor_ver; /*!< max. minor version client*/ int cli_exts; /*!< client extension presence*/ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + int extensions_present; /*!< extension presence; Each bitfield + represents an extension and defined + as \c MBEDTLS_SSL_EXT_XXX */ + + union + { + unsigned char early [MBEDTLS_TLS1_3_MD_MAX_SIZE]; + unsigned char handshake[MBEDTLS_TLS1_3_MD_MAX_SIZE]; + unsigned char app [MBEDTLS_TLS1_3_MD_MAX_SIZE]; + } tls1_3_master_secrets; + + mbedtls_ssl_tls1_3_handshake_secrets tls13_hs_secrets; +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) int new_session_ticket; /*!< use NewSessionTicket? */ @@ -740,8 +910,11 @@ struct mbedtls_ssl_transform #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) /* We need the Hello random bytes in order to re-derive keys from the - * Master Secret and other session info, see ssl_populate_transform() */ - unsigned char randbytes[64]; /*!< ServerHello.random+ClientHello.random */ + * Master Secret and other session info, + * see ssl_tls12_populate_transform() */ + unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN + + MBEDTLS_CLIENT_HELLO_RANDOM_LEN]; + /*!< ServerHello.random+ClientHello.random */ #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ }; @@ -788,14 +961,14 @@ static inline int mbedtls_ssl_transform_uses_aead( typedef struct { - uint8_t ctr[8]; /* In TLS: The implicit record sequence number. - * In DTLS: The 2-byte epoch followed by - * the 6-byte sequence number. - * This is stored as a raw big endian byte array - * as opposed to a uint64_t because we rarely - * need to perform arithmetic on this, but do - * need it as a Byte array for the purpose of - * MAC computations. */ + uint8_t ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /* In TLS: The implicit record sequence number. + * In DTLS: The 2-byte epoch followed by + * the 6-byte sequence number. + * This is stored as a raw big endian byte array + * as opposed to a uint64_t because we rarely + * need to perform arithmetic on this, but do + * need it as a Byte array for the purpose of + * MAC computations. */ uint8_t type; /* The record content type. */ uint8_t ver[2]; /* SSL/TLS version as present on the wire. * Convert to internal presentation of versions @@ -878,13 +1051,24 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ); */ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ); +/* set inbound transform of ssl context */ +void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform ); + +/* set outbound transform of ssl context */ +void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform ); + +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) +int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ); +#endif + int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); -#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) -int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ); -int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl ); -#endif int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); @@ -975,7 +1159,13 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, unsigned update_hs_digest ); int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); -int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl, + int update_checksum ); +static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) +{ + return( mbedtls_ssl_write_handshake_msg_ext( ssl, 1 /* update checksum */ ) ); +} + int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ); int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); @@ -1227,6 +1417,22 @@ void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl ); int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ); +/* + * Send pending alert + */ +int mbedtls_ssl_handle_pending_alert( mbedtls_ssl_context *ssl ); + +/* + * Set pending fatal alert flag. + */ +void mbedtls_ssl_pend_fatal_alert( mbedtls_ssl_context *ssl, + unsigned char alert_type, + int alert_reason ); + +/* Alias of mbedtls_ssl_pend_fatal_alert */ +#define MBEDTLS_SSL_PEND_FATAL_ALERT( type, user_return_value ) \ + mbedtls_ssl_pend_fatal_alert( ssl, type, user_return_value ) + #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ); #endif @@ -1289,4 +1495,223 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL*/ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + +int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ); + +/** + * \brief TLS 1.3 client side state machine entry + * + * \param ssl SSL context + */ +int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ); + +/** + * \brief TLS 1.3 server side state machine entry + * + * \param ssl SSL context + */ +int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ); + + +/* + * Helper functions around key exchange modes. + */ +static inline unsigned mbedtls_ssl_conf_tls13_check_kex_modes( mbedtls_ssl_context *ssl, + int kex_mode_mask ) +{ + return( ( ssl->conf->tls13_kex_modes & kex_mode_mask ) != 0 ); +} + +static inline int mbedtls_ssl_conf_tls13_psk_enabled( mbedtls_ssl_context *ssl ) +{ + return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl, + MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ) ); +} + +static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( mbedtls_ssl_context *ssl ) +{ + return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl, + MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) ); +} + +static inline int mbedtls_ssl_conf_tls13_ephemeral_enabled( mbedtls_ssl_context *ssl ) +{ + return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl, + MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) ); +} + +static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled( mbedtls_ssl_context *ssl ) +{ + return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl, + MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) ); +} + +static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *ssl ) +{ + return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl, + MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) ); +} + +/** + * Given a list of key exchange modes, check if at least one of them is + * supported. + * + * \param[in] ssl SSL context + * \param kex_modes_mask Mask of the key exchange modes to check + * + * \return 0 if at least one of the key exchange modes is supported, + * !=0 otherwise. + */ +static inline unsigned mbedtls_ssl_tls1_3_check_kex_modes( mbedtls_ssl_context *ssl, + int kex_modes_mask ) +{ + return( ( ssl->handshake->tls1_3_kex_modes & kex_modes_mask ) == 0 ); +} + +static inline int mbedtls_ssl_tls1_3_psk_enabled( mbedtls_ssl_context *ssl ) +{ + return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl, + MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ) ); +} + +static inline int mbedtls_ssl_tls1_3_psk_ephemeral_enabled( + mbedtls_ssl_context *ssl ) +{ + return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl, + MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) ); +} + +static inline int mbedtls_ssl_tls1_3_ephemeral_enabled( mbedtls_ssl_context *ssl ) +{ + return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl, + MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) ); +} + +static inline int mbedtls_ssl_tls1_3_some_ephemeral_enabled( mbedtls_ssl_context *ssl ) +{ + return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl, + MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) ); +} + +static inline int mbedtls_ssl_tls1_3_some_psk_enabled( mbedtls_ssl_context *ssl ) +{ + return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl, + MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) ); +} + +/* + * Helper functions for NamedGroup. + */ +static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group ) +{ + return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 || + named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 || + named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 || + named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 || + named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 ); +} + +static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group ) +{ + return( named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 && + named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 ); +} + +static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl, + mbedtls_ssl_states state ) +{ + ssl->state = ( int ) state; +} + +/* + * Fetch TLS 1.3 handshake message header + */ +int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl, + unsigned hs_type, + unsigned char **buf, + size_t *buf_len ); + +/* + * Write TLS 1.3 handshake message header + */ +int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, + unsigned hs_type, + unsigned char **buf, + size_t *buflen ); + +/* + * Handler of TLS 1.3 server certificate message + */ +int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl ); + +/* + * Generic handler of Certificate Verify + */ +int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl ); + +/* + * Write TLS 1.3 handshake message tail + */ +int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl, + size_t buf_len, + size_t msg_len ); + +void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, + unsigned hs_type, + size_t total_hs_len ); + +/* + * Update checksum of handshake messages. + */ +void mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl, + unsigned hs_type, + unsigned char const *msg, + size_t msg_len ); + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +/* + * Write TLS 1.3 Signature Algorithm extension + */ +int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen); + +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + +/* Get handshake transcript */ +int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl, + const mbedtls_md_type_t md, + unsigned char *dst, + size_t dst_len, + size_t *olen ); + +/* + * Return supported groups. + * + * In future, invocations can be changed to ssl->conf->group_list + * when mbedtls_ssl_conf_curves() is deleted. + * + * ssl->handshake->group_list is either a translation of curve_list to IANA TLS group + * identifiers when mbedtls_ssl_conf_curves() has been used, or a pointer to + * ssl->conf->group_list when mbedtls_ssl_conf_groups() has been more recently invoked. + * + */ +static inline const void *mbedtls_ssl_get_groups( const mbedtls_ssl_context *ssl ) +{ + #if defined(MBEDTLS_DEPRECATED_REMOVED) || !defined(MBEDTLS_ECP_C) + return( ssl->conf->group_list ); + #else + if( ( ssl->handshake != NULL ) && ( ssl->handshake->group_list != NULL ) ) + return( ssl->handshake->group_list ); + else + return( ssl->conf->group_list ); + #endif +} + #endif /* ssl_misc.h */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 299be32782..286294f828 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -384,7 +384,8 @@ static int ssl_parse_inner_plaintext( unsigned char const *content, static void ssl_extract_add_data_from_record( unsigned char* add_data, size_t *add_data_len, mbedtls_record *rec, - unsigned minor_ver ) + unsigned minor_ver, + size_t taglen ) { /* Quoting RFC 5246 (TLS 1.2): * @@ -403,15 +404,37 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, * * For TLS 1.3, the record sequence number is dropped from the AAD * and encoded within the nonce of the AEAD operation instead. + * Moreover, the additional data involves the length of the TLS + * ciphertext, not the TLS plaintext as in earlier versions. + * Quoting RFC 8446 (TLS 1.3): + * + * additional_data = TLSCiphertext.opaque_type || + * TLSCiphertext.legacy_record_version || + * TLSCiphertext.length + * + * We pass the tag length to this function in order to compute the + * ciphertext length from the inner plaintext length rec->data_len via + * + * TLSCiphertext.length = TLSInnerPlaintext.length + taglen. + * */ unsigned char *cur = add_data; + size_t ad_len_field = rec->data_len; #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - if( minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 ) + if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + { + /* In TLS 1.3, the AAD contains the length of the TLSCiphertext, + * which differs from the length of the TLSInnerPlaintext + * by the length of the authentication tag. */ + ad_len_field += taglen; + } + else #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ { ((void) minor_ver); + ((void) taglen); memcpy( cur, rec->ctr, sizeof( rec->ctr ) ); cur += sizeof( rec->ctr ); } @@ -431,15 +454,13 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, *cur = rec->cid_len; cur++; - cur[0] = ( rec->data_len >> 8 ) & 0xFF; - cur[1] = ( rec->data_len >> 0 ) & 0xFF; + MBEDTLS_PUT_UINT16_BE( ad_len_field, cur, 0 ); cur += 2; } else #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ { - cur[0] = ( rec->data_len >> 8 ) & 0xFF; - cur[1] = ( rec->data_len >> 0 ) & 0xFF; + MBEDTLS_PUT_UINT16_BE( ad_len_field, cur, 0 ); cur += 2; } @@ -646,7 +667,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, unsigned char mac[MBEDTLS_SSL_MAC_ADD]; ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver ); + transform->minor_ver, + transform->taglen ); mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data, add_data_len ); @@ -743,7 +765,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * This depends on the TLS version. */ ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver ); + transform->minor_ver, + transform->taglen ); MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)", iv, transform->ivlen ); @@ -897,7 +920,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, } ssl_extract_add_data_from_record( add_data, &add_data_len, - rec, transform->minor_ver ); + rec, transform->minor_ver, + transform->taglen ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data, @@ -1068,7 +1092,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * This depends on the TLS version. */ ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver ); + transform->minor_ver, + transform->taglen ); MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", add_data, add_data_len ); @@ -1178,7 +1203,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * Further, we still know that data_len > minlen */ rec->data_len -= transform->maclen; ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver ); + transform->minor_ver, + transform->taglen ); /* Calculate expected MAC. */ MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data, @@ -1370,7 +1396,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, */ rec->data_len -= transform->maclen; ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver ); + transform->minor_ver, + transform->taglen ); #if defined(MBEDTLS_SSL_PROTO_TLS1_2) /* @@ -1838,7 +1865,7 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight ) static int ssl_swap_epochs( mbedtls_ssl_context *ssl ) { mbedtls_ssl_transform *tmp_transform; - unsigned char tmp_out_ctr[8]; + unsigned char tmp_out_ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; if( ssl->transform_out == ssl->handshake->alt_transform_out ) { @@ -1854,9 +1881,11 @@ static int ssl_swap_epochs( mbedtls_ssl_context *ssl ) ssl->handshake->alt_transform_out = tmp_transform; /* Swap epoch + sequence_number */ - memcpy( tmp_out_ctr, ssl->cur_out_ctr, 8 ); - memcpy( ssl->cur_out_ctr, ssl->handshake->alt_out_ctr, 8 ); - memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, 8 ); + memcpy( tmp_out_ctr, ssl->cur_out_ctr, sizeof( tmp_out_ctr ) ); + memcpy( ssl->cur_out_ctr, ssl->handshake->alt_out_ctr, + sizeof( ssl->cur_out_ctr ) ); + memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, + sizeof( ssl->handshake->alt_out_ctr ) ); /* Adjust to the newly activated transform */ mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out ); @@ -1990,13 +2019,13 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */ memcpy( ssl->out_msg, cur->p, 6 ); - ssl->out_msg[6] = ( ( frag_off >> 16 ) & 0xff ); - ssl->out_msg[7] = ( ( frag_off >> 8 ) & 0xff ); - ssl->out_msg[8] = ( ( frag_off ) & 0xff ); + ssl->out_msg[6] = MBEDTLS_BYTE_2( frag_off ); + ssl->out_msg[7] = MBEDTLS_BYTE_1( frag_off ); + ssl->out_msg[8] = MBEDTLS_BYTE_0( frag_off ); - ssl->out_msg[ 9] = ( ( cur_hs_frag_len >> 16 ) & 0xff ); - ssl->out_msg[10] = ( ( cur_hs_frag_len >> 8 ) & 0xff ); - ssl->out_msg[11] = ( ( cur_hs_frag_len ) & 0xff ); + ssl->out_msg[ 9] = MBEDTLS_BYTE_2( cur_hs_frag_len ); + ssl->out_msg[10] = MBEDTLS_BYTE_1( cur_hs_frag_len ); + ssl->out_msg[11] = MBEDTLS_BYTE_0( cur_hs_frag_len ); MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 ); @@ -2124,7 +2153,8 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ) * (including handshake headers but excluding record headers) * - ssl->out_msg: the record contents (handshake headers + content) */ -int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl, + int update_checksum ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const size_t hs_len = ssl->out_msglen - 4; @@ -2185,9 +2215,9 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) */ if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) { - ssl->out_msg[1] = (unsigned char)( hs_len >> 16 ); - ssl->out_msg[2] = (unsigned char)( hs_len >> 8 ); - ssl->out_msg[3] = (unsigned char)( hs_len ); + ssl->out_msg[1] = MBEDTLS_BYTE_2( hs_len ); + ssl->out_msg[2] = MBEDTLS_BYTE_1( hs_len ); + ssl->out_msg[3] = MBEDTLS_BYTE_0( hs_len ); /* * DTLS has additional fields in the Handshake layer, @@ -2215,8 +2245,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) /* Write message_seq and update it, except for HelloRequest */ if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) { - ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF; - ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF; + MBEDTLS_PUT_UINT16_BE( ssl->handshake->out_msg_seq, ssl->out_msg, 4 ); ++( ssl->handshake->out_msg_seq ); } else @@ -2233,7 +2262,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_PROTO_DTLS */ /* Update running hashes of handshake messages seen */ - if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) + if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST && update_checksum != 0 ) ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen ); } @@ -2295,13 +2324,18 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) #endif /* Skip writing the record content type to after the encryption, * as it may change when using the CID extension. */ + int minor_ver = ssl->minor_ver; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + /* TLS 1.3 still uses the TLS 1.2 version identifier + * for backwards compatibility. */ + if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + mbedtls_ssl_write_version( ssl->major_ver, minor_ver, + ssl->conf->transport, ssl->out_hdr + 1 ); - mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, - ssl->conf->transport, ssl->out_hdr + 1 ); - - memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 ); - ssl->out_len[0] = (unsigned char)( len >> 8 ); - ssl->out_len[1] = (unsigned char)( len ); + memcpy( ssl->out_ctr, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN ); + MBEDTLS_PUT_UINT16_BE( len, ssl->out_len, 0); if( ssl->transform_out != NULL ) { @@ -2312,8 +2346,8 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) rec.data_len = ssl->out_msglen; rec.data_offset = ssl->out_msg - rec.buf; - memcpy( &rec.ctr[0], ssl->out_ctr, 8 ); - mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, + memcpy( &rec.ctr[0], ssl->out_ctr, sizeof( rec.ctr ) ); + mbedtls_ssl_write_version( ssl->major_ver, minor_ver, ssl->conf->transport, rec.ver ); rec.type = ssl->out_msgtype; @@ -2341,8 +2375,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) memcpy( ssl->out_cid, rec.cid, rec.cid_len ); #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->out_msglen = len = rec.data_len; - ssl->out_len[0] = (unsigned char)( rec.data_len >> 8 ); - ssl->out_len[1] = (unsigned char)( rec.data_len ); + MBEDTLS_PUT_UINT16_BE( rec.data_len, ssl->out_len, 0 ); } protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl ); @@ -2914,12 +2947,11 @@ static int ssl_check_dtls_clihlo_cookie( /* Go back and fill length fields */ obuf[27] = (unsigned char)( *olen - 28 ); - obuf[14] = obuf[22] = (unsigned char)( ( *olen - 25 ) >> 16 ); - obuf[15] = obuf[23] = (unsigned char)( ( *olen - 25 ) >> 8 ); - obuf[16] = obuf[24] = (unsigned char)( ( *olen - 25 ) ); + obuf[14] = obuf[22] = MBEDTLS_BYTE_2( *olen - 25 ); + obuf[15] = obuf[23] = MBEDTLS_BYTE_1( *olen - 25 ); + obuf[16] = obuf[24] = MBEDTLS_BYTE_0( *olen - 25 ); - obuf[11] = (unsigned char)( ( *olen - 13 ) >> 8 ); - obuf[12] = (unsigned char)( ( *olen - 13 ) ); + MBEDTLS_PUT_UINT16_BE( *olen - 13, obuf, 11 ); return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); } @@ -3389,9 +3421,12 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl, #endif { unsigned i; - for( i = 8; i > mbedtls_ssl_ep_len( ssl ); i-- ) + for( i = MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; + i > mbedtls_ssl_ep_len( ssl ); i-- ) + { if( ++ssl->in_ctr[i - 1] != 0 ) break; + } /* The loop goes to its end iff the counter is wrapping */ if( i == mbedtls_ssl_ep_len( ssl ) ) @@ -4299,8 +4334,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) ssl->in_hdr[0] = rec.type; ssl->in_msg = rec.buf + rec.data_offset; ssl->in_msglen = rec.data_len; - ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 ); - ssl->in_len[1] = (unsigned char)( rec.data_len ); + MBEDTLS_PUT_UINT16_BE( rec.data_len, ssl->in_len, 0 ); return( 0 ); } @@ -4532,7 +4566,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - memset( ssl->in_ctr, 0, 8 ); + memset( ssl->in_ctr, 0, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN ); mbedtls_ssl_update_in_pointers( ssl ); @@ -4568,12 +4602,12 @@ void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl, { ssl->out_ctr = ssl->out_hdr + 3; #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl->out_cid = ssl->out_ctr + 8; + ssl->out_cid = ssl->out_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; ssl->out_len = ssl->out_cid; if( transform != NULL ) ssl->out_len += transform->out_cid_len; #else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - ssl->out_len = ssl->out_ctr + 8; + ssl->out_len = ssl->out_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->out_iv = ssl->out_len + 2; } @@ -4622,17 +4656,17 @@ void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl ) * ssl_parse_record_header(). */ ssl->in_ctr = ssl->in_hdr + 3; #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl->in_cid = ssl->in_ctr + 8; + ssl->in_cid = ssl->in_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; ssl->in_len = ssl->in_cid; /* Default: no CID */ #else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - ssl->in_len = ssl->in_ctr + 8; + ssl->in_len = ssl->in_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->in_iv = ssl->in_len + 2; } else #endif { - ssl->in_ctr = ssl->in_hdr - 8; + ssl->in_ctr = ssl->in_hdr - MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; ssl->in_len = ssl->in_hdr + 3; #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ssl->in_cid = ssl->in_len; @@ -4806,9 +4840,11 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) } in_ctr_cmp = memcmp( ssl->in_ctr + ep_len, - ssl->conf->renego_period + ep_len, 8 - ep_len ); - out_ctr_cmp = memcmp( ssl->cur_out_ctr + ep_len, - ssl->conf->renego_period + ep_len, 8 - ep_len ); + &ssl->conf->renego_period[ep_len], + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN - ep_len ); + out_ctr_cmp = memcmp( &ssl->cur_out_ctr[ep_len], + &ssl->conf->renego_period[ep_len], + sizeof( ssl->cur_out_ctr ) - ep_len ); if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 ) { @@ -5292,6 +5328,20 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ) mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) ); } +void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform ) +{ + ssl->transform_in = transform; + memset( ssl->in_ctr, 0, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN ); +} + +void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform ) +{ + ssl->transform_out = transform; + memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) ); +} + #if defined(MBEDTLS_SSL_PROTO_DTLS) void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl ) @@ -5380,4 +5430,48 @@ void mbedtls_ssl_read_version( int *major, int *minor, int transport, } } +/* + * Send pending fatal alert. + * 0, No alert message. + * !0, if mbedtls_ssl_send_alert_message() returned in error, the error code it + * returned, ssl->alert_reason otherwise. + */ +int mbedtls_ssl_handle_pending_alert( mbedtls_ssl_context *ssl ) +{ + int ret; + + /* No pending alert, return success*/ + if( ssl->send_alert == 0 ) + return( 0 ); + + ret = mbedtls_ssl_send_alert_message( ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + ssl->alert_type ); + + /* If mbedtls_ssl_send_alert_message() returned with MBEDTLS_ERR_SSL_WANT_WRITE, + * do not clear the alert to be able to send it later. + */ + if( ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + { + ssl->send_alert = 0; + } + + if( ret != 0 ) + return( ret ); + + return( ssl->alert_reason ); +} + +/* + * Set pending fatal alert flag. + */ +void mbedtls_ssl_pend_fatal_alert( mbedtls_ssl_context *ssl, + unsigned char alert_type, + int alert_reason ) +{ + ssl->send_alert = 1; + ssl->alert_type = alert_type; + ssl->alert_reason = alert_reason; +} + #endif /* MBEDTLS_SSL_TLS_C */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 2d2514e21d..5e2d1528d8 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1222,7 +1222,8 @@ read_record_header: return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } - memcpy( ssl->cur_out_ctr + 2, ssl->in_ctr + 2, 6 ); + memcpy( &ssl->cur_out_ctr[2], ssl->in_ctr + 2, + sizeof( ssl->cur_out_ctr ) - 2 ); #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 ) @@ -1850,8 +1851,7 @@ read_record_header: for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 ) for( i = 0; ciphersuites[i] != 0; i++ ) { - if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) || - p[1] != ( ( ciphersuites[i] ) & 0xFF ) ) + if( MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i] ) continue; got_common_suite = 1; @@ -1867,8 +1867,7 @@ read_record_header: for( i = 0; ciphersuites[i] != 0; i++ ) for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 ) { - if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) || - p[1] != ( ( ciphersuites[i] ) & 0xFF ) ) + if( MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i] ) continue; got_common_suite = 1; @@ -1972,12 +1971,11 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, * opaque cid<0..2^8-1>; * } ConnectionId; */ - - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_CID, p, 0 ); + p += 2; ext_len = (size_t) ssl->own_cid_len + 1; - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 ); + p += 2; *p++ = (uint8_t) ssl->own_cid_len; memcpy( p, ssl->own_cid, ssl->own_cid_len ); @@ -2018,8 +2016,8 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0 ); + p += 2; *p++ = 0x00; *p++ = 0x00; @@ -2044,8 +2042,8 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret " "extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0 ); + p += 2; *p++ = 0x00; *p++ = 0x00; @@ -2069,8 +2067,8 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0 ); + p += 2; *p++ = 0x00; *p++ = 0x00; @@ -2093,8 +2091,8 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, secure renegotiation extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0 ); + p += 2; #if defined(MBEDTLS_SSL_RENEGOTIATION) if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) @@ -2134,8 +2132,8 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0 ); + p += 2; *p++ = 0x00; *p++ = 1; @@ -2164,8 +2162,8 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0 ); + p += 2; *p++ = 0x00; *p++ = 2; @@ -2202,8 +2200,8 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0 ); + p += 2; ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, p + 2, end - p - 2, &kkpp_len, @@ -2214,8 +2212,8 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( kkpp_len ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( kkpp_len, p, 0 ); + p += 2; *olen = kkpp_len + 4; } @@ -2240,18 +2238,15 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, * 6 . 6 protocol name length * 7 . 7+n protocol name */ - buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); - buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, buf, 0); *olen = 7 + strlen( ssl->alpn_chosen ); - buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF ); - buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( *olen - 4, buf, 2 ); - buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF ); - buf[5] = (unsigned char)( ( ( *olen - 6 ) ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( *olen - 6, buf, 4 ); - buf[6] = (unsigned char)( ( ( *olen - 7 ) ) & 0xFF ); + buf[6] = MBEDTLS_BYTE_0( *olen - 7 ); memcpy( buf + 7, ssl->alpn_chosen, *olen - 7 ); } @@ -2296,15 +2291,13 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, } /* extension */ - buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF ); - buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_USE_SRTP, buf, 0 ); /* * total length 5 and mki value: only one profile(2 bytes) * and length(2 bytes) and srtp_mki ) */ ext_len = 5 + mki_len; - buf[2] = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - buf[3] = (unsigned char)( ext_len & 0xFF ); + MBEDTLS_PUT_UINT16_BE( ext_len, buf, 2 ); /* protection profile length: 2 */ buf[4] = 0x00; @@ -2313,8 +2306,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, ssl->dtls_srtp_info.chosen_dtls_srtp_profile ); if( profile_value != MBEDTLS_TLS_SRTP_UNSET ) { - buf[6] = (unsigned char)( ( profile_value >> 8 ) & 0xFF ); - buf[7] = (unsigned char)( profile_value & 0xFF ); + MBEDTLS_PUT_UINT16_BE( profile_value, buf, 6 ); } else { @@ -2496,10 +2488,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_HAVE_TIME) t = mbedtls_time( NULL ); - *p++ = (unsigned char)( t >> 24 ); - *p++ = (unsigned char)( t >> 16 ); - *p++ = (unsigned char)( t >> 8 ); - *p++ = (unsigned char)( t ); + MBEDTLS_PUT_UINT32_BE( t, p, 0 ); + p += 4; MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %" MBEDTLS_PRINTF_LONGLONG, (long long) t ) ); @@ -2580,9 +2570,9 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed", ssl->handshake->resume ? "a" : "no" ) ); - *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite >> 8 ); - *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite ); - *p++ = (unsigned char)( ssl->session_negotiate->compression ); + MBEDTLS_PUT_UINT16_BE( ssl->session_negotiate->ciphersuite, p, 0 ); + p += 2; + *p++ = MBEDTLS_BYTE_0( ssl->session_negotiate->compression ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) ); @@ -2650,9 +2640,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) if( ext_len > 0 ) { - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); - p += ext_len; + MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 ); + p += 2 + ext_len; } ssl->out_msglen = p - buf; @@ -2787,8 +2776,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) #endif } - p[0] = (unsigned char)( sa_len >> 8 ); - p[1] = (unsigned char)( sa_len ); + MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 ); sa_len += 2; p += sa_len; } @@ -2828,8 +2816,8 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) break; } - *p++ = (unsigned char)( dn_size >> 8 ); - *p++ = (unsigned char)( dn_size ); + MBEDTLS_PUT_UINT16_BE( dn_size, p, 0 ); + p += 2; memcpy( p, crt->subject_raw.p, dn_size ); p += dn_size; @@ -2843,8 +2831,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) ssl->out_msglen = p - buf; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST; - ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size >> 8 ); - ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size ); + MBEDTLS_PUT_UINT16_BE( total_dn_size, ssl->out_msg, 4 + ct_len + sa_len ); ret = mbedtls_ssl_write_handshake_msg( ssl ); @@ -3051,14 +3038,16 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, * } ServerECDHParams; */ const mbedtls_ecp_curve_info **curve = NULL; - const mbedtls_ecp_group_id *gid; + const uint16_t *group_list = mbedtls_ssl_get_groups( ssl ); int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; /* Match our preference list against the offered curves */ - for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ ) + if( group_list == NULL ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + for( ; *group_list != 0; group_list++ ) for( curve = ssl->handshake->curves; *curve != NULL; curve++ ) - if( (*curve)->grp_id == *gid ) + if( (*curve)->tls_id == *group_list ) goto curve_matching_done; curve_matching_done: @@ -3322,8 +3311,8 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) if( signature_len != 0 ) { - ssl->out_msg[ssl->out_msglen++] = (unsigned char)( signature_len >> 8 ); - ssl->out_msg[ssl->out_msglen++] = (unsigned char)( signature_len ); + ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_1( signature_len ); + ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_0( signature_len ); MBEDTLS_SSL_DEBUG_BUF( 3, "my signature", ssl->out_msg + ssl->out_msglen, @@ -3480,8 +3469,8 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } - if( *p++ != ( ( len >> 8 ) & 0xFF ) || - *p++ != ( ( len ) & 0xFF ) ) + if( *p++ != MBEDTLS_BYTE_1( len ) || + *p++ != MBEDTLS_BYTE_0( len ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); return( MBEDTLS_ERR_SSL_DECODE_ERROR ); @@ -4216,14 +4205,8 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl ) tlen = 0; } - ssl->out_msg[4] = ( lifetime >> 24 ) & 0xFF; - ssl->out_msg[5] = ( lifetime >> 16 ) & 0xFF; - ssl->out_msg[6] = ( lifetime >> 8 ) & 0xFF; - ssl->out_msg[7] = ( lifetime ) & 0xFF; - - ssl->out_msg[8] = (unsigned char)( ( tlen >> 8 ) & 0xFF ); - ssl->out_msg[9] = (unsigned char)( ( tlen ) & 0xFF ); - + MBEDTLS_PUT_UINT32_BE( lifetime, ssl->out_msg, 4 ); + MBEDTLS_PUT_UINT16_BE( tlen, ssl->out_msg, 8 ); ssl->out_msglen = 10 + tlen; /* @@ -4251,23 +4234,8 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) { int ret = 0; - if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "server state: %d", ssl->state ) ); - if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - return( ret ); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) - { - if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) - return( ret ); - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - switch( ssl->state ) { case MBEDTLS_SSL_HELLO_REQUEST: diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 940e1a67a2..e998111d93 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -138,16 +138,14 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, ctx->ticket_lifetime = lifetime; cipher_info = mbedtls_cipher_info_from_type( cipher); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - if( cipher_info->mode != MBEDTLS_MODE_GCM && - cipher_info->mode != MBEDTLS_MODE_CCM ) + if( mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_GCM && + mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_CCM ) { return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } - if( cipher_info->key_bitlen > 8 * MAX_KEY_BYTES ) + if( mbedtls_cipher_info_get_key_bitlen( cipher_info ) > 8 * MAX_KEY_BYTES ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -245,8 +243,7 @@ int mbedtls_ssl_ticket_write( void *p_ticket, { goto cleanup; } - state_len_bytes[0] = ( clear_len >> 8 ) & 0xff; - state_len_bytes[1] = ( clear_len ) & 0xff; + MBEDTLS_PUT_UINT16_BE( clear_len, state_len_bytes, 0 ); /* Encrypt and authenticate */ if( ( ret = mbedtls_cipher_auth_encrypt_ext( &key->ctx, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 61785294a7..d5e964bc02 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -588,7 +588,6 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_SSL_EXPORT_KEYS) static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf ) { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) @@ -609,7 +608,6 @@ static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf ) #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ return( MBEDTLS_SSL_TLS_PRF_NONE ); } -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf, const unsigned char *secret, size_t slen, @@ -661,18 +659,19 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *, * - [in] randbytes: buffer holding ServerHello.random + ClientHello.random * - [in] minor_ver: SSL/TLS minor version * - [in] endpoint: client or server - * - [in] ssl: optionally used for: - * - MBEDTLS_SSL_EXPORT_KEYS: ssl->conf->{f,p}_export_keys + * - [in] ssl: used for: + * - ssl->conf->{f,p}_export_keys + * [in] optionally used for: * - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg */ -static int ssl_populate_transform( mbedtls_ssl_transform *transform, +static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, int ciphersuite, const unsigned char master[48], -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \ + defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) int encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && + MBEDTLS_SSL_SOME_SUITES_USE_MAC */ ssl_tls_prf_t tls_prf, const unsigned char randbytes[64], int minor_ver, @@ -690,15 +689,18 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, unsigned char *mac_dec; size_t mac_key_len = 0; size_t iv_copy_len; - unsigned keylen; + size_t keylen; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; const mbedtls_cipher_info_t *cipher_info; const mbedtls_md_info_t *md_info; -#if !defined(MBEDTLS_SSL_EXPORT_KEYS) && \ - !defined(MBEDTLS_DEBUG_C) - ssl = NULL; /* make sure we don't use it except for those cases */ - (void) ssl; +#if !defined(MBEDTLS_DEBUG_C) && \ + !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + if( ssl->f_export_keys == NULL ) + { + ssl = NULL; /* make sure we don't use it except for these cases */ + (void) ssl; + } #endif /* @@ -714,6 +716,15 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) ); #endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + { + /* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform + * generation separate. This should never happen. */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + /* * Get various info structures */ @@ -781,14 +792,14 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, * Determine the appropriate key, IV and MAC length. */ - keylen = cipher_info->key_bitlen / 8; + keylen = mbedtls_cipher_info_get_key_bitlen( cipher_info ) / 8; #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) - if( cipher_info->mode == MBEDTLS_MODE_GCM || - cipher_info->mode == MBEDTLS_MODE_CCM || - cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY ) + if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_GCM || + mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CCM || + mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY ) { size_t explicit_ivlen; @@ -806,19 +817,10 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, * sequence number). */ transform->ivlen = 12; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) - { + if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY ) transform->fixed_ivlen = 12; - } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ - { - if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY ) - transform->fixed_ivlen = 12; - else - transform->fixed_ivlen = 4; - } + transform->fixed_ivlen = 4; /* Minimum length of encrypted record */ explicit_ivlen = transform->ivlen - transform->fixed_ivlen; @@ -827,8 +829,8 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - if( cipher_info->mode == MBEDTLS_MODE_STREAM || - cipher_info->mode == MBEDTLS_MODE_CBC ) + if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM || + mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC ) { /* Initialize HMAC contexts */ if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 || @@ -846,7 +848,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, transform->ivlen = cipher_info->iv_size; /* Minimum length */ - if( cipher_info->mode == MBEDTLS_MODE_STREAM ) + if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM ) transform->minlen = transform->maclen; else { @@ -961,8 +963,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, ((void) mac_dec); ((void) mac_enc); -#if defined(MBEDTLS_SSL_EXPORT_KEYS) - if( ssl->f_export_keys != NULL ) + if( ssl != NULL && ssl->f_export_keys != NULL ) { ssl->f_export_keys( ssl->p_export_keys, MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET, @@ -971,42 +972,26 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, randbytes, tls_prf_get_type( tls_prf ) ); } -#endif #if defined(MBEDTLS_USE_PSA_CRYPTO) - - /* Only use PSA-based ciphers for TLS-1.2. - * That's relevant at least for TLS-1.0, where - * we assume that mbedtls_cipher_crypt() updates - * the structure field for the IV, which the PSA-based - * implementation currently doesn't. */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) + ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_enc, + cipher_info, transform->taglen ); + if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) { - ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_enc, - cipher_info, transform->taglen ); - if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret ); - goto end; - } + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret ); + goto end; + } - if( ret == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based encryption cipher context" ) ); - psa_fallthrough = 0; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record encryption - fall through to default setup." ) ); - psa_fallthrough = 1; - } + if( ret == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based encryption cipher context" ) ); + psa_fallthrough = 0; } else + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record encryption - fall through to default setup." ) ); psa_fallthrough = 1; -#else - psa_fallthrough = 1; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + } if( psa_fallthrough == 1 ) #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -1018,38 +1003,24 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, } #if defined(MBEDTLS_USE_PSA_CRYPTO) - /* Only use PSA-based ciphers for TLS-1.2. - * That's relevant at least for TLS-1.0, where - * we assume that mbedtls_cipher_crypt() updates - * the structure field for the IV, which the PSA-based - * implementation currently doesn't. */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) + ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_dec, + cipher_info, transform->taglen ); + if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) { - ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_dec, - cipher_info, transform->taglen ); - if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret ); - goto end; - } + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret ); + goto end; + } - if( ret == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based decryption cipher context" ) ); - psa_fallthrough = 0; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record decryption - fall through to default setup." ) ); - psa_fallthrough = 1; - } + if( ret == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based decryption cipher context" ) ); + psa_fallthrough = 0; } else + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record decryption - fall through to default setup." ) ); psa_fallthrough = 1; -#else - psa_fallthrough = 1; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + } if( psa_fallthrough == 1 ) #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -1061,7 +1032,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, } if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1, - cipher_info->key_bitlen, + (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ), MBEDTLS_ENCRYPT ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); @@ -1069,7 +1040,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, } if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2, - cipher_info->key_bitlen, + (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ), MBEDTLS_DECRYPT ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); @@ -1077,7 +1048,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, } #if defined(MBEDTLS_CIPHER_MODE_CBC) - if( cipher_info->mode == MBEDTLS_MODE_CBC ) + if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC ) { if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc, MBEDTLS_PADDING_NONE ) ) != 0 ) @@ -1328,22 +1299,22 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) } /* Populate transform structure */ - ret = ssl_populate_transform( ssl->transform_negotiate, - ssl->session_negotiate->ciphersuite, - ssl->session_negotiate->master, -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - ssl->session_negotiate->encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - ssl->handshake->tls_prf, - ssl->handshake->randbytes, - ssl->minor_ver, - ssl->conf->endpoint, - ssl ); + ret = ssl_tls12_populate_transform( ssl->transform_negotiate, + ssl->session_negotiate->ciphersuite, + ssl->session_negotiate->master, +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \ + defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + ssl->session_negotiate->encrypt_then_mac, +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && + MBEDTLS_SSL_SOME_SUITES_USE_MAC */ + ssl->handshake->tls_prf, + ssl->handshake->randbytes, + ssl->minor_ver, + ssl->conf->endpoint, + ssl ); if( ret != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_populate_transform", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls12_populate_transform", ret ); return( ret ); } @@ -1488,8 +1459,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch if( end - p < 2 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - *(p++) = (unsigned char)( psk_len >> 8 ); - *(p++) = (unsigned char)( psk_len ); + MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 ); + p += 2; if( end < p || (size_t)( end - p ) < psk_len ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -1529,9 +1500,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); return( ret ); } - *(p++) = (unsigned char)( len >> 8 ); - *(p++) = (unsigned char)( len ); - p += len; + MBEDTLS_PUT_UINT16_BE( len, p, 0 ); + p += 2 + len; MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); } @@ -1551,9 +1521,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch return( ret ); } - *(p++) = (unsigned char)( zlen >> 8 ); - *(p++) = (unsigned char)( zlen ); - p += zlen; + MBEDTLS_PUT_UINT16_BE( zlen, p, 0 ); + p += 2 + zlen; MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, MBEDTLS_DEBUG_ECDH_Z ); @@ -1569,8 +1538,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch if( end - p < 2 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - *(p++) = (unsigned char)( psk_len >> 8 ); - *(p++) = (unsigned char)( psk_len ); + MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 ); + p += 2; if( end < p || (size_t)( end - p ) < psk_len ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -1747,17 +1716,17 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } - ssl->out_msg[i ] = (unsigned char)( n >> 16 ); - ssl->out_msg[i + 1] = (unsigned char)( n >> 8 ); - ssl->out_msg[i + 2] = (unsigned char)( n ); + ssl->out_msg[i ] = MBEDTLS_BYTE_2( n ); + ssl->out_msg[i + 1] = MBEDTLS_BYTE_1( n ); + ssl->out_msg[i + 2] = MBEDTLS_BYTE_0( n ); i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); i += n; crt = crt->next; } - ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 ); - ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 ); - ssl->out_msg[6] = (unsigned char)( ( i - 7 ) ); + ssl->out_msg[4] = MBEDTLS_BYTE_2( i - 7 ); + ssl->out_msg[5] = MBEDTLS_BYTE_1( i - 7 ); + ssl->out_msg[6] = MBEDTLS_BYTE_0( i - 7 ); ssl->out_msglen = i; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; @@ -2823,10 +2792,12 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) /* Remember current epoch settings for resending */ ssl->handshake->alt_transform_out = ssl->transform_out; - memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, 8 ); + memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, + sizeof( ssl->handshake->alt_out_ctr ) ); /* Set sequence_number to zero */ - memset( ssl->cur_out_ctr + 2, 0, 6 ); + memset( &ssl->cur_out_ctr[2], 0, sizeof( ssl->cur_out_ctr ) - 2 ); + /* Increment epoch */ for( i = 2; i > 0; i-- ) @@ -2842,7 +2813,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - memset( ssl->cur_out_ctr, 0, 8 ); + memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) ); ssl->transform_out = ssl->transform_negotiate; ssl->session_out = ssl->session_negotiate; @@ -3103,6 +3074,52 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) } #endif +/* + * curve_list is translated to IANA TLS group identifiers here because + * mbedtls_ssl_conf_curves returns void and so can't return + * any error codes. + */ +#if defined(MBEDTLS_ECP_C) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) + /* Heap allocate and translate curve_list from internal to IANA group ids */ + if ( ssl->conf->curve_list != NULL ) + { + size_t length; + const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list; + + for( length = 0; ( curve_list[length] != MBEDTLS_ECP_DP_NONE ) && + ( length < MBEDTLS_ECP_DP_MAX ); length++ ) {} + + /* Leave room for zero termination */ + uint16_t *group_list = mbedtls_calloc( length + 1, sizeof(uint16_t) ); + if ( group_list == NULL ) + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + + for( size_t i = 0; i < length; i++ ) + { + const mbedtls_ecp_curve_info *info = + mbedtls_ecp_curve_info_from_grp_id( curve_list[i] ); + if ( info == NULL ) + { + mbedtls_free( group_list ); + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + } + group_list[i] = info->tls_id; + } + + group_list[length] = 0; + + ssl->handshake->group_list = group_list; + ssl->handshake->group_list_heap_allocated = 1; + } + else + { + ssl->handshake->group_list = ssl->conf->group_list; + ssl->handshake->group_list_heap_allocated = 0; + } +#endif /* MBEDTLS_DEPRECATED_REMOVED */ +#endif /* MBEDTLS_ECP_C */ + return( 0 ); } @@ -3281,9 +3298,9 @@ error: * If partial is non-zero, keep data in the input buffer and client ID. * (Use when a DTLS client reconnects from the same port.) */ -int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) +static void ssl_session_reset_msg_layer( mbedtls_ssl_context *ssl, + int partial ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) size_t in_buf_len = ssl->in_buf_len; size_t out_buf_len = ssl->out_buf_len; @@ -3292,16 +3309,65 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; #endif -#if !defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) || \ - !defined(MBEDTLS_SSL_SRV_C) - ((void) partial); +#if !defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) || !defined(MBEDTLS_SSL_SRV_C) + partial = 0; #endif - ssl->state = MBEDTLS_SSL_HELLO_REQUEST; - /* Cancel any possibly running timer */ mbedtls_ssl_set_timer( ssl, 0 ); + mbedtls_ssl_reset_in_out_pointers( ssl ); + + /* Reset incoming message parsing */ + ssl->in_offt = NULL; + ssl->nb_zero = 0; + ssl->in_msgtype = 0; + ssl->in_msglen = 0; + ssl->in_hslen = 0; + ssl->keep_current_message = 0; + ssl->transform_in = NULL; + +#if defined(MBEDTLS_SSL_PROTO_DTLS) + ssl->next_record_offset = 0; + ssl->in_epoch = 0; +#endif + + /* Keep current datagram if partial == 1 */ + if( partial == 0 ) + { + ssl->in_left = 0; + memset( ssl->in_buf, 0, in_buf_len ); + } + + /* Reset outgoing message writing */ + ssl->out_msgtype = 0; + ssl->out_msglen = 0; + ssl->out_left = 0; + memset( ssl->out_buf, 0, out_buf_len ); + memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) ); + ssl->transform_out = NULL; + +#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) + mbedtls_ssl_dtls_replay_reset( ssl ); +#endif + + if( ssl->transform ) + { + mbedtls_ssl_transform_free( ssl->transform ); + mbedtls_free( ssl->transform ); + ssl->transform = NULL; + } +} + +int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + ssl->state = MBEDTLS_SSL_HELLO_REQUEST; + + ssl_session_reset_msg_layer( ssl, partial ); + + /* Reset renegotiation state */ #if defined(MBEDTLS_SSL_RENEGOTIATION) ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE; ssl->renego_records_seen = 0; @@ -3312,53 +3378,8 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) #endif ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION; - ssl->in_offt = NULL; - mbedtls_ssl_reset_in_out_pointers( ssl ); - - ssl->in_msgtype = 0; - ssl->in_msglen = 0; -#if defined(MBEDTLS_SSL_PROTO_DTLS) - ssl->next_record_offset = 0; - ssl->in_epoch = 0; -#endif -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - mbedtls_ssl_dtls_replay_reset( ssl ); -#endif - - ssl->in_hslen = 0; - ssl->nb_zero = 0; - - ssl->keep_current_message = 0; - - ssl->out_msgtype = 0; - ssl->out_msglen = 0; - ssl->out_left = 0; - - memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) ); - - ssl->transform_in = NULL; - ssl->transform_out = NULL; - - ssl->session_in = NULL; + ssl->session_in = NULL; ssl->session_out = NULL; - - memset( ssl->out_buf, 0, out_buf_len ); - -#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) - if( partial == 0 ) -#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ - { - ssl->in_left = 0; - memset( ssl->in_buf, 0, in_buf_len ); - } - - if( ssl->transform ) - { - mbedtls_ssl_transform_free( ssl->transform ); - mbedtls_free( ssl->transform ); - ssl->transform = NULL; - } - if( ssl->session ) { mbedtls_ssl_session_free( ssl->session ); @@ -3549,6 +3570,14 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, conf->ciphersuite_list = ciphersuites; } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) +void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config *conf, + const int kex_modes ) +{ + conf->tls13_kex_modes = kex_modes & MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL; +} +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + #if defined(MBEDTLS_X509_CRT_PARSE_C) void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, const mbedtls_x509_crt_profile *profile ) @@ -3934,19 +3963,48 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, { conf->sig_hashes = hashes; } + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) +/* Configure allowed signature algorithms for use in TLS 1.3 */ +void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf, + const uint16_t* sig_algs ) +{ + conf->tls13_sig_algs = sig_algs; +} +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_ECP_C) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) /* * Set the allowed elliptic curves + * + * mbedtls_ssl_setup() takes the provided list + * and translates it to a list of IANA TLS group identifiers, + * stored in ssl->handshake->group_list. + * */ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curve_list ) { conf->curve_list = curve_list; + conf->group_list = NULL; } +#endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_ECP_C */ +/* + * Set the allowed groups + */ +void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf, + const uint16_t *group_list ) +{ +#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) + conf->curve_list = NULL; +#endif + conf->group_list = group_list; +} + #if defined(MBEDTLS_X509_CRT_PARSE_C) int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) { @@ -4211,7 +4269,6 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, #endif #endif /* MBEDTLS_SSL_SESSION_TICKETS */ -#if defined(MBEDTLS_SSL_EXPORT_KEYS) void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl, mbedtls_ssl_export_keys_t *f_export_keys, void *p_export_keys ) @@ -4219,7 +4276,6 @@ void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl, ssl->f_export_keys = f_export_keys; ssl->p_export_keys = p_export_keys; } -#endif #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) void mbedtls_ssl_conf_async_private_cb( @@ -4570,8 +4626,8 @@ static unsigned char ssl_serialized_session_header[] = { MBEDTLS_VERSION_MAJOR, MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH, - ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 8 ) & 0xFF, - ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 0 ) & 0xFF, + MBEDTLS_BYTE_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ), + MBEDTLS_BYTE_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ), }; /* @@ -4652,14 +4708,8 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session, { start = (uint64_t) session->start; - *p++ = (unsigned char)( ( start >> 56 ) & 0xFF ); - *p++ = (unsigned char)( ( start >> 48 ) & 0xFF ); - *p++ = (unsigned char)( ( start >> 40 ) & 0xFF ); - *p++ = (unsigned char)( ( start >> 32 ) & 0xFF ); - *p++ = (unsigned char)( ( start >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( start >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( start >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( start ) & 0xFF ); + MBEDTLS_PUT_UINT64_BE( start, p, 0 ); + p += 8; } #endif /* MBEDTLS_HAVE_TIME */ @@ -4675,22 +4725,20 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session, if( used <= buf_len ) { - *p++ = (unsigned char)( ( session->ciphersuite >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ciphersuite ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( session->ciphersuite, p, 0 ); + p += 2; - *p++ = (unsigned char)( session->compression & 0xFF ); + *p++ = MBEDTLS_BYTE_0( session->compression ); - *p++ = (unsigned char)( session->id_len & 0xFF ); + *p++ = MBEDTLS_BYTE_0( session->id_len ); memcpy( p, session->id, 32 ); p += 32; memcpy( p, session->master, 48 ); p += 48; - *p++ = (unsigned char)( ( session->verify_result >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( session->verify_result >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session->verify_result >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session->verify_result ) & 0xFF ); + MBEDTLS_PUT_UINT32_BE( session->verify_result, p, 0 ); + p += 4; } /* @@ -4707,9 +4755,9 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session, if( used <= buf_len ) { - *p++ = (unsigned char)( ( cert_len >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( cert_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( cert_len ) & 0xFF ); + *p++ = MBEDTLS_BYTE_2( cert_len ); + *p++ = MBEDTLS_BYTE_1( cert_len ); + *p++ = MBEDTLS_BYTE_0( cert_len ); if( session->peer_cert != NULL ) { @@ -4750,9 +4798,9 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session, if( used <= buf_len ) { - *p++ = (unsigned char)( ( session->ticket_len >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_len ) & 0xFF ); + *p++ = MBEDTLS_BYTE_2( session->ticket_len ); + *p++ = MBEDTLS_BYTE_1( session->ticket_len ); + *p++ = MBEDTLS_BYTE_0( session->ticket_len ); if( session->ticket != NULL ) { @@ -4760,10 +4808,8 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session, p += session->ticket_len; } - *p++ = (unsigned char)( ( session->ticket_lifetime >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_lifetime >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_lifetime >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_lifetime ) & 0xFF ); + MBEDTLS_PUT_UINT32_BE( session->ticket_lifetime, p, 0 ); + p += 4; } #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ @@ -4781,7 +4827,7 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session, used += 1; if( used <= buf_len ) - *p++ = (unsigned char)( ( session->encrypt_then_mac ) & 0xFF ); + *p++ = MBEDTLS_BYTE_0( session->encrypt_then_mac ); #endif return( used ); @@ -5127,19 +5173,51 @@ int mbedtls_ssl_session_load( mbedtls_ssl_session *session, /* * Perform a single step of the SSL handshake */ +static int ssl_prepare_handshake_step( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) + return( ret ); + +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) + { + if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) + return( ret ); + } +#endif /* MBEDTLS_SSL_PROTO_DTLS */ + + return( ret ); +} + int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ssl == NULL || ssl->conf == NULL ) + if( ssl == NULL || + ssl->conf == NULL || + ssl->handshake == NULL || + ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) + { return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + ret = ssl_prepare_handshake_step( ssl ); + if( ret != 0 ) + return( ret ); + + ret = mbedtls_ssl_handle_pending_alert( ssl ); + if( ret != 0 ) + goto cleanup; #if defined(MBEDTLS_SSL_CLI_C) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) { #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) ) - ret = mbedtls_ssl_handshake_client_step_tls1_3( ssl ); + ret = mbedtls_ssl_tls13_handshake_client_step( ssl ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) @@ -5153,7 +5231,7 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) ) - ret = mbedtls_ssl_handshake_server_step_tls1_3( ssl ); + ret = mbedtls_ssl_tls13_handshake_server_step( ssl ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) @@ -5163,6 +5241,19 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) } #endif + if( ret != 0 ) + { + /* handshake_step return error. And it is same + * with alert_reason. + */ + if( ssl->send_alert ) + { + ret = mbedtls_ssl_handle_pending_alert( ssl ); + goto cleanup; + } + } + +cleanup: return( ret ); } @@ -5355,6 +5446,14 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) if( handshake == NULL ) return; +#if defined(MBEDTLS_ECP_C) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) + if ( ssl->handshake->group_list_heap_allocated ) + mbedtls_free( (void*) handshake->group_list ); + handshake->group_list = NULL; +#endif /* MBEDTLS_DEPRECATED_REMOVED */ +#endif /* MBEDTLS_ECP_C */ + #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 ) { @@ -5453,8 +5552,13 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) psa_destroy_key( handshake->ecdh_psa_privkey ); #endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_platform_zeroize( handshake, - sizeof( mbedtls_ssl_handshake_params ) ); +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + mbedtls_ssl_transform_free( handshake->transform_handshake ); + mbedtls_ssl_transform_free( handshake->transform_earlydata ); + mbedtls_free( handshake->transform_earlydata ); + mbedtls_free( handshake->transform_handshake ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) /* If the buffers are too big - reallocate. Because of the way Mbed TLS @@ -5464,6 +5568,10 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) handle_buffer_resizing( ssl, 1, mbedtls_ssl_get_input_buflen( ssl ), mbedtls_ssl_get_output_buflen( ssl ) ); #endif + + /* mbedtls_platform_zeroize MUST be last one in this function */ + mbedtls_platform_zeroize( handshake, + sizeof( mbedtls_ssl_handshake_params ) ); } void mbedtls_ssl_session_free( mbedtls_ssl_session *session ) @@ -5521,11 +5629,11 @@ static unsigned char ssl_serialized_context_header[] = { MBEDTLS_VERSION_MAJOR, MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH, - ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 8 ) & 0xFF, - ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 0 ) & 0xFF, - ( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >> 16 ) & 0xFF, - ( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >> 8 ) & 0xFF, - ( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >> 0 ) & 0xFF, + MBEDTLS_BYTE_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ), + MBEDTLS_BYTE_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ), + MBEDTLS_BYTE_2( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ), + MBEDTLS_BYTE_1( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ), + MBEDTLS_BYTE_0( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ), }; /* @@ -5666,10 +5774,8 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, used += 4 + session_len; if( used <= buf_len ) { - *p++ = (unsigned char)( ( session_len >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( session_len >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session_len ) & 0xFF ); + MBEDTLS_PUT_UINT32_BE( session_len, p, 0 ); + p += 4; ret = ssl_session_save( ssl->session, 1, p, session_len, &session_len ); @@ -5710,33 +5816,19 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, used += 4; if( used <= buf_len ) { - *p++ = (unsigned char)( ( ssl->badmac_seen >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->badmac_seen >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->badmac_seen >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->badmac_seen ) & 0xFF ); + MBEDTLS_PUT_UINT32_BE( ssl->badmac_seen, p, 0 ); + p += 4; } #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) used += 16; if( used <= buf_len ) { - *p++ = (unsigned char)( ( ssl->in_window_top >> 56 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top >> 48 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top >> 40 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top >> 32 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top ) & 0xFF ); + MBEDTLS_PUT_UINT64_BE( ssl->in_window_top, p, 0 ); + p += 8; - *p++ = (unsigned char)( ( ssl->in_window >> 56 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window >> 48 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window >> 40 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window >> 32 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window ) & 0xFF ); + MBEDTLS_PUT_UINT64_BE( ssl->in_window, p, 0 ); + p += 8; } #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ @@ -5748,19 +5840,19 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - used += 8; + used += MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; if( used <= buf_len ) { - memcpy( p, ssl->cur_out_ctr, 8 ); - p += 8; + memcpy( p, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN ); + p += MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; } #if defined(MBEDTLS_SSL_PROTO_DTLS) used += 2; if( used <= buf_len ) { - *p++ = (unsigned char)( ( ssl->mtu >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->mtu ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( ssl->mtu, p, 0 ); + p += 2; } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -5924,14 +6016,14 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - ret = ssl_populate_transform( ssl->transform, + ret = ssl_tls12_populate_transform( ssl->transform, ssl->session->ciphersuite, ssl->session->master, -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \ + defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) ssl->session->encrypt_then_mac, -#endif -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && + MBEDTLS_SSL_SOME_SUITES_USE_MAC */ ssl_tls12prf_from_cs( ssl->session->ciphersuite ), p, /* currently pointing to randbytes */ MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */ @@ -6008,11 +6100,10 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, ssl->disable_datagram_packing = *p++; #endif /* MBEDTLS_SSL_PROTO_DTLS */ - if( (size_t)( end - p ) < 8 ) + if( (size_t)( end - p ) < sizeof( ssl->cur_out_ctr ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - memcpy( ssl->cur_out_ctr, p, 8 ); - p += 8; + memcpy( ssl->cur_out_ctr, p, sizeof( ssl->cur_out_ctr ) ); + p += sizeof( ssl->cur_out_ctr ); #if defined(MBEDTLS_SSL_PROTO_DTLS) if( (size_t)( end - p ) < 2 ) @@ -6162,6 +6253,11 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) mbedtls_free( ssl->session_negotiate ); } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + mbedtls_ssl_transform_free( ssl->transform_application ); + mbedtls_free( ssl->transform_application ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + if( ssl->session ) { mbedtls_ssl_session_free( ssl->session ); @@ -6214,41 +6310,39 @@ static int ssl_preset_default_hashes[] = { }; #endif -#if defined(MBEDTLS_ECP_C) /* The selection should be the same as mbedtls_x509_crt_profile_default in * x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters: * curves with a lower resource usage come first. * See the documentation of mbedtls_ssl_conf_curves() for what we promise * about this list. */ -static mbedtls_ecp_group_id ssl_preset_default_curves[] = { +static uint16_t ssl_preset_default_groups[] = { #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - MBEDTLS_ECP_DP_CURVE25519, + MBEDTLS_SSL_IANA_TLS_GROUP_X25519, #endif #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - MBEDTLS_ECP_DP_SECP256R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, #endif #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - MBEDTLS_ECP_DP_SECP384R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, #endif #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - MBEDTLS_ECP_DP_CURVE448, + MBEDTLS_SSL_IANA_TLS_GROUP_X448, #endif #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) - MBEDTLS_ECP_DP_SECP521R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, #endif #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) - MBEDTLS_ECP_DP_BP256R1, + MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, #endif #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) - MBEDTLS_ECP_DP_BP384R1, + MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, #endif #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) - MBEDTLS_ECP_DP_BP512R1, + MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, #endif - MBEDTLS_ECP_DP_NONE + MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; -#endif static int ssl_preset_suiteb_ciphersuites[] = { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, @@ -6262,19 +6356,48 @@ static int ssl_preset_suiteb_hashes[] = { MBEDTLS_MD_SHA384, MBEDTLS_MD_NONE }; + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) +static uint16_t ssl_preset_default_sig_algs[] = { + /* ECDSA algorithms */ +#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) + MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256, +#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) + MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384, +#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) + MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512, +#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ +#endif /* MBEDTLS_ECDSA_C */ + MBEDTLS_TLS13_SIG_NONE +}; + +static uint16_t ssl_preset_suiteb_sig_algs[] = { + /* ECDSA algorithms */ +#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) + MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256, +#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) + MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384, +#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +#endif /* MBEDTLS_ECDSA_C */ + MBEDTLS_TLS13_SIG_NONE +}; +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif -#if defined(MBEDTLS_ECP_C) -static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = { +static uint16_t ssl_preset_suiteb_groups[] = { #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - MBEDTLS_ECP_DP_SECP256R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, #endif #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - MBEDTLS_ECP_DP_SECP384R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, #endif - MBEDTLS_ECP_DP_NONE + MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; -#endif /* * Load default in mbedtls_ssl_config @@ -6338,22 +6461,29 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) - if( endpoint == MBEDTLS_SSL_IS_SERVER ) - { - const unsigned char dhm_p[] = - MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN; - const unsigned char dhm_g[] = - MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; + if( endpoint == MBEDTLS_SSL_IS_SERVER ) + { + const unsigned char dhm_p[] = + MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN; + const unsigned char dhm_g[] = + MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; - if ( ( ret = mbedtls_ssl_conf_dh_param_bin( conf, - dhm_p, sizeof( dhm_p ), - dhm_g, sizeof( dhm_g ) ) ) != 0 ) - { - return( ret ); - } - } + if ( ( ret = mbedtls_ssl_conf_dh_param_bin( conf, + dhm_p, sizeof( dhm_p ), + dhm_g, sizeof( dhm_g ) ) ) != 0 ) + { + return( ret ); + } + } #endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + /* + * Allow all TLS 1.3 key exchange modes by default. + */ + conf->tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL; +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + /* * Preset-specific defaults */ @@ -6376,11 +6506,15 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) conf->sig_hashes = ssl_preset_suiteb_hashes; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + conf->tls13_sig_algs = ssl_preset_suiteb_sig_algs; +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif -#if defined(MBEDTLS_ECP_C) - conf->curve_list = ssl_preset_suiteb_curves; +#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) + conf->curve_list = NULL; #endif + conf->group_list = ssl_preset_suiteb_groups; break; /* @@ -6410,11 +6544,15 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) conf->sig_hashes = ssl_preset_default_hashes; -#endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + conf->tls13_sig_algs = ssl_preset_default_sig_algs; +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_ECP_C) - conf->curve_list = ssl_preset_default_curves; +#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) + conf->curve_list = NULL; #endif + conf->group_list = ssl_preset_default_groups; #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) conf->dhm_min_bitlen = 1024; @@ -6638,14 +6776,17 @@ unsigned char mbedtls_ssl_hash_from_md_alg( int md ) */ int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ) { - const mbedtls_ecp_group_id *gid; + const uint16_t *group_list = mbedtls_ssl_get_groups( ssl ); - if( ssl->conf->curve_list == NULL ) + if( group_list == NULL ) return( -1 ); + uint16_t tls_id = mbedtls_ecp_curve_info_from_grp_id(grp_id)->tls_id; - for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ ) - if( *gid == grp_id ) + for( ; *group_list != 0; group_list++ ) + { + if( *group_list == tls_id ) return( 0 ); + } return( -1 ); } @@ -6902,4 +7043,106 @@ exit: #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) +int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl, + const mbedtls_md_type_t md, + unsigned char *dst, + size_t dst_len, + size_t *olen ) +{ + ((void) ssl); + ((void) md); + ((void) dst); + ((void) dst_len); + *olen = 0; + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); +} +#else /* MBEDTLS_USE_PSA_CRYPTO */ + +#if defined(MBEDTLS_SHA384_C) +static int ssl_get_handshake_transcript_sha384( mbedtls_ssl_context *ssl, + unsigned char *dst, + size_t dst_len, + size_t *olen ) +{ + int ret; + mbedtls_sha512_context sha512; + + if( dst_len < 48 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + mbedtls_sha512_init( &sha512 ); + mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); + + if( ( ret = mbedtls_sha512_finish( &sha512, dst ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha512_finish", ret ); + goto exit; + } + + *olen = 48; + +exit: + + mbedtls_sha512_free( &sha512 ); + return( ret ); +} +#endif /* MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_SHA256_C) +static int ssl_get_handshake_transcript_sha256( mbedtls_ssl_context *ssl, + unsigned char *dst, + size_t dst_len, + size_t *olen ) +{ + int ret; + mbedtls_sha256_context sha256; + + if( dst_len < 32 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + mbedtls_sha256_init( &sha256 ); + mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); + + if( ( ret = mbedtls_sha256_finish( &sha256, dst ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha256_finish", ret ); + goto exit; + } + + *olen = 32; + +exit: + + mbedtls_sha256_free( &sha256 ); + return( ret ); +} +#endif /* MBEDTLS_SHA256_C */ + +int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl, + const mbedtls_md_type_t md, + unsigned char *dst, + size_t dst_len, + size_t *olen ) +{ + switch( md ) + { + +#if defined(MBEDTLS_SHA384_C) + case MBEDTLS_MD_SHA384: + return( ssl_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) ); +#endif /* MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_SHA256_C) + case MBEDTLS_MD_SHA256: + return( ssl_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) ); +#endif /* MBEDTLS_SHA256_C */ + + default: + break; + } + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +} +#endif /* !MBEDTLS_USE_PSA_CRYPTO */ + #endif /* MBEDTLS_SSL_TLS_C */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 368b5572db..d848415316 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -25,13 +25,1701 @@ #if defined(MBEDTLS_SSL_CLI_C) -#include "ssl_misc.h" +#include -int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) +#include "mbedtls/debug.h" +#include "mbedtls/error.h" +#include "mbedtls/platform.h" + +#include "ssl_misc.h" +#include "ecdh_misc.h" +#include "ssl_tls13_keys.h" + +/* Write extensions */ + +/* + * ssl_tls13_write_supported_versions_ext(): + * + * struct { + * ProtocolVersion versions<2..254>; + * } SupportedVersions; + */ +static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) +{ + unsigned char *p = buf; + + *olen = 0; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported versions extension" ) ); + + /* Check if we have space to write the extension: + * - extension_type (2 bytes) + * - extension_data_length (2 bytes) + * - versions_length (1 byte ) + * - versions (2 bytes) + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 ); + + /* Write extension_type */ + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0 ); + + /* Write extension_data_length */ + MBEDTLS_PUT_UINT16_BE( 3, p, 2 ); + p += 4; + + /* Length of versions */ + *p++ = 0x2; + + /* Write values of supported versions. + * + * They are defined by the configuration. + * + * Currently, only one version is advertised. + */ + mbedtls_ssl_write_version( ssl->conf->max_major_ver, + ssl->conf->max_minor_ver, + ssl->conf->transport, p ); + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [%d:%d]", + ssl->conf->max_major_ver, + ssl->conf->max_minor_ver ) ); + + *olen = 7; + + return( 0 ); +} + +static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end ) { ((void) ssl); + + MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2); + if( buf[0] != MBEDTLS_SSL_MAJOR_VERSION_3 || + buf[1] != MBEDTLS_SSL_MINOR_VERSION_4 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "unexpected version" ) ); + + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + } + + return( 0 ); +} + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + +/* + * Functions for writing supported_groups extension. + * + * Stucture of supported_groups: + * enum { + * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019), + * x25519(0x001D), x448(0x001E), + * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102), + * ffdhe6144(0x0103), ffdhe8192(0x0104), + * ffdhe_private_use(0x01FC..0x01FF), + * ecdhe_private_use(0xFE00..0xFEFF), + * (0xFFFF) + * } NamedGroup; + * struct { + * NamedGroup named_group_list<2..2^16-1>; + * } NamedGroupList; + */ +#if defined(MBEDTLS_ECDH_C) +/* + * In versions of TLS prior to TLS 1.3, this extension was named + * 'elliptic_curves' and only contained elliptic curve groups. + */ +static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) +{ + unsigned char *p = buf; + + *olen = 0; + + const uint16_t *group_list = mbedtls_ssl_get_groups( ssl ); + + if( group_list == NULL ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + + for ( ; *group_list != 0; group_list++ ) + { + const mbedtls_ecp_curve_info *info; + info = mbedtls_ecp_curve_info_from_tls_id( *group_list ); + if( info == NULL ) + continue; + + if( !mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) ) + continue; + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2); + MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 ); + p += 2; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )", + info->name, *group_list ) ); + } + + *olen = p - buf; + + return( 0 ); +} +#else +static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) +{ + ((void) ssl); + ((void) buf); + ((void) end); + *olen = 0; return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } +#endif /* MBEDTLS_ECDH_C */ + +static int ssl_tls13_write_named_group_list_dhe( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) +{ + ((void) ssl); + ((void) buf); + ((void) end); + *olen = 0; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "write_named_group_dhe is not implemented" ) ); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); +} + +static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) +{ + unsigned char *p = buf ; + unsigned char *named_group_list_ptr; /* Start of named_group_list */ + size_t named_group_list_len; /* Length of named_group_list */ + size_t output_len = 0; + int ret_ecdhe, ret_dhe; + + *olen = 0; + + if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) + return( 0 ); + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_groups extension" ) ); + + /* Check if we have space for header and length fields: + * - extension_type (2 bytes) + * - extension_data_length (2 bytes) + * - named_group_list_length (2 bytes) + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); + p += 6; + + named_group_list_ptr = p; + ret_ecdhe = ssl_tls13_write_named_group_list_ecdhe( ssl, p, end, &output_len ); + if( ret_ecdhe != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_ecdhe", ret_ecdhe ); + } + p += output_len; + + ret_dhe = ssl_tls13_write_named_group_list_dhe( ssl, p, end, &output_len ); + if( ret_dhe != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_dhe", ret_dhe ); + } + p += output_len; + + /* Both ECDHE and DHE failed. */ + if( ret_ecdhe != 0 && ret_dhe != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Both ECDHE and DHE groups are fail. " ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + /* Length of named_group_list*/ + named_group_list_len = p - named_group_list_ptr; + if( named_group_list_len == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "No group available." ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + /* Write extension_type */ + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0 ); + /* Write extension_data_length */ + MBEDTLS_PUT_UINT16_BE( named_group_list_len + 2, buf, 2 ); + /* Write length of named_group_list */ + MBEDTLS_PUT_UINT16_BE( named_group_list_len, buf, 4 ); + + MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension", buf + 4, named_group_list_len + 2 ); + + *olen = p - buf; + + ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS; + + return( 0 ); +} + +/* + * Functions for writing key_share extension. + */ +#if defined(MBEDTLS_ECDH_C) +static int ssl_tls13_generate_and_write_ecdh_key_exchange( + mbedtls_ssl_context *ssl, + uint16_t named_group, + unsigned char *buf, + unsigned char *end, + size_t *olen ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_tls_id( named_group ); + + if( curve_info == NULL ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "offer curve %s", curve_info->name ) ); + + if( ( ret = mbedtls_ecdh_setup_no_everest( &ssl->handshake->ecdh_ctx, + curve_info->grp_id ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_setup_no_everest", ret ); + return( ret ); + } + + ret = mbedtls_ecdh_tls13_make_params( &ssl->handshake->ecdh_ctx, olen, + buf, end - buf, + ssl->conf->f_rng, ssl->conf->p_rng ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_tls13_make_params", ret ); + return( ret ); + } + + MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Q ); + return( 0 ); +} +#endif /* MBEDTLS_ECDH_C */ + +static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl, + uint16_t *group_id ) +{ + int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + + +#if defined(MBEDTLS_ECDH_C) + const uint16_t *group_list = mbedtls_ssl_get_groups( ssl ); + /* Pick first available ECDHE group compatible with TLS 1.3 */ + if( group_list == NULL ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + + for ( ; *group_list != 0; group_list++ ) + { + const mbedtls_ecp_curve_info *info; + info = mbedtls_ecp_curve_info_from_tls_id( *group_list ); + if( info != NULL && + mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) ) + { + *group_id = *group_list; + return( 0 ); + } + } +#else + ((void) ssl); + ((void) group_id); +#endif /* MBEDTLS_ECDH_C */ + + /* + * Add DHE named groups here. + * Pick first available DHE group compatible with TLS 1.3 + */ + + return( ret ); +} + +/* + * ssl_tls13_write_key_share_ext + * + * Structure of key_share extension in ClientHello: + * + * struct { + * NamedGroup group; + * opaque key_exchange<1..2^16-1>; + * } KeyShareEntry; + * struct { + * KeyShareEntry client_shares<0..2^16-1>; + * } KeyShareClientHello; + */ +static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) +{ + unsigned char *p = buf; + unsigned char *client_shares_ptr; /* Start of client_shares */ + size_t client_shares_len; /* Length of client_shares */ + uint16_t group_id; + int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + + *olen = 0; + + if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) + return( 0 ); + + /* Check if we have space for header and length fields: + * - extension_type (2 bytes) + * - extension_data_length (2 bytes) + * - client_shares_length (2 bytes) + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); + p += 6; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello: adding key share extension" ) ); + + /* HRR could already have requested something else. */ + group_id = ssl->handshake->offered_group_id; + if( !mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) && + !mbedtls_ssl_tls13_named_group_is_dhe( group_id ) ) + { + MBEDTLS_SSL_PROC_CHK( ssl_tls13_get_default_group_id( ssl, + &group_id ) ); + } + + /* + * Dispatch to type-specific key generation function. + * + * So far, we're only supporting ECDHE. With the introduction + * of PQC KEMs, we'll want to have multiple branches, one per + * type of KEM, and dispatch to the corresponding crypto. And + * only one key share entry is allowed. + */ + client_shares_ptr = p; +#if defined(MBEDTLS_ECDH_C) + if( mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) ) + { + /* Pointer to group */ + unsigned char *group_ptr = p; + /* Length of key_exchange */ + size_t key_exchange_len; + + /* Check there is space for header of KeyShareEntry + * - group (2 bytes) + * - key_exchange_length (2 bytes) + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); + p += 4; + ret = ssl_tls13_generate_and_write_ecdh_key_exchange( ssl, group_id, + p, end, + &key_exchange_len ); + p += key_exchange_len; + if( ret != 0 ) + return( ret ); + + /* Write group */ + MBEDTLS_PUT_UINT16_BE( group_id, group_ptr, 0 ); + /* Write key_exchange_length */ + MBEDTLS_PUT_UINT16_BE( key_exchange_len, group_ptr, 2 ); + } + else +#endif /* MBEDTLS_ECDH_C */ + if( 0 /* other KEMs? */ ) + { + /* Do something */ + } + else + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + /* Length of client_shares */ + client_shares_len = p - client_shares_ptr; + if( client_shares_len == 0) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "No key share defined." ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + /* Write extension_type */ + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0 ); + /* Write extension_data_length */ + MBEDTLS_PUT_UINT16_BE( client_shares_len + 2, buf, 2 ); + /* Write client_shares_length */ + MBEDTLS_PUT_UINT16_BE( client_shares_len, buf, 4 ); + + /* Update offered_group_id field */ + ssl->handshake->offered_group_id = group_id; + + /* Output the total length of key_share extension. */ + *olen = p - buf; + + MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, key_share extension", buf, *olen ); + + ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE; + +cleanup: + + return( ret ); +} + +#if defined(MBEDTLS_ECDH_C) + +static int ssl_tls13_check_ecdh_params( const mbedtls_ssl_context *ssl ) +{ + const mbedtls_ecp_curve_info *curve_info; + mbedtls_ecp_group_id grp_id; +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + grp_id = ssl->handshake->ecdh_ctx.grp.id; +#else + grp_id = ssl->handshake->ecdh_ctx.grp_id; +#endif + + curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id ); + if( curve_info == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) ); + + if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 ) + return( -1 ); + + MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_QP ); + + return( 0 ); +} + +static int ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t buf_len ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + ret = mbedtls_ecdh_tls13_read_public( &ssl->handshake->ecdh_ctx, + buf, buf_len ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_tls13_read_public" ), ret ); + + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + } + + if( ssl_tls13_check_ecdh_params( ssl ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "ssl_tls13_check_ecdh_params() failed!" ) ); + + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + } + + return( 0 ); +} +#endif /* MBEDTLS_ECDH_C */ + +/* + * ssl_tls13_parse_key_share_ext() + * Parse key_share extension in Server Hello + * + * struct { + * KeyShareEntry server_share; + * } KeyShareServerHello; + * struct { + * NamedGroup group; + * opaque key_exchange<1..2^16-1>; + * } KeyShareEntry; + */ +static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + const unsigned char *p = buf; + uint16_t group, offered_group; + + /* ... + * NamedGroup group; (2 bytes) + * ... + */ + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); + group = MBEDTLS_GET_UINT16_BE( p, 0 ); + p += 2; + + /* Check that the chosen group matches the one we offered. */ + offered_group = ssl->handshake->offered_group_id; + if( offered_group != group ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "Invalid server key share, our group %u, their group %u", + (unsigned) offered_group, (unsigned) group ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + +#if defined(MBEDTLS_ECDH_C) + if( mbedtls_ssl_tls13_named_group_is_ecdhe( group ) ) + { + /* Complete ECDHE key agreement */ + ret = ssl_tls13_read_public_ecdhe_share( ssl, p, end - p ); + if( ret != 0 ) + return( ret ); + } + else +#endif /* MBEDTLS_ECDH_C */ + if( 0 /* other KEMs? */ ) + { + /* Do something */ + } + else + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE; + return( ret ); +} + +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + +/* Write cipher_suites + * CipherSuite cipher_suites<2..2^16-2>; + */ +static int ssl_tls13_write_client_hello_cipher_suites( + mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) +{ + unsigned char *p = buf; + const int *ciphersuite_list; + unsigned char *cipher_suites_ptr; /* Start of the cipher_suites list */ + size_t cipher_suites_len; + + *olen = 0 ; + + /* + * Ciphersuite list + * + * This is a list of the symmetric cipher options supported by + * the client, specifically the record protection algorithm + * ( including secret key length ) and a hash to be used with + * HKDF, in descending order of client preference. + */ + ciphersuite_list = ssl->conf->ciphersuite_list; + + /* Check there is space for the cipher suite list length (2 bytes). */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + p += 2; + + /* Write cipher_suites */ + cipher_suites_ptr = p; + for ( size_t i = 0; ciphersuite_list[i] != 0; i++ ) + { + int cipher_suite = ciphersuite_list[i]; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; + + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); + if( ciphersuite_info == NULL ) + continue; + if( !( MBEDTLS_SSL_MINOR_VERSION_4 >= ciphersuite_info->min_minor_ver && + MBEDTLS_SSL_MINOR_VERSION_4 <= ciphersuite_info->max_minor_ver ) ) + continue; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s", + (unsigned int) cipher_suite, + ciphersuite_info->name ) ); + + /* Check there is space for the cipher suite identifier (2 bytes). */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + MBEDTLS_PUT_UINT16_BE( cipher_suite, p, 0 ); + p += 2; + } + + /* Write the cipher_suites length in number of bytes */ + cipher_suites_len = p - cipher_suites_ptr; + MBEDTLS_PUT_UINT16_BE( cipher_suites_len, buf, 0 ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, got %" MBEDTLS_PRINTF_SIZET " cipher suites", + cipher_suites_len/2 ) ); + + /* Output the total length of cipher_suites field. */ + *olen = p - buf; + + return( 0 ); +} + +/* + * Structure of ClientHello message: + * + * struct { + * ProtocolVersion legacy_version = 0x0303; // TLS v1.2 + * Random random; + * opaque legacy_session_id<0..32>; + * CipherSuite cipher_suites<2..2^16-2>; + * opaque legacy_compression_methods<1..2^8-1>; + * Extension extensions<8..2^16-1>; + * } ClientHello; + */ +static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) +{ + + int ret; + unsigned char *extensions_len_ptr; /* Pointer to extensions length */ + size_t output_len; /* Length of buffer used by function */ + size_t extensions_len; /* Length of the list of extensions*/ + + /* Buffer management */ + unsigned char *p = buf; + + *olen = 0; + + /* No validation needed here. It has been done by ssl_conf_check() */ + ssl->major_ver = ssl->conf->min_major_ver; + ssl->minor_ver = ssl->conf->min_minor_ver; + + /* + * Write legacy_version + * ProtocolVersion legacy_version = 0x0303; // TLS v1.2 + * + * For TLS 1.3 we use the legacy version number {0x03, 0x03} + * instead of the true version number. + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + MBEDTLS_PUT_UINT16_BE( 0x0303, p, 0 ); + p += 2; + + /* Write the random bytes ( random ).*/ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, MBEDTLS_CLIENT_HELLO_RANDOM_LEN ); + memcpy( p, ssl->handshake->randbytes, MBEDTLS_CLIENT_HELLO_RANDOM_LEN ); + MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", + p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN ); + p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN; + + /* + * Write legacy_session_id + * + * Versions of TLS before TLS 1.3 supported a "session resumption" feature + * which has been merged with pre-shared keys in this version. A client + * which has a cached session ID set by a pre-TLS 1.3 server SHOULD set + * this field to that value. In compatibility mode, this field MUST be + * non-empty, so a client not offering a pre-TLS 1.3 session MUST generate + * a new 32-byte value. This value need not be random but SHOULD be + * unpredictable to avoid implementations fixating on a specific value + * ( also known as ossification ). Otherwise, it MUST be set as a zero-length + * vector ( i.e., a zero-valued single byte length field ). + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 ); + *p++ = 0; /* session id length set to zero */ + + /* Write cipher_suites */ + ret = ssl_tls13_write_client_hello_cipher_suites( ssl, p, end, &output_len ); + if( ret != 0 ) + return( ret ); + p += output_len; + + /* Write legacy_compression_methods + * + * For every TLS 1.3 ClientHello, this vector MUST contain exactly + * one byte set to zero, which corresponds to the 'null' compression + * method in prior versions of TLS. + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + *p++ = 1; + *p++ = MBEDTLS_SSL_COMPRESS_NULL; + + /* Write extensions */ + + /* Keeping track of the included extensions */ + ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; + + /* First write extensions, then the total length */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + extensions_len_ptr = p; + p += 2; + + /* Write supported_versions extension + * + * Supported Versions Extension is mandatory with TLS 1.3. + */ + ret = ssl_tls13_write_supported_versions_ext( ssl, p, end, &output_len ); + if( ret != 0 ) + return( ret ); + p += output_len; + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + /* Write supported_groups extension + * + * It is REQUIRED for ECDHE cipher_suites. + */ + ret = ssl_tls13_write_supported_groups_ext( ssl, p, end, &output_len ); + if( ret != 0 ) + return( ret ); + p += output_len; + + /* Write key_share extension + * + * We need to send the key shares under three conditions: + * 1) A certificate-based ciphersuite is being offered. In this case + * supported_groups and supported_signature extensions have been + * successfully added. + * 2) A PSK-based ciphersuite with ECDHE is offered. In this case the + * psk_key_exchange_modes has been added as the last extension. + * 3) Or, in case all ciphers are supported ( which includes #1 and #2 + * from above ) + */ + ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len ); + if( ret != 0 ) + return( ret ); + p += output_len; + + /* Write signature_algorithms extension + * + * It is REQUIRED for certificate authenticated cipher_suites. + */ + ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, p, end, &output_len ); + if( ret != 0 ) + return( ret ); + p += output_len; + +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + /* Write server name extension */ + ret = mbedtls_ssl_write_hostname_ext( ssl, p, end, &output_len ); + if( ret != 0 ) + return( ret ); + p += output_len; +#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ + + /* Add more extensions here */ + + /* Write the length of the list of extensions. */ + extensions_len = p - extensions_len_ptr - 2; + MBEDTLS_PUT_UINT16_BE( extensions_len, extensions_len_ptr, 0 ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET , + extensions_len ) ); + MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", extensions_len_ptr, extensions_len ); + + *olen = p - buf; + return( 0 ); +} + +static int ssl_tls13_finalize_client_hello( mbedtls_ssl_context *ssl ) +{ + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO ); + return( 0 ); +} + +static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl ) +{ + int ret; + + if( ssl->conf->f_rng == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) ); + return( MBEDTLS_ERR_SSL_NO_RNG ); + } + + if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, + ssl->handshake->randbytes, + MBEDTLS_CLIENT_HELLO_RANDOM_LEN ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret ); + return( ret ); + } + + return( 0 ); +} + +/* + * Write ClientHello handshake message. + * Handler for MBEDTLS_SSL_CLIENT_HELLO + */ +static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl ) +{ + int ret = 0; + unsigned char *buf; + size_t buf_len, msg_len; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_client_hello( ssl ) ); + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( + ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, + &buf, &buf_len ) ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_client_hello_body( ssl, buf, + buf + buf_len, + &msg_len ) ); + + mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, + MBEDTLS_SSL_HS_CLIENT_HELLO, + msg_len ); + ssl->handshake->update_checksum( ssl, buf, msg_len ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_client_hello( ssl ) ); + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( ssl, + buf_len, + msg_len ) ); + +cleanup: + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) ); + return ret; +} + +/* + * Functions for parsing and processing Server Hello + */ +/* Returns a negative value on failure, and otherwise + * - SSL_SERVER_HELLO_COORDINATE_HELLO or + * - SSL_SERVER_HELLO_COORDINATE_HRR + * to indicate which message is expected and to be parsed next. */ +#define SSL_SERVER_HELLO_COORDINATE_HELLO 0 +#define SSL_SERVER_HELLO_COORDINATE_HRR 1 +static int ssl_server_hello_is_hrr( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end ) +{ + static const unsigned char magic_hrr_string[MBEDTLS_SERVER_HELLO_RANDOM_LEN] = + { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, + 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, + 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, + 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33 ,0x9C }; + + /* Check whether this message is a HelloRetryRequest ( HRR ) message. + * + * Server Hello and HRR are only distinguished by Random set to the + * special value of the SHA-256 of "HelloRetryRequest". + * + * struct { + * ProtocolVersion legacy_version = 0x0303; + * Random random; + * opaque legacy_session_id_echo<0..32>; + * CipherSuite cipher_suite; + * uint8 legacy_compression_method = 0; + * Extension extensions<6..2^16-1>; + * } ServerHello; + * + */ + MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2 + sizeof( magic_hrr_string ) ); + + if( memcmp( buf + 2, magic_hrr_string, sizeof( magic_hrr_string ) ) == 0 ) + { + return( SSL_SERVER_HELLO_COORDINATE_HRR ); + } + + return( SSL_SERVER_HELLO_COORDINATE_HELLO ); +} + +/* Fetch and preprocess + * Returns a negative value on failure, and otherwise + * - SSL_SERVER_HELLO_COORDINATE_HELLO or + * - SSL_SERVER_HELLO_COORDINATE_HRR + */ +static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl, + unsigned char **buf, + size_t *buf_len ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_read_record( ssl, 0 ) ); + + if( ( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) || + ( ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "unexpected message" ) ); + + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE, + MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + } + + *buf = ssl->in_msg + 4; + *buf_len = ssl->in_hslen - 4; + + ret = ssl_server_hello_is_hrr( ssl, *buf, *buf + *buf_len ); + switch( ret ) + { + case SSL_SERVER_HELLO_COORDINATE_HELLO: + MBEDTLS_SSL_DEBUG_MSG( 2, ( "received ServerHello message" ) ); + break; + case SSL_SERVER_HELLO_COORDINATE_HRR: + MBEDTLS_SSL_DEBUG_MSG( 2, ( "received HelloRetryRequest message" ) ); + break; + } + +cleanup: + + return( ret ); +} + +static int ssl_tls13_check_server_hello_session_id_echo( mbedtls_ssl_context *ssl, + const unsigned char **buf, + const unsigned char *end ) +{ + const unsigned char *p = *buf; + size_t legacy_session_id_echo_len; + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 ); + legacy_session_id_echo_len = *p++ ; + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, legacy_session_id_echo_len ); + + /* legacy_session_id_echo */ + if( ssl->session_negotiate->id_len != legacy_session_id_echo_len || + memcmp( ssl->session_negotiate->id, p , legacy_session_id_echo_len ) != 0 ) + { + MBEDTLS_SSL_DEBUG_BUF( 3, "Expected Session ID", + ssl->session_negotiate->id, + ssl->session_negotiate->id_len ); + MBEDTLS_SSL_DEBUG_BUF( 3, "Received Session ID", p, + legacy_session_id_echo_len ); + + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); + + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + } + + p += legacy_session_id_echo_len; + *buf = p; + + MBEDTLS_SSL_DEBUG_BUF( 3, "Session ID", ssl->session_negotiate->id, + ssl->session_negotiate->id_len ); + return( 0 ); +} + +static int ssl_tls13_cipher_suite_is_offered( mbedtls_ssl_context *ssl, + int cipher_suite ) +{ + const int *ciphersuite_list = ssl->conf->ciphersuite_list; + + /* Check whether we have offered this ciphersuite */ + for ( size_t i = 0; ciphersuite_list[i] != 0; i++ ) + { + if( ciphersuite_list[i] == cipher_suite ) + { + return( 1 ); + } + } + return( 0 ); +} + +/* Parse ServerHello message and configure context + * + * struct { + * ProtocolVersion legacy_version = 0x0303; // TLS 1.2 + * Random random; + * opaque legacy_session_id_echo<0..32>; + * CipherSuite cipher_suite; + * uint8 legacy_compression_method = 0; + * Extension extensions<6..2^16-1>; + * } ServerHello; + */ +static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + const unsigned char *p = buf; + size_t extensions_len; + const unsigned char *extensions_end; + uint16_t cipher_suite; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; + + /* + * Check there is space for minimal fields + * + * - legacy_version ( 2 bytes) + * - random (MBEDTLS_SERVER_HELLO_RANDOM_LEN bytes) + * - legacy_session_id_echo ( 1 byte ), minimum size + * - cipher_suite ( 2 bytes) + * - legacy_compression_method ( 1 byte ) + */ + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 6 ); + + MBEDTLS_SSL_DEBUG_BUF( 4, "server hello", p, end - p ); + MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", p, 2 ); + + /* ... + * ProtocolVersion legacy_version = 0x0303; // TLS 1.2 + * ... + * with ProtocolVersion defined as: + * uint16 ProtocolVersion; + */ + if( !( p[0] == MBEDTLS_SSL_MAJOR_VERSION_3 && + p[1] == MBEDTLS_SSL_MINOR_VERSION_3 ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unsupported version of TLS." ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION, + MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION ); + return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION ); + } + p += 2; + + /* ... + * Random random; + * ... + * with Random defined as: + * opaque Random[MBEDTLS_SERVER_HELLO_RANDOM_LEN]; + */ + memcpy( &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN], p, + MBEDTLS_SERVER_HELLO_RANDOM_LEN ); + MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", + p, MBEDTLS_SERVER_HELLO_RANDOM_LEN ); + p += MBEDTLS_SERVER_HELLO_RANDOM_LEN; + + /* ... + * opaque legacy_session_id_echo<0..32>; + * ... + */ + if( ssl_tls13_check_server_hello_session_id_echo( ssl, &p, end ) != 0 ) + { + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + } + + /* ... + * CipherSuite cipher_suite; + * ... + * with CipherSuite defined as: + * uint8 CipherSuite[2]; + */ + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); + cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 ); + p += 2; + + + /* + * Check whether this ciphersuite is supported and offered. + * Via the force_ciphersuite version we may have instructed the client + * to use a different ciphersuite. + */ + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); + if( ciphersuite_info == NULL || + ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite(%04x) not found or not offered", + cipher_suite ) ); + + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + } + + + /* Configure ciphersuites */ + mbedtls_ssl_optimize_checksum( ssl, ciphersuite_info ); + + ssl->handshake->ciphersuite_info = ciphersuite_info; + ssl->session_negotiate->ciphersuite = cipher_suite; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: ( %04x ) - %s", + cipher_suite, ciphersuite_info->name ) ); + +#if defined(MBEDTLS_HAVE_TIME) + ssl->session_negotiate->start = time( NULL ); +#endif /* MBEDTLS_HAVE_TIME */ + + /* ... + * uint8 legacy_compression_method = 0; + * ... + */ + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 ); + if( p[0] != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad legacy compression method" ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + } + p++; + + /* ... + * Extension extensions<6..2^16-1>; + * ... + * struct { + * ExtensionType extension_type; (2 bytes) + * opaque extension_data<0..2^16-1>; + * } Extension; + */ + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); + extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 ); + p += 2; + + /* Check extensions do not go beyond the buffer of data. */ + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len ); + extensions_end = p + extensions_len; + + MBEDTLS_SSL_DEBUG_BUF( 3, "server hello extensions", p, extensions_len ); + + while( p < extensions_end ) + { + unsigned int extension_type; + size_t extension_data_len; + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 ); + extension_type = MBEDTLS_GET_UINT16_BE( p, 0 ); + extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 ); + p += 4; + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); + + switch( extension_type ) + { + case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "found supported_versions extension" ) ); + + ret = ssl_tls13_parse_supported_versions_ext( ssl, + p, + p + extension_data_len ); + if( ret != 0 ) + return( ret ); + break; + + case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension." ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "pre_shared_key:Not supported yet" ) ); + + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, + MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); + return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + case MBEDTLS_TLS_EXT_KEY_SHARE: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found key_shares extension" ) ); + if( ( ret = ssl_tls13_parse_key_share_ext( ssl, + p, p + extension_data_len ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, + "ssl_tls13_parse_key_share_ext", + ret ); + return( ret ); + } + break; +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + + default: + MBEDTLS_SSL_DEBUG_MSG( + 3, + ( "unknown extension found: %u ( ignoring )", + extension_type ) ); + + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, + MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); + return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); + } + + p += extension_data_len; + } + + return( 0 ); +} + +static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_ssl_key_set traffic_keys; + mbedtls_ssl_transform *transform_handshake = NULL; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; + + /* Determine the key exchange mode: + * 1) If both the pre_shared_key and key_share extensions were received + * then the key exchange mode is PSK with EPHEMERAL. + * 2) If only the pre_shared_key extension was received then the key + * exchange mode is PSK-only. + * 3) If only the key_share extension was received then the key + * exchange mode is EPHEMERAL-only. + */ + switch( handshake->extensions_present & + ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ) ) + { + /* Only the pre_shared_key extension was received */ + case MBEDTLS_SSL_EXT_PRE_SHARED_KEY: + handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK; + break; + + /* Only the key_share extension was received */ + case MBEDTLS_SSL_EXT_KEY_SHARE: + handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL; + break; + + /* Both the pre_shared_key and key_share extensions were received */ + case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ): + handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; + break; + + /* Neither pre_shared_key nor key_share extension was received */ + default: + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unknown key exchange." ) ); + ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + goto cleanup; + } + + /* Start the TLS 1.3 key schedule: Set the PSK and derive early secret. + * + * TODO: We don't have to do this in case we offered 0-RTT and the + * server accepted it. In this case, we could skip generating + * the early secret. */ + ret = mbedtls_ssl_tls1_3_key_schedule_stage_early( ssl ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_key_schedule_stage_early_data", + ret ); + goto cleanup; + } + + /* Compute handshake secret */ + ret = mbedtls_ssl_tls13_key_schedule_stage_handshake( ssl ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_master_secret", ret ); + goto cleanup; + } + + /* Next evolution in key schedule: Establish handshake secret and + * key material. */ + ret = mbedtls_ssl_tls13_generate_handshake_keys( ssl, &traffic_keys ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_generate_handshake_keys", + ret ); + goto cleanup; + } + + transform_handshake = mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) ); + if( transform_handshake == NULL ) + { + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto cleanup; + } + + ret = mbedtls_ssl_tls13_populate_transform( transform_handshake, + ssl->conf->endpoint, + ssl->session_negotiate->ciphersuite, + &traffic_keys, + ssl ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_populate_transform", ret ); + goto cleanup; + } + + handshake->transform_handshake = transform_handshake; + mbedtls_ssl_set_inbound_transform( ssl, transform_handshake ); + + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to handshake keys for inbound traffic" ) ); + ssl->session_in = ssl->session_negotiate; + + /* + * State machine update + */ + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS ); + +cleanup: + + mbedtls_platform_zeroize( &traffic_keys, sizeof( traffic_keys ) ); + if( ret != 0 ) + { + mbedtls_free( transform_handshake ); + + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + return( ret ); +} + +/* + * Wait and parse ServerHello handshake message. + * Handler for MBEDTLS_SSL_SERVER_HELLO + */ +static int ssl_tls1_3_process_server_hello( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char *buf; + size_t buf_len; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> %s", __func__ ) ); + + /* Coordination step + * - Fetch record + * - Make sure it's either a ServerHello or a HRR. + * - Switch processing routine in case of HRR + */ + ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; + ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; + + ret = ssl_tls13_server_hello_coordinate( ssl, &buf, &buf_len ); + /* Parsing step + * We know what message to expect by now and call + * the respective parsing function. + */ + if( ret == SSL_SERVER_HELLO_COORDINATE_HELLO ) + { + MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_server_hello( ssl, buf, + buf + buf_len ) ); + + mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, + MBEDTLS_SSL_HS_SERVER_HELLO, + buf, buf_len ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_server_hello( ssl ) ); + } + else if( ret == SSL_SERVER_HELLO_COORDINATE_HRR ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "HRR not supported" ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE , + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + } + +cleanup: + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= %s", __func__ ) ); + return( ret ); +} + +/* + * + * EncryptedExtensions message + * + * The EncryptedExtensions message contains any extensions which + * should be protected, i.e., any which are not needed to establish + * the cryptographic context. + */ + +/* + * Overview + */ + +/* Main entry point; orchestrates the other functions */ +static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl ); + +static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end ); +static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl ); + +/* + * Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS + */ +static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl ) +{ + int ret; + unsigned char *buf; + size_t buf_len; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse encrypted extensions" ) ); + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl, + MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, + &buf, &buf_len ) ); + + /* Process the message contents */ + MBEDTLS_SSL_PROC_CHK( + ssl_tls13_parse_encrypted_extensions( ssl, buf, buf + buf_len ) ); + + mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( + ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, buf_len ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_encrypted_extensions( ssl ) ); + +cleanup: + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse encrypted extensions" ) ); + return( ret ); + +} + +/* Parse EncryptedExtensions message + * struct { + * Extension extensions<0..2^16-1>; + * } EncryptedExtensions; + */ +static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end ) +{ + int ret = 0; + size_t extensions_len; + const unsigned char *p = buf; + const unsigned char *extensions_end; + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); + extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 ); + p += 2; + + MBEDTLS_SSL_DEBUG_BUF( 3, "encrypted extensions", p, extensions_len ); + extensions_end = p + extensions_len; + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len ); + + while( p < extensions_end ) + { + unsigned int extension_type; + size_t extension_data_len; + + /* + * struct { + * ExtensionType extension_type; (2 bytes) + * opaque extension_data<0..2^16-1>; + * } Extension; + */ + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 ); + extension_type = MBEDTLS_GET_UINT16_BE( p, 0 ); + extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 ); + p += 4; + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); + + /* The client MUST check EncryptedExtensions for the + * presence of any forbidden extensions and if any are found MUST abort + * the handshake with an "unsupported_extension" alert. + */ + switch( extension_type ) + { + + case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extensions supported groups" ) ); + break; + + default: + MBEDTLS_SSL_DEBUG_MSG( + 3, ( "unsupported extension found: %u ", extension_type) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, + MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); + return ( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); + } + + p += extension_data_len; + } + + /* Check that we consumed all the message. */ + if( p != end ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, + MBEDTLS_ERR_SSL_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); + } + + return( ret ); +} + +static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl ) +{ +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + if( mbedtls_ssl_tls1_3_some_psk_enabled( ssl ) ) + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED ); + else + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST ); +#else + ((void) ssl); + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED ); +#endif + return( 0 ); +} + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +/* + * Handler for MBEDTLS_SSL_CERTIFICATE_REQUEST + */ +static int ssl_tls13_process_certificate_request( mbedtls_ssl_context *ssl ) +{ + int ret = mbedtls_ssl_read_record( ssl, 0 ); + + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); + return( ret ); + } + + if( ( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) && + ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "CertificateRequest not supported" ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + + ssl->keep_current_message = 1; + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE ); + + return( 0 ); +} + +/* + * Handler for MBEDTLS_SSL_SERVER_CERTIFICATE + */ +static int ssl_tls1_3_process_server_certificate( mbedtls_ssl_context *ssl ) +{ + int ret; + + ret = mbedtls_ssl_tls13_process_certificate( ssl ); + if( ret != 0 ) + return( ret ); + + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY ); + return( 0 ); +} + +/* + * Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY + */ +static int ssl_tls1_3_process_certificate_verify( mbedtls_ssl_context *ssl ) +{ + int ret; + + ret = mbedtls_ssl_tls13_process_certificate_verify( ssl ); + if( ret != 0 ) + return( ret ); + + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED ); + return( 0 ); +} +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ +/* + * Handler for MBEDTLS_SSL_SERVER_FINISHED + */ +static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl ) +{ + int ret; + + ret = mbedtls_ssl_tls13_process_finished_message( ssl ); + if( ret != 0 ) + return( ret ); + + mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake ); + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); + return( 0 ); +} + +/* + * Handler for MBEDTLS_SSL_CLIENT_FINISHED + */ +static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl ) +{ + int ret; + + ret = mbedtls_ssl_tls13_write_finished_message( ssl ); + if( ret != 0 ) + return( ret ); + + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS ); + return( 0 ); +} + +/* + * Handler for MBEDTLS_SSL_FLUSH_BUFFERS + */ +static int ssl_tls1_3_flush_buffers( mbedtls_ssl_context *ssl ) +{ + MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) ); + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP ); + return( 0 ); +} + +/* + * Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP + */ +static int ssl_tls1_3_handshake_wrapup( mbedtls_ssl_context *ssl ) +{ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to application keys for inbound traffic" ) ); + mbedtls_ssl_set_inbound_transform ( ssl, ssl->transform_application ); + + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to application keys for outbound traffic" ) ); + mbedtls_ssl_set_outbound_transform( ssl, ssl->transform_application ); + + mbedtls_ssl_tls13_handshake_wrapup( ssl ); + + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER ); + return( 0 ); +} + +int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) +{ + int ret = 0; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 client state: %d", ssl->state ) ); + + switch( ssl->state ) + { + /* + * ssl->state is initialized as HELLO_REQUEST. It is the same + * as CLIENT_HELLO state. + */ + case MBEDTLS_SSL_HELLO_REQUEST: + case MBEDTLS_SSL_CLIENT_HELLO: + ret = ssl_tls13_write_client_hello( ssl ); + break; + + case MBEDTLS_SSL_SERVER_HELLO: + ret = ssl_tls1_3_process_server_hello( ssl ); + break; + + case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: + ret = ssl_tls13_process_encrypted_extensions( ssl ); + break; + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + case MBEDTLS_SSL_CERTIFICATE_REQUEST: + ret = ssl_tls13_process_certificate_request( ssl ); + break; + + case MBEDTLS_SSL_SERVER_CERTIFICATE: + ret = ssl_tls1_3_process_server_certificate( ssl ); + break; + + case MBEDTLS_SSL_CERTIFICATE_VERIFY: + ret = ssl_tls1_3_process_certificate_verify( ssl ); + break; +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + + case MBEDTLS_SSL_SERVER_FINISHED: + ret = ssl_tls1_3_process_server_finished( ssl ); + break; + + case MBEDTLS_SSL_CLIENT_FINISHED: + ret = ssl_tls13_write_client_finished( ssl ); + break; + + case MBEDTLS_SSL_FLUSH_BUFFERS: + ret = ssl_tls1_3_flush_buffers( ssl ); + break; + + case MBEDTLS_SSL_HANDSHAKE_WRAPUP: + ret = ssl_tls1_3_handshake_wrapup( ssl ); + break; + + default: + MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + return( ret ); +} #endif /* MBEDTLS_SSL_CLI_C */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c new file mode 100644 index 0000000000..12ef4d58c8 --- /dev/null +++ b/library/ssl_tls13_generic.c @@ -0,0 +1,1127 @@ +/* + * TLS 1.3 functionality shared between client and server + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "common.h" + +#if defined(MBEDTLS_SSL_TLS_C) + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + +#include + +#include "mbedtls/error.h" +#include "mbedtls/debug.h" +#include "mbedtls/oid.h" +#include "mbedtls/platform.h" +#include + +#include "ssl_misc.h" +#include "ssl_tls13_keys.h" + +int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl, + unsigned hs_type, + unsigned char **buf, + size_t *buflen ) +{ + int ret; + + if( ( ret = mbedtls_ssl_read_record( ssl, 0 ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); + goto cleanup; + } + + if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || + ssl->in_msg[0] != hs_type ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Receive unexpected handshake message." ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE, + MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; + goto cleanup; + } + + /* + * Jump handshake header (4 bytes, see Section 4 of RFC 8446). + * ... + * HandshakeType msg_type; + * uint24 length; + * ... + */ + *buf = ssl->in_msg + 4; + *buflen = ssl->in_hslen - 4; + +cleanup: + + return( ret ); +} + +int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, + unsigned hs_type, + unsigned char **buf, + size_t *buf_len ) +{ + /* + * Reserve 4 bytes for hanshake header. ( Section 4,RFC 8446 ) + * ... + * HandshakeType msg_type; + * uint24 length; + * ... + */ + *buf = ssl->out_msg + 4; + *buf_len = MBEDTLS_SSL_OUT_CONTENT_LEN - 4; + + ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; + ssl->out_msg[0] = hs_type; + + return( 0 ); +} + +int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl, + size_t buf_len, + size_t msg_len ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t msg_len_with_header; + ((void) buf_len); + + /* Add reserved 4 bytes for handshake header */ + msg_len_with_header = msg_len + 4; + ssl->out_msglen = msg_len_with_header; + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext( ssl, 0 ) ); + +cleanup: + return( ret ); +} + +void mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl, + unsigned hs_type, + unsigned char const *msg, + size_t msg_len ) +{ + mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, hs_type, msg_len ); + ssl->handshake->update_checksum( ssl, msg, msg_len ); +} + +void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, + unsigned hs_type, + size_t total_hs_len ) +{ + unsigned char hs_hdr[4]; + + /* Build HS header for checksum update. */ + hs_hdr[0] = MBEDTLS_BYTE_0( hs_type ); + hs_hdr[1] = MBEDTLS_BYTE_2( total_hs_len ); + hs_hdr[2] = MBEDTLS_BYTE_1( total_hs_len ); + hs_hdr[3] = MBEDTLS_BYTE_0( total_hs_len ); + + ssl->handshake->update_checksum( ssl, hs_hdr, sizeof( hs_hdr ) ); +} + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + +/* + * mbedtls_ssl_tls13_write_sig_alg_ext( ) + * + * enum { + * .... + * ecdsa_secp256r1_sha256( 0x0403 ), + * ecdsa_secp384r1_sha384( 0x0503 ), + * ecdsa_secp521r1_sha512( 0x0603 ), + * .... + * } SignatureScheme; + * + * struct { + * SignatureScheme supported_signature_algorithms<2..2^16-2>; + * } SignatureSchemeList; + * + * Only if we handle at least one key exchange that needs signatures. + */ +int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) +{ + unsigned char *p = buf; + unsigned char *supported_sig_alg_ptr; /* Start of supported_signature_algorithms */ + size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */ + + *olen = 0; + + /* Skip the extension on the client if all allowed key exchanges + * are PSK-based. */ +#if defined(MBEDTLS_SSL_CLI_C) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && + !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) + { + return( 0 ); + } +#endif /* MBEDTLS_SSL_CLI_C */ + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) ); + + /* Check if we have space for header and length field: + * - extension_type (2 bytes) + * - extension_data_length (2 bytes) + * - supported_signature_algorithms_length (2 bytes) + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); + p += 6; + + /* + * Write supported_signature_algorithms + */ + supported_sig_alg_ptr = p; + for( const uint16_t *sig_alg = ssl->conf->tls13_sig_algs; + *sig_alg != MBEDTLS_TLS13_SIG_NONE; sig_alg++ ) + { + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); + p += 2; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) ); + } + + /* Length of supported_signature_algorithms */ + supported_sig_alg_len = p - supported_sig_alg_ptr; + if( supported_sig_alg_len == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + /* Write extension_type */ + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, buf, 0 ); + /* Write extension_data_length */ + MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len + 2, buf, 2 ); + /* Write length of supported_signature_algorithms */ + MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len, buf, 4 ); + + /* Output the total length of signature algorithms extension. */ + *olen = p - buf; + + ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG; + return( 0 ); +} + +/* + * STATE HANDLING: Read CertificateVerify + */ +/* Macro to express the maximum length of the verify structure. + * + * The structure is computed per TLS 1.3 specification as: + * - 64 bytes of octet 32, + * - 33 bytes for the context string + * (which is either "TLS 1.3, client CertificateVerify" + * or "TLS 1.3, server CertificateVerify"), + * - 1 byte for the octet 0x0, which serves as a separator, + * - 32 or 48 bytes for the Transcript-Hash(Handshake Context, Certificate) + * (depending on the size of the transcript_hash) + * + * This results in a total size of + * - 130 bytes for a SHA256-based transcript hash, or + * (64 + 33 + 1 + 32 bytes) + * - 146 bytes for a SHA384-based transcript hash. + * (64 + 33 + 1 + 48 bytes) + * + */ +#define SSL_VERIFY_STRUCT_MAX_SIZE ( 64 + \ + 33 + \ + 1 + \ + MBEDTLS_TLS1_3_MD_MAX_SIZE \ + ) + +/* + * The ssl_tls13_create_verify_structure() creates the verify structure. + * As input, it requires the transcript hash. + * + * The caller has to ensure that the buffer has size at least + * SSL_VERIFY_STRUCT_MAX_SIZE bytes. + */ +static void ssl_tls13_create_verify_structure( const unsigned char *transcript_hash, + size_t transcript_hash_len, + unsigned char *verify_buffer, + size_t *verify_buffer_len, + int from ) +{ + size_t idx; + + /* RFC 8446, Section 4.4.3: + * + * The digital signature [in the CertificateVerify message] is then + * computed over the concatenation of: + * - A string that consists of octet 32 (0x20) repeated 64 times + * - The context string + * - A single 0 byte which serves as the separator + * - The content to be signed + */ + memset( verify_buffer, 0x20, 64 ); + idx = 64; + + if( from == MBEDTLS_SSL_IS_CLIENT ) + { + memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( client_cv ) ); + idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( client_cv ); + } + else + { /* from == MBEDTLS_SSL_IS_SERVER */ + memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( server_cv ) ); + idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( server_cv ); + } + + verify_buffer[idx++] = 0x0; + + memcpy( verify_buffer + idx, transcript_hash, transcript_hash_len ); + idx += transcript_hash_len; + + *verify_buffer_len = idx; +} + +static int ssl_tls13_sig_alg_is_offered( const mbedtls_ssl_context *ssl, + uint16_t sig_alg ) +{ + const uint16_t *tls13_sig_alg = ssl->conf->tls13_sig_algs; + + for( ; *tls13_sig_alg != MBEDTLS_TLS13_SIG_NONE ; tls13_sig_alg++ ) + { + if( *tls13_sig_alg == sig_alg ) + return( 1 ); + } + return( 0 ); +} + +static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end, + const unsigned char *verify_buffer, + size_t verify_buffer_len ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + const unsigned char *p = buf; + uint16_t algorithm; + size_t signature_len; + mbedtls_pk_type_t sig_alg; + mbedtls_md_type_t md_alg; + unsigned char verify_hash[MBEDTLS_MD_MAX_SIZE]; + size_t verify_hash_len; + + /* + * struct { + * SignatureScheme algorithm; + * opaque signature<0..2^16-1>; + * } CertificateVerify; + */ + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); + algorithm = MBEDTLS_GET_UINT16_BE( p, 0 ); + p += 2; + + /* RFC 8446 section 4.4.3 + * + * If the CertificateVerify message is sent by a server, the signature algorithm + * MUST be one offered in the client's "signature_algorithms" extension unless + * no valid certificate chain can be produced without unsupported algorithms + * + * RFC 8446 section 4.4.2.2 + * + * If the client cannot construct an acceptable chain using the provided + * certificates and decides to abort the handshake, then it MUST abort the handshake + * with an appropriate certificate-related alert (by default, "unsupported_certificate"). + * + * Check if algorithm is an offered signature algorithm. + */ + if( ! ssl_tls13_sig_alg_is_offered( ssl, algorithm ) ) + { + /* algorithm not in offered signature algorithms list */ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Received signature algorithm(%04x) is not " + "offered.", + ( unsigned int ) algorithm ) ); + goto error; + } + + /* We currently only support ECDSA-based signatures */ + switch( algorithm ) + { + case MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256: + md_alg = MBEDTLS_MD_SHA256; + sig_alg = MBEDTLS_PK_ECDSA; + break; + case MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384: + md_alg = MBEDTLS_MD_SHA384; + sig_alg = MBEDTLS_PK_ECDSA; + break; + case MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512: + md_alg = MBEDTLS_MD_SHA512; + sig_alg = MBEDTLS_PK_ECDSA; + break; + default: + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) ); + goto error; + } + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate Verify: Signature algorithm ( %04x )", + ( unsigned int ) algorithm ) ); + + /* + * Check the certificate's key type matches the signature alg + */ + if( !mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, sig_alg ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "signature algorithm doesn't match cert key" ) ); + goto error; + } + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); + signature_len = MBEDTLS_GET_UINT16_BE( p, 0 ); + p += 2; + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, signature_len ); + + /* Hash verify buffer with indicated hash function */ + switch( md_alg ) + { +#if defined(MBEDTLS_SHA256_C) + case MBEDTLS_MD_SHA256: + verify_hash_len = 32; + ret = mbedtls_sha256( verify_buffer, verify_buffer_len, verify_hash, 0 ); + break; +#endif /* MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_SHA384_C) + case MBEDTLS_MD_SHA384: + verify_hash_len = 48; + ret = mbedtls_sha512( verify_buffer, verify_buffer_len, verify_hash, 1 ); + break; +#endif /* MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_SHA512_C) + case MBEDTLS_MD_SHA512: + verify_hash_len = 64; + ret = mbedtls_sha512( verify_buffer, verify_buffer_len, verify_hash, 0 ); + break; +#endif /* MBEDTLS_SHA512_C */ + + default: + ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + break; + } + + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "hash computation error", ret ); + goto error; + } + + MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len ); + + if( ( ret = mbedtls_pk_verify_ext( sig_alg, NULL, + &ssl->session_negotiate->peer_cert->pk, + md_alg, verify_hash, verify_hash_len, + p, signature_len ) ) == 0 ) + { + return( 0 ); + } + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify_ext", ret ); + +error: + /* RFC 8446 section 4.4.3 + * + * If the verification fails, the receiver MUST terminate the handshake + * with a "decrypt_error" alert. + */ + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + +} +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + +int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl ) +{ + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char verify_buffer[SSL_VERIFY_STRUCT_MAX_SIZE]; + size_t verify_buffer_len; + unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; + size_t transcript_len; + unsigned char *buf; + size_t buf_len; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); + + MBEDTLS_SSL_PROC_CHK( + mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl, + MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) ); + + /* Need to calculate the hash of the transcript first + * before reading the message since otherwise it gets + * included in the transcript + */ + ret = mbedtls_ssl_get_handshake_transcript( ssl, + ssl->handshake->ciphersuite_info->mac, + transcript, sizeof( transcript ), + &transcript_len ); + if( ret != 0 ) + { + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR, + MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return( ret ); + } + + MBEDTLS_SSL_DEBUG_BUF( 3, "handshake hash", transcript, transcript_len ); + + /* Create verify structure */ + ssl_tls13_create_verify_structure( transcript, + transcript_len, + verify_buffer, + &verify_buffer_len, + ( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) ? + MBEDTLS_SSL_IS_SERVER : + MBEDTLS_SSL_IS_CLIENT ); + + /* Process the message contents */ + MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate_verify( ssl, buf, + buf + buf_len, verify_buffer, verify_buffer_len ) ); + + mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, + MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, buf_len ); + +cleanup: + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_process_certificate_verify", ret ); + return( ret ); +#else + ((void) ssl); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ +} + +/* + * + * STATE HANDLING: Incoming Certificate, client-side only currently. + * + */ + +/* + * Implementation + */ + +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) +/* + * Structure of Certificate message: + * + * enum { + * X509(0), + * RawPublicKey(2), + * (255) + * } CertificateType; + * + * struct { + * select (certificate_type) { + * case RawPublicKey: + * * From RFC 7250 ASN.1_subjectPublicKeyInfo * + * opaque ASN1_subjectPublicKeyInfo<1..2^24-1>; + * case X509: + * opaque cert_data<1..2^24-1>; + * }; + * Extension extensions<0..2^16-1>; + * } CertificateEntry; + * + * struct { + * opaque certificate_request_context<0..2^8-1>; + * CertificateEntry certificate_list<0..2^24-1>; + * } Certificate; + * + */ + +/* Parse certificate chain send by the server. */ +static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t certificate_request_context_len = 0; + size_t certificate_list_len = 0; + const unsigned char *p = buf; + const unsigned char *certificate_list_end; + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 ); + certificate_request_context_len = p[0]; + certificate_list_len = MBEDTLS_GET_UINT24_BE( p, 1 ); + p += 4; + + /* In theory, the certificate list can be up to 2^24 Bytes, but we don't + * support anything beyond 2^16 = 64K. + */ + if( ( certificate_request_context_len != 0 ) || + ( certificate_list_len >= 0x10000 ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, + MBEDTLS_ERR_SSL_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); + } + + /* In case we tried to reuse a session but it failed */ + if( ssl->session_negotiate->peer_cert != NULL ) + { + mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert ); + mbedtls_free( ssl->session_negotiate->peer_cert ); + } + + if( ( ssl->session_negotiate->peer_cert = + mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc( %" MBEDTLS_PRINTF_SIZET " bytes ) failed", + sizeof( mbedtls_x509_crt ) ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR, + MBEDTLS_ERR_SSL_ALLOC_FAILED ); + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + } + + mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert ); + + certificate_list_end = p + certificate_list_len; + while( p < certificate_list_end ) + { + size_t cert_data_len, extensions_len; + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, 3 ); + cert_data_len = MBEDTLS_GET_UINT24_BE( p, 0 ); + p += 3; + + /* In theory, the CRT can be up to 2^24 Bytes, but we don't support + * anything beyond 2^16 = 64K. Otherwise as in the TLS 1.2 code, + * check that we have a minimum of 128 bytes of data, this is not + * clear why we need that though. + */ + if( ( cert_data_len < 128 ) || ( cert_data_len >= 0x10000 ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad Certificate message" ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, + MBEDTLS_ERR_SSL_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); + } + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, cert_data_len ); + ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert, + p, cert_data_len ); + + switch( ret ) + { + case 0: /*ok*/ + break; + case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND: + /* Ignore certificate with an unknown algorithm: maybe a + prior certificate was already trusted. */ + break; + + case MBEDTLS_ERR_X509_ALLOC_FAILED: + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR, + MBEDTLS_ERR_X509_ALLOC_FAILED ); + MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret ); + return( ret ); + + case MBEDTLS_ERR_X509_UNKNOWN_VERSION: + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, + MBEDTLS_ERR_X509_UNKNOWN_VERSION ); + MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret ); + return( ret ); + + default: + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_BAD_CERT, + ret ); + MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret ); + return( ret ); + } + + p += cert_data_len; + + /* Certificate extensions length */ + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, 2 ); + extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 ); + p += 2; + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, extensions_len ); + p += extensions_len; + } + + /* Check that all the message is consumed. */ + if( p != end ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad Certificate message" ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \ + MBEDTLS_ERR_SSL_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); + } + + MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert ); + + return( ret ); +} +#else +static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end ) +{ + ((void) ssl); + ((void) buf); + ((void) end); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); +} +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ + +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) +/* Validate certificate chain sent by the server. */ +static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl ) +{ + int ret = 0; + mbedtls_x509_crt *ca_chain; + mbedtls_x509_crl *ca_crl; + uint32_t verify_result = 0; + +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + if( ssl->handshake->sni_ca_chain != NULL ) + { + ca_chain = ssl->handshake->sni_ca_chain; + ca_crl = ssl->handshake->sni_ca_crl; + } + else +#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ + { + ca_chain = ssl->conf->ca_chain; + ca_crl = ssl->conf->ca_crl; + } + + /* + * Main check: verify certificate + */ + ret = mbedtls_x509_crt_verify_with_profile( + ssl->session_negotiate->peer_cert, + ca_chain, ca_crl, + ssl->conf->cert_profile, + ssl->hostname, + &verify_result, + ssl->conf->f_vrfy, ssl->conf->p_vrfy ); + + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret ); + } + + /* + * Secondary checks: always done, but change 'ret' only if it was 0 + */ + +#if defined(MBEDTLS_ECP_C) + { + const mbedtls_pk_context *pk = &ssl->session_negotiate->peer_cert->pk; + + /* If certificate uses an EC key, make sure the curve is OK */ + if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) && + mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 ) + { + verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY; + + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate ( EC key curve )" ) ); + if( ret == 0 ) + ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE; + } + } +#endif /* MBEDTLS_ECP_C */ + + if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert, + ssl->handshake->ciphersuite_info, + !ssl->conf->endpoint, + &verify_result ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate ( usage extensions )" ) ); + if( ret == 0 ) + ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE; + } + + + if( ca_chain == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) ); + ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED; + } + + if( ret != 0 ) + { + /* The certificate may have been rejected for several reasons. + Pick one and send the corresponding alert. Which alert to send + may be a subject of debate in some cases. */ + if( verify_result & MBEDTLS_X509_BADCERT_OTHER ) + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED, ret ); + else if( verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH ) + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_BAD_CERT, ret ); + else if( verify_result & ( MBEDTLS_X509_BADCERT_KEY_USAGE | + MBEDTLS_X509_BADCERT_EXT_KEY_USAGE | + MBEDTLS_X509_BADCERT_NS_CERT_TYPE | + MBEDTLS_X509_BADCERT_BAD_PK | + MBEDTLS_X509_BADCERT_BAD_KEY ) ) + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret ); + else if( verify_result & MBEDTLS_X509_BADCERT_EXPIRED ) + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED, ret ); + else if( verify_result & MBEDTLS_X509_BADCERT_REVOKED ) + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED, ret ); + else if( verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA, ret ); + else + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN, ret ); + } + +#if defined(MBEDTLS_DEBUG_C) + if( verify_result != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %08x", + (unsigned int) verify_result ) ); + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) ); + } +#endif /* MBEDTLS_DEBUG_C */ + + ssl->session_negotiate->verify_result = verify_result; + return( ret ); +} +#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl ) +{ + ((void) ssl); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); +} +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ + +int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); + +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) + unsigned char *buf; + size_t buf_len; + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( + ssl, MBEDTLS_SSL_HS_CERTIFICATE, + &buf, &buf_len ) ); + + /* Parse the certificate chain sent by the peer. */ + MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate( ssl, buf, buf + buf_len ) ); + /* Validate the certificate chain and set the verification results. */ + MBEDTLS_SSL_PROC_CHK( ssl_tls13_validate_certificate( ssl ) ); + + mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE, + buf, buf_len ); + +cleanup: + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); +#else + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; +#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ + return( ret ); +} + +/* + * + * STATE HANDLING: Incoming Finished message. + */ +/* + * Implementation + */ + +static int ssl_tls13_preprocess_finished_message( mbedtls_ssl_context *ssl ) +{ + int ret; + + ret = mbedtls_ssl_tls13_calculate_verify_data( ssl, + ssl->handshake->state_local.finished_in.digest, + sizeof( ssl->handshake->state_local.finished_in.digest ), + &ssl->handshake->state_local.finished_in.digest_len, + ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ? + MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_calculate_verify_data", ret ); + return( ret ); + } + + return( 0 ); +} + +static int ssl_tls13_parse_finished_message( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end ) +{ + /* + * struct { + * opaque verify_data[Hash.length]; + * } Finished; + */ + const unsigned char *expected_verify_data = + ssl->handshake->state_local.finished_in.digest; + size_t expected_verify_data_len = + ssl->handshake->state_local.finished_in.digest_len; + /* Structural validation */ + if( (size_t)( end - buf ) != expected_verify_data_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); + + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, + MBEDTLS_ERR_SSL_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); + } + + MBEDTLS_SSL_DEBUG_BUF( 4, "verify_data (self-computed):", + expected_verify_data, + expected_verify_data_len ); + MBEDTLS_SSL_DEBUG_BUF( 4, "verify_data (received message):", buf, + expected_verify_data_len ); + + /* Semantic validation */ + if( mbedtls_ssl_safer_memcmp( buf, + expected_verify_data, + expected_verify_data_len ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); + + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + return( 0 ); +} + +#if defined(MBEDTLS_SSL_CLI_C) +static int ssl_tls13_postprocess_server_finished_message( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_ssl_key_set traffic_keys; + mbedtls_ssl_transform *transform_application = NULL; + + ret = mbedtls_ssl_tls13_key_schedule_stage_application( ssl ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, + "mbedtls_ssl_tls13_key_schedule_stage_application", ret ); + goto cleanup; + } + + ret = mbedtls_ssl_tls13_generate_application_keys( ssl, &traffic_keys ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, + "mbedtls_ssl_tls13_generate_application_keys", ret ); + goto cleanup; + } + + transform_application = + mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) ); + if( transform_application == NULL ) + { + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto cleanup; + } + + ret = mbedtls_ssl_tls13_populate_transform( + transform_application, + ssl->conf->endpoint, + ssl->session_negotiate->ciphersuite, + &traffic_keys, + ssl ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_populate_transform", ret ); + goto cleanup; + } + + ssl->transform_application = transform_application; + +cleanup: + + mbedtls_platform_zeroize( &traffic_keys, sizeof( traffic_keys ) ); + if( ret != 0 ) + { + mbedtls_free( transform_application ); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + return( ret ); +} +#endif /* MBEDTLS_SSL_CLI_C */ + +static int ssl_tls13_postprocess_finished_message( mbedtls_ssl_context *ssl ) +{ + +#if defined(MBEDTLS_SSL_CLI_C) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + { + return( ssl_tls13_postprocess_server_finished_message( ssl ) ); + } +#else + ((void) ssl); +#endif /* MBEDTLS_SSL_CLI_C */ + + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +} + +int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char *buf; + size_t buflen; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished message" ) ); + + /* Preprocessing step: Compute handshake digest */ + MBEDTLS_SSL_PROC_CHK( ssl_tls13_preprocess_finished_message( ssl ) ); + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl, + MBEDTLS_SSL_HS_FINISHED, + &buf, &buflen ) ); + MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_finished_message( ssl, buf, buf + buflen ) ); + mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( + ssl, MBEDTLS_SSL_HS_FINISHED, buf, buflen ); + MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_finished_message( ssl ) ); + +cleanup: + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished message" ) ); + return( ret ); +} + +/* + * + * STATE HANDLING: Write and send Finished message. + * + */ +/* + * Implement + */ + +static int ssl_tls13_prepare_finished_message( mbedtls_ssl_context *ssl ) +{ + int ret; + + /* Compute transcript of handshake up to now. */ + ret = mbedtls_ssl_tls13_calculate_verify_data( ssl, + ssl->handshake->state_local.finished_out.digest, + sizeof( ssl->handshake->state_local.finished_out.digest ), + &ssl->handshake->state_local.finished_out.digest_len, + ssl->conf->endpoint ); + + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "calculate_verify_data failed", ret ); + return( ret ); + } + + return( 0 ); +} + +static int ssl_tls13_finalize_finished_message( mbedtls_ssl_context *ssl ) +{ + // TODO: Add back resumption keys calculation after MVP. + ((void) ssl); + + return( 0 ); +} + +static int ssl_tls13_write_finished_message_body( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) +{ + size_t verify_data_len = ssl->handshake->state_local.finished_out.digest_len; + /* + * struct { + * opaque verify_data[Hash.length]; + * } Finished; + */ + MBEDTLS_SSL_CHK_BUF_PTR( buf, end, verify_data_len ); + + memcpy( buf, ssl->handshake->state_local.finished_out.digest, + verify_data_len ); + + *olen = verify_data_len; + return( 0 ); +} + +/* Main entry point: orchestrates the other functions */ +int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char *buf; + size_t buf_len, msg_len; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished message" ) ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_finished_message( ssl ) ); + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl, + MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len ) ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_finished_message_body( + ssl, buf, buf + buf_len, &msg_len ) ); + + mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED, + buf, msg_len ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_finished_message( ssl ) ); + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( ssl, + buf_len, msg_len ) ); + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_flush_output( ssl ) ); + +cleanup: + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished message" ) ); + return( ret ); +} + +void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ) +{ + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) ); + + /* + * Free the previous session and switch to the current one. + */ + if( ssl->session ) + { + mbedtls_ssl_session_free( ssl->session ); + mbedtls_free( ssl->session ); + } + ssl->session = ssl->session_negotiate; + ssl->session_negotiate = NULL; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) ); +} + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + +#endif /* MBEDTLS_SSL_TLS_C */ diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index f1c8a12d86..3ca28d56ec 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -21,14 +21,16 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) -#include "mbedtls/hkdf.h" -#include "ssl_misc.h" -#include "ssl_tls13_keys.h" -#include "mbedtls/debug.h" - #include #include +#include "mbedtls/hkdf.h" +#include "mbedtls/debug.h" +#include "mbedtls/error.h" + +#include "ssl_misc.h" +#include "ssl_tls13_keys.h" + #define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ .name = string, @@ -113,17 +115,17 @@ static void ssl_tls1_3_hkdf_encode_label( #endif *p++ = 0; - *p++ = (unsigned char)( ( desired_length >> 0 ) & 0xFF ); + *p++ = MBEDTLS_BYTE_0( desired_length ); /* Add label incl. prefix */ - *p++ = (unsigned char)( total_label_len & 0xFF ); + *p++ = MBEDTLS_BYTE_0( total_label_len ); memcpy( p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix) ); p += sizeof(tls1_3_label_prefix); memcpy( p, label, llen ); p += llen; /* Add context value */ - *p++ = (unsigned char)( clen & 0xFF ); + *p++ = MBEDTLS_BYTE_0( clen ); if( clen != 0 ) memcpy( p, ctx, clen ); @@ -562,6 +564,35 @@ int mbedtls_ssl_tls1_3_derive_resumption_master_secret( return( 0 ); } +int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; + mbedtls_md_type_t const md_type = handshake->ciphersuite_info->mac; +#if defined(MBEDTLS_DEBUG_C) + mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type ); + size_t const md_size = mbedtls_md_get_size( md_info ); +#endif /* MBEDTLS_DEBUG_C */ + + /* + * Compute MasterSecret + */ + ret = mbedtls_ssl_tls1_3_evolve_secret( md_type, + handshake->tls1_3_master_secrets.handshake, + NULL, 0, + handshake->tls1_3_master_secrets.app ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret ); + return( ret ); + } + + MBEDTLS_SSL_DEBUG_BUF( 4, "Master secret", + handshake->tls1_3_master_secrets.app, md_size ); + + return( 0 ); +} + static int ssl_tls1_3_calc_finished_core( mbedtls_md_type_t md_type, unsigned char const *base_key, unsigned char const *transcript, @@ -612,6 +643,57 @@ exit: return( ret ); } +int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, + unsigned char* dst, + size_t dst_len, + size_t *actual_len, + int from ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; + size_t transcript_len; + + unsigned char const *base_key = NULL; + + mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac; + const mbedtls_md_info_t* const md = mbedtls_md_info_from_type( md_type ); + size_t const md_size = mbedtls_md_get_size( md ); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_calculate_verify_data" ) ); + + if( dst_len < md_size ) + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + + ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type, + transcript, sizeof( transcript ), + &transcript_len ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_handshake_transcript", ret ); + goto exit; + } + MBEDTLS_SSL_DEBUG_BUF( 4, "handshake hash", transcript, transcript_len ); + + if( from == MBEDTLS_SSL_IS_CLIENT ) + base_key = ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret; + else + base_key = ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret; + + ret = ssl_tls1_3_calc_finished_core( md_type, base_key, transcript, dst ); + if( ret != 0 ) + goto exit; + *actual_len = md_size; + + MBEDTLS_SSL_DEBUG_BUF( 3, "verify_data for finished message", dst, md_size ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls13_calculate_verify_data" ) ); + +exit: + + mbedtls_platform_zeroize( transcript, sizeof( transcript ) ); + return( ret ); +} + int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl, const mbedtls_md_type_t md_type, unsigned char const *psk, size_t psk_len, @@ -699,4 +781,452 @@ exit: return( ret ); } +int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, + int endpoint, + int ciphersuite, + mbedtls_ssl_key_set const *traffic_keys, + mbedtls_ssl_context *ssl /* DEBUG ONLY */ ) +{ + int ret; + mbedtls_cipher_info_t const *cipher_info; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; + unsigned char const *key_enc; + unsigned char const *iv_enc; + unsigned char const *key_dec; + unsigned char const *iv_dec; + +#if !defined(MBEDTLS_DEBUG_C) + ssl = NULL; /* make sure we don't use it except for those cases */ + (void) ssl; +#endif + + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite ); + if( ciphersuite_info == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %d not found", + ciphersuite ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher ); + if( cipher_info == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found", + ciphersuite_info->cipher ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + /* + * Setup cipher contexts in target transform + */ + + if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc, + cipher_info ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); + return( ret ); + } + + if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec, + cipher_info ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); + return( ret ); + } + +#if defined(MBEDTLS_SSL_SRV_C) + if( endpoint == MBEDTLS_SSL_IS_SERVER ) + { + key_enc = traffic_keys->server_write_key; + key_dec = traffic_keys->client_write_key; + iv_enc = traffic_keys->server_write_iv; + iv_dec = traffic_keys->client_write_iv; + } + else +#endif /* MBEDTLS_SSL_SRV_C */ +#if defined(MBEDTLS_SSL_CLI_C) + if( endpoint == MBEDTLS_SSL_IS_CLIENT ) + { + key_enc = traffic_keys->client_write_key; + key_dec = traffic_keys->server_write_key; + iv_enc = traffic_keys->client_write_iv; + iv_dec = traffic_keys->server_write_iv; + } + else +#endif /* MBEDTLS_SSL_CLI_C */ + { + /* should not happen */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + memcpy( transform->iv_enc, iv_enc, traffic_keys->iv_len ); + memcpy( transform->iv_dec, iv_dec, traffic_keys->iv_len ); + + if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, + key_enc, cipher_info->key_bitlen, + MBEDTLS_ENCRYPT ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); + return( ret ); + } + + if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, + key_dec, cipher_info->key_bitlen, + MBEDTLS_DECRYPT ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); + return( ret ); + } + + /* + * Setup other fields in SSL transform + */ + + if( ( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ) != 0 ) + transform->taglen = 8; + else + transform->taglen = 16; + + transform->ivlen = traffic_keys->iv_len; + transform->maclen = 0; + transform->fixed_ivlen = transform->ivlen; + transform->minor_ver = MBEDTLS_SSL_MINOR_VERSION_4; + + /* We add the true record content type (1 Byte) to the plaintext and + * then pad to the configured granularity. The mimimum length of the + * type-extended and padded plaintext is therefore the padding + * granularity. */ + transform->minlen = + transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY; + + return( 0 ); +} + +int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_md_type_t md_type; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; + + if( handshake->ciphersuite_info == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher suite info not found" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + md_type = handshake->ciphersuite_info->mac; + + ret = mbedtls_ssl_tls1_3_evolve_secret( md_type, NULL, NULL, 0, + handshake->tls1_3_master_secrets.early ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret ); + return( ret ); + } + + return( 0 ); +} + +/* mbedtls_ssl_tls13_generate_handshake_keys() generates keys necessary for + * protecting the handshake messages, as described in Section 7 of TLS 1.3. */ +int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, + mbedtls_ssl_key_set *traffic_keys ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + mbedtls_md_type_t md_type; + mbedtls_md_info_t const *md_info; + size_t md_size; + + unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; + size_t transcript_len; + + mbedtls_cipher_info_t const *cipher_info; + size_t keylen, ivlen; + + mbedtls_ssl_handshake_params *handshake = ssl->handshake; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info; + mbedtls_ssl_tls1_3_handshake_secrets *tls13_hs_secrets = &handshake->tls13_hs_secrets; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_generate_handshake_keys" ) ); + + cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher ); + keylen = cipher_info->key_bitlen >> 3; + ivlen = cipher_info->iv_size; + + md_type = ciphersuite_info->mac; + md_info = mbedtls_md_info_from_type( md_type ); + md_size = mbedtls_md_get_size( md_info ); + + ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type, + transcript, + sizeof( transcript ), + &transcript_len ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, + "mbedtls_ssl_get_handshake_transcript", + ret ); + return( ret ); + } + + ret = mbedtls_ssl_tls1_3_derive_handshake_secrets( md_type, + handshake->tls1_3_master_secrets.handshake, + transcript, transcript_len, tls13_hs_secrets ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_handshake_secrets", + ret ); + return( ret ); + } + + MBEDTLS_SSL_DEBUG_BUF( 4, "Client handshake traffic secret", + tls13_hs_secrets->client_handshake_traffic_secret, + md_size ); + MBEDTLS_SSL_DEBUG_BUF( 4, "Server handshake traffic secret", + tls13_hs_secrets->server_handshake_traffic_secret, + md_size ); + + /* + * Export client handshake traffic secret + */ + if( ssl->f_export_keys != NULL ) + { + ssl->f_export_keys( ssl->p_export_keys, + MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET, + tls13_hs_secrets->client_handshake_traffic_secret, + md_size, + handshake->randbytes + 32, + handshake->randbytes, + MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ ); + + ssl->f_export_keys( ssl->p_export_keys, + MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET, + tls13_hs_secrets->server_handshake_traffic_secret, + md_size, + handshake->randbytes + 32, + handshake->randbytes, + MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ ); + } + + ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type, + tls13_hs_secrets->client_handshake_traffic_secret, + tls13_hs_secrets->server_handshake_traffic_secret, + md_size, keylen, ivlen, traffic_keys ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret ); + goto exit; + } + + MBEDTLS_SSL_DEBUG_BUF( 4, "client_handshake write_key", + traffic_keys->client_write_key, + traffic_keys->key_len); + + MBEDTLS_SSL_DEBUG_BUF( 4, "server_handshake write_key", + traffic_keys->server_write_key, + traffic_keys->key_len); + + MBEDTLS_SSL_DEBUG_BUF( 4, "client_handshake write_iv", + traffic_keys->client_write_iv, + traffic_keys->iv_len); + + MBEDTLS_SSL_DEBUG_BUF( 4, "server_handshake write_iv", + traffic_keys->server_write_iv, + traffic_keys->iv_len); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls13_generate_handshake_keys" ) ); + +exit: + + return( ret ); +} + +int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; + mbedtls_md_type_t const md_type = handshake->ciphersuite_info->mac; + size_t ephemeral_len = 0; + unsigned char ecdhe[MBEDTLS_ECP_MAX_BYTES]; +#if defined(MBEDTLS_DEBUG_C) + mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type ); + size_t const md_size = mbedtls_md_get_size( md_info ); +#endif /* MBEDTLS_DEBUG_C */ + +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) + /* + * Compute ECDHE secret used to compute the handshake secret from which + * client_handshake_traffic_secret and server_handshake_traffic_secret + * are derived in the handshake secret derivation stage. + */ + if( mbedtls_ssl_tls1_3_ephemeral_enabled( ssl ) ) + { + if( mbedtls_ssl_tls13_named_group_is_ecdhe( handshake->offered_group_id ) ) + { +#if defined(MBEDTLS_ECDH_C) + ret = mbedtls_ecdh_calc_secret( &handshake->ecdh_ctx, + &ephemeral_len, ecdhe, sizeof( ecdhe ), + ssl->conf->f_rng, + ssl->conf->p_rng ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); + return( ret ); + } +#endif /* MBEDTLS_ECDH_C */ + } + else if( mbedtls_ssl_tls13_named_group_is_dhe( handshake->offered_group_id ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHE not supported." ) ); + return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + } + } +#else + return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */ + + /* + * Compute the Handshake Secret + */ + ret = mbedtls_ssl_tls1_3_evolve_secret( md_type, + handshake->tls1_3_master_secrets.early, + ecdhe, ephemeral_len, + handshake->tls1_3_master_secrets.handshake ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret ); + return( ret ); + } + + MBEDTLS_SSL_DEBUG_BUF( 4, "Handshake secret", + handshake->tls1_3_master_secrets.handshake, md_size ); + +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) + mbedtls_platform_zeroize( ecdhe, sizeof( ecdhe ) ); +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */ + return( 0 ); +} + +/* Generate application traffic keys since any records following a 1-RTT Finished message + * MUST be encrypted under the application traffic key. + */ +int mbedtls_ssl_tls13_generate_application_keys( + mbedtls_ssl_context *ssl, + mbedtls_ssl_key_set *traffic_keys ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; + + /* Address at which to store the application secrets */ + mbedtls_ssl_tls1_3_application_secrets * const app_secrets = + &ssl->session_negotiate->app_secrets; + + /* Holding the transcript up to and including the ServerFinished */ + unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; + size_t transcript_len; + + /* Variables relating to the hash for the chosen ciphersuite. */ + mbedtls_md_type_t md_type; + mbedtls_md_info_t const *md_info; + size_t md_size; + + /* Variables relating to the cipher for the chosen ciphersuite. */ + mbedtls_cipher_info_t const *cipher_info; + size_t keylen, ivlen; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive application traffic keys" ) ); + + /* Extract basic information about hash and ciphersuite */ + + cipher_info = mbedtls_cipher_info_from_type( + handshake->ciphersuite_info->cipher ); + keylen = cipher_info->key_bitlen / 8; + ivlen = cipher_info->iv_size; + + md_type = handshake->ciphersuite_info->mac; + md_info = mbedtls_md_info_from_type( md_type ); + md_size = mbedtls_md_get_size( md_info ); + + /* Compute current handshake transcript. It's the caller's responsiblity + * to call this at the right time, that is, after the ServerFinished. */ + + ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type, + transcript, sizeof( transcript ), + &transcript_len ); + if( ret != 0 ) + goto cleanup; + + /* Compute application secrets from master secret and transcript hash. */ + + ret = mbedtls_ssl_tls1_3_derive_application_secrets( md_type, + handshake->tls1_3_master_secrets.app, + transcript, transcript_len, + app_secrets ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, + "mbedtls_ssl_tls1_3_derive_application_secrets", ret ); + goto cleanup; + } + + /* Derive first epoch of IV + Key for application traffic. */ + + ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type, + app_secrets->client_application_traffic_secret_N, + app_secrets->server_application_traffic_secret_N, + md_size, keylen, ivlen, traffic_keys ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret ); + goto cleanup; + } + + MBEDTLS_SSL_DEBUG_BUF( 4, "Client application traffic secret", + app_secrets->client_application_traffic_secret_N, + md_size ); + + MBEDTLS_SSL_DEBUG_BUF( 4, "Server application traffic secret", + app_secrets->server_application_traffic_secret_N, + md_size ); + + /* + * Export client/server application traffic secret 0 + */ + if( ssl->f_export_keys != NULL ) + { + ssl->f_export_keys( ssl->p_export_keys, + MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET, + app_secrets->client_application_traffic_secret_N, md_size, + handshake->randbytes + 32, + handshake->randbytes, + MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by + a new constant for TLS 1.3! */ ); + + ssl->f_export_keys( ssl->p_export_keys, + MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET, + app_secrets->server_application_traffic_secret_N, md_size, + handshake->randbytes + 32, + handshake->randbytes, + MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by + a new constant for TLS 1.3! */ ); + } + + MBEDTLS_SSL_DEBUG_BUF( 4, "client application_write_key:", + traffic_keys->client_write_key, keylen ); + MBEDTLS_SSL_DEBUG_BUF( 4, "server application write key", + traffic_keys->server_write_key, keylen ); + MBEDTLS_SSL_DEBUG_BUF( 4, "client application write IV", + traffic_keys->client_write_iv, ivlen ); + MBEDTLS_SSL_DEBUG_BUF( 4, "server application write IV", + traffic_keys->server_write_iv, ivlen ); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive application traffic keys" ) ); + + cleanup: + + mbedtls_platform_zeroize( transcript, sizeof( transcript ) ); + return( ret ); +} + #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 3b96998aed..d598448b5e 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -22,25 +22,27 @@ /* This requires MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) to be defined at * the point of use. See e.g. the definition of mbedtls_ssl_tls1_3_labels_union * below. */ -#define MBEDTLS_SSL_TLS1_3_LABEL_LIST \ - MBEDTLS_SSL_TLS1_3_LABEL( finished , "finished" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( resumption , "resumption" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( traffic_upd , "traffic upd" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( exporter , "exporter" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( key , "key" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( iv , "iv" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( c_hs_traffic, "c hs traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( c_ap_traffic, "c ap traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( c_e_traffic , "c e traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( s_hs_traffic, "s hs traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( s_ap_traffic, "s ap traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( s_e_traffic , "s e traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( e_exp_master, "e exp master" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( res_master , "res master" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( exp_master , "exp master" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( ext_binder , "ext binder" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( res_binder , "res binder" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( derived , "derived" ) +#define MBEDTLS_SSL_TLS1_3_LABEL_LIST \ + MBEDTLS_SSL_TLS1_3_LABEL( finished , "finished" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( resumption , "resumption" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( traffic_upd , "traffic upd" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( exporter , "exporter" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( key , "key" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( iv , "iv" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( c_hs_traffic, "c hs traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( c_ap_traffic, "c ap traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( c_e_traffic , "c e traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( s_hs_traffic, "s hs traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( s_ap_traffic, "s ap traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( s_e_traffic , "s e traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( e_exp_master, "e exp master" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( res_master , "res master" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( exp_master , "exp master" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( ext_binder , "ext binder" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( res_binder , "res binder" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( derived , "derived" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( client_cv , "TLS 1.3, client CertificateVerify" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( server_cv , "TLS 1.3, server CertificateVerify" ) #define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ const unsigned char name [ sizeof(string) - 1 ]; @@ -57,9 +59,12 @@ struct mbedtls_ssl_tls1_3_labels_struct extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels; +#define MBEDTLS_SSL_TLS1_3_LBL_LEN( LABEL ) \ + sizeof(mbedtls_ssl_tls1_3_labels.LABEL) + #define MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( LABEL ) \ mbedtls_ssl_tls1_3_labels.LABEL, \ - sizeof(mbedtls_ssl_tls1_3_labels.LABEL) + MBEDTLS_SSL_TLS1_3_LBL_LEN( LABEL ) #define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN \ sizeof( union mbedtls_ssl_tls1_3_labels_union ) @@ -70,27 +75,6 @@ extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels; #define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN \ MBEDTLS_MD_MAX_SIZE -typedef struct -{ - unsigned char binder_key [ MBEDTLS_MD_MAX_SIZE ]; - unsigned char client_early_traffic_secret [ MBEDTLS_MD_MAX_SIZE ]; - unsigned char early_exporter_master_secret[ MBEDTLS_MD_MAX_SIZE ]; -} mbedtls_ssl_tls1_3_early_secrets; - -typedef struct -{ - unsigned char client_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ]; - unsigned char server_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ]; -} mbedtls_ssl_tls1_3_handshake_secrets; - -typedef struct -{ - unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ]; - unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ]; - unsigned char exporter_master_secret [ MBEDTLS_MD_MAX_SIZE ]; - unsigned char resumption_master_secret [ MBEDTLS_MD_MAX_SIZE ]; -} mbedtls_ssl_tls1_3_application_secrets; - /* Maximum desired length for expanded key material generated * by HKDF-Expand-Label. * @@ -498,4 +482,153 @@ int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl, unsigned char const *transcript, unsigned char *result ); +/** + * \bref Setup an SSL transform structure representing the + * record protection mechanism used by TLS 1.3 + * + * \param transform The SSL transform structure to be created. This must have + * been initialized through mbedtls_ssl_transform_init() and + * not used in any other way prior to calling this function. + * In particular, this function does not clean up the + * transform structure prior to installing the new keys. + * \param endpoint Indicates whether the transform is for the client + * (value #MBEDTLS_SSL_IS_CLIENT) or the server + * (value #MBEDTLS_SSL_IS_SERVER). + * \param ciphersuite The numerical identifier for the ciphersuite to use. + * This must be one of the identifiers listed in + * ssl_ciphersuites.h. + * \param traffic_keys The key material to use. No reference is stored in + * the SSL transform being generated, and the caller + * should destroy the key material afterwards. + * \param ssl (Debug-only) The SSL context to use for debug output + * in case of failure. This parameter is only needed if + * #MBEDTLS_DEBUG_C is set, and is ignored otherwise. + * + * \return \c 0 on success. In this case, \p transform is ready to + * be used with mbedtls_ssl_transform_decrypt() and + * mbedtls_ssl_transform_encrypt(). + * \return A negative error code on failure. + */ +int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, + int endpoint, + int ciphersuite, + mbedtls_ssl_key_set const *traffic_keys, + mbedtls_ssl_context *ssl ); + +/* + * TLS 1.3 key schedule evolutions + * + * Early -> Handshake -> Application + * + * Small wrappers around mbedtls_ssl_tls1_3_evolve_secret(). + */ + +/** + * \brief Begin TLS 1.3 key schedule by calculating early secret. + * + * The TLS 1.3 key schedule can be viewed as a simple state machine + * with states Initial -> Early -> Handshake -> Application, and + * this function represents the Initial -> Early transition. + * + * \param ssl The SSL context to operate on. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ +int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl ); + +/** + * \brief Transition into handshake stage of TLS 1.3 key schedule. + * + * The TLS 1.3 key schedule can be viewed as a simple state machine + * with states Initial -> Early -> Handshake -> Application, and + * this function represents the Early -> Handshake transition. + * + * In the handshake stage, mbedtls_ssl_tls13_generate_handshake_keys() + * can be used to derive the handshake traffic keys. + * + * \param ssl The SSL context to operate on. This must be in key schedule + * stage \c Early. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ +int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl ); + +/** + * \brief Compute TLS 1.3 handshake traffic keys. + * + * \param ssl The SSL context to operate on. This must be in + * key schedule stage \c Handshake, see + * mbedtls_ssl_tls13_key_schedule_stage_handshake(). + * \param traffic_keys The address at which to store the handshake traffic key + * keys. This must be writable but may be uninitialized. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ +int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, + mbedtls_ssl_key_set *traffic_keys ); + +/** + * \brief Transition into application stage of TLS 1.3 key schedule. + * + * The TLS 1.3 key schedule can be viewed as a simple state machine + * with states Initial -> Early -> Handshake -> Application, and + * this function represents the Handshake -> Application transition. + * + * In the handshake stage, mbedtls_ssl_tls13_generate_application_keys() + * can be used to derive the handshake traffic keys. + * + * \param ssl The SSL context to operate on. This must be in key schedule + * stage \c Handshake. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ +int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl ); + +/** + * \brief Compute TLS 1.3 application traffic keys. + * + * \param ssl The SSL context to operate on. This must be in + * key schedule stage \c Application, see + * mbedtls_ssl_tls13_key_schedule_stage_application(). + * \param traffic_keys The address at which to store the application traffic key + * keys. This must be writable but may be uninitialized. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ +int mbedtls_ssl_tls13_generate_application_keys( + mbedtls_ssl_context* ssl, mbedtls_ssl_key_set *traffic_keys ); + +/** + * \brief Calculate the verify_data value for the client or server TLS 1.3 + * Finished message. + * + * \param ssl The SSL context to operate on. This must be in + * key schedule stage \c Handshake, see + * mbedtls_ssl_tls13_key_schedule_stage_application(). + * \param dst The address at which to write the verify_data value. + * \param dst_len The size of \p dst in bytes. + * \param actual_len The address at which to store the amount of data + * actually written to \p dst upon success. + * \param which The message to calculate the `verify_data` for: + * - #MBEDTLS_SSL_IS_CLIENT for the Client's Finished message + * - #MBEDTLS_SSL_IS_SERVER for the Server's Finished message + * + * \note Both client and server call this function twice, once to + * generate their own Finished message, and once to verify the + * peer's Finished message. + + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ +int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context *ssl, + unsigned char *dst, + size_t dst_len, + size_t *actual_len, + int which ); + #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index a56727741b..86f44cb65f 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -23,11 +23,15 @@ #if defined(MBEDTLS_SSL_SRV_C) +#include "mbedtls/debug.h" + #include "ssl_misc.h" -int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) { ((void) ssl); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 server state: %d", ssl->state ) ); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } diff --git a/library/x509write_crt.c b/library/x509write_crt.c index c8169f1feb..17b3e7966b 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -251,8 +251,7 @@ int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx, return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); c = buf + 5; - ku[0] = (unsigned char)( key_usage ); - ku[1] = (unsigned char)( key_usage >> 8 ); + MBEDTLS_PUT_UINT16_LE( key_usage, ku, 0 ); ret = mbedtls_asn1_write_named_bitstring( &c, buf, ku, 9 ); if( ret < 0 ) diff --git a/programs/.gitignore b/programs/.gitignore index 83521a792b..deb104a401 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -56,6 +56,7 @@ ssl/ssl_server ssl/ssl_server2 test/benchmark test/cpp_dummy_build +test/cpp_dummy_build.cpp test/ecp-bench test/query_compile_time_config test/selftest @@ -68,6 +69,7 @@ x509/cert_app x509/cert_req x509/cert_write x509/crl_app +x509/load_roots x509/req_app # Generated data files diff --git a/programs/Makefile b/programs/Makefile index 55ebd601a9..7f9d11e80d 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -110,6 +110,7 @@ APPS = \ x509/cert_req \ x509/cert_write \ x509/crl_app \ + x509/load_roots \ x509/req_app \ # End of APPS @@ -335,6 +336,10 @@ test/benchmark$(EXEXT): test/benchmark.c $(DEP) echo " CC test/benchmark.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/benchmark.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/cpp_dummy_build.cpp: test/generate_cpp_dummy_build.sh + echo " Gen test/cpp_dummy_build.cpp" + test/generate_cpp_dummy_build.sh + test/cpp_dummy_build$(EXEXT): test/cpp_dummy_build.cpp $(DEP) echo " CXX test/cpp_dummy_build.cpp" $(CXX) $(LOCAL_CXXFLAGS) $(CXXFLAGS) test/cpp_dummy_build.cpp $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -383,6 +388,10 @@ x509/cert_req$(EXEXT): x509/cert_req.c $(DEP) echo " CC x509/cert_req.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/cert_req.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +x509/load_roots$(EXEXT): x509/load_roots.c $(DEP) + echo " CC x509/load_roots.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/load_roots.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + x509/req_app$(EXEXT): x509/req_app.c $(DEP) echo " CC x509/req_app.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/req_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -395,10 +404,11 @@ clean: ifndef WINDOWS rm -f $(EXES) -rm -f ssl/ssl_pthread_server$(EXEXT) - -rm -f test/cpp_dummy_build$(EXEXT) + -rm -f test/cpp_dummy_build.cpp test/cpp_dummy_build$(EXEXT) else if exist *.o del /Q /F *.o if exist *.exe del /Q /F *.exe + if exist test\cpp_dummy_build.cpp del /Q /F test\cpp_dummy_build.cpp endif $(MAKE) -C fuzz clean diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index a8026a3353..5ed2ece702 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -124,7 +124,7 @@ int main( int argc, char *argv[] ) while( *list ) { cipher_info = mbedtls_cipher_info_from_type( *list ); - mbedtls_printf( " %s\n", cipher_info->MBEDTLS_PRIVATE(name) ); + mbedtls_printf( " %s\n", mbedtls_cipher_info_get_name( cipher_info ) ); list++; } @@ -309,7 +309,9 @@ int main( int argc, char *argv[] ) } - if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->MBEDTLS_PRIVATE(key_bitlen), + if( mbedtls_cipher_setkey( &cipher_ctx, + digest, + (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ), MBEDTLS_ENCRYPT ) != 0 ) { mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n"); @@ -408,7 +410,7 @@ int main( int argc, char *argv[] ) /* * Check the file size. */ - if( cipher_info->MBEDTLS_PRIVATE(mode) != MBEDTLS_MODE_GCM && + if( mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_GCM && ( ( filesize - mbedtls_md_get_size( md_info ) ) % mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 ) { @@ -448,7 +450,9 @@ int main( int argc, char *argv[] ) mbedtls_md_finish( &md_ctx, digest ); } - if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->MBEDTLS_PRIVATE(key_bitlen), + if( mbedtls_cipher_setkey( &cipher_ctx, + digest, + (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ), MBEDTLS_DECRYPT ) != 0 ) { mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n" ); diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index eccb42ad83..d633e4d1b8 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -270,7 +270,9 @@ int main( void ) mbedtls_printf( "...\n . Receiving and decrypting the ciphertext" ); fflush( stdout ); - mbedtls_aes_setkey_dec( &aes, buf, 256 ); + ret = mbedtls_aes_setkey_dec( &aes, buf, 256 ); + if( ret != 0 ) + goto exit; memset( buf, 0, sizeof( buf ) ); @@ -280,7 +282,9 @@ int main( void ) goto exit; } - mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_DECRYPT, buf, buf ); + ret = mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_DECRYPT, buf, buf ); + if( ret != 0 ) + goto exit; buf[16] = '\0'; mbedtls_printf( "\n . Plaintext is \"%s\"\n\n", (char *) buf ); diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 0ddb85cf83..75713ff58d 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -290,9 +290,13 @@ int main( void ) mbedtls_printf( "...\n . Encrypting and sending the ciphertext" ); fflush( stdout ); - mbedtls_aes_setkey_enc( &aes, buf, 256 ); + ret = mbedtls_aes_setkey_enc( &aes, buf, 256 ); + if( ret != 0 ) + goto exit; memcpy( buf, PLAINTEXT, 16 ); - mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_ENCRYPT, buf, buf ); + ret = mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_ENCRYPT, buf, buf ); + if( ret != 0 ) + goto exit; if( ( ret = mbedtls_net_send( &client_fd, buf, 16 ) ) != 16 ) { diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index 6b6e9517d4..550a230e8f 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -51,7 +51,7 @@ #define ECPARAMS MBEDTLS_ECP_DP_SECP192R1 #if !defined(ECPARAMS) -#define ECPARAMS mbedtls_ecp_curve_list()->MBEDTLS_PRIVATE(grp_id) +#define ECPARAMS mbedtls_ecp_curve_list()->grp_id #endif #if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \ diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 4043dfa6e0..7535eee3f3 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -86,7 +86,7 @@ int dev_random_entropy_poll( void *data, unsigned char *output, #endif #if defined(MBEDTLS_ECP_C) -#define DFL_EC_CURVE mbedtls_ecp_curve_list()->MBEDTLS_PRIVATE(grp_id) +#define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id #else #define DFL_EC_CURVE 0 #endif @@ -219,9 +219,9 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_ECP_C) mbedtls_printf( " available ec_curve values:\n" ); curve_info = mbedtls_ecp_curve_list(); - mbedtls_printf( " %s (default)\n", curve_info->MBEDTLS_PRIVATE(name) ); - while( ( ++curve_info )->MBEDTLS_PRIVATE(name) != NULL ) - mbedtls_printf( " %s\n", curve_info->MBEDTLS_PRIVATE(name) ); + mbedtls_printf( " %s (default)\n", curve_info->name ); + while( ( ++curve_info )->name != NULL ) + mbedtls_printf( " %s\n", curve_info->name ); #endif /* MBEDTLS_ECP_C */ goto exit; } @@ -270,7 +270,7 @@ int main( int argc, char *argv[] ) { if( ( curve_info = mbedtls_ecp_curve_info_from_name( q ) ) == NULL ) goto usage; - opt.ec_curve = curve_info->MBEDTLS_PRIVATE(grp_id); + opt.ec_curve = curve_info->grp_id; } #endif else if( strcmp( p, "filename" ) == 0 ) @@ -391,7 +391,7 @@ int main( int argc, char *argv[] ) { mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key ); mbedtls_printf( "curve: %s\n", - mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).id )->MBEDTLS_PRIVATE(name) ); + mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).id )->name ); mbedtls_mpi_write_file( "X_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL ); mbedtls_mpi_write_file( "Y_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL ); mbedtls_mpi_write_file( "D: ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL ); diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 8a09af5125..ed6addfef8 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -202,7 +202,9 @@ int main( int argc, char *argv[] ) { int ret = 1; int exit_code = MBEDTLS_EXIT_FAILURE; - char buf[1024]; +#if defined(MBEDTLS_ERROR_C) + char buf[200]; +#endif int i; char *p, *q; @@ -220,7 +222,9 @@ int main( int argc, char *argv[] ) mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_pk_init( &key ); +#if defined(MBEDTLS_ERROR_C) memset( buf, 0, sizeof( buf ) ); +#endif mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); @@ -316,8 +320,7 @@ int main( int argc, char *argv[] ) mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { - mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); - mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x", (unsigned int) -ret ); goto exit; } @@ -377,8 +380,7 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { - mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); - mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_key returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_key returned -0x%04x", (unsigned int) -ret ); goto exit; } diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt index 23e85fea75..26ca73c185 100644 --- a/programs/psa/CMakeLists.txt +++ b/programs/psa/CMakeLists.txt @@ -4,6 +4,25 @@ set(executables psa_constant_names ) +if(GEN_FILES) + add_custom_command( + OUTPUT + ${CMAKE_CURRENT_BINARY_DIR}/psa_constant_names_generated.c + COMMAND + ${MBEDTLS_PYTHON_EXECUTABLE} + ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_psa_constants.py + ${CMAKE_CURRENT_BINARY_DIR} + WORKING_DIRECTORY + ${CMAKE_CURRENT_SOURCE_DIR}/../.. + DEPENDS + ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_psa_constants.py + ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_values.h + ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_extra.h + ) +else() + link_to_source(psa_constant_names_generated.c) +endif() + foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${mbedcrypto_target}) @@ -11,6 +30,11 @@ foreach(exe IN LISTS executables) endforeach() target_include_directories(psa_constant_names PRIVATE ${CMAKE_CURRENT_BINARY_DIR}) +if(GEN_FILES) + add_custom_target(generate_psa_constant_names_generated_c + DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/psa_constant_names_generated.c) + add_dependencies(psa_constant_names generate_psa_constant_names_generated_c) +endif() install(TARGETS ${executables} DESTINATION "bin" diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index def9c7cf6c..280bbcf3d2 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -18,23 +18,38 @@ set(executables ssl_server2 ) +if(GEN_FILES) + # Inform CMake that the following file will be generated as part of the build + # process, so it doesn't complain that it doesn't exist yet. Starting from + # CMake 3.20, this will no longer be necessary as CMake will automatically + # propagate this information across the tree, for now it's only visible + # inside the same directory, so we need to propagate manually. + set_source_files_properties( + ${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c + PROPERTIES GENERATED TRUE) +endif() + foreach(exe IN LISTS executables) set(extra_sources "") if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2") list(APPEND extra_sources - ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c) + ssl_test_lib.c + ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.h + ${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c) endif() add_executable(${exe} ${exe}.c $ ${extra_sources}) target_link_libraries(${exe} ${libs}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) + if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2") + if(GEN_FILES) + add_dependencies(${exe} generate_query_config_c) + endif() + target_include_directories(${exe} + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../test) + endif() endforeach() -set_property(TARGET ssl_client2 APPEND PROPERTY SOURCES - ssl_test_lib.c ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c) -set_property(TARGET ssl_server2 APPEND PROPERTY SOURCES - ssl_test_lib.c ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c) - if(THREADS_FOUND) add_executable(ssl_pthread_server ssl_pthread_server.c $) target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index f2570490f5..5d1cccbe64 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -226,7 +226,7 @@ int main( void ) mbedtls_ssl_cache_set ); #endif - mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL ); + mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 ) { printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 1e0bef6b1c..97bfe68061 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -246,13 +246,13 @@ int main( void ) addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE; ret = 0; - if( ( server_fd.MBEDTLS_PRIVATE(fd) = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 ) + if( ( server_fd.fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 ) { ret = socket_failed; goto exit; } - if( connect( server_fd.MBEDTLS_PRIVATE(fd), + if( connect( server_fd.fd, (const struct sockaddr *) &addr, sizeof( addr ) ) < 0 ) { ret = connect_failed; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 86c314c35d..cb299b159e 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -21,6 +21,10 @@ #include "ssl_test_lib.h" +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "test/psa_crypto_helpers.h" +#endif + #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) int main( void ) { @@ -65,6 +69,7 @@ int main( void ) #define DFL_ECJPAKE_PW NULL #define DFL_EC_MAX_OPS -1 #define DFL_FORCE_CIPHER 0 +#define DFL_TLS13_KEX_MODES MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL #define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED #define DFL_ALLOW_LEGACY -2 #define DFL_RENEGOTIATE 0 @@ -88,6 +93,7 @@ int main( void ) #define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED #define DFL_ALPN_STRING NULL #define DFL_CURVES NULL +#define DFL_SIG_ALGS NULL #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM #define DFL_HS_TO_MIN 0 #define DFL_HS_TO_MAX 0 @@ -205,7 +211,6 @@ int main( void ) #define USAGE_TICKETS "" #endif /* MBEDTLS_SSL_SESSION_TICKETS */ -#if defined(MBEDTLS_SSL_EXPORT_KEYS) #define USAGE_EAP_TLS \ " eap_tls=%%d default: 0 (disabled)\n" #define USAGE_NSS_KEYLOG \ @@ -228,12 +233,6 @@ int main( void ) #else /* MBEDTLS_SSL_DTLS_SRTP */ #define USAGE_SRTP "" #endif -#else /* MBEDTLS_SSL_EXPORT_KEYS */ -#define USAGE_EAP_TLS "" -#define USAGE_NSS_KEYLOG "" -#define USAGE_NSS_KEYLOG_FILE "" -#define USAGE_SRTP "" -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #define USAGE_MAX_FRAG_LEN \ @@ -269,6 +268,15 @@ int main( void ) #define USAGE_CURVES "" #endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \ + defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#define USAGE_SIG_ALGS \ + " sig_algs=a,b,c,d default: \"default\" (library default)\n" \ + " example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n" +#else +#define USAGE_SIG_ALGS "" +#endif + #if defined(MBEDTLS_SSL_PROTO_DTLS) #define USAGE_DTLS \ " dtls=%%d default: 0 (TLS)\n" \ @@ -335,6 +343,14 @@ int main( void ) #define USAGE_SERIALIZATION "" #endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) +#define USAGE_TLS13_KEY_EXCHANGE_MODES \ + " tls13_kex_modes=%%s default: all\n" \ + " options: psk, psk_ephemeral, ephemeral, ephemeral_all, psk_all, all\n" +#else +#define USAGE_TLS13_KEY_EXCHANGE_MODES "" +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + /* USAGE is arbitrarily split to stay under the portable string literal * length limit: 4095 bytes in C99. */ #define USAGE1 \ @@ -393,6 +409,7 @@ int main( void ) USAGE_ETM \ USAGE_REPRODUCIBLE \ USAGE_CURVES \ + USAGE_SIG_ALGS \ USAGE_DHMLEN \ "\n" @@ -403,23 +420,24 @@ int main( void ) #endif /* !MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #define USAGE4 \ - " allow_sha1=%%d default: 0\n" \ - " min_version=%%s default: (library default: tls1_2)\n" \ - " max_version=%%s default: (library default: tls1_2)\n" \ - " force_version=%%s default: \"\" (none)\n" \ + " allow_sha1=%%d default: 0\n" \ + " min_version=%%s default: (library default: tls1_2)\n" \ + " max_version=%%s default: (library default: tls1_2)\n" \ + " force_version=%%s default: \"\" (none)\n" \ " options: tls1_2, dtls1_2" TLS1_3_VERSION_OPTIONS \ - "\n\n" \ - " force_ciphersuite= default: all enabled\n"\ - " query_config= return 0 if the specified\n" \ + "\n\n" \ + " force_ciphersuite= default: all enabled\n" \ + USAGE_TLS13_KEY_EXCHANGE_MODES \ + " query_config= return 0 if the specified\n" \ " configuration macro is defined and 1\n" \ " otherwise. The expansion of the macro\n" \ - " is printed if it is defined\n" \ - USAGE_SERIALIZATION \ + " is printed if it is defined\n" \ + USAGE_SERIALIZATION \ " acceptable ciphersuite names:\n" -#define ALPN_LIST_SIZE 10 -#define CURVE_LIST_SIZE 20 - +#define ALPN_LIST_SIZE 10 +#define CURVE_LIST_SIZE 20 +#define SIG_ALG_LIST_SIZE 5 /* * global options @@ -453,6 +471,9 @@ struct options const char *ecjpake_pw; /* the EC J-PAKE password */ int ec_max_ops; /* EC consecutive operations limit */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ int renegotiation; /* enable / disable renegotiation */ int allow_legacy; /* allow legacy renegotiation */ int renegotiate; /* attempt renegotiation? */ @@ -472,6 +493,7 @@ struct options int reconnect_hard; /* unexpectedly reconnect from the same port */ int tickets; /* enable / disable session tickets */ const char *curves; /* list of supported elliptic curves */ + const char *sig_algs; /* supported TLS 1.3 signature algorithms */ const char *alpn_string; /* ALPN supported protocols */ int transport; /* TLS or DTLS? */ uint32_t hs_to_min; /* Initial value of DTLS handshake timer */ @@ -631,6 +653,12 @@ int main( int argc, char *argv[] ) mbedtls_net_context server_fd; io_ctx_t io_ctx; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \ + defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + uint16_t sig_alg_list[SIG_ALG_LIST_SIZE]; +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL && + MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + unsigned char buf[MAX_REQUEST_SIZE + 1]; #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) @@ -654,7 +682,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_ECP_C) - mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE]; + uint16_t group_list[CURVE_LIST_SIZE]; const mbedtls_ecp_curve_info *curve_cur; #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) @@ -698,7 +726,6 @@ int main( int argc, char *argv[] ) unsigned char *context_buf = NULL; size_t context_buf_len; #endif -#if defined(MBEDTLS_SSL_EXPORT_KEYS) unsigned char eap_tls_keymaterial[16]; unsigned char eap_tls_iv[8]; const char* eap_tls_label = "client EAP encryption"; @@ -716,7 +743,6 @@ int main( int argc, char *argv[] ) MBEDTLS_TLS_SRTP_UNSET }; #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) ); @@ -814,6 +840,9 @@ int main( int argc, char *argv[] ) opt.ecjpake_pw = DFL_ECJPAKE_PW; opt.ec_max_ops = DFL_EC_MAX_OPS; opt.force_ciphersuite[0]= DFL_FORCE_CIPHER; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + opt.tls13_kex_modes = DFL_TLS13_KEX_MODES; +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ opt.renegotiation = DFL_RENEGOTIATION; opt.allow_legacy = DFL_ALLOW_LEGACY; opt.renegotiate = DFL_RENEGOTIATE; @@ -833,6 +862,7 @@ int main( int argc, char *argv[] ) opt.tickets = DFL_TICKETS; opt.alpn_string = DFL_ALPN_STRING; opt.curves = DFL_CURVES; + opt.sig_algs = DFL_SIG_ALGS; opt.transport = DFL_TRANSPORT; opt.hs_to_min = DFL_HS_TO_MIN; opt.hs_to_max = DFL_HS_TO_MAX; @@ -1063,6 +1093,12 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "curves" ) == 0 ) opt.curves = q; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \ + defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + else if( strcmp( p, "sig_algs" ) == 0 ) + opt.sig_algs = q; +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL && + MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ else if( strcmp( p, "etm" ) == 0 ) { switch( atoi( q ) ) @@ -1072,6 +1108,24 @@ int main( int argc, char *argv[] ) default: goto usage; } } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + else if( strcmp( p, "tls13_kex_modes" ) == 0 ) + { + if( strcmp( q, "psk" ) == 0 ) + opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK; + else if( strcmp(q, "psk_ephemeral" ) == 0 ) + opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; + else if( strcmp(q, "ephemeral" ) == 0 ) + opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL; + else if( strcmp(q, "ephemeral_all" ) == 0 ) + opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL; + else if( strcmp( q, "psk_all" ) == 0 ) + opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL; + else if( strcmp( q, "all" ) == 0 ) + opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL; + else goto usage; + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ else if( strcmp( p, "min_version" ) == 0 ) { if( strcmp( q, "tls1_2" ) == 0 || @@ -1402,7 +1456,7 @@ int main( int argc, char *argv[] ) if( strcmp( p, "none" ) == 0 ) { - curve_list[0] = MBEDTLS_ECP_DP_NONE; + group_list[0] = 0; } else if( strcmp( p, "default" ) != 0 ) { @@ -1419,7 +1473,7 @@ int main( int argc, char *argv[] ) if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL ) { - curve_list[i++] = curve_cur->grp_id; + group_list[i++] = curve_cur->tls_id; } else { @@ -1445,11 +1499,65 @@ int main( int argc, char *argv[] ) goto exit; } - curve_list[i] = MBEDTLS_ECP_DP_NONE; + group_list[i] = 0; } } #endif /* MBEDTLS_ECP_C */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \ + defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + if( opt.sig_algs != NULL ) + { + p = (char *) opt.sig_algs; + i = 0; + + /* Leave room for a final MBEDTLS_TLS13_SIG_NONE in signature algorithm list (sig_alg_list). */ + while( i < SIG_ALG_LIST_SIZE - 1 && *p != '\0' ) + { + q = p; + + /* Terminate the current string */ + while( *p != ',' && *p != '\0' ) + p++; + if( *p == ',' ) + *p++ = '\0'; + + if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256; + } + else if( strcmp( q, "ecdsa_secp384r1_sha384" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384; + } + else if( strcmp( q, "ecdsa_secp521r1_sha512" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512; + } + else + { + mbedtls_printf( "unknown signature algorithm %s\n", q ); + mbedtls_printf( "supported signature algorithms: " ); + mbedtls_printf( "ecdsa_secp256r1_sha256 " ); + mbedtls_printf( "ecdsa_secp384r1_sha384 " ); + mbedtls_printf( "ecdsa_secp521r1_sha512 " ); + mbedtls_printf( "\n" ); + goto exit; + } + } + + if( i == ( SIG_ALG_LIST_SIZE - 1 ) && *p != '\0' ) + { + mbedtls_printf( "signature algorithm list too long, maximum %d", + SIG_ALG_LIST_SIZE - 1 ); + goto exit; + } + + sig_alg_list[i] = MBEDTLS_TLS13_SIG_NONE; + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL && + MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + #if defined(MBEDTLS_SSL_ALPN) if( opt.alpn_string != NULL ) { @@ -1579,7 +1687,7 @@ int main( int argc, char *argv[] ) if( opt.key_opaque != 0 ) { if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, - PSA_ALG_SHA_256 ) ) != 0 ) + PSA_ALG_ANY_HASH ) ) != 0 ) { mbedtls_printf( " failed\n ! " "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret ); @@ -1748,6 +1856,10 @@ int main( int argc, char *argv[] ) if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite ); +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + mbedtls_ssl_conf_tls13_key_exchange_modes( &conf, opt.tls13_kex_modes ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + if( opt.allow_legacy != DFL_ALLOW_LEGACY ) mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy ); #if defined(MBEDTLS_SSL_RENEGOTIATION) @@ -1781,10 +1893,15 @@ int main( int argc, char *argv[] ) if( opt.curves != NULL && strcmp( opt.curves, "default" ) != 0 ) { - mbedtls_ssl_conf_curves( &conf, curve_list ); + mbedtls_ssl_conf_groups( &conf, group_list ); } #endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + if( opt.sig_algs != NULL ) + mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) if( opt.psk_opaque != 0 ) @@ -1840,7 +1957,6 @@ int main( int argc, char *argv[] ) goto exit; } -#if defined(MBEDTLS_SSL_EXPORT_KEYS) if( opt.eap_tls != 0 ) { mbedtls_ssl_set_export_keys_cb( &ssl, eap_tls_key_derivation, @@ -1859,7 +1975,6 @@ int main( int argc, char *argv[] ) &dtls_srtp_keying ); } #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_X509_CRT_PARSE_C) if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 ) @@ -2047,7 +2162,6 @@ int main( int argc, char *argv[] ) } #endif -#if defined(MBEDTLS_SSL_EXPORT_KEYS) if( opt.eap_tls != 0 ) { size_t j = 0; @@ -2164,7 +2278,6 @@ int main( int argc, char *argv[] ) } } #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ if( opt.reconnect != 0 ) { mbedtls_printf(" . Saving session for reuse..." ); @@ -2906,6 +3019,19 @@ exit: mbedtls_net_free( &server_fd ); + mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); + mbedtls_ssl_session_free( &saved_session ); + + if( session_data != NULL ) + mbedtls_platform_zeroize( session_data, session_data_len ); + mbedtls_free( session_data ); +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) + if( context_buf != NULL ) + mbedtls_platform_zeroize( context_buf, context_buf_len ); + mbedtls_free( context_buf ); +#endif + #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_free( &clicert ); mbedtls_x509_crt_free( &cacert ); @@ -2936,23 +3062,25 @@ exit: #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_ssl_session_free( &saved_session ); - mbedtls_ssl_free( &ssl ); - mbedtls_ssl_config_free( &conf ); - rng_free( &rng ); - if( session_data != NULL ) - mbedtls_platform_zeroize( session_data, session_data_len ); - mbedtls_free( session_data ); -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if( context_buf != NULL ) - mbedtls_platform_zeroize( context_buf, context_buf_len ); - mbedtls_free( context_buf ); -#endif - #if defined(MBEDTLS_USE_PSA_CRYPTO) + const char* message = mbedtls_test_helper_is_psa_leaking(); + if( message ) + { + if( ret == 0 ) + ret = 1; + mbedtls_printf( "PSA memory leak detected: %s\n", message); + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto + * resources are freed by rng_free(). */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free( ); #endif + rng_free( &rng ); + #if defined(MBEDTLS_TEST_HOOKS) if( test_hooks_failure_detected( ) ) { diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 542a334606..694fc3b7ae 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -190,7 +190,7 @@ int main( void ) mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); - mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL ); + mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 ) { mbedtls_printf( " failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index ace657ceba..95557fb059 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -212,7 +212,7 @@ int main( void ) mbedtls_ssl_cache_set ); #endif - mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL ); + mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 83bd617c68..0e6f78b5de 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -65,6 +65,10 @@ int main( void ) #include #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "test/psa_crypto_helpers.h" +#endif + /* Size of memory to be allocated for the heap, when using the library's memory * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ #define MEMORY_HEAP_SIZE 120000 @@ -80,6 +84,7 @@ int main( void ) #define DFL_CA_PATH "" #define DFL_CRT_FILE "" #define DFL_KEY_FILE "" +#define DFL_KEY_OPAQUE 0 #define DFL_KEY_PWD "" #define DFL_CRT_FILE2 "" #define DFL_KEY_FILE2 "" @@ -95,6 +100,7 @@ int main( void ) #define DFL_ECJPAKE_PW NULL #define DFL_PSK_LIST NULL #define DFL_FORCE_CIPHER 0 +#define DFL_TLS13_KEX_MODES MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL #define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED #define DFL_ALLOW_LEGACY -2 #define DFL_RENEGOTIATE 0 @@ -119,6 +125,7 @@ int main( void ) #define DFL_SNI NULL #define DFL_ALPN_STRING NULL #define DFL_CURVES NULL +#define DFL_SIG_ALGS NULL #define DFL_DHM_FILE NULL #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM #define DFL_COOKIES 1 @@ -198,6 +205,13 @@ int main( void ) #else #define USAGE_IO "" #endif /* MBEDTLS_X509_CRT_PARSE_C */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C) +#define USAGE_KEY_OPAQUE \ + " key_opaque=%%d Handle your private keys as if they were opaque\n" \ + " default: 0 (disabled)\n" +#else +#define USAGE_KEY_OPAQUE "" +#endif #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #define USAGE_SSL_ASYNC \ @@ -276,7 +290,6 @@ int main( void ) #define USAGE_TICKETS "" #endif /* MBEDTLS_SSL_SESSION_TICKETS */ -#if defined(MBEDTLS_SSL_EXPORT_KEYS) #define USAGE_EAP_TLS \ " eap_tls=%%d default: 0 (disabled)\n" #define USAGE_NSS_KEYLOG \ @@ -297,12 +310,6 @@ int main( void ) #else /* MBEDTLS_SSL_DTLS_SRTP */ #define USAGE_SRTP "" #endif -#else /* MBEDTLS_SSL_EXPORT_KEYS */ -#define USAGE_EAP_TLS "" -#define USAGE_NSS_KEYLOG "" -#define USAGE_NSS_KEYLOG_FILE "" -#define USAGE_SRTP "" -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_SSL_CACHE_C) #define USAGE_CACHE \ @@ -418,6 +425,15 @@ int main( void ) #define USAGE_CURVES "" #endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \ + defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#define USAGE_SIG_ALGS \ + " sig_algs=a,b,c,d default: \"default\" (library default)\n" \ + " example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n" +#else +#define USAGE_SIG_ALGS "" +#endif + #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) #define USAGE_SERIALIZATION \ " serialize=%%d default: 0 (do not serialize/deserialize)\n" \ @@ -432,6 +448,15 @@ int main( void ) #define USAGE_SERIALIZATION "" #endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) +#define USAGE_TLS13_KEY_EXCHANGE_MODES \ + " tls13_kex_modes=%%s default: all\n" \ + " options: psk, psk_ephemeral, ephemeral, ephemeral_all, psk_all, all\n" +#else +#define USAGE_TLS13_KEY_EXCHANGE_MODES "" +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + + /* USAGE is arbitrarily split to stay under the portable string literal * length limit: 4095 bytes in C99. */ #define USAGE1 \ @@ -463,6 +488,7 @@ int main( void ) " cert_req_ca_list=%%d default: 1 (send ca list)\n" \ " options: 1 (send ca list), 0 (don't send)\n" \ USAGE_IO \ + USAGE_KEY_OPAQUE \ "\n" \ USAGE_PSK \ USAGE_CA_CALLBACK \ @@ -484,6 +510,7 @@ int main( void ) USAGE_EMS \ USAGE_ETM \ USAGE_CURVES \ + USAGE_SIG_ALGS \ "\n" #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) @@ -495,22 +522,24 @@ int main( void ) #define USAGE4 \ USAGE_SSL_ASYNC \ USAGE_SNI \ - " allow_sha1=%%d default: 0\n" \ - " min_version=%%s default: (library default: tls1_2)\n" \ - " max_version=%%s default: (library default: tls1_2)\n" \ - " force_version=%%s default: \"\" (none)\n" \ + " allow_sha1=%%d default: 0\n" \ + " min_version=%%s default: (library default: tls1_2)\n" \ + " max_version=%%s default: (library default: tls1_2)\n" \ + " force_version=%%s default: \"\" (none)\n" \ " options: tls1_2, dtls1_2" TLS1_3_VERSION_OPTIONS \ - "\n\n" \ - " force_ciphersuite= default: all enabled\n" \ - " query_config= return 0 if the specified\n" \ + "\n\n" \ + " force_ciphersuite= default: all enabled\n" \ + USAGE_TLS13_KEY_EXCHANGE_MODES \ + " query_config= return 0 if the specified\n" \ " configuration macro is defined and 1\n" \ " otherwise. The expansion of the macro\n" \ - " is printed if it is defined\n" \ - USAGE_SERIALIZATION \ + " is printed if it is defined\n" \ + USAGE_SERIALIZATION \ " acceptable ciphersuite names:\n" -#define ALPN_LIST_SIZE 10 -#define CURVE_LIST_SIZE 20 +#define ALPN_LIST_SIZE 10 +#define CURVE_LIST_SIZE 20 +#define SIG_ALG_LIST_SIZE 5 #define PUT_UINT64_BE(out_be,in_le,i) \ { \ @@ -544,6 +573,7 @@ struct options const char *ca_path; /* the path with the CA certificate(s) reside */ const char *crt_file; /* the file with the server certificate */ const char *key_file; /* the file with the server key */ + int key_opaque; /* handle private key as if it were opaque */ const char *key_pwd; /* the password for the server key */ const char *crt_file2; /* the file with the 2nd server certificate */ const char *key_file2; /* the file with the 2nd server key */ @@ -564,6 +594,9 @@ struct options char *psk_list; /* list of PSK id/key pairs for callback */ const char *ecjpake_pw; /* the EC J-PAKE password */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ int renegotiation; /* enable / disable renegotiation */ int allow_legacy; /* allow legacy renegotiation */ int renegotiate; /* attempt renegotiation? */ @@ -583,6 +616,7 @@ struct options int cache_timeout; /* expiration delay of session cache entries */ char *sni; /* string describing sni information */ const char *curves; /* list of supported elliptic curves */ + const char *sig_algs; /* supported TLS 1.3 signature algorithms */ const char *alpn_string; /* ALPN supported protocols */ const char *dhm_file; /* the file with the DH parameters */ int extended_ms; /* allow negotiation of extended MS? */ @@ -1288,6 +1322,10 @@ int main( int argc, char *argv[] ) mbedtls_pk_context pkey; mbedtls_x509_crt srvcert2; mbedtls_pk_context pkey2; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_key_id_t key_slot = 0; /* invalid key slot */ + psa_key_id_t key_slot2 = 0; /* invalid key slot */ +#endif int key_cert_init = 0, key_cert_init2 = 0; #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) ssl_async_key_context_t ssl_async_keys; @@ -1306,7 +1344,7 @@ int main( int argc, char *argv[] ) sni_entry *sni_info = NULL; #endif #if defined(MBEDTLS_ECP_C) - mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE]; + uint16_t group_list[CURVE_LIST_SIZE]; const mbedtls_ecp_curve_info * curve_cur; #endif #if defined(MBEDTLS_SSL_ALPN) @@ -1326,13 +1364,18 @@ int main( int argc, char *argv[] ) size_t context_buf_len = 0; #endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \ + defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + uint16_t sig_alg_list[SIG_ALG_LIST_SIZE]; +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL && + MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + int i; char *p, *q; const int *list; #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; #endif -#if defined(MBEDTLS_SSL_EXPORT_KEYS) unsigned char eap_tls_keymaterial[16]; unsigned char eap_tls_iv[8]; const char* eap_tls_label = "client EAP encryption"; @@ -1350,7 +1393,6 @@ int main( int argc, char *argv[] ) MBEDTLS_TLS_SRTP_UNSET }; #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) ); @@ -1458,6 +1500,7 @@ int main( int argc, char *argv[] ) opt.ca_path = DFL_CA_PATH; opt.crt_file = DFL_CRT_FILE; opt.key_file = DFL_KEY_FILE; + opt.key_opaque = DFL_KEY_OPAQUE; opt.key_pwd = DFL_KEY_PWD; opt.crt_file2 = DFL_CRT_FILE2; opt.key_file2 = DFL_KEY_FILE2; @@ -1478,6 +1521,9 @@ int main( int argc, char *argv[] ) opt.psk_list = DFL_PSK_LIST; opt.ecjpake_pw = DFL_ECJPAKE_PW; opt.force_ciphersuite[0]= DFL_FORCE_CIPHER; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + opt.tls13_kex_modes = DFL_TLS13_KEX_MODES; +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ opt.renegotiation = DFL_RENEGOTIATION; opt.allow_legacy = DFL_ALLOW_LEGACY; opt.renegotiate = DFL_RENEGOTIATE; @@ -1498,6 +1544,7 @@ int main( int argc, char *argv[] ) opt.sni = DFL_SNI; opt.alpn_string = DFL_ALPN_STRING; opt.curves = DFL_CURVES; + opt.sig_algs = DFL_SIG_ALGS; opt.dhm_file = DFL_DHM_FILE; opt.transport = DFL_TRANSPORT; opt.cookies = DFL_COOKIES; @@ -1585,6 +1632,10 @@ int main( int argc, char *argv[] ) opt.key_file = q; else if( strcmp( p, "key_pwd" ) == 0 ) opt.key_pwd = q; +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C) + else if( strcmp( p, "key_opaque" ) == 0 ) + opt.key_opaque = atoi( q ); +#endif else if( strcmp( p, "crt_file2" ) == 0 ) opt.crt_file2 = q; else if( strcmp( p, "key_file2" ) == 0 ) @@ -1665,6 +1716,12 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "curves" ) == 0 ) opt.curves = q; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \ + defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + else if( strcmp( p, "sig_algs" ) == 0 ) + opt.sig_algs = q; +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL && && \ + MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ else if( strcmp( p, "renegotiation" ) == 0 ) { opt.renegotiation = (atoi( q )) ? @@ -1714,6 +1771,25 @@ int main( int argc, char *argv[] ) if( opt.exchanges < 0 ) goto usage; } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + else if( strcmp( p, "tls13_kex_modes" ) == 0 ) + { + if( strcmp( q, "psk" ) == 0 ) + opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK; + else if( strcmp(q, "psk_ephemeral" ) == 0 ) + opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; + else if( strcmp(q, "ephemeral" ) == 0 ) + opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL; + else if( strcmp(q, "ephemeral_all" ) == 0 ) + opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL; + else if( strcmp( q, "psk_all" ) == 0 ) + opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL; + else if( strcmp( q, "all" ) == 0 ) + opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL; + else goto usage; + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + else if( strcmp( p, "min_version" ) == 0 ) { if( strcmp( q, "tls1_2" ) == 0 || @@ -2124,7 +2200,7 @@ int main( int argc, char *argv[] ) if( strcmp( p, "none" ) == 0 ) { - curve_list[0] = MBEDTLS_ECP_DP_NONE; + group_list[0] = 0; } else if( strcmp( p, "default" ) != 0 ) { @@ -2141,7 +2217,7 @@ int main( int argc, char *argv[] ) if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL ) { - curve_list[i++] = curve_cur->grp_id; + group_list[i++] = curve_cur->tls_id; } else { @@ -2167,11 +2243,65 @@ int main( int argc, char *argv[] ) goto exit; } - curve_list[i] = MBEDTLS_ECP_DP_NONE; + group_list[i] = 0; } } #endif /* MBEDTLS_ECP_C */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \ + defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + if( opt.sig_algs != NULL ) + { + p = (char *) opt.sig_algs; + i = 0; + + /* Leave room for a final MBEDTLS_TLS13_SIG_NONE in signature algorithm list (sig_alg_list). */ + while( i < SIG_ALG_LIST_SIZE - 1 && *p != '\0' ) + { + q = p; + + /* Terminate the current string */ + while( *p != ',' && *p != '\0' ) + p++; + if( *p == ',' ) + *p++ = '\0'; + + if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256; + } + else if( strcmp( q, "ecdsa_secp384r1_sha384" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384; + } + else if( strcmp( q, "ecdsa_secp521r1_sha512" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512; + } + else + { + mbedtls_printf( "unknown signature algorithm %s\n", q ); + mbedtls_printf( "supported signature algorithms: " ); + mbedtls_printf( "ecdsa_secp256r1_sha256 " ); + mbedtls_printf( "ecdsa_secp384r1_sha384 " ); + mbedtls_printf( "ecdsa_secp521r1_sha512 " ); + mbedtls_printf( "\n" ); + goto exit; + } + } + + if( i == ( SIG_ALG_LIST_SIZE - 1 ) && *p != '\0' ) + { + mbedtls_printf( "signature algorithm list too long, maximum %d", + SIG_ALG_LIST_SIZE - 1 ); + goto exit; + } + + sig_alg_list[i] = MBEDTLS_TLS13_SIG_NONE; + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL && + MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + #if defined(MBEDTLS_SSL_ALPN) if( opt.alpn_string != NULL ) { @@ -2361,7 +2491,34 @@ int main( int argc, char *argv[] ) #endif /* MBEDTLS_ECDSA_C */ } - mbedtls_printf( " ok\n" ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( opt.key_opaque != 0 ) + { + if ( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY ) + { + if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, + PSA_ALG_ANY_HASH ) ) != 0 ) + { + mbedtls_printf( " failed\n ! " + "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret ); + goto exit; + } + } + + if ( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY ) + { + if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2, + PSA_ALG_ANY_HASH ) ) != 0 ) + { + mbedtls_printf( " failed\n ! " + "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret ); + goto exit; + } + } + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + mbedtls_printf( " ok (key types: %s - %s)\n", mbedtls_pk_get_name( &pkey ), mbedtls_pk_get_name( &pkey2 ) ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) @@ -2610,6 +2767,10 @@ int main( int argc, char *argv[] ) if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite ); +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + mbedtls_ssl_conf_tls13_key_exchange_modes( &conf, opt.tls13_kex_modes ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + if( opt.allow_legacy != DFL_ALLOW_LEGACY ) mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy ); #if defined(MBEDTLS_SSL_RENEGOTIATION) @@ -2746,10 +2907,15 @@ int main( int argc, char *argv[] ) if( opt.curves != NULL && strcmp( opt.curves, "default" ) != 0 ) { - mbedtls_ssl_conf_curves( &conf, curve_list ); + mbedtls_ssl_conf_groups( &conf, group_list ); } #endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + if( opt.sig_algs != NULL ) + mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 ) @@ -2841,7 +3007,6 @@ int main( int argc, char *argv[] ) goto exit; } -#if defined(MBEDTLS_SSL_EXPORT_KEYS) if( opt.eap_tls != 0 ) { mbedtls_ssl_set_export_keys_cb( &ssl, eap_tls_key_derivation, @@ -2860,7 +3025,6 @@ int main( int argc, char *argv[] ) &dtls_srtp_keying ); } #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ io_ctx.ssl = &ssl; io_ctx.net = &client_fd; @@ -3126,7 +3290,6 @@ handshake: #endif /* MBEDTLS_X509_REMOVE_INFO */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_EXPORT_KEYS) if( opt.eap_tls != 0 ) { size_t j = 0; @@ -3244,7 +3407,6 @@ handshake: } } #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ret = report_cid_usage( &ssl, "initial handshake" ); @@ -3789,16 +3951,51 @@ exit: mbedtls_net_free( &client_fd ); mbedtls_net_free( &listen_fd ); -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) - mbedtls_dhm_free( &dhm ); + mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); + +#if defined(MBEDTLS_SSL_CACHE_C) + mbedtls_ssl_cache_free( &cache ); #endif +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + mbedtls_ssl_ticket_free( &ticket_ctx ); +#endif +#if defined(MBEDTLS_SSL_COOKIE_C) + mbedtls_ssl_cookie_free( &cookie_ctx ); +#endif + +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) + if( context_buf != NULL ) + mbedtls_platform_zeroize( context_buf, context_buf_len ); + mbedtls_free( context_buf ); +#endif + +#if defined(SNI_OPTION) + sni_free( sni_info ); +#endif + +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) + ret = psk_free( psk_info ); + if( ( ret != 0 ) && ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) ) + mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret ); +#endif + #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_free( &cacert ); mbedtls_x509_crt_free( &srvcert ); mbedtls_pk_free( &pkey ); mbedtls_x509_crt_free( &srvcert2 ); mbedtls_pk_free( &pkey2 ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_destroy_key( key_slot ); + psa_destroy_key( key_slot2 ); #endif +#endif + +#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) + mbedtls_dhm_free( &dhm ); +#endif + #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) for( i = 0; (size_t) i < ssl_async_keys.slots_used; i++ ) { @@ -3810,17 +4007,6 @@ exit: } } #endif -#if defined(SNI_OPTION) - sni_free( sni_info ); -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - ret = psk_free( psk_info ); - if( ( ret != 0 ) && ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) ) - mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret ); -#endif -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) - mbedtls_dhm_free( &dhm ); -#endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \ defined(MBEDTLS_USE_PSA_CRYPTO) @@ -3841,32 +4027,27 @@ exit: #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_ssl_free( &ssl ); - mbedtls_ssl_config_free( &conf ); - rng_free( &rng ); - -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_free( &cache ); -#endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - mbedtls_ssl_ticket_free( &ticket_ctx ); -#endif -#if defined(MBEDTLS_SSL_COOKIE_C) - mbedtls_ssl_cookie_free( &cookie_ctx ); -#endif - - mbedtls_free( buf ); - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if( context_buf != NULL ) - mbedtls_platform_zeroize( context_buf, context_buf_len ); - mbedtls_free( context_buf ); -#endif - #if defined(MBEDTLS_USE_PSA_CRYPTO) + const char* message = mbedtls_test_helper_is_psa_leaking(); + if( message ) + { + if( ret == 0 ) + ret = 1; + mbedtls_printf( "PSA memory leak detected: %s\n", message); + } +#endif + + /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto + * resources are freed by rng_free(). */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free( ); #endif + rng_free( &rng ); + + mbedtls_free( buf ); + #if defined(MBEDTLS_TEST_HOOKS) /* Let test hooks detect errors such as resource leaks. * Don't do it in query_config mode, because some test code prints diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 6ec4171a89..62cd35de8f 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -24,7 +24,6 @@ * limitations under the License. */ -#if defined(MBEDTLS_SSL_EXPORT_KEYS) void eap_tls_key_derivation( void *p_expkey, mbedtls_ssl_key_export_type secret_type, const unsigned char *secret, @@ -140,8 +139,6 @@ void dtls_srtp_key_derivation( void *p_expkey, } #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ - int ssl_check_record( mbedtls_ssl_context const *ssl, unsigned char const *buf, size_t len ) { diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index f9e031b587..6b9e7b8da7 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -95,8 +95,6 @@ #include "../test/query_config.h" -#if defined(MBEDTLS_SSL_EXPORT_KEYS) - typedef struct eap_tls_keys { unsigned char master_secret[48]; @@ -122,8 +120,6 @@ typedef struct dtls_srtp_keys #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ - typedef struct { mbedtls_ssl_context *ssl; diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 807d1bc10b..142a831667 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -14,18 +14,57 @@ set(executables_mbedcrypto ) if(TEST_CPP) - list(APPEND executables_mbedcrypto cpp_dummy_build) + set(cpp_dummy_build_cpp "${CMAKE_CURRENT_BINARY_DIR}/cpp_dummy_build.cpp") + set(generate_cpp_dummy_build "${CMAKE_CURRENT_SOURCE_DIR}/generate_cpp_dummy_build.sh") + add_custom_command( + OUTPUT "${cpp_dummy_build_cpp}" + COMMAND "${generate_cpp_dummy_build}" "${cpp_dummy_build_cpp}" + DEPENDS "${generate_cpp_dummy_build}" + WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" + ) + add_executable(cpp_dummy_build "${cpp_dummy_build_cpp}") + target_include_directories(cpp_dummy_build PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include) + target_link_libraries(cpp_dummy_build ${mbedcrypto_target}) +endif() + +if(GEN_FILES) + find_package(Perl REQUIRED) + + add_custom_command( + OUTPUT + ${CMAKE_CURRENT_BINARY_DIR}/query_config.c + COMMAND + ${PERL} + ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl + ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h + ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt + ${CMAKE_CURRENT_BINARY_DIR}/query_config.c + DEPENDS + ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl + ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h + ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt + ) + # this file will also be used in another directory, so create a target, see + # https://gitlab.kitware.com/cmake/community/-/wikis/FAQ#how-can-i-add-a-dependency-to-a-source-file-which-is-generated-in-a-subdirectory + add_custom_target(generate_query_config_c + DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/query_config.c) +else() + link_to_source(query_config.c) endif() foreach(exe IN LISTS executables_libs executables_mbedcrypto) set(extra_sources "") if(exe STREQUAL "query_compile_time_config") list(APPEND extra_sources - ${CMAKE_CURRENT_SOURCE_DIR}/query_config.c) + ${CMAKE_CURRENT_SOURCE_DIR}/query_config.h + ${CMAKE_CURRENT_BINARY_DIR}/query_config.c) endif() add_executable(${exe} ${exe}.c $ ${extra_sources}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) + if(exe STREQUAL "query_compile_time_config") + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}) + endif() # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_libs ${exe} exe_index) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 5985caf0bb..d3faad91ea 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -674,7 +674,8 @@ int main( int argc, char *argv[] ) { mbedtls_des3_context des3; mbedtls_des3_init( &des3 ); - mbedtls_des3_set3key_enc( &des3, tmp ); + if( mbedtls_des3_set3key_enc( &des3, tmp ) != 0 ) + mbedtls_exit( 1 ); TIME_AND_TSC( "3DES", mbedtls_des3_crypt_cbc( &des3, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); mbedtls_des3_free( &des3 ); @@ -684,7 +685,8 @@ int main( int argc, char *argv[] ) { mbedtls_des_context des; mbedtls_des_init( &des ); - mbedtls_des_setkey_enc( &des, tmp ); + if( mbedtls_des_setkey_enc( &des, tmp ) != 0 ) + mbedtls_exit( 1 ); TIME_AND_TSC( "DES", mbedtls_des_crypt_cbc( &des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); mbedtls_des_free( &des ); @@ -722,7 +724,7 @@ int main( int argc, char *argv[] ) memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); - mbedtls_aes_setkey_enc( &aes, tmp, keysize ); + CHECK_AND_CONTINUE( mbedtls_aes_setkey_enc( &aes, tmp, keysize ) ); TIME_AND_TSC( title, mbedtls_aes_crypt_cbc( &aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); @@ -743,7 +745,7 @@ int main( int argc, char *argv[] ) memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); - mbedtls_aes_xts_setkey_enc( &ctx, tmp, keysize * 2 ); + CHECK_AND_CONTINUE( mbedtls_aes_xts_setkey_enc( &ctx, tmp, keysize * 2 ) ); TIME_AND_TSC( title, mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, BUFSIZE, diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp deleted file mode 100644 index 7f1efe8dba..0000000000 --- a/programs/test/cpp_dummy_build.cpp +++ /dev/null @@ -1,98 +0,0 @@ -/* - * This program is a dummy C++ program to ensure Mbed TLS library header files - * can be included and built with a C++ compiler. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/aes.h" -#include "mbedtls/aria.h" -#include "mbedtls/asn1.h" -#include "mbedtls/asn1write.h" -#include "mbedtls/base64.h" -#include "mbedtls/bignum.h" -#include "mbedtls/camellia.h" -#include "mbedtls/ccm.h" -#include "mbedtls/chacha20.h" -#include "mbedtls/chachapoly.h" -#include "mbedtls/check_config.h" -#include "mbedtls/cipher.h" -#include "mbedtls/cmac.h" -#include "mbedtls/config_psa.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/debug.h" -#include "mbedtls/des.h" -#include "mbedtls/dhm.h" -#include "mbedtls/ecdh.h" -#include "mbedtls/ecdsa.h" -#include "mbedtls/ecjpake.h" -#include "mbedtls/ecp.h" -#include "mbedtls/entropy.h" -#include "mbedtls/error.h" -#include "mbedtls/gcm.h" -#include "mbedtls/hkdf.h" -#include "mbedtls/hmac_drbg.h" -#include "mbedtls/md.h" -#include "mbedtls/md5.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/nist_kw.h" -#include "mbedtls/oid.h" -#include "mbedtls/pem.h" -#include "mbedtls/pk.h" -#include "mbedtls/pkcs12.h" -#include "mbedtls/pkcs5.h" -#include "mbedtls/platform_time.h" -#include "mbedtls/platform_util.h" -#include "mbedtls/poly1305.h" -#include "mbedtls/psa_util.h" -#include "mbedtls/ripemd160.h" -#include "mbedtls/rsa.h" -#include "mbedtls/sha1.h" -#include "mbedtls/sha256.h" -#include "mbedtls/sha512.h" -#include "mbedtls/ssl.h" -#include "mbedtls/ssl_cache.h" -#include "mbedtls/ssl_ciphersuites.h" -#include "mbedtls/ssl_cookie.h" -#include "mbedtls/ssl_ticket.h" -#include "mbedtls/threading.h" -#include "mbedtls/timing.h" -#include "mbedtls/version.h" -#include "mbedtls/x509.h" -#include "mbedtls/x509_crl.h" -#include "mbedtls/x509_crt.h" -#include "mbedtls/x509_csr.h" - -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#endif - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#include "mbedtls/memory_buffer_alloc.h" -#endif - -#include "psa/crypto.h" -#include "psa/crypto_se_driver.h" - -int main() -{ - mbedtls_platform_context *ctx = NULL; - mbedtls_platform_setup(ctx); - mbedtls_printf("CPP Build test\n"); - mbedtls_platform_teardown(ctx); -} diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh new file mode 100755 index 0000000000..94e911515d --- /dev/null +++ b/programs/test/generate_cpp_dummy_build.sh @@ -0,0 +1,99 @@ +#!/bin/sh + +DEFAULT_OUTPUT_FILE=programs/test/cpp_dummy_build.cpp + +if [ "$1" = "--help" ]; then + cat <&2 "This script must be run from an Mbed TLS source tree." + exit 3 +fi + +print_cpp >"${1:-$DEFAULT_OUTPUT_FILE}" diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt index a04fa8bcf8..5876b8d21d 100644 --- a/programs/x509/CMakeLists.txt +++ b/programs/x509/CMakeLists.txt @@ -7,6 +7,7 @@ set(executables cert_req cert_write crl_app + load_roots req_app ) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index aab15db2b7..3d8f37b646 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -331,7 +331,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( "%s\n", buf ); - cur = cur->MBEDTLS_PRIVATE(next); + cur = cur->next; } /* diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 9a20d63419..763f8684f6 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -514,7 +514,7 @@ int main( int argc, char *argv[] ) } ret = mbedtls_x509_dn_gets( issuer_name, sizeof(issuer_name), - &issuer_crt.MBEDTLS_PRIVATE(subject) ); + &issuer_crt.subject ); if( ret < 0 ) { mbedtls_strerror( ret, buf, 1024 ); @@ -548,7 +548,7 @@ int main( int argc, char *argv[] ) } ret = mbedtls_x509_dn_gets( subject_name, sizeof(subject_name), - &csr.MBEDTLS_PRIVATE(subject) ); + &csr.subject ); if( ret < 0 ) { mbedtls_strerror( ret, buf, 1024 ); @@ -558,7 +558,7 @@ int main( int argc, char *argv[] ) } opt.subject_name = subject_name; - subject_key = &csr.MBEDTLS_PRIVATE(pk); + subject_key = &csr.pk; mbedtls_printf( " ok\n" ); } @@ -602,7 +602,7 @@ int main( int argc, char *argv[] ) // if( strlen( opt.issuer_crt ) ) { - if( mbedtls_pk_check_pair( &issuer_crt.MBEDTLS_PRIVATE(pk), issuer_key, + if( mbedtls_pk_check_pair( &issuer_crt.pk, issuer_key, mbedtls_ctr_drbg_random, &ctr_drbg ) != 0 ) { mbedtls_printf( " failed\n ! issuer_key does not match " diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c new file mode 100644 index 0000000000..e07bed7211 --- /dev/null +++ b/programs/x509/load_roots.c @@ -0,0 +1,213 @@ +/* + * Root CA reading application + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** + */ + +#include "mbedtls/build_info.h" + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#include +#define mbedtls_time time +#define mbedtls_time_t time_t +#define mbedtls_fprintf fprintf +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ + !defined(MBEDTLS_TIMING_C) +int main( void ) +{ + mbedtls_printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or " + "MBEDTLS_TIMING_C not defined.\n"); + mbedtls_exit( 0 ); +} +#else + +#include "mbedtls/error.h" +#include "mbedtls/timing.h" +#include "mbedtls/x509_crt.h" + +#include +#include +#include + +#define DFL_ITERATIONS 1 +#define DFL_PRIME_CACHE 1 + +#define USAGE \ + "\n usage: load_roots param=<>... [--] FILE...\n" \ + "\n acceptable parameters:\n" \ + " iterations=%%d Iteration count (not including cache priming); default: 1\n" \ + " prime=%%d Prime the disk read cache? Default: 1 (yes)\n" \ + "\n" + + +/* + * global options + */ +struct options +{ + const char **filenames; /* NULL-terminated list of file names */ + unsigned iterations; /* Number of iterations to time */ + int prime_cache; /* Prime the disk read cache? */ +} opt; + + +int read_certificates( const char *const *filenames ) +{ + mbedtls_x509_crt cas; + int ret = 0; + const char *const *cur; + + mbedtls_x509_crt_init( &cas ); + + for( cur = filenames; *cur != NULL; cur++ ) + { + ret = mbedtls_x509_crt_parse_file( &cas, *cur ); + if( ret != 0 ) + { +#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) + char error_message[200]; + mbedtls_strerror( ret, error_message, sizeof( error_message ) ); + printf( "\n%s: -0x%04x (%s)\n", + *cur, (unsigned) -ret, error_message ); +#else + printf( "\n%s: -0x%04x\n", + *cur, (unsigned) -ret ); +#endif + goto exit; + } + } + +exit: + mbedtls_x509_crt_free( &cas ); + return( ret == 0 ); +} + +int main( int argc, char *argv[] ) +{ + int exit_code = MBEDTLS_EXIT_FAILURE; + unsigned i, j; + struct mbedtls_timing_hr_time timer; + unsigned long ms; + + if( argc <= 1 ) + { + mbedtls_printf( USAGE ); + goto exit; + } + + opt.filenames = NULL; + opt.iterations = DFL_ITERATIONS; + opt.prime_cache = DFL_PRIME_CACHE; + + for( i = 1; i < (unsigned) argc; i++ ) + { + char *p = argv[i]; + char *q = NULL; + + if( strcmp( p, "--" ) == 0 ) + break; + if( ( q = strchr( p, '=' ) ) == NULL ) + break; + *q++ = '\0'; + + for( j = 0; p + j < q; j++ ) + { + if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' ) + argv[i][j] |= 0x20; + } + + if( strcmp( p, "iterations" ) == 0 ) + { + opt.iterations = atoi( q ); + } + else if( strcmp( p, "prime" ) == 0 ) + { + opt.iterations = atoi( q ) != 0; + } + else + { + mbedtls_printf( "Unknown option: %s\n", p ); + mbedtls_printf( USAGE ); + goto exit; + } + } + + opt.filenames = (const char**) argv + i; + if( *opt.filenames == 0 ) + { + mbedtls_printf( "Missing list of certificate files to parse\n" ); + goto exit; + } + + mbedtls_printf( "Parsing %u certificates", argc - i ); + if( opt.prime_cache ) + { + if( ! read_certificates( opt.filenames ) ) + goto exit; + mbedtls_printf( " " ); + } + + (void) mbedtls_timing_get_timer( &timer, 1 ); + for( i = 1; i <= opt.iterations; i++ ) + { + if( ! read_certificates( opt.filenames ) ) + goto exit; + mbedtls_printf( "." ); + } + ms = mbedtls_timing_get_timer( &timer, 0 ); + mbedtls_printf( "\n%u iterations -> %lu ms\n", opt.iterations, ms ); + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + mbedtls_exit( exit_code ); +} +#endif /* necessary configuration */ diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py new file mode 100755 index 0000000000..85393d031c --- /dev/null +++ b/scripts/code_size_compare.py @@ -0,0 +1,226 @@ +#!/usr/bin/env python3 + +""" +Purpose + +This script is for comparing the size of the library files from two +different Git revisions within an Mbed TLS repository. +The results of the comparison is formatted as csv and stored at a +configurable location. +Note: must be run from Mbed TLS root. +""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import argparse +import os +import subprocess +import sys + +class CodeSizeComparison: + """Compare code size between two Git revisions.""" + + def __init__(self, old_revision, new_revision, result_dir): + """ + old_revision: revision to compare against + new_revision: + result_dir: directory for comparision result + """ + self.repo_path = "." + self.result_dir = os.path.abspath(result_dir) + os.makedirs(self.result_dir, exist_ok=True) + + self.csv_dir = os.path.abspath("code_size_records/") + os.makedirs(self.csv_dir, exist_ok=True) + + self.old_rev = old_revision + self.new_rev = new_revision + self.git_command = "git" + self.make_command = "make" + + @staticmethod + def check_repo_path(): + if not all(os.path.isdir(d) for d in ["include", "library", "tests"]): + raise Exception("Must be run from Mbed TLS root") + + @staticmethod + def validate_revision(revision): + result = subprocess.check_output(["git", "rev-parse", "--verify", + revision + "^{commit}"], shell=False) + return result + + def _create_git_worktree(self, revision): + """Make a separate worktree for revision. + Do not modify the current worktree.""" + + if revision == "current": + print("Using current work directory.") + git_worktree_path = self.repo_path + else: + print("Creating git worktree for", revision) + git_worktree_path = os.path.join(self.repo_path, "temp-" + revision) + subprocess.check_output( + [self.git_command, "worktree", "add", "--detach", + git_worktree_path, revision], cwd=self.repo_path, + stderr=subprocess.STDOUT + ) + return git_worktree_path + + def _build_libraries(self, git_worktree_path): + """Build libraries in the specified worktree.""" + + my_environment = os.environ.copy() + subprocess.check_output( + [self.make_command, "-j", "lib"], env=my_environment, + cwd=git_worktree_path, stderr=subprocess.STDOUT, + ) + + def _gen_code_size_csv(self, revision, git_worktree_path): + """Generate code size csv file.""" + + csv_fname = revision + ".csv" + if revision == "current": + print("Measuring code size in current work directory.") + else: + print("Measuring code size for", revision) + result = subprocess.check_output( + ["size library/*.o"], cwd=git_worktree_path, shell=True + ) + size_text = result.decode() + csv_file = open(os.path.join(self.csv_dir, csv_fname), "w") + for line in size_text.splitlines()[1:]: + data = line.split() + csv_file.write("{}, {}\n".format(data[5], data[3])) + + def _remove_worktree(self, git_worktree_path): + """Remove temporary worktree.""" + if git_worktree_path != self.repo_path: + print("Removing temporary worktree", git_worktree_path) + subprocess.check_output( + [self.git_command, "worktree", "remove", "--force", + git_worktree_path], cwd=self.repo_path, + stderr=subprocess.STDOUT + ) + + def _get_code_size_for_rev(self, revision): + """Generate code size csv file for the specified git revision.""" + + # Check if the corresponding record exists + csv_fname = revision + ".csv" + if (revision != "current") and \ + os.path.exists(os.path.join(self.csv_dir, csv_fname)): + print("Code size csv file for", revision, "already exists.") + else: + git_worktree_path = self._create_git_worktree(revision) + self._build_libraries(git_worktree_path) + self._gen_code_size_csv(revision, git_worktree_path) + self._remove_worktree(git_worktree_path) + + def compare_code_size(self): + """Generate results of the size changes between two revisions, + old and new. Measured code size results of these two revisions + must be available.""" + + old_file = open(os.path.join(self.csv_dir, self.old_rev + ".csv"), "r") + new_file = open(os.path.join(self.csv_dir, self.new_rev + ".csv"), "r") + res_file = open(os.path.join(self.result_dir, "compare-" + self.old_rev + + "-" + self.new_rev + ".csv"), "w") + + res_file.write("file_name, this_size, old_size, change, change %\n") + print("Generating comparision results.") + + old_ds = {} + for line in old_file.readlines()[1:]: + cols = line.split(", ") + fname = cols[0] + size = int(cols[1]) + if size != 0: + old_ds[fname] = size + + new_ds = {} + for line in new_file.readlines()[1:]: + cols = line.split(", ") + fname = cols[0] + size = int(cols[1]) + new_ds[fname] = size + + for fname in new_ds: + this_size = new_ds[fname] + if fname in old_ds: + old_size = old_ds[fname] + change = this_size - old_size + change_pct = change / old_size + res_file.write("{}, {}, {}, {}, {:.2%}\n".format(fname, \ + this_size, old_size, change, float(change_pct))) + else: + res_file.write("{}, {}\n".format(fname, this_size)) + return 0 + + def get_comparision_results(self): + """Compare size of library/*.o between self.old_rev and self.new_rev, + and generate the result file.""" + self.check_repo_path() + self._get_code_size_for_rev(self.old_rev) + self._get_code_size_for_rev(self.new_rev) + return self.compare_code_size() + +def main(): + parser = argparse.ArgumentParser( + description=( + """This script is for comparing the size of the library files + from two different Git revisions within an Mbed TLS repository. + The results of the comparison is formatted as csv, and stored at + a configurable location. + Note: must be run from Mbed TLS root.""" + ) + ) + parser.add_argument( + "-r", "--result-dir", type=str, default="comparison", + help="directory where comparison result is stored, \ + default is comparison", + ) + parser.add_argument( + "-o", "--old-rev", type=str, help="old revision for comparison.", + required=True, + ) + parser.add_argument( + "-n", "--new-rev", type=str, default=None, + help="new revision for comparison, default is the current work \ + directory, including uncommited changes." + ) + comp_args = parser.parse_args() + + if os.path.isfile(comp_args.result_dir): + print("Error: {} is not a directory".format(comp_args.result_dir)) + parser.exit() + + validate_res = CodeSizeComparison.validate_revision(comp_args.old_rev) + old_revision = validate_res.decode().replace("\n", "") + + if comp_args.new_rev is not None: + validate_res = CodeSizeComparison.validate_revision(comp_args.new_rev) + new_revision = validate_res.decode().replace("\n", "") + else: + new_revision = "current" + + result_dir = comp_args.result_dir + size_compare = CodeSizeComparison(old_revision, new_revision, result_dir) + return_code = size_compare.get_comparision_results() + sys.exit(return_code) + + +if __name__ == "__main__": + main() diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index e3bbaa0745..7855c7caa4 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -14,7 +14,8 @@ # information is used to automatically generate the body of the query_config() # function by using the template in scripts/data_files/query_config.fmt. # -# Usage: ./scripts/generate_query_config.pl without arguments +# Usage: scripts/generate_query_config.pl without arguments, or +# generate_query_config.pl config_file template_file output_file # # Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 @@ -33,15 +34,24 @@ use strict; -my $config_file = "./include/mbedtls/mbedtls_config.h"; +my ($config_file, $query_config_format_file, $query_config_file); -my $query_config_format_file = "./scripts/data_files/query_config.fmt"; -my $query_config_file = "./programs/test/query_config.c"; +if( @ARGV ) { + die "Invalid number of arguments - usage: $0 [CONFIG_FILE TEMPLATE_FILE OUTPUT_FILE]" if scalar @ARGV != 3; + ($config_file, $query_config_format_file, $query_config_file) = @ARGV; -unless( -f $config_file && -f $query_config_format_file ) { - chdir '..' or die; - -f $config_file && -f $query_config_format_file - or die "Without arguments, must be run from root or a subdirectory\n"; + -f $config_file or die "No such file: $config_file"; + -f $query_config_format_file or die "No such file: $query_config_format_file"; +} else { + $config_file = "./include/mbedtls/mbedtls_config.h"; + $query_config_format_file = "./scripts/data_files/query_config.fmt"; + $query_config_file = "./programs/test/query_config.c"; + + unless( -f $config_file && -f $query_config_format_file ) { + chdir '..' or die; + -f $config_file && -f $query_config_format_file + or die "No arguments supplied, must be run from project root or a first-level subdirectory\n"; + } } # Excluded macros from the generated query_config.c. For example, macros that diff --git a/scripts/mbedtls_dev/macro_collector.py b/scripts/mbedtls_dev/macro_collector.py index f9ef5f9150..bf82f13dc5 100644 --- a/scripts/mbedtls_dev/macro_collector.py +++ b/scripts/mbedtls_dev/macro_collector.py @@ -233,6 +233,27 @@ class PSAMacroCollector(PSAMacroEnumerator): self.key_types_from_group = {} #type: Dict[str, str] self.algorithms_from_hash = {} #type: Dict[str, str] + @staticmethod + def algorithm_tester(name: str) -> str: + """The predicate for whether an algorithm is built from the given constructor. + + The given name must be the name of an algorithm constructor of the + form ``PSA_ALG_xxx`` which is used as ``PSA_ALG_xxx(yyy)`` to build + an algorithm value. Return the corresponding predicate macro which + is used as ``predicate(alg)`` to test whether ``alg`` can be built + as ``PSA_ALG_xxx(yyy)``. The predicate is usually called + ``PSA_ALG_IS_xxx``. + """ + prefix = 'PSA_ALG_' + assert name.startswith(prefix) + midfix = 'IS_' + suffix = name[len(prefix):] + if suffix in ['DSA', 'ECDSA']: + midfix += 'RANDOMIZED_' + elif suffix == 'RSA_PSS': + suffix += '_STANDARD_SALT' + return prefix + midfix + suffix + def record_algorithm_subtype(self, name: str, expansion: str) -> None: """Record the subtype of an algorithm constructor. @@ -308,12 +329,7 @@ class PSAMacroCollector(PSAMacroEnumerator): self.algorithms.add(name) self.record_algorithm_subtype(name, expansion) elif name.startswith('PSA_ALG_') and parameter == 'hash_alg': - if name in ['PSA_ALG_DSA', 'PSA_ALG_ECDSA']: - # A naming irregularity - tester = name[:8] + 'IS_RANDOMIZED_' + name[8:] - else: - tester = name[:8] + 'IS_' + name[8:] - self.algorithms_from_hash[name] = tester + self.algorithms_from_hash[name] = self.algorithm_tester(name) elif name.startswith('PSA_KEY_USAGE_') and not parameter: self.key_usage_flags.add(name) else: diff --git a/scripts/mbedtls_dev/test_case.py b/scripts/mbedtls_dev/test_case.py index d01e1432b6..6a46e4209b 100644 --- a/scripts/mbedtls_dev/test_case.py +++ b/scripts/mbedtls_dev/test_case.py @@ -83,8 +83,6 @@ class TestCase: out.write('depends_on:' + ':'.join(self.dependencies) + '\n') out.write(self.function + ':' + ':'.join(self.arguments) + '\n') - - def write_data_file(filename: str, test_cases: Iterable[TestCase], caller: Optional[str] = None) -> None: diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index fbd746e524..41dceed939 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -13,10 +13,48 @@ if(NOT MBEDTLS_PYTHON_EXECUTABLE) message(FATAL_ERROR "Cannot build test suites without Python 3") endif() -# Enable definition of various functions used throughout the testsuite -# (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless -# on non-POSIX platforms. -add_definitions("-D_POSIX_C_SOURCE=200809L") +# generated .data files will go there +file(MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/suites) + +# Get base names for generated files (starting at "suites/") +execute_process( + COMMAND + ${MBEDTLS_PYTHON_EXECUTABLE} + ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py + --list-for-cmake + --directory suites + WORKING_DIRECTORY + ${CMAKE_CURRENT_SOURCE_DIR}/.. + OUTPUT_VARIABLE + base_generated_data_files) + +# Derive generated file paths in the build directory +set(generated_data_files "") +foreach(file ${base_generated_data_files}) + list(APPEND generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/${file}) +endforeach() + +if(GEN_FILES) + add_custom_command( + OUTPUT + ${generated_data_files} + WORKING_DIRECTORY + ${CMAKE_CURRENT_SOURCE_DIR}/.. + COMMAND + ${MBEDTLS_PYTHON_EXECUTABLE} + ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py + --directory ${CMAKE_CURRENT_BINARY_DIR}/suites + DEPENDS + ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py + ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_config.h + ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_values.h + ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_extra.h + ) +else() + foreach(file ${base_generated_data_files}) + link_to_source(${file}) + endforeach() +endif() # Test suites caught by SKIP_TEST_SUITES are built but not executed. # "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar" @@ -32,10 +70,52 @@ function(add_test_suite suite_name) set(data_name ${suite_name}) endif() + # Get the test names of the tests with generated .data files + # from the generated_data_files list in parent scope. + set(generated_data_names "") + foreach(generated_data_file ${generated_data_files}) + # Get the plain filename + get_filename_component(generated_data_name ${generated_data_file} NAME) + # Remove the ".data" extension + get_name_without_last_ext(generated_data_name ${generated_data_name}) + # Remove leading "test_suite_" + string(SUBSTRING ${generated_data_name} 11 -1 generated_data_name) + list(APPEND generated_data_names ${generated_data_name}) + endforeach() + + if(";${generated_data_names};" MATCHES ";${data_name};") + set(data_file + ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_${data_name}.data) + else() + set(data_file + ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data) + endif() + add_custom_command( - OUTPUT test_suite_${data_name}.c - COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function -s ${CMAKE_CURRENT_SOURCE_DIR}/suites --helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o . - DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py ${mbedtls_target} ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data + OUTPUT + # The output filename of generate_test_code.py is derived from the -d + # input argument. + test_suite_${data_name}.c + COMMAND + ${MBEDTLS_PYTHON_EXECUTABLE} + ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py + -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function + -d ${data_file} + -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function + -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function + -s ${CMAKE_CURRENT_SOURCE_DIR}/suites + --helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function + -o . + DEPENDS + ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py + ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function + ${data_file} + ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function + ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function + ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function + ${mbedtls_target} + BYPRODUCTS + test_suite_${data_name}.datax ) add_executable(test_suite_${data_name} test_suite_${data_name}.c $) @@ -55,6 +135,11 @@ function(add_test_suite suite_name) endif() endfunction(add_test_suite) +# Enable definition of various functions used throughout the testsuite +# (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless +# on non-POSIX platforms. +add_definitions("-D_POSIX_C_SOURCE=200809L") + if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unused-function") endif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG) @@ -170,5 +255,4 @@ if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) link_to_source(data_files) link_to_source(scripts) link_to_source(ssl-opt.sh) - link_to_source(suites) endif() diff --git a/tests/Makefile b/tests/Makefile index 449fca2748..77a31720f0 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -5,6 +5,9 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= +# Set this to -v to see the details of failing test cases +TEST_FLAGS ?= $(if $(filter-out 0 OFF Off off NO No no FALSE False false N n,$(CTEST_OUTPUT_ON_FAILURE)),-v,) + default: all # Include public header files from ../include, test-specific header files @@ -170,7 +173,7 @@ $(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(TEST_OBJS_DEPS) $(MBEDTLS_TEST_OBJS) clean: ifndef WINDOWS - rm -rf $(BINARIES) *.c *.datax TESTS + rm -rf $(BINARIES) *.c *.datax rm -f src/*.o src/drivers/*.o src/libmbed* rm -f include/test/instrument_record_status.h else @@ -181,9 +184,6 @@ else if exist src/drivers/*.o del /Q /F src/drivers/*.o if exist src/libmbed* del /Q /F src/libmed* if exist include/test/instrument_record_status.h del /Q /F include/test/instrument_record_status.h -ifneq ($(wildcard TESTS/.*),) - rmdir /Q /S TESTS -endif endif neat: clean @@ -195,44 +195,10 @@ endif # Test suites caught by SKIP_TEST_SUITES are built but not executed. check: $(BINARIES) - perl scripts/run-test-suites.pl --skip=$(SKIP_TEST_SUITES) + perl scripts/run-test-suites.pl $(TEST_FLAGS) --skip=$(SKIP_TEST_SUITES) test: check -# Create separate targets for generating embedded tests. -EMBEDDED_TESTS := $(addprefix embedded_,$(APPS)) - -# Generate test code for target. - -.SECONDEXPANSION: -$(EMBEDDED_TESTS): embedded_%: suites/$$(firstword $$(subst ., ,$$*)).function suites/%.data scripts/generate_test_code.py suites/helpers.function suites/main_test.function suites/target_test.function - echo " Gen ./TESTS/mbedtls/$*/$*.c" - $(PYTHON) scripts/generate_test_code.py -f suites/$(firstword $(subst ., ,$*)).function \ - -d suites/$*.data \ - -t suites/main_test.function \ - -p suites/target_test.function \ - -s suites \ - --helpers-file suites/helpers.function \ - -o ./TESTS/mbedtls/$* - -generate-target-tests: $(EMBEDDED_TESTS) - -define copy_header_to_target -TESTS/mbedtls/$(1)/$(2): include/test/$(2) - echo " Copy ./$$@" -ifndef WINDOWS - mkdir -p $$(@D) - cp $$< $$@ -else - mkdir $$(@D) - copy $$< $$@ -endif - -endef -$(foreach app, $(APPS), $(foreach file, $(notdir $(wildcard include/test/*.h)), \ - $(eval $(call copy_header_to_target,$(app),$(file))))) -$(addprefix embedded_,$(filter test_suite_psa_%, $(APPS))): embedded_%: $(patsubst TESTS/mbedtls/%, include/test/%, $(wildcard include/test/*. include/test/*/*.h)) - ifdef RECORD_PSA_STATUS_COVERAGE_LOG include/test/instrument_record_status.h: ../include/psa/crypto.h Makefile echo " Gen $@" diff --git a/tests/compat-in-docker.sh b/tests/compat-in-docker.sh index aef0a07289..3a1cd2144c 100755 --- a/tests/compat-in-docker.sh +++ b/tests/compat-in-docker.sh @@ -42,13 +42,13 @@ esac case "${GNUTLS_CLI:-default}" in "legacy") export GNUTLS_CLI="/usr/local/gnutls-3.3.8/bin/gnutls-cli";; - "next") export GNUTLS_CLI="/usr/local/gnutls-3.6.5/bin/gnutls-cli";; + "next") export GNUTLS_CLI="/usr/local/gnutls-3.7.2/bin/gnutls-cli";; *) ;; esac case "${GNUTLS_SERV:-default}" in "legacy") export GNUTLS_SERV="/usr/local/gnutls-3.3.8/bin/gnutls-serv";; - "next") export GNUTLS_SERV="/usr/local/gnutls-3.6.5/bin/gnutls-serv";; + "next") export GNUTLS_SERV="/usr/local/gnutls-3.7.2/bin/gnutls-serv";; *) ;; esac diff --git a/tests/compat.sh b/tests/compat.sh index c2bef26121..f4c611ae77 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -236,60 +236,46 @@ reset_ciphersuites() G_CIPHERS="" } +check_translation() +{ + if [ $1 -ne 0 ]; then + echo "translate_ciphers.py failed with exit code $1" >&2 + echo "$2" >&2 + exit 1 + fi +} + # Ciphersuites that can be used with all peers. # Since we currently have three possible peers, each ciphersuite should appear # three times: in each peer's list (with the name that this peer uses). add_common_ciphersuites() { + CIPHERS="" case $TYPE in "ECDSA") if [ `minor_ver "$MODE"` -gt 0 ] then - M_CIPHERS="$M_CIPHERS \ + CIPHERS="$CIPHERS \ TLS-ECDHE-ECDSA-WITH-NULL-SHA \ TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ " - G_CIPHERS="$G_CIPHERS \ - +ECDHE-ECDSA:+NULL:+SHA1 \ - +ECDHE-ECDSA:+3DES-CBC:+SHA1 \ - +ECDHE-ECDSA:+AES-128-CBC:+SHA1 \ - +ECDHE-ECDSA:+AES-256-CBC:+SHA1 \ - " - O_CIPHERS="$O_CIPHERS \ - ECDHE-ECDSA-NULL-SHA \ - ECDHE-ECDSA-DES-CBC3-SHA \ - ECDHE-ECDSA-AES128-SHA \ - ECDHE-ECDSA-AES256-SHA \ - " fi if [ `minor_ver "$MODE"` -ge 3 ] then - M_CIPHERS="$M_CIPHERS \ + CIPHERS="$CIPHERS \ TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ " - G_CIPHERS="$G_CIPHERS \ - +ECDHE-ECDSA:+AES-128-CBC:+SHA256 \ - +ECDHE-ECDSA:+AES-256-CBC:+SHA384 \ - +ECDHE-ECDSA:+AES-128-GCM:+AEAD \ - +ECDHE-ECDSA:+AES-256-GCM:+AEAD \ - " - O_CIPHERS="$O_CIPHERS \ - ECDHE-ECDSA-AES128-SHA256 \ - ECDHE-ECDSA-AES256-SHA384 \ - ECDHE-ECDSA-AES128-GCM-SHA256 \ - ECDHE-ECDSA-AES256-GCM-SHA384 \ - " fi ;; "RSA") - M_CIPHERS="$M_CIPHERS \ + CIPHERS="$CIPHERS \ TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ TLS-DHE-RSA-WITH-AES-256-CBC-SHA \ TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \ @@ -303,58 +289,18 @@ add_common_ciphersuites() TLS-RSA-WITH-NULL-MD5 \ TLS-RSA-WITH-NULL-SHA \ " - G_CIPHERS="$G_CIPHERS \ - +DHE-RSA:+AES-128-CBC:+SHA1 \ - +DHE-RSA:+AES-256-CBC:+SHA1 \ - +DHE-RSA:+CAMELLIA-128-CBC:+SHA1 \ - +DHE-RSA:+CAMELLIA-256-CBC:+SHA1 \ - +DHE-RSA:+3DES-CBC:+SHA1 \ - +RSA:+AES-256-CBC:+SHA1 \ - +RSA:+CAMELLIA-256-CBC:+SHA1 \ - +RSA:+AES-128-CBC:+SHA1 \ - +RSA:+CAMELLIA-128-CBC:+SHA1 \ - +RSA:+3DES-CBC:+SHA1 \ - +RSA:+NULL:+MD5 \ - +RSA:+NULL:+SHA1 \ - " - O_CIPHERS="$O_CIPHERS \ - DHE-RSA-AES128-SHA \ - DHE-RSA-AES256-SHA \ - DHE-RSA-CAMELLIA128-SHA \ - DHE-RSA-CAMELLIA256-SHA \ - EDH-RSA-DES-CBC3-SHA \ - AES256-SHA \ - CAMELLIA256-SHA \ - AES128-SHA \ - CAMELLIA128-SHA \ - DES-CBC3-SHA \ - NULL-MD5 \ - NULL-SHA \ - " if [ `minor_ver "$MODE"` -gt 0 ] then - M_CIPHERS="$M_CIPHERS \ + CIPHERS="$CIPHERS \ TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \ TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \ TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \ TLS-ECDHE-RSA-WITH-NULL-SHA \ " - G_CIPHERS="$G_CIPHERS \ - +ECDHE-RSA:+AES-128-CBC:+SHA1 \ - +ECDHE-RSA:+AES-256-CBC:+SHA1 \ - +ECDHE-RSA:+3DES-CBC:+SHA1 \ - +ECDHE-RSA:+NULL:+SHA1 \ - " - O_CIPHERS="$O_CIPHERS \ - ECDHE-RSA-AES256-SHA \ - ECDHE-RSA-AES128-SHA \ - ECDHE-RSA-DES-CBC3-SHA \ - ECDHE-RSA-NULL-SHA \ - " fi if [ `minor_ver "$MODE"` -ge 3 ] then - M_CIPHERS="$M_CIPHERS \ + CIPHERS="$CIPHERS \ TLS-RSA-WITH-AES-128-CBC-SHA256 \ TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \ TLS-RSA-WITH-AES-256-CBC-SHA256 \ @@ -367,62 +313,36 @@ add_common_ciphersuites() TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \ TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \ - " - G_CIPHERS="$G_CIPHERS \ - +RSA:+AES-128-CBC:+SHA256 \ - +DHE-RSA:+AES-128-CBC:+SHA256 \ - +RSA:+AES-256-CBC:+SHA256 \ - +DHE-RSA:+AES-256-CBC:+SHA256 \ - +ECDHE-RSA:+AES-128-CBC:+SHA256 \ - +ECDHE-RSA:+AES-256-CBC:+SHA384 \ - +RSA:+AES-128-GCM:+AEAD \ - +RSA:+AES-256-GCM:+AEAD \ - +DHE-RSA:+AES-128-GCM:+AEAD \ - +DHE-RSA:+AES-256-GCM:+AEAD \ - +ECDHE-RSA:+AES-128-GCM:+AEAD \ - +ECDHE-RSA:+AES-256-GCM:+AEAD \ - " - O_CIPHERS="$O_CIPHERS \ - NULL-SHA256 \ - AES128-SHA256 \ - DHE-RSA-AES128-SHA256 \ - AES256-SHA256 \ - DHE-RSA-AES256-SHA256 \ - ECDHE-RSA-AES128-SHA256 \ - ECDHE-RSA-AES256-SHA384 \ - AES128-GCM-SHA256 \ - DHE-RSA-AES128-GCM-SHA256 \ - AES256-GCM-SHA384 \ - DHE-RSA-AES256-GCM-SHA384 \ - ECDHE-RSA-AES128-GCM-SHA256 \ - ECDHE-RSA-AES256-GCM-SHA384 \ + TLS-RSA-WITH-NULL-SHA256 \ " fi ;; "PSK") - M_CIPHERS="$M_CIPHERS \ + CIPHERS="$CIPHERS \ TLS-PSK-WITH-3DES-EDE-CBC-SHA \ TLS-PSK-WITH-AES-128-CBC-SHA \ TLS-PSK-WITH-AES-256-CBC-SHA \ " - G_CIPHERS="$G_CIPHERS \ - +PSK:+3DES-CBC:+SHA1 \ - +PSK:+AES-128-CBC:+SHA1 \ - +PSK:+AES-256-CBC:+SHA1 \ - " - O_CIPHERS="$O_CIPHERS \ - PSK-3DES-EDE-CBC-SHA \ - PSK-AES128-CBC-SHA \ - PSK-AES256-CBC-SHA \ - " ;; esac + + M_CIPHERS="$M_CIPHERS $CIPHERS" + + T=$(./scripts/translate_ciphers.py g $CIPHERS) + check_translation $? "$T" + G_CIPHERS="$G_CIPHERS $T" + + T=$(./scripts/translate_ciphers.py o $CIPHERS) + check_translation $? "$T" + O_CIPHERS="$O_CIPHERS $T" } # Ciphersuites usable only with Mbed TLS and OpenSSL -# Each ciphersuite should appear two times, once with its OpenSSL name, once -# with its Mbed TLS name. +# A list of ciphersuites in the Mbed TLS convention is compiled and +# appended to the list of Mbed TLS ciphersuites $M_CIPHERS. The same list +# is translated to the OpenSSL naming convention and appended to the list of +# OpenSSL ciphersuites $O_CIPHERS. # # NOTE: for some reason RSA-PSK doesn't work with OpenSSL, # so RSA-PSK ciphersuites need to go in other sections, see @@ -432,28 +352,23 @@ add_common_ciphersuites() # GnuTLS in 3.5.0 and the CI only has 3.4.x so far. add_openssl_ciphersuites() { + CIPHERS="" case $TYPE in "ECDSA") if [ `minor_ver "$MODE"` -gt 0 ] then - M_CIPHERS="$M_CIPHERS \ - TLS-ECDH-ECDSA-WITH-NULL-SHA \ + CIPHERS="$CIPHERS \ + TLS-ECDH-ECDSA-WITH-NULL-SHA \ TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \ TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \ TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \ " - O_CIPHERS="$O_CIPHERS \ - ECDH-ECDSA-NULL-SHA \ - ECDH-ECDSA-DES-CBC3-SHA \ - ECDH-ECDSA-AES128-SHA \ - ECDH-ECDSA-AES256-SHA \ - " fi if [ `minor_ver "$MODE"` -ge 3 ] then - M_CIPHERS="$M_CIPHERS \ - TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \ + CIPHERS="$CIPHERS \ + TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \ TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \ TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \ TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \ @@ -461,31 +376,18 @@ add_openssl_ciphersuites() TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \ TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \ " - O_CIPHERS="$O_CIPHERS \ - ECDH-ECDSA-AES128-SHA256 \ - ECDH-ECDSA-AES256-SHA384 \ - ECDH-ECDSA-AES128-GCM-SHA256 \ - ECDH-ECDSA-AES256-GCM-SHA384 \ - ECDHE-ECDSA-ARIA256-GCM-SHA384 \ - ECDHE-ECDSA-ARIA128-GCM-SHA256 \ - ECDHE-ECDSA-CHACHA20-POLY1305 \ - " fi ;; "RSA") - M_CIPHERS="$M_CIPHERS \ - TLS-RSA-WITH-DES-CBC-SHA \ + CIPHERS="$CIPHERS \ + TLS-RSA-WITH-DES-CBC-SHA \ TLS-DHE-RSA-WITH-DES-CBC-SHA \ " - O_CIPHERS="$O_CIPHERS \ - DES-CBC-SHA \ - EDH-RSA-DES-CBC-SHA \ - " if [ `minor_ver "$MODE"` -ge 3 ] then - M_CIPHERS="$M_CIPHERS \ - TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \ + CIPHERS="$CIPHERS \ + TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \ TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \ TLS-RSA-WITH-ARIA-256-GCM-SHA384 \ TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \ @@ -494,24 +396,14 @@ add_openssl_ciphersuites() TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \ TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \ " - O_CIPHERS="$O_CIPHERS \ - ECDHE-ARIA256-GCM-SHA384 \ - DHE-RSA-ARIA256-GCM-SHA384 \ - ARIA256-GCM-SHA384 \ - ECDHE-ARIA128-GCM-SHA256 \ - DHE-RSA-ARIA128-GCM-SHA256 \ - ARIA128-GCM-SHA256 \ - DHE-RSA-CHACHA20-POLY1305 \ - ECDHE-RSA-CHACHA20-POLY1305 \ - " fi ;; "PSK") if [ `minor_ver "$MODE"` -ge 3 ] then - M_CIPHERS="$M_CIPHERS \ - TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \ + CIPHERS="$CIPHERS \ + TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \ TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \ TLS-PSK-WITH-ARIA-256-GCM-SHA384 \ TLS-PSK-WITH-ARIA-128-GCM-SHA256 \ @@ -519,66 +411,47 @@ add_openssl_ciphersuites() TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \ TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \ " - O_CIPHERS="$O_CIPHERS \ - DHE-PSK-ARIA256-GCM-SHA384 \ - DHE-PSK-ARIA128-GCM-SHA256 \ - PSK-ARIA256-GCM-SHA384 \ - PSK-ARIA128-GCM-SHA256 \ - DHE-PSK-CHACHA20-POLY1305 \ - ECDHE-PSK-CHACHA20-POLY1305 \ - PSK-CHACHA20-POLY1305 \ - " fi ;; esac + + M_CIPHERS="$M_CIPHERS $CIPHERS" + + T=$(./scripts/translate_ciphers.py o $CIPHERS) + check_translation $? "$T" + O_CIPHERS="$O_CIPHERS $T" } # Ciphersuites usable only with Mbed TLS and GnuTLS -# Each ciphersuite should appear two times, once with its GnuTLS name, once -# with its Mbed TLS name. +# A list of ciphersuites in the Mbed TLS convention is compiled and +# appended to the list of Mbed TLS ciphersuites $M_CIPHERS. The same list +# is translated to the GnuTLS naming convention and appended to the list of +# GnuTLS ciphersuites $G_CIPHERS. add_gnutls_ciphersuites() { + CIPHERS="" case $TYPE in "ECDSA") if [ `minor_ver "$MODE"` -ge 3 ] then - M_CIPHERS="$M_CIPHERS \ - TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \ - TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \ - TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \ - TLS-ECDHE-ECDSA-WITH-AES-128-CCM \ - TLS-ECDHE-ECDSA-WITH-AES-256-CCM \ - TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ - TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \ - " - G_CIPHERS="$G_CIPHERS \ - +ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256 \ - +ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384 \ - +ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD \ - +ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD \ - +ECDHE-ECDSA:+AES-128-CCM:+AEAD \ - +ECDHE-ECDSA:+AES-256-CCM:+AEAD \ - +ECDHE-ECDSA:+AES-128-CCM-8:+AEAD \ - +ECDHE-ECDSA:+AES-256-CCM-8:+AEAD \ + CIPHERS="$CIPHERS \ + TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \ + TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \ + TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \ + TLS-ECDHE-ECDSA-WITH-AES-128-CCM \ + TLS-ECDHE-ECDSA-WITH-AES-256-CCM \ + TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ + TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \ " fi ;; "RSA") - if [ `minor_ver "$MODE"` -gt 0 ] - then - M_CIPHERS="$M_CIPHERS \ - TLS-RSA-WITH-NULL-SHA256 \ - " - G_CIPHERS="$G_CIPHERS \ - +RSA:+NULL:+SHA256 \ - " - fi if [ `minor_ver "$MODE"` -ge 3 ] then - M_CIPHERS="$M_CIPHERS \ + CIPHERS="$CIPHERS \ TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \ TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ @@ -600,45 +473,18 @@ add_gnutls_ciphersuites() TLS-DHE-RSA-WITH-AES-128-CCM-8 \ TLS-DHE-RSA-WITH-AES-256-CCM-8 \ " - G_CIPHERS="$G_CIPHERS \ - +ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256 \ - +ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384 \ - +RSA:+CAMELLIA-128-CBC:+SHA256 \ - +RSA:+CAMELLIA-256-CBC:+SHA256 \ - +DHE-RSA:+CAMELLIA-128-CBC:+SHA256 \ - +DHE-RSA:+CAMELLIA-256-CBC:+SHA256 \ - +ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD \ - +ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD \ - +DHE-RSA:+CAMELLIA-128-GCM:+AEAD \ - +DHE-RSA:+CAMELLIA-256-GCM:+AEAD \ - +RSA:+CAMELLIA-128-GCM:+AEAD \ - +RSA:+CAMELLIA-256-GCM:+AEAD \ - +RSA:+AES-128-CCM:+AEAD \ - +RSA:+AES-256-CCM:+AEAD \ - +RSA:+AES-128-CCM-8:+AEAD \ - +RSA:+AES-256-CCM-8:+AEAD \ - +DHE-RSA:+AES-128-CCM:+AEAD \ - +DHE-RSA:+AES-256-CCM:+AEAD \ - +DHE-RSA:+AES-128-CCM-8:+AEAD \ - +DHE-RSA:+AES-256-CCM-8:+AEAD \ - " fi ;; "PSK") - M_CIPHERS="$M_CIPHERS \ - TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \ - TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - TLS-DHE-PSK-WITH-AES-256-CBC-SHA \ - " - G_CIPHERS="$G_CIPHERS \ - +DHE-PSK:+3DES-CBC:+SHA1 \ - +DHE-PSK:+AES-128-CBC:+SHA1 \ - +DHE-PSK:+AES-256-CBC:+SHA1 \ + CIPHERS="$CIPHERS \ + TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \ + TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ + TLS-DHE-PSK-WITH-AES-256-CBC-SHA \ " if [ `minor_ver "$MODE"` -gt 0 ] then - M_CIPHERS="$M_CIPHERS \ + CIPHERS="$CIPHERS \ TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \ TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \ @@ -646,18 +492,10 @@ add_gnutls_ciphersuites() TLS-RSA-PSK-WITH-AES-256-CBC-SHA \ TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ " - G_CIPHERS="$G_CIPHERS \ - +ECDHE-PSK:+3DES-CBC:+SHA1 \ - +ECDHE-PSK:+AES-128-CBC:+SHA1 \ - +ECDHE-PSK:+AES-256-CBC:+SHA1 \ - +RSA-PSK:+3DES-CBC:+SHA1 \ - +RSA-PSK:+AES-256-CBC:+SHA1 \ - +RSA-PSK:+AES-128-CBC:+SHA1 \ - " fi if [ `minor_ver "$MODE"` -ge 3 ] then - M_CIPHERS="$M_CIPHERS \ + CIPHERS="$CIPHERS \ TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ @@ -703,55 +541,15 @@ add_gnutls_ciphersuites() TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \ TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \ " - G_CIPHERS="$G_CIPHERS \ - +ECDHE-PSK:+AES-256-CBC:+SHA384 \ - +ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384 \ - +ECDHE-PSK:+AES-128-CBC:+SHA256 \ - +ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256 \ - +PSK:+AES-128-CBC:+SHA256 \ - +PSK:+AES-256-CBC:+SHA384 \ - +DHE-PSK:+AES-128-CBC:+SHA256 \ - +DHE-PSK:+AES-256-CBC:+SHA384 \ - +RSA-PSK:+AES-256-CBC:+SHA384 \ - +RSA-PSK:+AES-128-CBC:+SHA256 \ - +DHE-PSK:+CAMELLIA-128-CBC:+SHA256 \ - +DHE-PSK:+CAMELLIA-256-CBC:+SHA384 \ - +PSK:+CAMELLIA-128-CBC:+SHA256 \ - +PSK:+CAMELLIA-256-CBC:+SHA384 \ - +RSA-PSK:+CAMELLIA-256-CBC:+SHA384 \ - +RSA-PSK:+CAMELLIA-128-CBC:+SHA256 \ - +PSK:+AES-128-GCM:+AEAD \ - +PSK:+AES-256-GCM:+AEAD \ - +DHE-PSK:+AES-128-GCM:+AEAD \ - +DHE-PSK:+AES-256-GCM:+AEAD \ - +PSK:+AES-128-CCM:+AEAD \ - +PSK:+AES-256-CCM:+AEAD \ - +DHE-PSK:+AES-128-CCM:+AEAD \ - +DHE-PSK:+AES-256-CCM:+AEAD \ - +PSK:+AES-128-CCM-8:+AEAD \ - +PSK:+AES-256-CCM-8:+AEAD \ - +DHE-PSK:+AES-128-CCM-8:+AEAD \ - +DHE-PSK:+AES-256-CCM-8:+AEAD \ - +RSA-PSK:+CAMELLIA-128-GCM:+AEAD \ - +RSA-PSK:+CAMELLIA-256-GCM:+AEAD \ - +PSK:+CAMELLIA-128-GCM:+AEAD \ - +PSK:+CAMELLIA-256-GCM:+AEAD \ - +DHE-PSK:+CAMELLIA-128-GCM:+AEAD \ - +DHE-PSK:+CAMELLIA-256-GCM:+AEAD \ - +RSA-PSK:+AES-256-GCM:+AEAD \ - +RSA-PSK:+AES-128-GCM:+AEAD \ - +ECDHE-PSK:+NULL:+SHA384 \ - +ECDHE-PSK:+NULL:+SHA256 \ - +PSK:+NULL:+SHA256 \ - +PSK:+NULL:+SHA384 \ - +DHE-PSK:+NULL:+SHA256 \ - +DHE-PSK:+NULL:+SHA384 \ - +RSA-PSK:+NULL:+SHA256 \ - +RSA-PSK:+NULL:+SHA384 \ - " fi ;; esac + + M_CIPHERS="$M_CIPHERS $CIPHERS" + + T=$(./scripts/translate_ciphers.py g $CIPHERS) + check_translation $? "$T" + G_CIPHERS="$G_CIPHERS $T" } # Ciphersuites usable only with Mbed TLS (not currently supported by another diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h new file mode 100644 index 0000000000..444a4bf00f --- /dev/null +++ b/tests/configs/user-config-for-test.h @@ -0,0 +1,57 @@ +/* MBEDTLS_USER_CONFIG_FILE for testing. + * Only used for a few test configurations. + * + * Typical usage (note multiple levels of quoting): + * make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if defined(PSA_CRYPTO_DRIVER_TEST_ALL) + +/* Enable the use of the test driver in the library, and build the generic + * part of the test driver. */ +#define PSA_CRYPTO_DRIVER_TEST + +/* Use the accelerator driver for all cryptographic mechanisms for which + * the test driver implemented. */ +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR +#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING +#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 +#define MBEDTLS_PSA_ACCEL_ALG_CTR +#define MBEDTLS_PSA_ACCEL_ALG_CFB +#define MBEDTLS_PSA_ACCEL_ALG_ECDSA +#define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA +#define MBEDTLS_PSA_ACCEL_ALG_MD5 +#define MBEDTLS_PSA_ACCEL_ALG_OFB +#define MBEDTLS_PSA_ACCEL_ALG_RIPEMD160 +#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN +#define MBEDTLS_PSA_ACCEL_ALG_RSA_PSS +#define MBEDTLS_PSA_ACCEL_ALG_SHA_1 +#define MBEDTLS_PSA_ACCEL_ALG_SHA_224 +#define MBEDTLS_PSA_ACCEL_ALG_SHA_256 +#define MBEDTLS_PSA_ACCEL_ALG_SHA_384 +#define MBEDTLS_PSA_ACCEL_ALG_SHA_512 +#define MBEDTLS_PSA_ACCEL_ALG_XTS +#define MBEDTLS_PSA_ACCEL_ALG_CMAC +#define MBEDTLS_PSA_ACCEL_ALG_HMAC + +#endif /* PSA_CRYPTO_DRIVER_TEST_ALL */ diff --git a/tests/docker/bionic/Dockerfile b/tests/docker/bionic/Dockerfile index 1d24aa3268..41789c677c 100644 --- a/tests/docker/bionic/Dockerfile +++ b/tests/docker/bionic/Dockerfile @@ -137,29 +137,29 @@ RUN cd /tmp \ ENV GNUTLS_CLI=/usr/local/gnutls-3.4.10/bin/gnutls-cli ENV GNUTLS_SERV=/usr/local/gnutls-3.4.10/bin/gnutls-serv -# Build libnettle 3.4 (needed by gnutls next) +# Build libnettle 3.7.3 (needed by gnutls next) RUN cd /tmp \ - && wget https://ftp.gnu.org/gnu/nettle/nettle-3.4.1.tar.gz -qO- | tar xz \ - && cd nettle-3.4.1 \ + && wget https://ftp.gnu.org/gnu/nettle/nettle-3.7.3.tar.gz -qO- | tar xz \ + && cd nettle-3.7.3 \ && ./configure --disable-documentation \ && make ${MAKEFLAGS_PARALLEL} \ && make install \ && /sbin/ldconfig \ && rm -rf /tmp/nettle* -# Build gnutls next (3.6.5) +# Build gnutls next (3.7.2) RUN cd /tmp \ - && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.5.tar.xz -qO- | tar xJ \ - && cd gnutls-3.6.5 \ - && ./configure --prefix=/usr/local/gnutls-3.6.5 --exec_prefix=/usr/local/gnutls-3.6.5 \ + && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.2.tar.xz -qO- | tar xJ \ + && cd gnutls-3.7.2 \ + && ./configure --prefix=/usr/local/gnutls-3.7.2 --exec_prefix=/usr/local/gnutls-3.7.2 \ --with-included-libtasn1 --with-included-unistring --without-p11-kit \ --disable-shared --disable-guile --disable-doc \ && make ${MAKEFLAGS_PARALLEL} \ && make install \ && rm -rf /tmp/gnutls* -ENV GNUTLS_NEXT_CLI=/usr/local/gnutls-3.6.5/bin/gnutls-cli -ENV GNUTLS_NEXT_SERV=/usr/local/gnutls-3.6.5/bin/gnutls-serv +ENV GNUTLS_NEXT_CLI=/usr/local/gnutls-3.7.2/bin/gnutls-cli +ENV GNUTLS_NEXT_SERV=/usr/local/gnutls-3.7.2/bin/gnutls-serv RUN pip3 install --no-cache-dir \ mbed-host-tests \ diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h index 0830229e4e..24215601a6 100644 --- a/tests/include/test/drivers/aead.h +++ b/tests/include/test/drivers/aead.h @@ -30,12 +30,23 @@ typedef struct { * function call. */ psa_status_t forced_status; /* Count the amount of times AEAD driver functions are called. */ - unsigned long hits; + unsigned long hits_encrypt; + unsigned long hits_decrypt; + unsigned long hits_encrypt_setup; + unsigned long hits_decrypt_setup; + unsigned long hits_set_nonce; + unsigned long hits_set_lengths; + unsigned long hits_update_ad; + unsigned long hits_update; + unsigned long hits_finish; + unsigned long hits_verify; + unsigned long hits_abort; + /* Status returned by the last AEAD driver function call. */ psa_status_t driver_status; } mbedtls_test_driver_aead_hooks_t; -#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0 } +#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } static inline mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks_init( void ) { @@ -63,5 +74,60 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); +psa_status_t mbedtls_test_transparent_aead_encrypt_setup( + mbedtls_psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_test_transparent_aead_decrypt_setup( + mbedtls_psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_test_transparent_aead_set_nonce( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ); + +psa_status_t mbedtls_test_transparent_aead_set_lengths( + mbedtls_psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ); + +psa_status_t mbedtls_test_transparent_aead_update_ad( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t mbedtls_test_transparent_aead_update( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t mbedtls_test_transparent_aead_finish( + mbedtls_psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ); + +psa_status_t mbedtls_test_transparent_aead_verify( + mbedtls_psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length ); + +psa_status_t mbedtls_test_transparent_aead_abort( + mbedtls_psa_aead_operation_t *operation ); + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_AEAD_H */ diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 16e1f755ca..d147568cdc 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -49,6 +49,20 @@ static inline mbedtls_test_driver_key_management_hooks_t return( v ); } +/* + * In order to convert the plain text keys to Opaque, the size of the key is + * padded up by PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE in addition to + * xor mangling the key. The pad prefix needs to be accounted for while + * sizing for the key. + */ +#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX 0xBEEFED00U +#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE sizeof( \ + PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX ) + +size_t mbedtls_test_opaque_size_function( + const psa_key_type_t key_type, + const size_t key_bits ); + extern mbedtls_test_driver_key_management_hooks_t mbedtls_test_driver_key_management_hooks; @@ -84,10 +98,28 @@ psa_status_t mbedtls_test_transparent_import_key( size_t *key_buffer_length, size_t *bits); +psa_status_t mbedtls_test_opaque_import_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + uint8_t *key_buffer, + size_t key_buffer_size, + size_t *key_buffer_length, + size_t *bits); + psa_status_t mbedtls_test_opaque_get_builtin_key( psa_drv_slot_number_t slot_number, psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); +psa_status_t mbedtls_test_opaque_copy_key( + psa_key_attributes_t *attributes, + const uint8_t *source_key, + size_t source_key_length, + uint8_t *target_key_buffer, + size_t target_key_buffer_size, + size_t *target_key_buffer_length); + + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */ diff --git a/tests/include/test/drivers/size.h b/tests/include/test/drivers/size.h deleted file mode 100644 index 4e3301c4ae..0000000000 --- a/tests/include/test/drivers/size.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Test driver for context size functions - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_SIZE_H -#define PSA_CRYPTO_TEST_DRIVERS_SIZE_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include - -size_t mbedtls_test_size_function( - const psa_key_type_t key_type, - const size_t key_bits ); - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_SIZE_H */ diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h index 5b60932d3a..47e92b7071 100644 --- a/tests/include/test/drivers/test_driver.h +++ b/tests/include/test/drivers/test_driver.h @@ -28,6 +28,5 @@ #include "test/drivers/mac.h" #include "test/drivers/key_management.h" #include "test/drivers/signature.h" -#include "test/drivers/size.h" #endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 27e5599ed1..ef32cdf83b 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -73,6 +73,8 @@ typedef struct const char *filename; int line_no; unsigned long step; + char line1[76]; + char line2[76]; #if defined(MBEDTLS_TEST_MUTEX_USAGE) const char *mutex_usage_error; #endif @@ -131,6 +133,27 @@ void mbedtls_test_set_step( unsigned long step ); */ void mbedtls_test_info_reset( void ); +/** + * \brief Record the current test case as a failure if two integers + * have a different value. + * + * This function is usually called via the macro + * #TEST_EQUAL. + * + * \param test Description of the failure or assertion that failed. This + * MUST be a string literal. This normally has the form + * "EXPR1 == EXPR2" where EXPR1 has the value \p value1 + * and EXPR2 has the value \p value2. + * \param line_no Line number where the failure originated. + * \param filename Filename where the failure originated. + * \param value1 The first value to compare. + * \param value2 The second value to compare. + * + * \return \c 1 if the values are equal, otherwise \c 0. + */ +int mbedtls_test_equal( const char *test, int line_no, const char* filename, + unsigned long long value1, unsigned long long value2 ); + /** * \brief This function decodes the hexadecimal representation of * data. diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 9b3fc9c809..a88b2e8115 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -73,15 +73,21 @@ } \ } while( 0 ) -/** Evaluate two expressions and fail the test case if they have different - * values. +/** Evaluate two integer expressions and fail the test case if they have + * different values. * - * \param expr1 An expression to evaluate. - * \param expr2 The expected value of \p expr1. This can be any - * expression, but it is typically a constant. + * The two expressions should have the same signedness, otherwise the + * comparison is not meaningful if the signed value is negative. + * + * \param expr1 An integral-typed expression to evaluate. + * \param expr2 Another integral-typed expression to evaluate. */ -#define TEST_EQUAL( expr1, expr2 ) \ - TEST_ASSERT( ( expr1 ) == ( expr2 ) ) +#define TEST_EQUAL( expr1, expr2 ) \ + do { \ + if( ! mbedtls_test_equal( #expr1 " == " #expr2, __LINE__, __FILE__, \ + expr1, expr2 ) ) \ + goto exit; \ + } while( 0 ) /** Allocate memory dynamically and fail the test case if this fails. * The allocated memory will be filled with zeros. diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 8a8c37e008..f5622e2d2d 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -28,7 +28,6 @@ #include "test/psa_helpers.h" #include -#include #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "mbedtls/psa_util.h" diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f8e43c8714..241b1b6d0a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1,4 +1,4 @@ -#! /usr/bin/env sh +#! /usr/bin/env bash # all.sh # @@ -59,6 +59,15 @@ # This script must be invoked from the toplevel directory of a git # working copy of Mbed TLS. # +# The behavior on an error depends on whether --keep-going (alias -k) +# is in effect. +# * Without --keep-going: the script stops on the first error without +# cleaning up. This lets you work in the configuration of the failing +# component. +# * With --keep-going: the script runs all requested components and +# reports failures at the end. In particular the script always cleans +# up on exit. +# # Note that the output is not saved. You may want to run # script -c tests/scripts/all.sh # or @@ -81,6 +90,12 @@ # # Each component must start by invoking `msg` with a short informative message. # +# Warning: due to the way bash detects errors, the failure of a command +# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'. +# +# Each component is executed in a separate shell process. The component +# fails if any command in it returns a non-zero status. +# # The framework performs some cleanup tasks after each component. This # means that components can assume that the working directory is in a # cleaned-up state, and don't need to perform the cleanup themselves. @@ -91,19 +106,6 @@ # `tests/Makefile` and `programs/fuzz/Makefile` from git. # This cleans up after an in-tree use of CMake. # -# Any command that is expected to fail must be protected so that the -# script keeps running in --keep-going mode despite `set -e`. In keep-going -# mode, if a protected command fails, this is logged as a failure and the -# script will exit with a failure status once it has run all components. -# Commands can be protected in any of the following ways: -# * `make` is a function which runs the `make` command with protection. -# Note that you must write `make VAR=value`, not `VAR=value make`, -# because the `VAR=value make` syntax doesn't work with functions. -# * Put `report_status` before the command to protect it. -# * Put `if_build_successful` before a command. This protects it, and -# additionally skips it if a prior invocation of `make` in the same -# component failed. -# # The tests are roughly in order from fastest to slowest. This doesn't # have to be exact, but in general you should add slower tests towards # the end and fast checks near the beginning. @@ -114,8 +116,9 @@ #### Initialization and command line parsing ################################################################ -# Abort on errors (and uninitialised variables) -set -eu +# Abort on errors (even on the left-hand side of a pipe). +# Treat uninitialised variables as errors. +set -e -o pipefail -u pre_check_environment () { if [ -d library -a -d include -a -d tests ]; then :; else @@ -126,9 +129,16 @@ pre_check_environment () { pre_initialize_variables () { CONFIG_H='include/mbedtls/mbedtls_config.h' - CONFIG_BAK="$CONFIG_H.bak" CRYPTO_CONFIG_H='include/psa/crypto_config.h' - CRYPTO_CONFIG_BAK="$CRYPTO_CONFIG_H.bak" + + # Files that are clobbered by some jobs will be backed up. Use a different + # suffix from auxiliary scripts so that all.sh and auxiliary scripts can + # independently decide when to remove the backup file. + backup_suffix='.all.bak' + # Files clobbered by config.py + files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H" + # Files clobbered by in-tree cmake + files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile" append_outcome=0 MEMORY=0 @@ -161,13 +171,14 @@ pre_initialize_variables () { : ${ARMC5_BIN_DIR:=/usr/bin} : ${ARMC6_BIN_DIR:=/usr/bin} : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-} + : ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-} # if MAKEFLAGS is not set add the -j option to speed up invocations of make if [ -z "${MAKEFLAGS+set}" ]; then - export MAKEFLAGS="-j" + export MAKEFLAGS="-j$(all_sh_nproc)" fi - # Include more verbose output for failing tests run by CMake + # Include more verbose output for failing tests run by CMake or make export CTEST_OUTPUT_ON_FAILURE=1 # CFLAGS and LDFLAGS for Asan builds that don't use CMake @@ -175,8 +186,8 @@ pre_initialize_variables () { # Gather the list of available components. These are the functions # defined in this script whose name starts with "component_". - # Parse the script with sed, because in sh there is no way to list - # defined functions. + # Parse the script with sed. This way we get the functions in the order + # they are defined. ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0") # Exclude components that are not supported on this platform. @@ -193,6 +204,8 @@ pre_initialize_variables () { # Test whether the component $1 is included in the command line patterns. is_component_included() { + # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS + # only does word splitting. set -f for pattern in $COMMAND_LINE_COMPONENTS; do set +f @@ -230,7 +243,15 @@ General options: --arm-none-eabi-gcc-prefix= Prefix for a cross-compiler for arm-none-eabi (default: "${ARM_NONE_EABI_GCC_PREFIX}") + --arm-linux-gnueabi-gcc-prefix= + Prefix for a cross-compiler for arm-linux-gnueabi + (default: "${ARM_LINUX_GNUEABI_GCC_PREFIX}") --armcc Run ARM Compiler builds (on by default). + --restore First clean up the build tree, restoring backed up + files. Do not run any components unless they are + explicitly specified. + --error-test Error test mode: run a failing function in addition + to any specified component. May be repeated. --except Exclude the COMPONENTs listed on the command line, instead of running only those. --no-append-outcome Write a new outcome file and analyze it (default). @@ -259,13 +280,11 @@ Tool path options: EOF } -# remove built files as well as the cmake cache/config +# Cleanup before/after running a component. +# Remove built files as well as the cmake cache/config. +# Does not remove generated source files. cleanup() { - if [ -n "${MBEDTLS_ROOT_DIR+set}" ]; then - cd "$MBEDTLS_ROOT_DIR" - fi - command make clean # Remove CMake artefacts @@ -273,11 +292,10 @@ cleanup() -iname CMakeFiles -exec rm -rf {} \+ -o \ \( -iname cmake_install.cmake -o \ -iname CTestTestfile.cmake -o \ - -iname CMakeCache.txt \) -exec rm -f {} \+ + -iname CMakeCache.txt -o \ + -path './cmake/*.cmake' \) -exec rm -f {} \+ # Recover files overwritten by in-tree CMake builds rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile - git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile - git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile # Remove any artifacts from the component_test_cmake_as_subdirectory test. rm -rf programs/test/cmake_subproject/build @@ -294,13 +312,20 @@ cleanup() rm -f programs/test/cmake_package_install/Makefile rm -f programs/test/cmake_package_install/cmake_package_install - if [ -f "$CONFIG_BAK" ]; then - mv "$CONFIG_BAK" "$CONFIG_H" - fi + # Restore files that may have been clobbered by the job + for x in $files_to_back_up; do + cp -p "$x$backup_suffix" "$x" + done +} - if [ -f "$CRYPTO_CONFIG_BAK" ]; then - mv "$CRYPTO_CONFIG_BAK" "$CRYPTO_CONFIG_H" - fi +# Final cleanup when this script exits (except when exiting on a failure +# in non-keep-going mode). +final_cleanup () { + cleanup + + for x in $files_to_back_up; do + rm -f "$x$backup_suffix" + done } # Executed on exit. May be redefined depending on command line options. @@ -309,7 +334,7 @@ final_report () { } fatal_signal () { - cleanup + final_cleanup final_report $1 trap - $1 kill -$1 $$ @@ -319,6 +344,18 @@ trap 'fatal_signal HUP' HUP trap 'fatal_signal INT' INT trap 'fatal_signal TERM' TERM +# Number of processors on this machine. Used as the default setting +# for parallel make. +all_sh_nproc () +{ + { + nproc || # Linux + sysctl -n hw.ncpuonline || # NetBSD, OpenBSD + sysctl -n hw.ncpu || # FreeBSD + echo 1 + } 2>/dev/null +} + msg() { if [ -n "${current_component:-}" ]; then @@ -367,17 +404,11 @@ check_tools() done } -check_headers_in_cpp () { - ls include/mbedtls | grep "\.h$" >headers.txt - &2 "Unknown option: $1" @@ -427,7 +461,7 @@ pre_parse_command_line () { done # With no list of components, run everything. - if [ -z "$COMMAND_LINE_COMPONENTS" ]; then + if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then all_except=1 fi @@ -437,6 +471,32 @@ pre_parse_command_line () { COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*" fi + # Error out if an explicitly requested component doesn't exist. + if [ $all_except -eq 0 ]; then + unsupported=0 + # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS + # only does word splitting. + set -f + for component in $COMMAND_LINE_COMPONENTS; do + set +f + # If the requested name includes a wildcard character, don't + # check it. Accept wildcard patterns that don't match anything. + case $component in + *[*?\[]*) continue;; + esac + case " $SUPPORTED_COMPONENTS " in + *" $component "*) :;; + *) + echo >&2 "Component $component was explicitly requested, but is not known or not supported." + unsupported=$((unsupported + 1));; + esac + done + set +f + if [ $unsupported -ne 0 ]; then + exit 2 + fi + fi + # Build the list of components to run. RUN_COMPONENTS= for component in $SUPPORTED_COMPONENTS; do @@ -472,9 +532,36 @@ pre_check_git () { fi } +pre_restore_files () { + # If the makefiles have been generated by a framework such as cmake, + # restore them from git. If the makefiles look like modifications from + # the ones checked into git, take care not to modify them. Whatever + # this function leaves behind is what the script will restore before + # each component. + case "$(head -n1 Makefile)" in + *[Gg]enerated*) + git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile + git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile + ;; + esac +} + +pre_back_up () { + for x in $files_to_back_up; do + cp -p "$x" "$x$backup_suffix" + done +} + pre_setup_keep_going () { - failure_summary= - failure_count=0 + failure_count=0 # Number of failed components + last_failure_status=0 # Last failure status in this component + + # See err_trap + previous_failure_status=0 + previous_failed_command= + previous_failure_funcall_depth=0 + unset report_failed_command + start_red= end_color= if [ -t 1 ]; then @@ -485,76 +572,106 @@ pre_setup_keep_going () { ;; esac fi - record_status () { - if "$@"; then - last_status=0 - else - last_status=$? - text="$current_section: $* -> $last_status" - failure_summary="$failure_summary -$text" - failure_count=$((failure_count + 1)) - echo "${start_red}^^^^$text^^^^${end_color}" >&2 - fi - } - make () { - case "$*" in - *test|*check) - if [ $build_status -eq 0 ]; then - record_status command make "$@" - else - echo "(skipped because the build failed)" - fi - ;; - *) - record_status command make "$@" - build_status=$last_status - ;; + + # Keep a summary of failures in a file. We'll print it out at the end. + failure_summary_file=$PWD/all-sh-failures-$$.log + : >"$failure_summary_file" + + # Whether it makes sense to keep a component going after the specified + # command fails (test command) or not (configure or build). + # This function normally receives the failing simple command + # ($BASH_COMMAND) as an argument, but if $report_failed_command is set, + # this is passed instead. + # This doesn't have to be 100% accurate: all failures are recorded anyway. + # False positives result in running things that can't be expected to + # work. False negatives result in things not running after something else + # failed even though they might have given useful feedback. + can_keep_going_after_failure () { + case "$1" in + "msg "*) false;; + "cd "*) false;; + *make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ... + *test*) true;; # make test, tests/stuff, env V=v tests/stuff, ... + *make*check*) true;; + "grep "*) true;; + "[ "*) true;; + "! "*) true;; + *) false;; esac } + + # This function runs if there is any error in a component. + # It must either exit with a nonzero status, or set + # last_failure_status to a nonzero value. + err_trap () { + # Save $? (status of the failing command). This must be the very + # first thing, before $? is overridden. + last_failure_status=$? + failed_command=${report_failed_command-$BASH_COMMAND} + + if [[ $last_failure_status -eq $previous_failure_status && + "$failed_command" == "$previous_failed_command" && + ${#FUNCNAME[@]} == $((previous_failure_funcall_depth - 1)) ]] + then + # The same command failed twice in a row, but this time one level + # less deep in the function call stack. This happens when the last + # command of a function returns a nonzero status, and the function + # returns that same status. Ignore the second failure. + previous_failure_funcall_depth=${#FUNCNAME[@]} + return + fi + previous_failure_status=$last_failure_status + previous_failed_command=$failed_command + previous_failure_funcall_depth=${#FUNCNAME[@]} + + text="$current_section: $failed_command -> $last_failure_status" + echo "${start_red}^^^^$text^^^^${end_color}" >&2 + echo "$text" >>"$failure_summary_file" + + # If the command is fatal (configure or build command), stop this + # component. Otherwise (test command) keep the component running + # (run more tests from the same build). + if ! can_keep_going_after_failure "$failed_command"; then + exit $last_failure_status + fi + } + final_report () { if [ $failure_count -gt 0 ]; then echo echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" - echo "${start_red}FAILED: $failure_count${end_color}$failure_summary" + echo "${start_red}FAILED: $failure_count components${end_color}" + cat "$failure_summary_file" echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" - exit 1 elif [ -z "${1-}" ]; then echo "SUCCESS :)" fi if [ -n "${1-}" ]; then echo "Killed by SIG$1." fi + rm -f "$failure_summary_file" + if [ $failure_count -gt 0 ]; then + exit 1 + fi } } +# record_status() and if_build_succeeded() are kept temporarily for backward +# compatibility. Don't use them in new components. +record_status () { + "$@" +} if_build_succeeded () { - if [ $build_status -eq 0 ]; then - record_status "$@" - fi + "$@" } -# to be used instead of ! for commands run with -# record_status or if_build_succeeded -not() { - ! "$@" -} - -pre_setup_quiet_redirect () { - if [ $QUIET -ne 1 ]; then - redirect_out () { - "$@" - } - redirect_err () { - "$@" - } - else - redirect_out () { - "$@" >/dev/null - } - redirect_err () { - "$@" 2>/dev/null - } +# '! true' does not trigger the ERR trap. Arrange to trigger it, with +# a reasonably informative error message (not just "$@"). +not () { + if "$@"; then + report_failed_command="! $*" + false + unset report_failed_command fi } @@ -664,7 +781,11 @@ pre_generate_files() { # since make doesn't have proper dependencies, remove any possibly outdate # file that might be around before generating fresh ones make neat - make generated_files + if [ $QUIET -eq 1 ]; then + make generated_files >/dev/null + else + make generated_files + fi } @@ -686,24 +807,24 @@ pre_generate_files() { component_check_recursion () { msg "Check: recursion.pl" # < 1s - record_status tests/scripts/recursion.pl library/*.c + tests/scripts/recursion.pl library/*.c } component_check_generated_files () { msg "Check: check-generated-files, files generated with make" # 2s make generated_files - record_status tests/scripts/check-generated-files.sh + tests/scripts/check-generated-files.sh msg "Check: check-generated-files -u, files present" # 2s - record_status tests/scripts/check-generated-files.sh -u + tests/scripts/check-generated-files.sh -u # Check that the generated files are considered up to date. - record_status tests/scripts/check-generated-files.sh + tests/scripts/check-generated-files.sh msg "Check: check-generated-files -u, files absent" # 2s command make neat - record_status tests/scripts/check-generated-files.sh -u + tests/scripts/check-generated-files.sh -u # Check that the generated files are considered up to date. - record_status tests/scripts/check-generated-files.sh + tests/scripts/check-generated-files.sh # This component ends with the generated files present in the source tree. # This is necessary for subsequent components! @@ -711,18 +832,18 @@ component_check_generated_files () { component_check_doxy_blocks () { msg "Check: doxygen markup outside doxygen blocks" # < 1s - record_status tests/scripts/check-doxy-blocks.pl + tests/scripts/check-doxy-blocks.pl } component_check_files () { msg "Check: file sanity checks (permissions, encodings)" # < 1s - record_status tests/scripts/check_files.py + tests/scripts/check_files.py } component_check_changelog () { msg "Check: changelog entries" # < 1s rm -f ChangeLog.new - record_status scripts/assemble_changelog.py -o ChangeLog.new + scripts/assemble_changelog.py -o ChangeLog.new if [ -e ChangeLog.new ]; then # Show the diff for information. It isn't an error if the diff is # non-empty. @@ -733,7 +854,7 @@ component_check_changelog () { component_check_names () { msg "Check: declared and exported names (builds the library)" # < 3s - record_status tests/scripts/check-names.sh -v + tests/scripts/check_names.py -v } component_check_test_cases () { @@ -743,13 +864,13 @@ component_check_test_cases () { else opt='' fi - record_status tests/scripts/check_test_cases.py $opt + tests/scripts/check_test_cases.py $opt unset opt } component_check_doxygen_warnings () { msg "Check: doxygen warnings (builds the documentation)" # ~ 3s - record_status tests/scripts/doxygen.sh + tests/scripts/doxygen.sh } @@ -769,7 +890,7 @@ component_test_default_out_of_box () { make test msg "selftest: make, default config (out-of-box)" # ~10s - if_build_succeeded programs/test/selftest + programs/test/selftest export MBEDTLS_TEST_OUTCOME_FILE="$SAVE_MBEDTLS_TEST_OUTCOME_FILE" unset SAVE_MBEDTLS_TEST_OUTCOME_FILE @@ -784,16 +905,16 @@ component_test_default_cmake_gcc_asan () { make test msg "test: selftest (ASan build)" # ~ 10s - if_build_succeeded programs/test/selftest + programs/test/selftest msg "test: ssl-opt.sh (ASan build)" # ~ 1 min - if_build_succeeded tests/ssl-opt.sh + tests/ssl-opt.sh msg "test: compat.sh (ASan build)" # ~ 6 min - if_build_succeeded tests/compat.sh + tests/compat.sh msg "test: context-info.sh (ASan build)" # ~ 15 sec - if_build_succeeded tests/context-info.sh + tests/context-info.sh } component_test_full_cmake_gcc_asan () { @@ -806,16 +927,16 @@ component_test_full_cmake_gcc_asan () { make test msg "test: selftest (ASan build)" # ~ 10s - if_build_succeeded programs/test/selftest + programs/test/selftest msg "test: ssl-opt.sh (full config, ASan build)" - if_build_succeeded tests/ssl-opt.sh + tests/ssl-opt.sh msg "test: compat.sh (full config, ASan build)" - if_build_succeeded tests/compat.sh + tests/compat.sh msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec - if_build_succeeded tests/context-info.sh + tests/context-info.sh } component_test_psa_crypto_key_id_encodes_owner () { @@ -853,7 +974,7 @@ component_build_psa_crypto_spm () { # Check that if a symbol is renamed by crypto_spe.h, the non-renamed # version is not present. echo "Checking for renamed symbols in the library" - if_build_succeeded check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a + check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a } component_test_psa_crypto_client () { @@ -878,8 +999,17 @@ component_test_psa_crypto_rsa_no_genprime() { component_test_ref_configs () { msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - record_status tests/scripts/test-ref-configs.pl + # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake + # want to re-generate generated files that depend on it, quite correctly. + # However this doesn't work as the generation script expects a specific + # format for mbedtls_config.h, which the other files don't follow. Also, + # cmake can't know this, but re-generation is actually not necessary as + # the generated files only depend on the list of available options, not + # whether they're on or off. So, disable cmake's (over-sensitive here) + # dependency resolution for generated files and just rely on them being + # present (thanks to pre_generate_files) by turning GEN_FILES off. + CC=gcc cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan . + tests/scripts/test-ref-configs.pl } component_test_no_renegotiation () { @@ -892,7 +1022,7 @@ component_test_no_renegotiation () { make test msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min - if_build_succeeded tests/ssl-opt.sh + tests/ssl-opt.sh } component_test_no_pem_no_fs () { @@ -908,7 +1038,7 @@ component_test_no_pem_no_fs () { make test msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min - if_build_succeeded tests/ssl-opt.sh + tests/ssl-opt.sh } component_test_rsa_no_crt () { @@ -921,13 +1051,13 @@ component_test_rsa_no_crt () { make test msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s - if_build_succeeded tests/ssl-opt.sh -f RSA + tests/ssl-opt.sh -f RSA msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min - if_build_succeeded tests/compat.sh -t RSA + tests/compat.sh -t RSA msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec - if_build_succeeded tests/context-info.sh + tests/context-info.sh } component_test_no_ctr_drbg_classic () { @@ -946,10 +1076,10 @@ component_test_no_ctr_drbg_classic () { # The SSL tests are slow, so run a small subset, just enough to get # confidence that the SSL code copes with HMAC_DRBG. msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)" - if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' + tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)" - if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL + tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL } component_test_no_ctr_drbg_use_psa () { @@ -968,10 +1098,10 @@ component_test_no_ctr_drbg_use_psa () { # The SSL tests are slow, so run a small subset, just enough to get # confidence that the SSL code copes with HMAC_DRBG. msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" - if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' + tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)" - if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL + tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL } component_test_no_hmac_drbg_classic () { @@ -993,12 +1123,12 @@ component_test_no_hmac_drbg_classic () { # Test SSL with non-deterministic ECDSA. Only test features that # might be affected by how ECDSA signature is performed. msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)" - if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private: sign' + tests/ssl-opt.sh -f 'Default\|SSL async private: sign' # To save time, only test one protocol version, since this part of # the protocol is identical in (D)TLS up to 1.2. msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)" - if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA' + tests/compat.sh -m tls1_2 -t 'ECDSA' } component_test_no_hmac_drbg_use_psa () { @@ -1020,12 +1150,12 @@ component_test_no_hmac_drbg_use_psa () { # Test SSL with non-deterministic ECDSA. Only test features that # might be affected by how ECDSA signature is performed. msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" - if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private: sign' + tests/ssl-opt.sh -f 'Default\|SSL async private: sign' # To save time, only test one protocol version, since this part of # the protocol is identical in (D)TLS up to 1.2. msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)" - if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA' + tests/compat.sh -m tls1_2 -t 'ECDSA' } component_test_psa_external_rng_no_drbg_classic () { @@ -1048,7 +1178,7 @@ component_test_psa_external_rng_no_drbg_classic () { make test msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - ssl-opt.sh (subset)" - if_build_succeeded tests/ssl-opt.sh -f 'Default' + tests/ssl-opt.sh -f 'Default' } component_test_psa_external_rng_no_drbg_use_psa () { @@ -1067,7 +1197,7 @@ component_test_psa_external_rng_no_drbg_use_psa () { make test msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)" - if_build_succeeded tests/ssl-opt.sh -f 'Default\|opaque' + tests/ssl-opt.sh -f 'Default\|opaque' } component_test_psa_external_rng_use_psa_crypto () { @@ -1082,7 +1212,7 @@ component_test_psa_external_rng_use_psa_crypto () { make test msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" - if_build_succeeded tests/ssl-opt.sh -f 'Default\|opaque' + tests/ssl-opt.sh -f 'Default\|opaque' } component_test_everest () { @@ -1095,11 +1225,11 @@ component_test_everest () { make test msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s - if_build_succeeded tests/ssl-opt.sh -f ECDH + tests/ssl-opt.sh -f ECDH msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min # Exclude some symmetric ciphers that are redundant here to gain time. - if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES' + tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES' } component_test_everest_curve25519_only () { @@ -1129,7 +1259,7 @@ component_test_small_ssl_out_content_len () { make msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests" - if_build_succeeded tests/ssl-opt.sh -f "Max fragment\|Large packet" + tests/ssl-opt.sh -f "Max fragment\|Large packet" } component_test_small_ssl_in_content_len () { @@ -1140,7 +1270,7 @@ component_test_small_ssl_in_content_len () { make msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests" - if_build_succeeded tests/ssl-opt.sh -f "Max fragment" + tests/ssl-opt.sh -f "Max fragment" } component_test_small_ssl_dtls_max_buffering () { @@ -1150,7 +1280,7 @@ component_test_small_ssl_dtls_max_buffering () { make msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test" - if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" + tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" } component_test_small_mbedtls_ssl_dtls_max_buffering () { @@ -1160,38 +1290,38 @@ component_test_small_mbedtls_ssl_dtls_max_buffering () { make msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test" - if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" + tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" } component_test_psa_collect_statuses () { msg "build+test: psa_collect_statuses" # ~30s scripts/config.py full - record_status tests/scripts/psa_collect_statuses.py + tests/scripts/psa_collect_statuses.py # Check that psa_crypto_init() succeeded at least once - record_status grep -q '^0:psa_crypto_init:' tests/statuses.log + grep -q '^0:psa_crypto_init:' tests/statuses.log rm -f tests/statuses.log } component_test_full_cmake_clang () { msg "build: cmake, full config, clang" # ~ 50s scripts/config.py full - CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On . + CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On . make msg "test: main suites (full config, clang)" # ~ 5s make test msg "test: psa_constant_names (full config, clang)" # ~ 1s - record_status tests/scripts/test_psa_constant_names.py + tests/scripts/test_psa_constant_names.py msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s - if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' + tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' msg "test: compat.sh DES, 3DES & NULL (full config)" # ~ 2 min - if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES' + env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES' msg "test: compat.sh ARIA + ChachaPoly" - if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' + env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' } component_test_memsan_constant_flow () { @@ -1298,70 +1428,68 @@ component_build_crypto_default () { msg "build: make, crypto only" scripts/config.py crypto make CFLAGS='-O1 -Werror' - if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.* + are_empty_libraries library/libmbedx509.* library/libmbedtls.* } component_build_crypto_full () { msg "build: make, crypto only, full config" scripts/config.py crypto_full make CFLAGS='-O1 -Werror' - if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.* + are_empty_libraries library/libmbedx509.* library/libmbedtls.* } component_build_crypto_baremetal () { msg "build: make, crypto only, baremetal config" scripts/config.py crypto_baremetal make CFLAGS='-O1 -Werror' - if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.* + are_empty_libraries library/libmbedx509.* library/libmbedtls.* } component_test_depends_curves () { msg "test/build: curves.pl (gcc)" # ~ 4 min - record_status tests/scripts/curves.pl + tests/scripts/curves.pl } component_test_depends_curves_psa () { msg "test/build: curves.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" scripts/config.py set MBEDTLS_USE_PSA_CRYPTO - record_status tests/scripts/curves.pl + tests/scripts/curves.pl } component_test_depends_hashes () { msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min - record_status tests/scripts/depends-hashes.pl + tests/scripts/depends-hashes.pl } component_test_depends_hashes_psa () { msg "test/build: depends-hashes.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" scripts/config.py set MBEDTLS_USE_PSA_CRYPTO - record_status tests/scripts/depends-hashes.pl + tests/scripts/depends-hashes.pl } component_test_depends_pkalgs () { msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min - record_status tests/scripts/depends-pkalgs.pl + tests/scripts/depends-pkalgs.pl } component_test_depends_pkalgs_psa () { msg "test/build: depends-pkalgs.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" scripts/config.py set MBEDTLS_USE_PSA_CRYPTO - record_status tests/scripts/depends-pkalgs.pl + tests/scripts/depends-pkalgs.pl } component_build_key_exchanges () { msg "test/build: key-exchanges (gcc)" # ~ 1 min - record_status tests/scripts/key-exchanges.pl + tests/scripts/key-exchanges.pl } -component_build_default_make_gcc_and_cxx () { - msg "build: Unix make, -Os (gcc)" # ~ 30s - make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' +component_test_make_cxx () { + msg "build: Unix make, full, gcc + g++" + scripts/config.py full + make TEST_CPP=1 lib programs - msg "test: verify header list in cpp_dummy_build.cpp" - record_status check_headers_in_cpp - - msg "build: Unix make, incremental g++" - make TEST_CPP=1 + msg "test: cpp_dummy_build" + programs/test/cpp_dummy_build } component_build_module_alt () { @@ -1413,16 +1541,16 @@ component_test_no_use_psa_crypto_full_cmake_asan() { make test msg "test: ssl-opt.sh (full minus MBEDTLS_USE_PSA_CRYPTO)" - if_build_succeeded tests/ssl-opt.sh + tests/ssl-opt.sh msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)" - if_build_succeeded tests/compat.sh + tests/compat.sh msg "test: compat.sh DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)" - if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES' + env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES' msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)" - if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' + env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' } component_test_psa_crypto_config_basic() { @@ -1454,31 +1582,8 @@ component_test_psa_crypto_config_basic() { scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_DES scripts/config.py unset MBEDTLS_DES_C - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_AES" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CTR" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CFB" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD5" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_OFB" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_1" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_224" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_256" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_384" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_512" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_XTS" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CMAC" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_HMAC" + loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL" + loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" loc_cflags="${loc_cflags} -I../tests/include -O2" make CC=gcc CFLAGS="$loc_cflags" LDFLAGS="$ASAN_CFLAGS" @@ -1501,6 +1606,19 @@ component_test_psa_crypto_config_no_driver() { make test } +component_test_psa_crypto_config_chachapoly_disabled() { + # full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305 + msg "build: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305" + scripts/config.py full + scripts/config.py unset MBEDTLS_CHACHAPOLY_C + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_GCM + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CHACHA20_POLY1305 + make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" + + msg "test: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305" + make test +} + # This should be renamed to test and updated once the accelerator ECDSA code is in place and ready to test. component_build_psa_accel_alg_ecdsa() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDSA @@ -1843,7 +1961,8 @@ component_build_no_std_function () { scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT - make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check . + make } component_build_no_ssl_srv () { @@ -1876,7 +1995,7 @@ component_test_memory_buffer_allocator_backtrace () { scripts/config.py set MBEDTLS_PLATFORM_MEMORY scripts/config.py set MBEDTLS_MEMORY_BACKTRACE scripts/config.py set MBEDTLS_MEMORY_DEBUG - CC=gcc cmake . + CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . make msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE" @@ -1887,7 +2006,7 @@ component_test_memory_buffer_allocator () { msg "build: default config with memory buffer allocator" scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.py set MBEDTLS_PLATFORM_MEMORY - CC=gcc cmake . + CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . make msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C" @@ -1895,7 +2014,7 @@ component_test_memory_buffer_allocator () { msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C" # MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out. - if_build_succeeded tests/ssl-opt.sh -e '^DTLS proxy' + tests/ssl-opt.sh -e '^DTLS proxy' } component_test_no_max_fragment_length () { @@ -1906,7 +2025,7 @@ component_test_no_max_fragment_length () { make msg "test: ssl-opt.sh, MFL-related tests" - if_build_succeeded tests/ssl-opt.sh -f "Max fragment length" + tests/ssl-opt.sh -f "Max fragment length" } component_test_asan_remove_peer_certificate () { @@ -1919,13 +2038,13 @@ component_test_asan_remove_peer_certificate () { make test msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" - if_build_succeeded tests/ssl-opt.sh + tests/ssl-opt.sh msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" - if_build_succeeded tests/compat.sh + tests/compat.sh msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" - if_build_succeeded tests/context-info.sh + tests/context-info.sh } component_test_no_max_fragment_length_small_ssl_out_content_len () { @@ -1937,10 +2056,10 @@ component_test_no_max_fragment_length_small_ssl_out_content_len () { make msg "test: MFL tests (disabled MFL extension case) & large packet tests" - if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer" + tests/ssl-opt.sh -f "Max fragment length\|Large buffer" msg "test: context-info.sh (disabled MFL extension case)" - if_build_succeeded tests/context-info.sh + tests/context-info.sh } component_test_variable_ssl_in_out_buffer_len () { @@ -1953,10 +2072,10 @@ component_test_variable_ssl_in_out_buffer_len () { make test msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" - if_build_succeeded tests/ssl-opt.sh + tests/ssl-opt.sh msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" - if_build_succeeded tests/compat.sh + tests/compat.sh } component_test_variable_ssl_in_out_buffer_len_CID () { @@ -1971,10 +2090,22 @@ component_test_variable_ssl_in_out_buffer_len_CID () { make test msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled" - if_build_succeeded tests/ssl-opt.sh + tests/ssl-opt.sh msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled" - if_build_succeeded tests/compat.sh + tests/compat.sh +} + +component_test_CID_no_debug() { + msg "build: Connection ID enabled, debug disabled" + scripts/config.py unset MBEDTLS_DEBUG_C + scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID + + CC=gcc cmake . + make + + msg "test: Connection ID enabled, debug disabled" + make test } component_test_ssl_alloc_buffer_and_mfl () { @@ -1984,14 +2115,14 @@ component_test_ssl_alloc_buffer_and_mfl () { scripts/config.py set MBEDTLS_MEMORY_DEBUG scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH - CC=gcc cmake . + CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release . make msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" make test msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" - if_build_succeeded tests/ssl-opt.sh -f "Handshake memory usage" + tests/ssl-opt.sh -f "Handshake memory usage" } component_test_when_no_ciphersuites_have_mac () { @@ -2005,13 +2136,13 @@ component_test_when_no_ciphersuites_have_mac () { make test msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC" - if_build_succeeded tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM' + tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM' } component_test_no_date_time () { msg "build: default config without MBEDTLS_HAVE_TIME_DATE" scripts/config.py unset MBEDTLS_HAVE_TIME_DATE - CC=gcc cmake + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check . make msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites" @@ -2041,7 +2172,7 @@ component_test_malloc_0_null () { msg "selftest: malloc(0) returns NULL (ASan+UBSan build)" # Just the calloc selftest. "make test" ran the others as part of the # test suites. - if_build_succeeded programs/test/selftest calloc + programs/test/selftest calloc msg "test ssl-opt.sh: malloc(0) returns NULL (ASan+UBSan build)" # Run a subset of the tests. The choice is a balance between coverage @@ -2049,7 +2180,7 @@ component_test_malloc_0_null () { # The current choice is to skip tests whose description includes # "proxy", which is an approximation of skipping tests that use the # UDP proxy, which tend to be slower and flakier. - if_build_succeeded tests/ssl-opt.sh -e 'proxy' + tests/ssl-opt.sh -e 'proxy' } component_test_aes_fewer_tables () { @@ -2131,31 +2262,8 @@ component_test_psa_crypto_drivers () { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py set MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_AES" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CTR" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CFB" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD5" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_OFB" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_1" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_224" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_256" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_384" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_512" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_XTS" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CMAC" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_HMAC" + loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL" + loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" loc_cflags="${loc_cflags} -I../tests/include -O2" make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" @@ -2215,7 +2323,8 @@ component_build_mbedtls_config_file () { } component_test_m32_o0 () { - # Build once with -O0, to compile out the i386 specific inline assembly + # Build without optimization, so as to use portable C code (in a 32-bit + # build) and not the i386-specific inline assembly. msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s scripts/config.py full make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O0" LDFLAGS="-m32 $ASAN_CFLAGS" @@ -2230,19 +2339,20 @@ support_test_m32_o0 () { esac } -component_test_m32_o1 () { - # Build again with -O1, to compile in the i386 specific inline assembly - msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s +component_test_m32_o2 () { + # Build with optimization, to use the i386 specific inline assembly + # and go faster for tests. + msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s scripts/config.py full - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O1" LDFLAGS="-m32 $ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS" - msg "test: i386, make, gcc -O1 (ASan build)" + msg "test: i386, make, gcc -O2 (ASan build)" make test - msg "test ssl-opt.sh, i386, make, gcc-O1" - if_build_succeeded tests/ssl-opt.sh + msg "test ssl-opt.sh, i386, make, gcc-O2" + tests/ssl-opt.sh } -support_test_m32_o1 () { +support_test_m32_o2 () { support_test_m32_o0 "$@" } @@ -2255,11 +2365,11 @@ component_test_m32_everest () { make test msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s - if_build_succeeded tests/ssl-opt.sh -f ECDH + tests/ssl-opt.sh -f ECDH msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min # Exclude some symmetric ciphers that are redundant here to gain time. - if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES' + tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES' } support_test_m32_everest () { support_test_m32_o0 "$@" @@ -2351,13 +2461,13 @@ component_test_no_x509_info () { scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests scripts/config.pl set MBEDTLS_X509_REMOVE_INFO - make CFLAGS='-Werror -O1' + make CFLAGS='-Werror -O2' msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s make test msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_INFO" # ~ 1 min - if_build_succeeded tests/ssl-opt.sh + tests/ssl-opt.sh } component_build_arm_none_eabi_gcc () { @@ -2369,14 +2479,29 @@ component_build_arm_none_eabi_gcc () { ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o } -component_build_arm_none_eabi_gcc_arm5vte () { - msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s +component_build_arm_linux_gnueabi_gcc_arm5vte () { + msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s scripts/config.py baremetal # Build for a target platform that's close to what Debian uses # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments. - # It would be better to build with arm-linux-gnueabi-gcc but - # we don't have that on our CI at this time. + # Build everything including programs, see for example + # https://github.com/ARMmbed/mbedtls/pull/3449#issuecomment-675313720 + make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' + + msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1" + ${ARM_LINUX_GNUEABI_GCC_PREFIX}size library/*.o +} +support_build_arm_linux_gnueabi_gcc_arm5vte () { + type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1 +} + +component_build_arm_none_eabi_gcc_arm5vte () { + msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s + scripts/config.py baremetal + # This is an imperfect substitute for + # component_build_arm_linux_gnueabi_gcc_arm5vte + # in case the gcc-arm-linux-gnueabi toolchain is not available make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1" @@ -2398,7 +2523,7 @@ component_build_arm_none_eabi_gcc_no_udbl_division () { scripts/config.py set MBEDTLS_NO_UDBL_DIVISION make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib echo "Checking that software 64-bit division is not required" - if_build_succeeded not grep __aeabi_uldiv library/*.o + not grep __aeabi_uldiv library/*.o } component_build_arm_none_eabi_gcc_no_64bit_multiplication () { @@ -2407,7 +2532,7 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () { scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib echo "Checking that software 64-bit multiplication is not required" - if_build_succeeded not grep __aeabi_lmul library/*.o + not grep __aeabi_lmul library/*.o } component_build_armcc () { @@ -2437,12 +2562,52 @@ component_build_armcc () { } component_test_tls13_experimental () { - msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled" + msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding" scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL + scripts/config.pl set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled" + msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding" make test + msg "ssl-opt.sh (TLS 1.3 experimental)" + if_build_succeeded tests/ssl-opt.sh +} + +component_test_tls13_experimental_with_padding () { + msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with padding" + scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL + scripts/config.pl set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with padding" + make test + msg "ssl-opt.sh (TLS 1.3 experimental)" + if_build_succeeded tests/ssl-opt.sh +} + +component_test_tls13_experimental_with_ecp_restartable () { + msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with ecp_restartable" + scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL + scripts/config.py set MBEDTLS_ECP_RESTARTABLE + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with ecp_restartable" + make test + msg "ssl-opt.sh (TLS 1.3 experimental)" + if_build_succeeded tests/ssl-opt.sh +} + +component_test_tls13_experimental_with_everest () { + msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with Everest" + scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL + scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED + scripts/config.py unset MBEDTLS_ECP_RESTARTABLE + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with Everest" + make test + msg "ssl-opt.sh (TLS 1.3 experimental)" + if_build_succeeded tests/ssl-opt.sh } component_build_mingw () { @@ -2475,13 +2640,13 @@ component_test_memsan () { make test msg "test: ssl-opt.sh (MSan)" # ~ 1 min - if_build_succeeded tests/ssl-opt.sh + tests/ssl-opt.sh # Optional part(s) if [ "$MEMORY" -gt 0 ]; then msg "test: compat.sh (MSan)" # ~ 6 min 20s - if_build_succeeded tests/compat.sh + tests/compat.sh fi } @@ -2497,17 +2662,17 @@ component_test_valgrind () { # seem to receive signals under valgrind on OS X). if [ "$MEMORY" -gt 0 ]; then msg "test: ssl-opt.sh --memcheck (Release)" - if_build_succeeded tests/ssl-opt.sh --memcheck + tests/ssl-opt.sh --memcheck fi if [ "$MEMORY" -gt 1 ]; then msg "test: compat.sh --memcheck (Release)" - if_build_succeeded tests/compat.sh --memcheck + tests/compat.sh --memcheck fi if [ "$MEMORY" -gt 0 ]; then msg "test: context-info.sh --memcheck (Release)" - if_build_succeeded tests/context-info.sh --memcheck + tests/context-info.sh --memcheck fi } @@ -2516,7 +2681,7 @@ component_test_cmake_out_of_source () { MBEDTLS_ROOT_DIR="$PWD" mkdir "$OUT_OF_SOURCE_DIR" cd "$OUT_OF_SOURCE_DIR" - cmake "$MBEDTLS_ROOT_DIR" + cmake -D CMAKE_BUILD_TYPE:String=Check "$MBEDTLS_ROOT_DIR" make msg "test: cmake 'out-of-source' build" @@ -2526,15 +2691,13 @@ component_test_cmake_out_of_source () { # "No such file or directory", which would indicate that some required # file is missing (ssl-opt.sh tolerates the absence of some files so # may exit with status 0 but emit errors). - if_build_succeeded ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err - if [ -s ssl-opt.err ]; then - cat ssl-opt.err >&2 - record_status [ ! -s ssl-opt.err ] - rm ssl-opt.err - fi + ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err + cat ssl-opt.err >&2 + # If ssl-opt.err is non-empty, record an error and keep going. + [ ! -s ssl-opt.err ] + rm ssl-opt.err cd "$MBEDTLS_ROOT_DIR" rm -rf "$OUT_OF_SOURCE_DIR" - unset MBEDTLS_ROOT_DIR } component_test_cmake_as_subdirectory () { @@ -2544,7 +2707,7 @@ component_test_cmake_as_subdirectory () { cd programs/test/cmake_subproject cmake . make - if_build_succeeded ./cmake_subproject + ./cmake_subproject cd "$MBEDTLS_ROOT_DIR" unset MBEDTLS_ROOT_DIR @@ -2557,7 +2720,7 @@ component_test_cmake_as_package () { cd programs/test/cmake_package cmake . make - if_build_succeeded ./cmake_package + ./cmake_package cd "$MBEDTLS_ROOT_DIR" unset MBEDTLS_ROOT_DIR @@ -2570,7 +2733,7 @@ component_test_cmake_as_package_install () { cd programs/test/cmake_package_install cmake . make - if_build_succeeded ./cmake_package_install + ./cmake_package_install cd "$MBEDTLS_ROOT_DIR" unset MBEDTLS_ROOT_DIR @@ -2595,9 +2758,9 @@ component_test_zeroize () { for compiler in clang gcc; do msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" - if_build_succeeded gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log - if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log - if_build_succeeded not grep -i "error" test_zeroize.log + gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log + grep "The buffer was correctly zeroized" test_zeroize.log + not grep -i "error" test_zeroize.log rm -f test_zeroize.log make clean done @@ -2606,17 +2769,40 @@ component_test_zeroize () { unset gdb_disable_aslr } -component_check_python_files () { - msg "Lint: Python scripts" - record_status tests/scripts/check-python-files.sh +component_test_psa_compliance () { + msg "build: make, default config (out-of-box), libmbedcrypto.a only" + make -C library libmbedcrypto.a + + msg "unit test: test_psa_compliance.py" + ./tests/scripts/test_psa_compliance.py } -component_check_generate_test_code () { - msg "uint test: generate_test_code.py" +support_test_psa_compliance () { + # psa-compliance-tests only supports CMake >= 3.10.0 + ver="$(cmake --version)" + ver="${ver#cmake version }" + ver_major="${ver%%.*}" + + ver="${ver#*.}" + ver_minor="${ver%%.*}" + + [ "$ver_major" -eq 3 ] && [ "$ver_minor" -ge 10 ] +} + +component_check_python_files () { + msg "Lint: Python scripts" + tests/scripts/check-python-files.sh +} + +component_check_test_helpers () { + msg "unit test: generate_test_code.py" # unittest writes out mundane stuff like number or tests run on stderr. # Our convention is to reserve stderr for actual errors, and write # harmless info on stdout so it can be suppress with --quiet. - record_status ./tests/scripts/test_generate_test_code.py 2>&1 + ./tests/scripts/test_generate_test_code.py 2>&1 + + msg "unit test: translate_ciphers.py" + python3 -m unittest tests/scripts/translate_ciphers.py 2>&1 } ################################################################ @@ -2625,7 +2811,7 @@ component_check_generate_test_code () { post_report () { msg "Done, cleaning up" - cleanup + final_cleanup final_report } @@ -2636,26 +2822,71 @@ post_report () { #### Run all the things ################################################################ +# Function invoked by --error-test to test error reporting. +pseudo_component_error_test () { + msg "Testing error reporting $error_test_i" + if [ $KEEP_GOING -ne 0 ]; then + echo "Expect three failing commands." + fi + # If the component doesn't run in a subshell, changing error_test_i to an + # invalid integer will cause an error in the loop that runs this function. + error_test_i=this_should_not_be_used_since_the_component_runs_in_a_subshell + # Expected error: 'grep non_existent /dev/null -> 1' + grep non_existent /dev/null + # Expected error: '! grep -q . tests/scripts/all.sh -> 1' + not grep -q . "$0" + # Expected error: 'make unknown_target -> 2' + make unknown_target + false "this should not be executed" +} + # Run one component and clean up afterwards. run_component () { - # Back up the configuration in case the component modifies it. - # The cleanup function will restore it. - cp -p "$CONFIG_H" "$CONFIG_BAK" - cp -p "$CRYPTO_CONFIG_H" "$CRYPTO_CONFIG_BAK" current_component="$1" export MBEDTLS_TEST_CONFIGURATION="$current_component" # Unconditionally create a seedfile that's sufficiently long. # Do this before each component, because a previous component may # have messed it up or shortened it. - redirect_err dd if=/dev/urandom of=./tests/seedfile bs=64 count=1 + local dd_cmd + dd_cmd=(dd if=/dev/urandom of=./tests/seedfile bs=64 count=1) + case $OSTYPE in + linux*|freebsd*|openbsd*|darwin*) dd_cmd+=(status=none) + esac + "${dd_cmd[@]}" - # Run the component code. - if [ $QUIET -eq 1 ]; then - # msg() is silenced, so just print the component name here - echo "${current_component#component_}" + # Run the component in a subshell, with error trapping and output + # redirection set up based on the relevant options. + if [ $KEEP_GOING -eq 1 ]; then + # We want to keep running if the subshell fails, so 'set -e' must + # be off when the subshell runs. + set +e + fi + ( + if [ $QUIET -eq 1 ]; then + # msg() will be silenced, so just print the component name here. + echo "${current_component#component_}" + exec >/dev/null + fi + if [ $KEEP_GOING -eq 1 ]; then + # Keep "set -e" off, and run an ERR trap instead to record failures. + set -E + trap err_trap ERR + fi + # The next line is what runs the component + "$@" + if [ $KEEP_GOING -eq 1 ]; then + trap - ERR + exit $last_failure_status + fi + ) + component_status=$? + if [ $KEEP_GOING -eq 1 ]; then + set -e + if [ $component_status -ne 0 ]; then + failure_count=$((failure_count + 1)) + fi fi - redirect_out "$@" # Restore the build tree to a clean state. cleanup @@ -2668,16 +2899,13 @@ pre_initialize_variables pre_parse_command_line "$@" pre_check_git +pre_restore_files +pre_back_up build_status=0 if [ $KEEP_GOING -eq 1 ]; then pre_setup_keep_going -else - record_status () { - "$@" - } fi -pre_setup_quiet_redirect pre_prepare_outcome_file pre_print_configuration pre_check_tools @@ -2685,6 +2913,10 @@ cleanup pre_generate_files # Run the requested tests. +for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do + run_component pseudo_component_error_test +done +unset error_test_i for component in $RUN_COMPONENTS; do run_component "component_$component" done diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh deleted file mode 100755 index 2a06adc117..0000000000 --- a/tests/scripts/check-names.sh +++ /dev/null @@ -1,129 +0,0 @@ -#!/bin/sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -eu - -if [ $# -ne 0 ] && [ "$1" = "--help" ]; then - cat <check-names.err - trap 'echo "FAILED UNEXPECTEDLY, status=$?"; - cat check-names.err' EXIT - set -x -fi - -printf "Analysing source code...\n" - -sh $trace tests/scripts/list-macros.sh -tests/scripts/list-enum-consts.pl -sh $trace tests/scripts/list-identifiers.sh -sh $trace tests/scripts/list-symbols.sh - -FAIL=0 - -printf "\nExported symbols declared in header: " -UNDECLARED=$( diff exported-symbols identifiers | sed -n -e 's/^< //p' ) -if [ "x$UNDECLARED" = "x" ]; then - echo "PASS" -else - echo "FAIL" - echo "$UNDECLARED" - FAIL=1 -fi - -diff macros identifiers | sed -n -e 's/< //p' > actual-macros - -for THING in actual-macros enum-consts; do - printf 'Names of %s: ' "$THING" - test -r $THING - BAD=$( grep -E -v '^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$' $THING || true ) - UNDERSCORES=$( grep -E '.*__.*' $THING || true ) - - if [ "x$BAD" = "x" ] && [ "x$UNDERSCORES" = "x" ]; then - echo "PASS" - else - echo "FAIL" - echo "$BAD" - echo "$UNDERSCORES" - FAIL=1 - fi -done - -for THING in identifiers; do - printf 'Names of %s: ' "$THING" - test -r $THING - BAD=$( grep -E -v '^(mbedtls|psa)_[0-9a-z_]*[0-9a-z]$' $THING || true ) - if [ "x$BAD" = "x" ]; then - echo "PASS" - else - echo "FAIL" - echo "$BAD" - FAIL=1 - fi -done - -printf "Likely typos: " -sort -u actual-macros enum-consts > _caps -HEADERS=$( ls include/mbedtls/*.h include/psa/*.h | egrep -v 'compat-2\.x\.h' ) -HEADERS="$HEADERS library/*.h" -HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h" -LIBRARY="$( ls library/*.c )" -LIBRARY="$LIBRARY 3rdparty/everest/library/everest.c 3rdparty/everest/library/x25519.c" -NL=' -' -cat $HEADERS $LIBRARY \ - | grep -v -e '//no-check-names' -e '#error' \ - | sed -n 's/MBED..._[A-Z0-9_]*/\'"$NL"'&\'"$NL"/gp \ - | grep MBEDTLS | sort -u > _MBEDTLS_XXX -TYPOS=$( diff _caps _MBEDTLS_XXX | sed -n 's/^> //p' \ - | egrep -v 'XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$' || true ) -rm _MBEDTLS_XXX _caps -if [ "x$TYPOS" = "x" ]; then - echo "PASS" -else - echo "FAIL" - echo "$TYPOS" - FAIL=1 -fi - -if [ -n "$trace" ]; then - set +x - trap - EXIT - rm check-names.err -fi - -printf "\nOverall: " -if [ "$FAIL" -eq 0 ]; then - rm macros actual-macros enum-consts identifiers exported-symbols - echo "PASSED" - exit 0 -else - echo "FAILED" - exit 1 -fi diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py new file mode 100755 index 0000000000..ac2490fc1e --- /dev/null +++ b/tests/scripts/check_names.py @@ -0,0 +1,862 @@ +#!/usr/bin/env python3 +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +This script confirms that the naming of all symbols and identifiers in Mbed TLS +are consistent with the house style and are also self-consistent. It only runs +on Linux and macOS since it depends on nm. + +It contains two major Python classes, CodeParser and NameChecker. They both have +a comprehensive "run-all" function (comprehensive_parse() and perform_checks()) +but the individual functions can also be used for specific needs. + +CodeParser makes heavy use of regular expressions to parse the code, and is +dependent on the current code formatting. Many Python C parser libraries require +preprocessed C code, which means no macro parsing. Compiler tools are also not +very helpful when we want the exact location in the original source (which +becomes impossible when e.g. comments are stripped). + +NameChecker performs the following checks: + +- All exported and available symbols in the library object files, are explicitly + declared in the header files. This uses the nm command. +- All macros, constants, and identifiers (function names, struct names, etc) + follow the required regex pattern. +- Typo checking: All words that begin with MBED exist as macros or constants. + +The script returns 0 on success, 1 on test failure, and 2 if there is a script +error. It must be run from Mbed TLS root. +""" + +import abc +import argparse +import fnmatch +import glob +import textwrap +import os +import sys +import traceback +import re +import enum +import shutil +import subprocess +import logging + +# Naming patterns to check against. These are defined outside the NameCheck +# class for ease of modification. +MACRO_PATTERN = r"^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$" +CONSTANTS_PATTERN = MACRO_PATTERN +IDENTIFIER_PATTERN = r"^(mbedtls|psa)_[0-9a-z_]*[0-9a-z]$" + +class Match(): # pylint: disable=too-few-public-methods + """ + A class representing a match, together with its found position. + + Fields: + * filename: the file that the match was in. + * line: the full line containing the match. + * line_no: the line number. + * pos: a tuple of (start, end) positions on the line where the match is. + * name: the match itself. + """ + def __init__(self, filename, line, line_no, pos, name): + # pylint: disable=too-many-arguments + self.filename = filename + self.line = line + self.line_no = line_no + self.pos = pos + self.name = name + + def __str__(self): + """ + Return a formatted code listing representation of the erroneous line. + """ + gutter = format(self.line_no, "4d") + underline = self.pos[0] * " " + (self.pos[1] - self.pos[0]) * "^" + + return ( + " {0} |\n".format(" " * len(gutter)) + + " {0} | {1}".format(gutter, self.line) + + " {0} | {1}\n".format(" " * len(gutter), underline) + ) + +class Problem(abc.ABC): # pylint: disable=too-few-public-methods + """ + An abstract parent class representing a form of static analysis error. + It extends an Abstract Base Class, which means it is not instantiable, and + it also mandates certain abstract methods to be implemented in subclasses. + """ + # Class variable to control the quietness of all problems + quiet = False + def __init__(self): + self.textwrapper = textwrap.TextWrapper() + self.textwrapper.width = 80 + self.textwrapper.initial_indent = " > " + self.textwrapper.subsequent_indent = " " + + def __str__(self): + """ + Unified string representation method for all Problems. + """ + if self.__class__.quiet: + return self.quiet_output() + return self.verbose_output() + + @abc.abstractmethod + def quiet_output(self): + """ + The output when --quiet is enabled. + """ + pass + + @abc.abstractmethod + def verbose_output(self): + """ + The default output with explanation and code snippet if appropriate. + """ + pass + +class SymbolNotInHeader(Problem): # pylint: disable=too-few-public-methods + """ + A problem that occurs when an exported/available symbol in the object file + is not explicitly declared in header files. Created with + NameCheck.check_symbols_declared_in_header() + + Fields: + * symbol_name: the name of the symbol. + """ + def __init__(self, symbol_name): + self.symbol_name = symbol_name + Problem.__init__(self) + + def quiet_output(self): + return "{0}".format(self.symbol_name) + + def verbose_output(self): + return self.textwrapper.fill( + "'{0}' was found as an available symbol in the output of nm, " + "however it was not declared in any header files." + .format(self.symbol_name)) + +class PatternMismatch(Problem): # pylint: disable=too-few-public-methods + """ + A problem that occurs when something doesn't match the expected pattern. + Created with NameCheck.check_match_pattern() + + Fields: + * pattern: the expected regex pattern + * match: the Match object in question + """ + def __init__(self, pattern, match): + self.pattern = pattern + self.match = match + Problem.__init__(self) + + + def quiet_output(self): + return ( + "{0}:{1}:{2}" + .format(self.match.filename, self.match.line_no, self.match.name) + ) + + def verbose_output(self): + return self.textwrapper.fill( + "{0}:{1}: '{2}' does not match the required pattern '{3}'." + .format( + self.match.filename, + self.match.line_no, + self.match.name, + self.pattern + ) + ) + "\n" + str(self.match) + +class Typo(Problem): # pylint: disable=too-few-public-methods + """ + A problem that occurs when a word using MBED doesn't appear to be defined as + constants nor enum values. Created with NameCheck.check_for_typos() + + Fields: + * match: the Match object of the MBED name in question. + """ + def __init__(self, match): + self.match = match + Problem.__init__(self) + + def quiet_output(self): + return ( + "{0}:{1}:{2}" + .format(self.match.filename, self.match.line_no, self.match.name) + ) + + def verbose_output(self): + return self.textwrapper.fill( + "{0}:{1}: '{2}' looks like a typo. It was not found in any " + "macros or any enums. If this is not a typo, put " + "//no-check-names after it." + .format(self.match.filename, self.match.line_no, self.match.name) + ) + "\n" + str(self.match) + +class CodeParser(): + """ + Class for retrieving files and parsing the code. This can be used + independently of the checks that NameChecker performs, for example for + list_internal_identifiers.py. + """ + def __init__(self, log): + self.log = log + self.check_repo_path() + + # Memo for storing "glob expression": set(filepaths) + self.files = {} + + # Globally excluded filenames. + # Note that "*" can match directory separators in exclude lists. + self.excluded_files = ["*/bn_mul", "*/compat-2.x.h"] + + @staticmethod + def check_repo_path(): + """ + Check that the current working directory is the project root, and throw + an exception if not. + """ + if not all(os.path.isdir(d) for d in ["include", "library", "tests"]): + raise Exception("This script must be run from Mbed TLS root") + + def comprehensive_parse(self): + """ + Comprehensive ("default") function to call each parsing function and + retrieve various elements of the code, together with the source location. + + Returns a dict of parsed item key to the corresponding List of Matches. + """ + self.log.info("Parsing source code...") + self.log.debug( + "The following files are excluded from the search: {}" + .format(str(self.excluded_files)) + ) + + all_macros = self.parse_macros([ + "include/mbedtls/*.h", + "include/psa/*.h", + "library/*.h", + "tests/include/test/drivers/*.h", + "3rdparty/everest/include/everest/everest.h", + "3rdparty/everest/include/everest/x25519.h" + ]) + enum_consts = self.parse_enum_consts([ + "include/mbedtls/*.h", + "library/*.h", + "3rdparty/everest/include/everest/everest.h", + "3rdparty/everest/include/everest/x25519.h" + ]) + identifiers = self.parse_identifiers([ + "include/mbedtls/*.h", + "include/psa/*.h", + "library/*.h", + "3rdparty/everest/include/everest/everest.h", + "3rdparty/everest/include/everest/x25519.h" + ]) + mbed_words = self.parse_mbed_words([ + "include/mbedtls/*.h", + "include/psa/*.h", + "library/*.h", + "3rdparty/everest/include/everest/everest.h", + "3rdparty/everest/include/everest/x25519.h", + "library/*.c", + "3rdparty/everest/library/everest.c", + "3rdparty/everest/library/x25519.c" + ]) + symbols = self.parse_symbols() + + # Remove identifier macros like mbedtls_printf or mbedtls_calloc + identifiers_justname = [x.name for x in identifiers] + actual_macros = [] + for macro in all_macros: + if macro.name not in identifiers_justname: + actual_macros.append(macro) + + self.log.debug("Found:") + # Aligns the counts on the assumption that none exceeds 4 digits + self.log.debug(" {:4} Total Macros".format(len(all_macros))) + self.log.debug(" {:4} Non-identifier Macros".format(len(actual_macros))) + self.log.debug(" {:4} Enum Constants".format(len(enum_consts))) + self.log.debug(" {:4} Identifiers".format(len(identifiers))) + self.log.debug(" {:4} Exported Symbols".format(len(symbols))) + return { + "macros": actual_macros, + "enum_consts": enum_consts, + "identifiers": identifiers, + "symbols": symbols, + "mbed_words": mbed_words + } + + def is_file_excluded(self, path, exclude_wildcards): + """Whether the given file path is excluded.""" + # exclude_wildcards may be None. Also, consider the global exclusions. + exclude_wildcards = (exclude_wildcards or []) + self.excluded_files + for pattern in exclude_wildcards: + if fnmatch.fnmatch(path, pattern): + return True + return False + + def get_files(self, include_wildcards, exclude_wildcards): + """ + Get all files that match any of the UNIX-style wildcards. While the + check_names script is designed only for use on UNIX/macOS (due to nm), + this function alone would work fine on Windows even with forward slashes + in the wildcard. + + Args: + * include_wildcards: a List of shell-style wildcards to match filepaths. + * exclude_wildcards: a List of shell-style wildcards to exclude. + + Returns a List of relative filepaths. + """ + accumulator = set() + + for include_wildcard in include_wildcards: + accumulator = accumulator.union(glob.iglob(include_wildcard)) + + return list(path for path in accumulator + if not self.is_file_excluded(path, exclude_wildcards)) + + def parse_macros(self, include, exclude=None): + """ + Parse all macros defined by #define preprocessor directives. + + Args: + * include: A List of glob expressions to look for files through. + * exclude: A List of glob expressions for excluding files. + + Returns a List of Match objects for the found macros. + """ + macro_regex = re.compile(r"# *define +(?P\w+)") + exclusions = ( + "asm", "inline", "EMIT", "_CRT_SECURE_NO_DEPRECATE", "MULADDC_" + ) + + files = self.get_files(include, exclude) + self.log.debug("Looking for macros in {} files".format(len(files))) + + macros = [] + for header_file in files: + with open(header_file, "r", encoding="utf-8") as header: + for line_no, line in enumerate(header): + for macro in macro_regex.finditer(line): + if macro.group("macro").startswith(exclusions): + continue + + macros.append(Match( + header_file, + line, + line_no, + macro.span("macro"), + macro.group("macro"))) + + return macros + + def parse_mbed_words(self, include, exclude=None): + """ + Parse all words in the file that begin with MBED, in and out of macros, + comments, anything. + + Args: + * include: A List of glob expressions to look for files through. + * exclude: A List of glob expressions for excluding files. + + Returns a List of Match objects for words beginning with MBED. + """ + # Typos of TLS are common, hence the broader check below than MBEDTLS. + mbed_regex = re.compile(r"\bMBED.+?_[A-Z0-9_]*") + exclusions = re.compile(r"// *no-check-names|#error") + + files = self.get_files(include, exclude) + self.log.debug("Looking for MBED words in {} files".format(len(files))) + + mbed_words = [] + for filename in files: + with open(filename, "r", encoding="utf-8") as fp: + for line_no, line in enumerate(fp): + if exclusions.search(line): + continue + + for name in mbed_regex.finditer(line): + mbed_words.append(Match( + filename, + line, + line_no, + name.span(0), + name.group(0))) + + return mbed_words + + def parse_enum_consts(self, include, exclude=None): + """ + Parse all enum value constants that are declared. + + Args: + * include: A List of glob expressions to look for files through. + * exclude: A List of glob expressions for excluding files. + + Returns a List of Match objects for the findings. + """ + files = self.get_files(include, exclude) + self.log.debug("Looking for enum consts in {} files".format(len(files))) + + # Emulate a finite state machine to parse enum declarations. + # OUTSIDE_KEYWORD = outside the enum keyword + # IN_BRACES = inside enum opening braces + # IN_BETWEEN = between enum keyword and opening braces + states = enum.Enum("FSM", ["OUTSIDE_KEYWORD", "IN_BRACES", "IN_BETWEEN"]) + enum_consts = [] + for header_file in files: + state = states.OUTSIDE_KEYWORD + with open(header_file, "r", encoding="utf-8") as header: + for line_no, line in enumerate(header): + # Match typedefs and brackets only when they are at the + # beginning of the line -- if they are indented, they might + # be sub-structures within structs, etc. + if (state == states.OUTSIDE_KEYWORD and + re.search(r"^(typedef +)?enum +{", line)): + state = states.IN_BRACES + elif (state == states.OUTSIDE_KEYWORD and + re.search(r"^(typedef +)?enum", line)): + state = states.IN_BETWEEN + elif (state == states.IN_BETWEEN and + re.search(r"^{", line)): + state = states.IN_BRACES + elif (state == states.IN_BRACES and + re.search(r"^}", line)): + state = states.OUTSIDE_KEYWORD + elif (state == states.IN_BRACES and + not re.search(r"^ *#", line)): + enum_const = re.search(r"^ *(?P\w+)", line) + if not enum_const: + continue + + enum_consts.append(Match( + header_file, + line, + line_no, + enum_const.span("enum_const"), + enum_const.group("enum_const"))) + + return enum_consts + + def parse_identifiers(self, include, exclude=None): + """ + Parse all lines of a header where a function/enum/struct/union/typedef + identifier is declared, based on some regex and heuristics. Highly + dependent on formatting style. + + Args: + * include: A List of glob expressions to look for files through. + * exclude: A List of glob expressions for excluding files. + + Returns a List of Match objects with identifiers. + """ + identifier_regex = re.compile( + # Match " something(a" or " *something(a". Functions. + # Assumptions: + # - function definition from return type to one of its arguments is + # all on one line + # - function definition line only contains alphanumeric, asterisk, + # underscore, and open bracket + r".* \**(\w+) *\( *\w|" + # Match "(*something)(". + r".*\( *\* *(\w+) *\) *\(|" + # Match names of named data structures. + r"(?:typedef +)?(?:struct|union|enum) +(\w+)(?: *{)?$|" + # Match names of typedef instances, after closing bracket. + r"}? *(\w+)[;[].*" + ) + # The regex below is indented for clarity. + exclusion_lines = re.compile( + r"^(" + r"extern +\"C\"|" # pylint: disable=bad-continuation + r"(typedef +)?(struct|union|enum)( *{)?$|" + r"} *;?$|" + r"$|" + r"//|" + r"#" + r")" + ) + + files = self.get_files(include, exclude) + self.log.debug("Looking for identifiers in {} files".format(len(files))) + + identifiers = [] + for header_file in files: + with open(header_file, "r", encoding="utf-8") as header: + in_block_comment = False + # The previous line variable is used for concatenating lines + # when identifiers are formatted and spread across multiple + # lines. + previous_line = "" + + for line_no, line in enumerate(header): + # Skip parsing this line if a block comment ends on it, + # but don't skip if it has just started -- there is a chance + # it ends on the same line. + if re.search(r"/\*", line): + in_block_comment = not in_block_comment + if re.search(r"\*/", line): + in_block_comment = not in_block_comment + continue + + if in_block_comment: + previous_line = "" + continue + + if exclusion_lines.search(line): + previous_line = "" + continue + + # If the line contains only space-separated alphanumeric + # characters (or underscore, asterisk, or, open bracket), + # and nothing else, high chance it's a declaration that + # continues on the next line + if re.search(r"^([\w\*\(]+\s+)+$", line): + previous_line += line + continue + + # If previous line seemed to start an unfinished declaration + # (as above), concat and treat them as one. + if previous_line: + line = previous_line.strip() + " " + line.strip() + "\n" + previous_line = "" + + # Skip parsing if line has a space in front = heuristic to + # skip function argument lines (highly subject to formatting + # changes) + if line[0] == " ": + continue + + identifier = identifier_regex.search(line) + + if not identifier: + continue + + # Find the group that matched, and append it + for group in identifier.groups(): + if not group: + continue + + identifiers.append(Match( + header_file, + line, + line_no, + identifier.span(), + group)) + + return identifiers + + def parse_symbols(self): + """ + Compile the Mbed TLS libraries, and parse the TLS, Crypto, and x509 + object files using nm to retrieve the list of referenced symbols. + Exceptions thrown here are rethrown because they would be critical + errors that void several tests, and thus needs to halt the program. This + is explicitly done for clarity. + + Returns a List of unique symbols defined and used in the libraries. + """ + self.log.info("Compiling...") + symbols = [] + + # Back up the config and atomically compile with the full configratuion. + shutil.copy( + "include/mbedtls/mbedtls_config.h", + "include/mbedtls/mbedtls_config.h.bak" + ) + try: + # Use check=True in all subprocess calls so that failures are raised + # as exceptions and logged. + subprocess.run( + ["python3", "scripts/config.py", "full"], + universal_newlines=True, + check=True + ) + my_environment = os.environ.copy() + my_environment["CFLAGS"] = "-fno-asynchronous-unwind-tables" + # Run make clean separately to lib to prevent unwanted behavior when + # make is invoked with parallelism. + subprocess.run( + ["make", "clean"], + universal_newlines=True, + check=True + ) + subprocess.run( + ["make", "lib"], + env=my_environment, + universal_newlines=True, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT, + check=True + ) + + # Perform object file analysis using nm + symbols = self.parse_symbols_from_nm([ + "library/libmbedcrypto.a", + "library/libmbedtls.a", + "library/libmbedx509.a" + ]) + + subprocess.run( + ["make", "clean"], + universal_newlines=True, + check=True + ) + except subprocess.CalledProcessError as error: + self.log.debug(error.output) + raise error + finally: + # Put back the original config regardless of there being errors. + # Works also for keyboard interrupts. + shutil.move( + "include/mbedtls/mbedtls_config.h.bak", + "include/mbedtls/mbedtls_config.h" + ) + + return symbols + + def parse_symbols_from_nm(self, object_files): + """ + Run nm to retrieve the list of referenced symbols in each object file. + Does not return the position data since it is of no use. + + Args: + * object_files: a List of compiled object filepaths to search through. + + Returns a List of unique symbols defined and used in any of the object + files. + """ + nm_undefined_regex = re.compile(r"^\S+: +U |^$|^\S+:$") + nm_valid_regex = re.compile(r"^\S+( [0-9A-Fa-f]+)* . _*(?P\w+)") + exclusions = ("FStar", "Hacl") + + symbols = [] + + # Gather all outputs of nm + nm_output = "" + for lib in object_files: + nm_output += subprocess.run( + ["nm", "-og", lib], + universal_newlines=True, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT, + check=True + ).stdout + + for line in nm_output.splitlines(): + if not nm_undefined_regex.search(line): + symbol = nm_valid_regex.search(line) + if (symbol and not symbol.group("symbol").startswith(exclusions)): + symbols.append(symbol.group("symbol")) + else: + self.log.error(line) + + return symbols + +class NameChecker(): + """ + Representation of the core name checking operation performed by this script. + """ + def __init__(self, parse_result, log): + self.parse_result = parse_result + self.log = log + + def perform_checks(self, quiet=False): + """ + A comprehensive checker that performs each check in order, and outputs + a final verdict. + + Args: + * quiet: whether to hide detailed problem explanation. + """ + self.log.info("=============") + Problem.quiet = quiet + problems = 0 + problems += self.check_symbols_declared_in_header() + + pattern_checks = [ + ("macros", MACRO_PATTERN), + ("enum_consts", CONSTANTS_PATTERN), + ("identifiers", IDENTIFIER_PATTERN) + ] + for group, check_pattern in pattern_checks: + problems += self.check_match_pattern(group, check_pattern) + + problems += self.check_for_typos() + + self.log.info("=============") + if problems > 0: + self.log.info("FAIL: {0} problem(s) to fix".format(str(problems))) + if quiet: + self.log.info("Remove --quiet to see explanations.") + else: + self.log.info("Use --quiet for minimal output.") + return 1 + else: + self.log.info("PASS") + return 0 + + def check_symbols_declared_in_header(self): + """ + Perform a check that all detected symbols in the library object files + are properly declared in headers. + Assumes parse_names_in_source() was called before this. + + Returns the number of problems that need fixing. + """ + problems = [] + + for symbol in self.parse_result["symbols"]: + found_symbol_declared = False + for identifier_match in self.parse_result["identifiers"]: + if symbol == identifier_match.name: + found_symbol_declared = True + break + + if not found_symbol_declared: + problems.append(SymbolNotInHeader(symbol)) + + self.output_check_result("All symbols in header", problems) + return len(problems) + + def check_match_pattern(self, group_to_check, check_pattern): + """ + Perform a check that all items of a group conform to a regex pattern. + Assumes parse_names_in_source() was called before this. + + Args: + * group_to_check: string key to index into self.parse_result. + * check_pattern: the regex to check against. + + Returns the number of problems that need fixing. + """ + problems = [] + + for item_match in self.parse_result[group_to_check]: + if not re.search(check_pattern, item_match.name): + problems.append(PatternMismatch(check_pattern, item_match)) + # Double underscore should not be used for names + if re.search(r".*__.*", item_match.name): + problems.append( + PatternMismatch("no double underscore allowed", item_match)) + + self.output_check_result( + "Naming patterns of {}".format(group_to_check), + problems) + return len(problems) + + def check_for_typos(self): + """ + Perform a check that all words in the soure code beginning with MBED are + either defined as macros, or as enum constants. + Assumes parse_names_in_source() was called before this. + + Returns the number of problems that need fixing. + """ + problems = [] + + # Set comprehension, equivalent to a list comprehension wrapped by set() + all_caps_names = { + match.name + for match + in self.parse_result["macros"] + self.parse_result["enum_consts"]} + typo_exclusion = re.compile(r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$") + + for name_match in self.parse_result["mbed_words"]: + found = name_match.name in all_caps_names + + # Since MBEDTLS_PSA_ACCEL_XXX defines are defined by the + # PSA driver, they will not exist as macros. However, they + # should still be checked for typos using the equivalent + # BUILTINs that exist. + if "MBEDTLS_PSA_ACCEL_" in name_match.name: + found = name_match.name.replace( + "MBEDTLS_PSA_ACCEL_", + "MBEDTLS_PSA_BUILTIN_") in all_caps_names + + if not found and not typo_exclusion.search(name_match.name): + problems.append(Typo(name_match)) + + self.output_check_result("Likely typos", problems) + return len(problems) + + def output_check_result(self, name, problems): + """ + Write out the PASS/FAIL status of a performed check depending on whether + there were problems. + + Args: + * name: the name of the test + * problems: a List of encountered Problems + """ + if problems: + self.log.info("{}: FAIL\n".format(name)) + for problem in problems: + self.log.warning(str(problem)) + else: + self.log.info("{}: PASS".format(name)) + +def main(): + """ + Perform argument parsing, and create an instance of CodeParser and + NameChecker to begin the core operation. + """ + parser = argparse.ArgumentParser( + formatter_class=argparse.RawDescriptionHelpFormatter, + description=( + "This script confirms that the naming of all symbols and identifiers " + "in Mbed TLS are consistent with the house style and are also " + "self-consistent.\n\n" + "Expected to be run from the MbedTLS root directory.") + ) + parser.add_argument( + "-v", "--verbose", + action="store_true", + help="show parse results" + ) + parser.add_argument( + "-q", "--quiet", + action="store_true", + help="hide unnecessary text, explanations, and highlighs" + ) + + args = parser.parse_args() + + # Configure the global logger, which is then passed to the classes below + log = logging.getLogger() + log.setLevel(logging.DEBUG if args.verbose else logging.INFO) + log.addHandler(logging.StreamHandler()) + + try: + code_parser = CodeParser(log) + parse_result = code_parser.comprehensive_parse() + except Exception: # pylint: disable=broad-except + traceback.print_exc() + sys.exit(2) + + name_checker = NameChecker(parse_result, log) + return_code = name_checker.perform_checks(quiet=args.quiet) + + sys.exit(return_code) + +if __name__ == "__main__": + main() diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index c788ce6d6d..0d9cb36716 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -96,7 +96,7 @@ def hack_dependencies_not_implemented(dependencies: List[str]) -> None: if _implemented_dependencies is None: _implemented_dependencies = \ read_implemented_dependencies('include/psa/crypto_config.h') - if not all(dep.lstrip('!') in _implemented_dependencies + if not all((dep.lstrip('!') in _implemented_dependencies or 'PSA_WANT' not in dep) for dep in dependencies): dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET') @@ -203,12 +203,15 @@ class NotSupported: # supported or not depending on implementation capabilities, # only generate the test case once. continue - yield test_case_for_key_type_not_supported( - 'generate', kt.expression, bits, - finish_family_dependencies(generate_dependencies, bits), - str(bits), - param_descr=param_descr, - ) + # For public key we expect that key generation fails with + # INVALID_ARGUMENT. It is handled by KeyGenerate class. + if not kt.name.endswith('_PUBLIC_KEY'): + yield test_case_for_key_type_not_supported( + 'generate', kt.expression, bits, + finish_family_dependencies(generate_dependencies, bits), + str(bits), + param_descr=param_descr, + ) # To be added: derive ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR', @@ -229,6 +232,78 @@ class NotSupported: yield from self.test_cases_for_key_type_not_supported( kt, 0, param_descr='curve') +def test_case_for_key_generation( + key_type: str, bits: int, + dependencies: List[str], + *args: str, + result: str = '' +) -> test_case.TestCase: + """Return one test case exercising a key generation. + """ + hack_dependencies_not_implemented(dependencies) + tc = test_case.TestCase() + short_key_type = re.sub(r'PSA_(KEY_TYPE|ECC_FAMILY)_', r'', key_type) + tc.set_description('PSA {} {}-bit' + .format(short_key_type, bits)) + tc.set_dependencies(dependencies) + tc.set_function('generate_key') + tc.set_arguments([key_type] + list(args) + [result]) + + return tc + +class KeyGenerate: + """Generate positive and negative (invalid argument) test cases for key generation.""" + + def __init__(self, info: Information) -> None: + self.constructors = info.constructors + + ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR', + 'PSA_KEY_TYPE_ECC_PUBLIC_KEY') + + @staticmethod + def test_cases_for_key_type_key_generation( + kt: crypto_knowledge.KeyType + ) -> Iterator[test_case.TestCase]: + """Return test cases exercising key generation. + + All key types can be generated except for public keys. For public key + PSA_ERROR_INVALID_ARGUMENT status is expected. + """ + result = 'PSA_SUCCESS' + + import_dependencies = [psa_want_symbol(kt.name)] + if kt.params is not None: + import_dependencies += [psa_want_symbol(sym) + for i, sym in enumerate(kt.params)] + if kt.name.endswith('_PUBLIC_KEY'): + # The library checks whether the key type is a public key generically, + # before it reaches a point where it needs support for the specific key + # type, so it returns INVALID_ARGUMENT for unsupported public key types. + generate_dependencies = [] + result = 'PSA_ERROR_INVALID_ARGUMENT' + else: + generate_dependencies = import_dependencies + if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR': + generate_dependencies.append("MBEDTLS_GENPRIME") + for bits in kt.sizes_to_test(): + yield test_case_for_key_generation( + kt.expression, bits, + finish_family_dependencies(generate_dependencies, bits), + str(bits), + result + ) + + def test_cases_for_key_generation(self) -> Iterator[test_case.TestCase]: + """Generate test cases that exercise the generation of keys.""" + for key_type in sorted(self.constructors.key_types): + if key_type in self.ECC_KEY_TYPES: + continue + kt = crypto_knowledge.KeyType(key_type) + yield from self.test_cases_for_key_type_key_generation(kt) + for curve_family in sorted(self.constructors.ecc_curves): + for constr in self.ECC_KEY_TYPES: + kt = crypto_knowledge.KeyType(constr, [curve_family]) + yield from self.test_cases_for_key_type_key_generation(kt) class StorageKey(psa_storage.Key): """Representation of a key for storage format testing.""" @@ -651,6 +726,8 @@ class TestGenerator: test_case.write_data_file(filename, test_cases) TARGETS = { + 'test_suite_psa_crypto_generate_key.generated': + lambda info: KeyGenerate(info).test_cases_for_key_generation(), 'test_suite_psa_crypto_not_supported.generated': lambda info: NotSupported(info).test_cases_for_not_supported(), 'test_suite_psa_crypto_storage_format.current': @@ -668,6 +745,10 @@ def main(args): parser = argparse.ArgumentParser(description=__doc__) parser.add_argument('--list', action='store_true', help='List available targets and exit') + parser.add_argument('--list-for-cmake', action='store_true', + help='Print \';\'-separated list of available targets and exit') + parser.add_argument('--directory', metavar='DIR', + help='Output directory (default: tests/suites)') parser.add_argument('targets', nargs='*', metavar='TARGET', help='Target file to generate (default: all; "-": none)') options = parser.parse_args(args) @@ -677,6 +758,11 @@ def main(args): for name in sorted(generator.TARGETS): print(generator.filename_for(name)) return + # List in a cmake list format (i.e. ';'-separated) + if options.list_for_cmake: + print(';'.join(generator.filename_for(name) + for name in sorted(generator.TARGETS)), end='') + return if options.targets: # Allow "-" as a special case so you can run # ``generate_psa_tests.py - $targets`` and it works uniformly whether diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py index 7382fb6ecb..f5750aacfa 100755 --- a/tests/scripts/generate_test_code.py +++ b/tests/scripts/generate_test_code.py @@ -106,10 +106,6 @@ Platform file: Platform file contains platform specific setup code and test case dispatch code. For example, host_test.function reads test data file from host's file system and dispatches tests. -In case of on-target target_test.function tests are not dispatched -on target. Target code is kept minimum and only test functions are -dispatched. Test case dispatch is done on the host using tools like -Greentea. Template file: --------- diff --git a/tests/scripts/list-enum-consts.pl b/tests/scripts/list-enum-consts.pl deleted file mode 100755 index 6d93693075..0000000000 --- a/tests/scripts/list-enum-consts.pl +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/env perl -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -use warnings; -use strict; - -use utf8; -use open qw(:std utf8); - --d 'include/mbedtls' or die "$0: must be run from root\n"; - -@ARGV = grep { ! /compat-2\.x\.h/ } ; -push @ARGV, "3rdparty/everest/include/everest/everest.h"; -push @ARGV, "3rdparty/everest/include/everest/x25519.h"; -push @ARGV, glob("library/*.h"); - -my @consts; -my $state = 'out'; -while (<>) -{ - if( $state eq 'out' and /^(typedef )?enum \{/ ) { - $state = 'in'; - } elsif( $state eq 'out' and /^(typedef )?enum/ ) { - $state = 'start'; - } elsif( $state eq 'start' and /{/ ) { - $state = 'in'; - } elsif( $state eq 'in' and /}/ ) { - $state = 'out'; - } elsif( $state eq 'in' and not /^#/) { - s/=.*//; s!/\*.*!!; s/,.*//; s/\s+//g; chomp; - push @consts, $_ if $_; - } -} - -open my $fh, '>', 'enum-consts' or die; -print $fh "$_\n" for sort @consts; -close $fh or die; - -printf "%8d enum-consts\n", scalar @consts; diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh index 9698fc86c0..9b930802f5 100755 --- a/tests/scripts/list-identifiers.sh +++ b/tests/scripts/list-identifiers.sh @@ -1,8 +1,11 @@ #!/bin/bash # # Create a file named identifiers containing identifiers from internal header -# files or all header files, based on --internal flag. +# files, based on the --internal flag. # Outputs the line count of the file to stdout. +# A very thin wrapper around list_internal_identifiers.py for backwards +# compatibility. +# Must be run from Mbed TLS root. # # Usage: list-identifiers.sh [ -i | --internal ] # @@ -24,7 +27,7 @@ set -eu if [ -d include/mbedtls ]; then :; else - echo "$0: must be run from root" >&2 + echo "$0: Must be run from Mbed TLS root" >&2 exit 1 fi @@ -47,32 +50,17 @@ done if [ $INTERNAL ] then - HEADERS=$( ls include/mbedtls/*_internal.h library/*.h | egrep -v 'compat-2\.x\.h' ) + tests/scripts/list_internal_identifiers.py + wc -l identifiers else - HEADERS=$( ls include/mbedtls/*.h include/psa/*.h library/*.h | egrep -v 'compat-2\.x\.h' ) - HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h" + cat < _decls - -if true; then -sed -n -e 's/.* \**\([a-zA-Z_][a-zA-Z0-9_]*\)(.*/\1/p' \ - -e 's/.*(\*\(.*\))(.*/\1/p' _decls -grep -v '(' _decls | sed -e 's/\([a-zA-Z0-9_]*\)[;[].*/\1/' -e 's/.* \**//' -fi > _identifiers - -if [ $( wc -l < _identifiers ) -eq $( wc -l < _decls ) ]; then - rm _decls - egrep -v '^(u?int(16|32|64)_t)$' _identifiers | sort > identifiers - rm _identifiers -else - echo "$0: oops, lost some identifiers" 2>&1 - exit 1 -fi - -wc -l identifiers diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh deleted file mode 100755 index 2e62359e4f..0000000000 --- a/tests/scripts/list-macros.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -eu - -if [ -d include/mbedtls ]; then :; else - echo "$0: must be run from root" >&2 - exit 1 -fi - -HEADERS=$( ls include/mbedtls/*.h include/psa/*.h tests/include/test/drivers/*.h | egrep -v 'compat-2\.x\.h' ) -HEADERS="$HEADERS library/*.h" -HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h" - -sed -n -e 's/.*#define \([a-zA-Z0-9_]*\).*/\1/p' $HEADERS \ - | egrep -v '^(asm|inline|EMIT|_CRT_SECURE_NO_DEPRECATE)$|^MULADDC_' \ - | sort -u > macros - -# For include/mbedtls/config_psa.h need to ignore the MBEDTLS_xxx define -# in that file since they may not be defined in include/psa/crypto_config.h -# This line renames the potentially missing defines to ones that should -# be present. -sed -ne 's/^MBEDTLS_PSA_BUILTIN_/MBEDTLS_PSA_ACCEL_/p' >macros - -wc -l macros diff --git a/tests/scripts/list-symbols.sh b/tests/scripts/list-symbols.sh deleted file mode 100755 index 4a5d035658..0000000000 --- a/tests/scripts/list-symbols.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -eu - -if [ -d include/mbedtls ]; then :; else - echo "$0: must be run from root" >&2 - exit 1 -fi - -if grep -i cmake Makefile >/dev/null; then - echo "$0: not compatible with cmake" >&2 - exit 1 -fi - -cp include/mbedtls/mbedtls_config.h include/mbedtls/mbedtls_config.h.bak -scripts/config.py full -make clean -make_ret= -CFLAGS=-fno-asynchronous-unwind-tables make lib \ - >list-symbols.make.log 2>&1 || - { - make_ret=$? - echo "Build failure: CFLAGS=-fno-asynchronous-unwind-tables make lib" - cat list-symbols.make.log >&2 - } -rm list-symbols.make.log -mv include/mbedtls/mbedtls_config.h.bak include/mbedtls/mbedtls_config.h -if [ -n "$make_ret" ]; then - exit "$make_ret" -fi - -if uname | grep -F Darwin >/dev/null; then - nm -gUj library/libmbed*.a 2>/dev/null | sed -n -e 's/^_//p' | grep -v -e ^FStar -e ^Hacl -elif uname | grep -F Linux >/dev/null; then - nm -og library/libmbed*.a | grep -v '^[^ ]*: *U \|^$\|^[^ ]*:$' | sed 's/^[^ ]* . //' | grep -v -e ^FStar -e ^Hacl -fi | sort > exported-symbols -make clean - -wc -l exported-symbols diff --git a/tests/scripts/list_internal_identifiers.py b/tests/scripts/list_internal_identifiers.py new file mode 100755 index 0000000000..779a16ffbc --- /dev/null +++ b/tests/scripts/list_internal_identifiers.py @@ -0,0 +1,57 @@ +#!/usr/bin/env python3 +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +This script generates a file called identifiers that contains all Mbed TLS +identifiers found on internal headers. This is the equivalent of what was +previously `list-identifiers.sh --internal`, and is useful for generating an +exclusion file list for ABI/API checking, since we do not promise compatibility +for them. + +It uses the CodeParser class from check_names.py to perform the parsing. + +The script returns 0 on success, 1 if there is a script error. +Must be run from Mbed TLS root. +""" + +import argparse +import logging +from check_names import CodeParser + +def main(): + parser = argparse.ArgumentParser( + formatter_class=argparse.RawDescriptionHelpFormatter, + description=( + "This script writes a list of parsed identifiers in internal " + "headers to \"identifiers\". This is useful for generating a list " + "of names to exclude from API/ABI compatibility checking. ")) + + parser.parse_args() + + name_check = CodeParser(logging.getLogger()) + result = name_check.parse_identifiers([ + "include/mbedtls/*_internal.h", + "library/*.h" + ]) + result.sort(key=lambda x: x.name) + + identifiers = ["{}\n".format(match.name) for match in result] + with open("identifiers", "w", encoding="utf-8") as f: + f.writelines(identifiers) + +if __name__ == "__main__": + main() diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py deleted file mode 100755 index 64f12bbb31..0000000000 --- a/tests/scripts/mbedtls_test.py +++ /dev/null @@ -1,382 +0,0 @@ -#!/usr/bin/env python3 - -# Greentea host test script for Mbed TLS on-target test suite testing. -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -""" -Mbed TLS on-target test suite tests are implemented as Greentea -tests. Greentea tests are implemented in two parts: target test and -host test. Target test is a C application that is built for the -target platform and executes on the target. Host test is a Python -class derived from mbed_host_tests.BaseHostTest. Target communicates -with the host over serial for the test data and sends back the result. - -Python tool mbedgt (Greentea) is responsible for flashing the test -binary on to the target and dynamically loading this host test module. - -Greentea documentation can be found here: -https://github.com/ARMmbed/greentea -""" - - -import re -import os -import binascii - -from mbed_host_tests import BaseHostTest, event_callback # type: ignore # pylint: disable=import-error - - -class TestDataParserError(Exception): - """Indicates error in test data, read from .data file.""" - pass - - -class TestDataParser: - """ - Parses test name, dependencies, test function name and test parameters - from the data file. - """ - - def __init__(self): - """ - Constructor - """ - self.tests = [] - - def parse(self, data_file): - """ - Data file parser. - - :param data_file: Data file path - """ - with open(data_file, 'r') as data_f: - self.__parse(data_f) - - @staticmethod - def __escaped_split(inp_str, split_char): - """ - Splits inp_str on split_char except when escaped. - - :param inp_str: String to split - :param split_char: Split character - :return: List of splits - """ - split_colon_fn = lambda x: re.sub(r'\\' + split_char, split_char, x) - if len(split_char) > 1: - raise ValueError('Expected split character. Found string!') - out = list(map(split_colon_fn, re.split(r'(?> x) & 0xff) for x in [24, 16, 8, 0]]) - return data_bytes - - def test_vector_to_bytes(self, function_id, dependencies, parameters): - """ - Converts test vector into a byte array that can be sent to the target. - - :param function_id: Test Function Identifier - :param dependencies: Dependency list - :param parameters: Test function input parameters - :return: Byte array and its length - """ - data_bytes = bytearray([len(dependencies)]) - if dependencies: - data_bytes += bytearray(dependencies) - data_bytes += bytearray([function_id, len(parameters)]) - for typ, param in parameters: - if typ in ('int', 'exp'): - i = int(param, 0) - data_bytes += b'I' if typ == 'int' else b'E' - self.align_32bit(data_bytes) - data_bytes += self.int32_to_big_endian_bytes(i) - elif typ == 'char*': - param = param.strip('"') - i = len(param) + 1 # + 1 for null termination - data_bytes += b'S' - self.align_32bit(data_bytes) - data_bytes += self.int32_to_big_endian_bytes(i) - data_bytes += bytearray(param, encoding='ascii') - data_bytes += b'\0' # Null terminate - elif typ == 'hex': - binary_data = self.hex_str_bytes(param) - data_bytes += b'H' - self.align_32bit(data_bytes) - i = len(binary_data) - data_bytes += self.int32_to_big_endian_bytes(i) - data_bytes += binary_data - length = self.int32_to_big_endian_bytes(len(data_bytes)) - return data_bytes, length - - def run_next_test(self): - """ - Fetch next test information and execute the test. - - """ - self.test_index += 1 - self.dep_index = 0 - if self.test_index < len(self.tests): - name, function_id, dependencies, args = self.tests[self.test_index] - self.run_test(name, function_id, dependencies, args) - else: - self.notify_complete(self.suite_passed) - - def run_test(self, name, function_id, dependencies, args): - """ - Execute the test on target by sending next test information. - - :param name: Test name - :param function_id: function identifier - :param dependencies: Dependencies list - :param args: test parameters - :return: - """ - self.log("Running: %s" % name) - - param_bytes, length = self.test_vector_to_bytes(function_id, - dependencies, args) - self.send_kv( - ''.join('{:02x}'.format(x) for x in length), - ''.join('{:02x}'.format(x) for x in param_bytes) - ) - - @staticmethod - def get_result(value): - """ - Converts result from string type to integer - :param value: Result code in string - :return: Integer result code. Value is from the test status - constants defined under the MbedTlsTest class. - """ - try: - return int(value) - except ValueError: - ValueError("Result should return error number. " - "Instead received %s" % value) - - @event_callback('GO') - def on_go(self, _key, _value, _timestamp): - """ - Sent by the target to start first test. - - :param _key: Event key - :param _value: Value. ignored - :param _timestamp: Timestamp ignored. - :return: - """ - self.run_next_test() - - @event_callback("R") - def on_result(self, _key, value, _timestamp): - """ - Handle result. Prints test start, finish required by Greentea - to detect test execution. - - :param _key: Event key - :param value: Value. ignored - :param _timestamp: Timestamp ignored. - :return: - """ - int_val = self.get_result(value) - name, _, _, _ = self.tests[self.test_index] - self.log('{{__testcase_start;%s}}' % name) - self.log('{{__testcase_finish;%s;%d;%d}}' % (name, int_val == 0, - int_val != 0)) - if int_val != 0: - self.suite_passed = False - self.run_next_test() - - @event_callback("F") - def on_failure(self, _key, value, _timestamp): - """ - Handles test execution failure. That means dependency not supported or - Test function not supported. Hence marking test as skipped. - - :param _key: Event key - :param value: Value. ignored - :param _timestamp: Timestamp ignored. - :return: - """ - int_val = self.get_result(value) - if int_val in self.error_str: - err = self.error_str[int_val] - else: - err = 'Unknown error' - # For skip status, do not write {{__testcase_finish;...}} - self.log("Error: %s" % err) - self.run_next_test() diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py new file mode 100755 index 0000000000..ea52c93eba --- /dev/null +++ b/tests/scripts/test_psa_compliance.py @@ -0,0 +1,146 @@ +#!/usr/bin/env python3 +"""Run the PSA Cryto API compliance test suite. +Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF, +then complie and run the test suite. The clone is stored at /psa-arch-tests. +Known defects in either the test suite or mbedtls - identified by their test number - are ignored, +while unexpected failures AND successes are reported as errors, +to help keep the list of known defects as up to date as possible. +""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import os +import re +import shutil +import subprocess +import sys + +# PSA Compliance tests we expect to fail due to known defects in Mbed TLS (or the test suite) +# The test numbers correspond to the numbers used by the console output of the test suite. +# Test number 2xx corresponds to the files in the folder +# psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx +EXPECTED_FAILURES = { + # Multipart CCM is not supported. + # - Tracked in issue #3721 + 252, 253, 254, 255, 256, 257, 258, 259, 261, + + # psa_hash_suspend() and psa_hash_resume() are not supported. + # - Tracked in issue #3274 + 262, 263 +} + +# We currently use a fork of ARM-software/psa-arch-tests, with a couple of downstream patches +# that allow it to build with MbedTLS 3, and fixes a couple of issues in the compliance test suite. +# These fixes allow the tests numbered 216, 248 and 249 to complete successfully. +# +# Once all the fixes are upstreamed, this fork should be replaced with an upstream commit/tag. +# - Tracked in issue #5145 +# +# Web URL: https://github.com/bensze01/psa-arch-tests/tree/fixes-for-mbedtls-3 +PSA_ARCH_TESTS_REPO = 'https://github.com/bensze01/psa-arch-tests.git' +PSA_ARCH_TESTS_REF = 'fixes-for-mbedtls-3' + +#pylint: disable=too-many-branches,too-many-statements +def main(): + mbedtls_dir = os.getcwd() + + if not os.path.exists('library/libmbedcrypto.a'): + subprocess.check_call(['make', '-C', 'library', 'libmbedcrypto.a']) + + psa_arch_tests_dir = 'psa-arch-tests' + os.makedirs(psa_arch_tests_dir, exist_ok=True) + try: + os.chdir(psa_arch_tests_dir) + + # Reuse existing local clone + subprocess.check_call(['git', 'init']) + subprocess.check_call(['git', 'fetch', PSA_ARCH_TESTS_REPO, PSA_ARCH_TESTS_REF]) + subprocess.check_call(['git', 'checkout', 'FETCH_HEAD']) + + build_dir = 'api-tests/build' + try: + shutil.rmtree(build_dir) + except FileNotFoundError: + pass + os.mkdir(build_dir) + os.chdir(build_dir) + + #pylint: disable=bad-continuation + subprocess.check_call([ + 'cmake', '..', + '-GUnix Makefiles', + '-DTARGET=tgt_dev_apis_stdc', + '-DTOOLCHAIN=HOST_GCC', + '-DSUITE=CRYPTO', + '-DPSA_CRYPTO_LIB_FILENAME={}/library/libmbedcrypto.a'.format(mbedtls_dir), + '-DPSA_INCLUDE_PATHS={}/include'.format(mbedtls_dir) + ]) + subprocess.check_call(['cmake', '--build', '.']) + + proc = subprocess.Popen(['./psa-arch-tests-crypto'], + bufsize=1, stdout=subprocess.PIPE, universal_newlines=True) + + test_re = re.compile( + '^TEST: (?P[0-9]*)|' + '^TEST RESULT: (?PFAILED|PASSED)' + ) + test = -1 + unexpected_successes = set(EXPECTED_FAILURES) + expected_failures = [] + unexpected_failures = [] + for line in proc.stdout: + print(line, end='') + match = test_re.match(line) + if match is not None: + groupdict = match.groupdict() + test_num = groupdict['test_num'] + if test_num is not None: + test = int(test_num) + elif groupdict['test_result'] == 'FAILED': + try: + unexpected_successes.remove(test) + expected_failures.append(test) + print('Expected failure, ignoring') + except KeyError: + unexpected_failures.append(test) + print('ERROR: Unexpected failure') + elif test in unexpected_successes: + print('ERROR: Unexpected success') + proc.wait() + + print() + print('***** test_psa_compliance.py report ******') + print() + print('Expected failures:', ', '.join(str(i) for i in expected_failures)) + print('Unexpected failures:', ', '.join(str(i) for i in unexpected_failures)) + print('Unexpected successes:', ', '.join(str(i) for i in sorted(unexpected_successes))) + print() + if unexpected_successes or unexpected_failures: + if unexpected_successes: + print('Unexpected successes encountered.') + print('Please remove the corresponding tests from ' + 'EXPECTED_FAILURES in tests/scripts/compliance_test.py') + print() + print('FAILED') + return 1 + else: + print('SUCCESS') + return 0 + finally: + os.chdir(mbedtls_dir) + +if __name__ == '__main__': + sys.exit(main()) diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py new file mode 100755 index 0000000000..d5f847fd54 --- /dev/null +++ b/tests/scripts/translate_ciphers.py @@ -0,0 +1,159 @@ +#!/usr/bin/env python3 + +# translate_ciphers.py +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +Translate ciphersuite names in Mbed TLS format to OpenSSL and GNUTLS +standards. + +To test the translation functions run: +python3 -m unittest translate_cipher.py +""" + +import re +import argparse +import unittest + +class TestTranslateCiphers(unittest.TestCase): + """ + Ensure translate_ciphers.py translates and formats ciphersuite names + correctly + """ + def test_translate_all_cipher_names(self): + """ + Translate MbedTLS ciphersuite names to their OpenSSL and + GnuTLS counterpart. Use only a small subset of ciphers + that exercise each step of the translate functions + """ + ciphers = [ + ("TLS-ECDHE-ECDSA-WITH-NULL-SHA", + "+ECDHE-ECDSA:+NULL:+SHA1", + "ECDHE-ECDSA-NULL-SHA"), + ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", + "+ECDHE-ECDSA:+AES-128-GCM:+AEAD", + "ECDHE-ECDSA-AES128-GCM-SHA256"), + ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", + "+DHE-RSA:+3DES-CBC:+SHA1", + "EDH-RSA-DES-CBC3-SHA"), + ("TLS-RSA-WITH-AES-256-CBC-SHA", + "+RSA:+AES-256-CBC:+SHA1", + "AES256-SHA"), + ("TLS-PSK-WITH-3DES-EDE-CBC-SHA", + "+PSK:+3DES-CBC:+SHA1", + "PSK-3DES-EDE-CBC-SHA"), + ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", + None, + "ECDHE-ECDSA-CHACHA20-POLY1305"), + ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM", + "+ECDHE-ECDSA:+AES-128-CCM:+AEAD", + None), + ("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", + None, + "ECDHE-ARIA256-GCM-SHA384"), + ] + + for m, g_exp, o_exp in ciphers: + + if g_exp is not None: + g = translate_gnutls(m) + self.assertEqual(g, g_exp) + + if o_exp is not None: + o = translate_ossl(m) + self.assertEqual(o, o_exp) + +def translate_gnutls(m_cipher): + """ + Translate m_cipher from Mbed TLS ciphersuite naming convention + and return the GnuTLS naming convention + """ + + m_cipher = re.sub(r'\ATLS-', '+', m_cipher) + m_cipher = m_cipher.replace("-WITH-", ":+") + m_cipher = m_cipher.replace("-EDE", "") + + # SHA in Mbed TLS == SHA1 GnuTLS, + # if the last 3 chars are SHA append 1 + if m_cipher[-3:] == "SHA": + m_cipher = m_cipher+"1" + + # CCM or CCM-8 should be followed by ":+AEAD" + # Replace "GCM:+SHAxyz" with "GCM:+AEAD" + if "CCM" in m_cipher or "GCM" in m_cipher: + m_cipher = re.sub(r"GCM-SHA\d\d\d", "GCM", m_cipher) + m_cipher = m_cipher+":+AEAD" + + # Replace the last "-" with ":+" + else: + index = m_cipher.rindex("-") + m_cipher = m_cipher[:index] + ":+" + m_cipher[index+1:] + + return m_cipher + +def translate_ossl(m_cipher): + """ + Translate m_cipher from Mbed TLS ciphersuite naming convention + and return the OpenSSL naming convention + """ + + m_cipher = re.sub(r'^TLS-', '', m_cipher) + m_cipher = m_cipher.replace("-WITH", "") + + # Remove the "-" from "ABC-xyz" + m_cipher = m_cipher.replace("AES-", "AES") + m_cipher = m_cipher.replace("CAMELLIA-", "CAMELLIA") + m_cipher = m_cipher.replace("ARIA-", "ARIA") + + # Remove "RSA" if it is at the beginning + m_cipher = re.sub(r'^RSA-', r'', m_cipher) + + # For all circumstances outside of PSK + if "PSK" not in m_cipher: + m_cipher = m_cipher.replace("-EDE", "") + m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3") + + # Remove "CBC" if it is not prefixed by DES + m_cipher = re.sub(r'(? wrapped_key_buffer_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + /* Write in the opaque pad prefix */ + memcpy( wrapped_key_buffer, &prefix, opaque_key_base_size ); + wrapped_key_buffer += opaque_key_base_size; + *wrapped_key_buffer_length = key_length + opaque_key_base_size; + + while( key_length-- ) + wrapped_key_buffer[key_length] = key[key_length] ^ 0xFF; + return( PSA_SUCCESS ); +} + +/* + * The unwrap function mbedtls_test_opaque_unwrap_key removes a pad prefix + * and unwraps the wrapped key. It expects the clear and wrap buffers to be + * passed in. + * wrapped_key_length is the size of the wrapped key, + * key_buffer_size is the size of the output buffer clear_key. + * The argument key_buffer_length is filled with the unwrapped(clear) + * key_size on success. + * */ +static psa_status_t mbedtls_test_opaque_unwrap_key( + const uint8_t *wrapped_key, + size_t wrapped_key_length, + uint8_t *key_buffer, + size_t key_buffer_size, + size_t *key_buffer_length) +{ + /* Remove the pad prefix from the wrapped key */ + size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size(); + size_t clear_key_size; + + /* Check for underflow */ + if( wrapped_key_length < opaque_key_base_size ) + return( PSA_ERROR_DATA_CORRUPT ); + clear_key_size = wrapped_key_length - opaque_key_base_size; + + wrapped_key += opaque_key_base_size; + if( clear_key_size > key_buffer_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + *key_buffer_length = clear_key_size; + while( clear_key_size-- ) + key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF; + return( PSA_SUCCESS ); +} + psa_status_t mbedtls_test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ) @@ -131,7 +228,7 @@ psa_status_t mbedtls_test_transparent_import_key( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_ECC( type ) ) { - status = mbedtls_transparent_test_driver_ecp_import_key( + status = mbedtls_test_driver_ecp_import_key( attributes, data, data_length, key_buffer, key_buffer_size, @@ -143,7 +240,7 @@ psa_status_t mbedtls_test_transparent_import_key( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_RSA( type ) ) { - status = mbedtls_transparent_test_driver_rsa_import_key( + status = mbedtls_test_driver_rsa_import_key( attributes, data, data_length, key_buffer, key_buffer_size, @@ -165,69 +262,160 @@ psa_status_t mbedtls_test_transparent_import_key( return( status ); } + +psa_status_t mbedtls_test_opaque_import_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + uint8_t *key_buffer, + size_t key_buffer_size, + size_t *key_buffer_length, + size_t *bits) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_type_t type = psa_get_key_type( attributes ); + /* This buffer will be used as an intermediate placeholder for + * the clear key till we wrap it */ + uint8_t *key_buffer_temp; + + key_buffer_temp = mbedtls_calloc( 1, key_buffer_size ); + if( key_buffer_temp == NULL ) + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + + if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) + { + *bits = PSA_BYTES_TO_BITS( data_length ); + + status = psa_validate_unstructured_key_bit_size( type, + *bits ); + if( status != PSA_SUCCESS ) + goto exit; + + if( data_length > key_buffer_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + /* Copy the key material accounting for opaque key padding. */ + memcpy( key_buffer_temp, data, data_length ); + *key_buffer_length = data_length; + } +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) + else if( PSA_KEY_TYPE_IS_ECC( type ) ) + { + status = mbedtls_test_driver_ecp_import_key( + attributes, + data, data_length, + key_buffer_temp, + key_buffer_size, + key_buffer_length, bits ); + if( status != PSA_SUCCESS ) + goto exit; + } + else +#endif +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) + if( PSA_KEY_TYPE_IS_RSA( type ) ) + { + status = mbedtls_test_driver_rsa_import_key( + attributes, + data, data_length, + key_buffer_temp, + key_buffer_size, + key_buffer_length, bits ); + if( status != PSA_SUCCESS ) + goto exit; + } + else +#endif + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + status = mbedtls_test_opaque_wrap_key( key_buffer_temp, *key_buffer_length, + key_buffer, key_buffer_size, key_buffer_length ); +exit: + mbedtls_free( key_buffer_temp ); + return( status ); +} + psa_status_t mbedtls_test_opaque_export_key( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, uint8_t *data, size_t data_size, size_t *data_length ) { - if( key_length != sizeof( psa_drv_slot_number_t ) ) + if( key_length == sizeof( psa_drv_slot_number_t ) ) { - /* Test driver does not support generic opaque key handling yet. */ - return( PSA_ERROR_NOT_SUPPORTED ); + /* Assume this is a builtin key based on the key material length. */ + psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key ); + + switch( slot_number ) + { + case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: + /* This is the ECDSA slot. Verify the key's attributes before + * returning the private key. */ + if( psa_get_key_type( attributes ) != + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_bits( attributes ) != 256 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_algorithm( attributes ) != + PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( ( psa_get_key_usage_flags( attributes ) & + PSA_KEY_USAGE_EXPORT ) == 0 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + + if( data_size < sizeof( mbedtls_test_driver_ecdsa_key ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( data, mbedtls_test_driver_ecdsa_key, + sizeof( mbedtls_test_driver_ecdsa_key ) ); + *data_length = sizeof( mbedtls_test_driver_ecdsa_key ); + return( PSA_SUCCESS ); + + case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT: + /* This is the AES slot. Verify the key's attributes before + * returning the key. */ + if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_bits( attributes ) != 128 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( ( psa_get_key_usage_flags( attributes ) & + PSA_KEY_USAGE_EXPORT ) == 0 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + + if( data_size < sizeof( mbedtls_test_driver_aes_key ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( data, mbedtls_test_driver_aes_key, + sizeof( mbedtls_test_driver_aes_key ) ); + *data_length = sizeof( mbedtls_test_driver_aes_key ); + return( PSA_SUCCESS ); + + default: + return( PSA_ERROR_DOES_NOT_EXIST ); + } } - - /* Assume this is a builtin key based on the key material length. */ - psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key ); - - switch( slot_number ) + else { - case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: - /* This is the ECDSA slot. Verify the key's attributes before - * returning the private key. */ - if( psa_get_key_type( attributes ) != - PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_bits( attributes ) != 256 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_algorithm( attributes ) != - PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( ( psa_get_key_usage_flags( attributes ) & - PSA_KEY_USAGE_EXPORT ) == 0 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); + /* This buffer will be used as an intermediate placeholder for + * the opaque key till we unwrap the key into key_buffer */ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_type_t type = psa_get_key_type( attributes ); - if( data_size < sizeof( mbedtls_test_driver_ecdsa_key ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - memcpy( data, mbedtls_test_driver_ecdsa_key, - sizeof( mbedtls_test_driver_ecdsa_key ) ); - *data_length = sizeof( mbedtls_test_driver_ecdsa_key ); - return( PSA_SUCCESS ); - - case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT: - /* This is the AES slot. Verify the key's attributes before - * returning the key. */ - if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_bits( attributes ) != 128 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( ( psa_get_key_usage_flags( attributes ) & - PSA_KEY_USAGE_EXPORT ) == 0 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - - if( data_size < sizeof( mbedtls_test_driver_aes_key ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - memcpy( data, mbedtls_test_driver_aes_key, - sizeof( mbedtls_test_driver_aes_key ) ); - *data_length = sizeof( mbedtls_test_driver_aes_key ); - return( PSA_SUCCESS ); - - default: - return( PSA_ERROR_DOES_NOT_EXIST ); + if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) || + PSA_KEY_TYPE_IS_RSA( type ) || + PSA_KEY_TYPE_IS_ECC( type ) ) + { + status = mbedtls_test_opaque_unwrap_key( key, key_length, + data, data_size, data_length ); + return( status ); + } } + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_transparent_export_public_key( @@ -258,7 +446,7 @@ psa_status_t mbedtls_test_transparent_export_public_key( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_ECC( key_type ) ) { - status = mbedtls_transparent_test_driver_ecp_export_public_key( + status = mbedtls_test_driver_ecp_export_public_key( attributes, key_buffer, key_buffer_size, data, data_size, data_length ); @@ -269,7 +457,7 @@ psa_status_t mbedtls_test_transparent_export_public_key( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_RSA( key_type ) ) { - status = mbedtls_transparent_test_driver_rsa_export_public_key( + status = mbedtls_test_driver_rsa_export_public_key( attributes, key_buffer, key_buffer_size, data, data_size, data_length ); @@ -293,8 +481,49 @@ psa_status_t mbedtls_test_opaque_export_public_key( { if( key_length != sizeof( psa_drv_slot_number_t ) ) { - /* Test driver does not support generic opaque key handling yet. */ - return( PSA_ERROR_NOT_SUPPORTED ); + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_type_t key_type = psa_get_key_type( attributes ); + uint8_t *key_buffer_temp; + + key_buffer_temp = mbedtls_calloc( 1, key_length ); + if( key_buffer_temp == NULL ) + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + + #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) + if( PSA_KEY_TYPE_IS_ECC( key_type ) ) + { + status = mbedtls_test_opaque_unwrap_key( key, key_length, + key_buffer_temp, key_length, data_length ); + if( status == PSA_SUCCESS ) + status = mbedtls_test_driver_ecp_export_public_key( + attributes, + key_buffer_temp, *data_length, + data, data_size, data_length ); + } + else + #endif + #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) + if( PSA_KEY_TYPE_IS_RSA( key_type ) ) + { + status = mbedtls_test_opaque_unwrap_key( key, key_length, + key_buffer_temp, key_length, data_length ); + if( status == PSA_SUCCESS ) + status = mbedtls_test_driver_rsa_export_public_key( + attributes, + key_buffer_temp, *data_length, + data, data_size, data_length ); + } + else + #endif + { + status = PSA_ERROR_NOT_SUPPORTED; + (void)key; + (void)key_type; + } + mbedtls_free( key_buffer_temp ); + return( status ); } /* Assume this is a builtin key based on the key material length. */ @@ -385,4 +614,24 @@ psa_status_t mbedtls_test_opaque_get_builtin_key( } } +psa_status_t mbedtls_test_opaque_copy_key( + psa_key_attributes_t *attributes, + const uint8_t *source_key, size_t source_key_length, + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) +{ + /* This is a case where the opaque test driver emulates an SE without storage. + * With that all key context is stored in the wrapped buffer. + * So no additional house keeping is necessary to reference count the + * copied keys. This could change when the opaque test driver is extended + * to support SE with storage, or to emulate an SE without storage but + * still holding some slot references */ + if( source_key_length > key_buffer_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( key_buffer, source_key, source_key_length ); + *key_buffer_length = source_key_length; + (void)attributes; + return( PSA_SUCCESS ); +} + #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/test_driver_size.c b/tests/src/drivers/test_driver_size.c deleted file mode 100644 index 033cf32de0..0000000000 --- a/tests/src/drivers/test_driver_size.c +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Test driver for retrieving key context size. - * Only used by opaque drivers. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) - -#include "test/drivers/size.h" -#include "psa/crypto.h" - -typedef struct { - unsigned int context; -} test_driver_key_context_t; - -/* - * This macro returns the base size for the key context. It is the size of the - * driver specific information stored in each key context. - */ -#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof( test_driver_key_context_t ) - -/* - * Number of bytes included in every key context for a key pair. - * - * This pair size is for an ECC 256-bit private/public key pair. - * Based on this value, the size of the private key can be derived by - * subtracting the public key size below from this one. - */ -#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 65 - -/* - * Number of bytes included in every key context for a public key. - * - * For ECC public keys, it needs 257 bits so 33 bytes. - */ -#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 33 - -/* - * Every key context for a symmetric key includes this many times the key size. - */ -#define TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR 0 - -/* - * If this is true for a key pair, the key context includes space for the public key. - * If this is false, no additional space is added for the public key. - * - * For this instance, store the public key with the private one. - */ -#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 1 - -size_t mbedtls_test_size_function( - const psa_key_type_t key_type, - const size_t key_bits ) -{ - size_t key_buffer_size = 0; - - if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) ) - { - int public_key_overhead = - ( ( TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY == 1 ) - ? PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits ) : 0 ); - key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + - TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE + - public_key_overhead; - } - else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( key_type ) ) - { - key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + - TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE; - } - else if ( !PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) && - !PSA_KEY_TYPE_IS_PUBLIC_KEY ( key_type ) ) - { - key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + - ( TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR * - ( ( key_bits + 7 ) / 8 ) ); - } - - return( key_buffer_size ); -} -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 4d3d53da50..ec4d84eac1 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -95,6 +95,31 @@ void mbedtls_test_info_reset( void ) mbedtls_test_info.test = 0; mbedtls_test_info.line_no = 0; mbedtls_test_info.filename = 0; + memset( mbedtls_test_info.line1, 0, sizeof( mbedtls_test_info.line1 ) ); + memset( mbedtls_test_info.line2, 0, sizeof( mbedtls_test_info.line2 ) ); +} + +int mbedtls_test_equal( const char *test, int line_no, const char* filename, + unsigned long long value1, unsigned long long value2 ) +{ + if( value1 == value2 ) + return( 1 ); + if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED ) + { + /* We've already recorded the test as having failed. Don't + * overwrite any previous information about the failure. */ + return( 0 ); + } + mbedtls_test_fail( test, line_no, filename ); + (void) mbedtls_snprintf( mbedtls_test_info.line1, + sizeof( mbedtls_test_info.line1 ), + "lhs = 0x%016llx = %lld", + value1, (long long) value1 ); + (void) mbedtls_snprintf( mbedtls_test_info.line2, + sizeof( mbedtls_test_info.line2 ), + "rhs = 0x%016llx = %lld", + value2, (long long) value2 ); + return( 0 ); } int mbedtls_test_unhexify( unsigned char *obuf, diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index d9d841abd5..299b6d125d 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -22,6 +22,7 @@ #include #include +#include #include #if defined(MBEDTLS_PSA_CRYPTO_C) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index e4e55c9c2c..fc58fbd489 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -29,6 +29,7 @@ #include #include +#include #include #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -306,7 +307,7 @@ static int exercise_signature_key( mbedtls_svc_key_id_t key, psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); /* If the policy allows signing with any hash, just pick one. */ - if( PSA_ALG_IS_HASH_AND_SIGN( alg ) && hash_alg == PSA_ALG_ANY_HASH ) + if( PSA_ALG_IS_SIGN_HASH( alg ) && hash_alg == PSA_ALG_ANY_HASH ) { #if defined(KNOWN_SUPPORTED_HASH_ALG) hash_alg = KNOWN_SUPPORTED_HASH_ALG; @@ -663,7 +664,7 @@ int mbedtls_test_psa_exported_key_sanity_check( TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ), 0 ); - TEST_EQUAL( p + len, end ); + TEST_EQUAL( len, end - p ); if( ! mbedtls_test_asn1_skip_integer( &p, end, 0, 0, 0 ) ) goto exit; if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ) @@ -684,7 +685,7 @@ int mbedtls_test_psa_exported_key_sanity_check( goto exit; if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) goto exit; - TEST_EQUAL( p, end ); + TEST_EQUAL( p - end, 0 ); TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE ); } @@ -716,12 +717,12 @@ int mbedtls_test_psa_exported_key_sanity_check( MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ), 0 ); - TEST_EQUAL( p + len, end ); + TEST_EQUAL( len, end - p ); if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ) goto exit; if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) ) goto exit; - TEST_EQUAL( p, end ); + TEST_EQUAL( p - end, 0 ); TEST_ASSERT( exported_length <= @@ -925,7 +926,7 @@ psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type, { if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) ) { - if( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + if( PSA_ALG_IS_SIGN_HASH( alg ) ) { if( PSA_ALG_SIGN_GET_HASH( alg ) ) return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? diff --git a/tests/ssl-opt-in-docker.sh b/tests/ssl-opt-in-docker.sh index 401a69c569..e7bb01d8ca 100755 --- a/tests/ssl-opt-in-docker.sh +++ b/tests/ssl-opt-in-docker.sh @@ -42,13 +42,13 @@ esac case "${GNUTLS_CLI:-default}" in "legacy") export GNUTLS_CLI="/usr/local/gnutls-3.3.8/bin/gnutls-cli";; - "next") export GNUTLS_CLI="/usr/local/gnutls-3.6.5/bin/gnutls-cli";; + "next") export GNUTLS_CLI="/usr/local/gnutls-3.7.2/bin/gnutls-cli";; *) ;; esac case "${GNUTLS_SERV:-default}" in "legacy") export GNUTLS_SERV="/usr/local/gnutls-3.3.8/bin/gnutls-serv";; - "next") export GNUTLS_SERV="/usr/local/gnutls-3.6.5/bin/gnutls-serv";; + "next") export GNUTLS_SERV="/usr/local/gnutls-3.7.2/bin/gnutls-serv";; *) ;; esac diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 01265ae9b3..1ac34dae77 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -77,6 +77,14 @@ else O_LEGACY_CLI=false fi +if [ -n "${OPENSSL_NEXT:-}" ]; then + O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key" + O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client" +else + O_NEXT_SRV=false + O_NEXT_CLI=false +fi + if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" else @@ -346,6 +354,95 @@ requires_openssl_legacy() { fi } +requires_openssl_next() { + if [ -z "${OPENSSL_NEXT_AVAILABLE:-}" ]; then + if which "${OPENSSL_NEXT:-}" >/dev/null 2>&1; then + OPENSSL_NEXT_AVAILABLE="YES" + else + OPENSSL_NEXT_AVAILABLE="NO" + fi + fi + if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then + SKIP_NEXT="YES" + fi +} + +# skip next test if tls1_3 is not available +requires_openssl_tls1_3() { + requires_openssl_next + if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then + OPENSSL_TLS1_3_AVAILABLE="NO" + fi + if [ -z "${OPENSSL_TLS1_3_AVAILABLE:-}" ]; then + if $OPENSSL_NEXT s_client -help 2>&1 | grep tls1_3 >/dev/null + then + OPENSSL_TLS1_3_AVAILABLE="YES" + else + OPENSSL_TLS1_3_AVAILABLE="NO" + fi + fi + if [ "$OPENSSL_TLS1_3_AVAILABLE" = "NO" ]; then + SKIP_NEXT="YES" + fi +} + +# skip next test if tls1_3 is not available +requires_gnutls_tls1_3() { + requires_gnutls_next + if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then + GNUTLS_TLS1_3_AVAILABLE="NO" + fi + if [ -z "${GNUTLS_TLS1_3_AVAILABLE:-}" ]; then + if $GNUTLS_NEXT_CLI -l 2>&1 | grep VERS-TLS1.3 >/dev/null + then + GNUTLS_TLS1_3_AVAILABLE="YES" + else + GNUTLS_TLS1_3_AVAILABLE="NO" + fi + fi + if [ "$GNUTLS_TLS1_3_AVAILABLE" = "NO" ]; then + SKIP_NEXT="YES" + fi +} + +# Check %NO_TICKETS option +requires_gnutls_next_no_ticket() { + requires_gnutls_next + if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then + GNUTLS_NO_TICKETS_AVAILABLE="NO" + fi + if [ -z "${GNUTLS_NO_TICKETS_AVAILABLE:-}" ]; then + if $GNUTLS_NEXT_CLI --priority-list 2>&1 | grep NO_TICKETS >/dev/null + then + GNUTLS_NO_TICKETS_AVAILABLE="YES" + else + GNUTLS_NO_TICKETS_AVAILABLE="NO" + fi + fi + if [ "$GNUTLS_NO_TICKETS_AVAILABLE" = "NO" ]; then + SKIP_NEXT="YES" + fi +} + +# Check %DISABLE_TLS13_COMPAT_MODE option +requires_gnutls_next_disable_tls13_compat() { + requires_gnutls_next + if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then + GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="NO" + fi + if [ -z "${GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE:-}" ]; then + if $GNUTLS_NEXT_CLI --priority-list 2>&1 | grep DISABLE_TLS13_COMPAT_MODE >/dev/null + then + GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="YES" + else + GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="NO" + fi + fi + if [ "$GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE" = "NO" ]; then + SKIP_NEXT="YES" + fi +} + # skip next test if IPv6 isn't available on this host requires_ipv6() { if [ -z "${HAS_IPV6:-}" ]; then @@ -455,6 +552,32 @@ record_outcome() { fi } +# True if the presence of the given pattern in a log definitely indicates +# that the test has failed. False if the presence is inconclusive. +# +# Inputs: +# * $1: pattern found in the logs +# * $TIMES_LEFT: >0 if retrying is an option +# +# Outputs: +# * $outcome: set to a retry reason if the pattern is inconclusive, +# unchanged otherwise. +# * Return value: 1 if the pattern is inconclusive, +# 0 if the failure is definitive. +log_pattern_presence_is_conclusive() { + # If we've run out of attempts, then don't retry no matter what. + if [ $TIMES_LEFT -eq 0 ]; then + return 0 + fi + case $1 in + "resend") + # An undesired resend may have been caused by the OS dropping or + # delaying a packet at an inopportune time. + outcome="RETRY(resend)" + return 1;; + esac +} + # fail fail() { record_outcome "FAIL" "$1" @@ -529,6 +652,8 @@ has_mem_err() { # Wait for process $2 named $3 to be listening on port $1. Print error to $4. if type lsof >/dev/null 2>/dev/null; then wait_app_start() { + newline=' +' START_TIME=$(date +%s) if [ "$DTLS" -eq 1 ]; then proto=UDP @@ -536,7 +661,15 @@ if type lsof >/dev/null 2>/dev/null; then proto=TCP fi # Make a tight loop, server normally takes less than 1s to start. - while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do + while true; do + SERVER_PIDS=$(lsof -a -n -b -i "$proto:$1" -F p) + # When we use a proxy, it will be listening on the same port we + # are checking for as well as the server and lsof will list both. + # If multiple PIDs are returned, each one will be on a separate + # line, each prepended with 'p'. + case ${newline}${SERVER_PIDS}${newline} in + *${newline}p${2}${newline}*) break;; + esac if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then echo "$3 START TIMEOUT" echo "$3 START TIMEOUT" >> $4 @@ -656,7 +789,7 @@ wait_client_done() { # check if the given command uses dtls and sets global variable DTLS detect_dtls() { case "$1" in - *dtls=1*|-dtls|-u) DTLS=1;; + *dtls=1*|*-dtls*|*-u*) DTLS=1;; *) DTLS=0;; esac } @@ -698,6 +831,271 @@ skip_handshake_stage_check() { SKIP_HANDSHAKE_CHECK="YES" } +# Analyze the commands that will be used in a test. +# +# Analyze and possibly instrument $PXY_CMD, $CLI_CMD, $SRV_CMD to pass +# extra arguments or go through wrappers. +# Set $DTLS (0=TLS, 1=DTLS). +analyze_test_commands() { + # update DTLS variable + detect_dtls "$SRV_CMD" + + # if the test uses DTLS but no custom proxy, add a simple proxy + # as it provides timing info that's useful to debug failures + if [ -z "$PXY_CMD" ] && [ "$DTLS" -eq 1 ]; then + PXY_CMD="$P_PXY" + case " $SRV_CMD " in + *' server_addr=::1 '*) + PXY_CMD="$PXY_CMD server_addr=::1 listen_addr=::1";; + esac + fi + + # update CMD_IS_GNUTLS variable + is_gnutls "$SRV_CMD" + + # if the server uses gnutls but doesn't set priority, explicitly + # set the default priority + if [ "$CMD_IS_GNUTLS" -eq 1 ]; then + case "$SRV_CMD" in + *--priority*) :;; + *) SRV_CMD="$SRV_CMD --priority=NORMAL";; + esac + fi + + # update CMD_IS_GNUTLS variable + is_gnutls "$CLI_CMD" + + # if the client uses gnutls but doesn't set priority, explicitly + # set the default priority + if [ "$CMD_IS_GNUTLS" -eq 1 ]; then + case "$CLI_CMD" in + *--priority*) :;; + *) CLI_CMD="$CLI_CMD --priority=NORMAL";; + esac + fi + + # fix client port + if [ -n "$PXY_CMD" ]; then + CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g ) + else + CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$SRV_PORT/g ) + fi + + # prepend valgrind to our commands if active + if [ "$MEMCHECK" -gt 0 ]; then + if is_polar "$SRV_CMD"; then + SRV_CMD="valgrind --leak-check=full $SRV_CMD" + fi + if is_polar "$CLI_CMD"; then + CLI_CMD="valgrind --leak-check=full $CLI_CMD" + fi + fi +} + +# Check for failure conditions after a test case. +# +# Inputs from run_test: +# * positional parameters: test options (see run_test documentation) +# * $CLI_EXIT: client return code +# * $CLI_EXPECT: expected client return code +# * $SRV_RET: server return code +# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files containing client/server/proxy logs +# * $TIMES_LEFT: if nonzero, a RETRY outcome is allowed +# +# Outputs: +# * $outcome: one of PASS/RETRY*/FAIL +check_test_failure() { + outcome=FAIL + + if [ $TIMES_LEFT -gt 0 ] && + grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null + then + outcome="RETRY(client-timeout)" + return + fi + + # check if the client and server went at least to the handshake stage + # (useful to avoid tests with only negative assertions and non-zero + # expected client exit to incorrectly succeed in case of catastrophic + # failure) + if [ "X$SKIP_HANDSHAKE_CHECK" != "XYES" ] + then + if is_polar "$SRV_CMD"; then + if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :; + else + fail "server or client failed to reach handshake stage" + return + fi + fi + if is_polar "$CLI_CMD"; then + if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :; + else + fail "server or client failed to reach handshake stage" + return + fi + fi + fi + + SKIP_HANDSHAKE_CHECK="NO" + # Check server exit code (only for Mbed TLS: GnuTLS and OpenSSL don't + # exit with status 0 when interrupted by a signal, and we don't really + # care anyway), in case e.g. the server reports a memory leak. + if [ $SRV_RET != 0 ] && is_polar "$SRV_CMD"; then + fail "Server exited with status $SRV_RET" + return + fi + + # check client exit code + if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \ + \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ] + then + fail "bad client exit code (expected $CLI_EXPECT, got $CLI_EXIT)" + return + fi + + # check other assertions + # lines beginning with == are added by valgrind, ignore them + # lines with 'Serious error when reading debug info', are valgrind issues as well + while [ $# -gt 0 ] + do + case $1 in + "-s") + if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else + fail "pattern '$2' MUST be present in the Server output" + return + fi + ;; + + "-c") + if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else + fail "pattern '$2' MUST be present in the Client output" + return + fi + ;; + + "-S") + if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then + if log_pattern_presence_is_conclusive "$2"; then + fail "pattern '$2' MUST NOT be present in the Server output" + fi + return + fi + ;; + + "-C") + if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then + if log_pattern_presence_is_conclusive "$2"; then + fail "pattern '$2' MUST NOT be present in the Client output" + fi + return + fi + ;; + + # The filtering in the following two options (-u and -U) do the following + # - ignore valgrind output + # - filter out everything but lines right after the pattern occurrences + # - keep one of each non-unique line + # - count how many lines remain + # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1 + # if there were no duplicates. + "-U") + if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then + fail "lines following pattern '$2' must be unique in Server output" + return + fi + ;; + + "-u") + if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then + fail "lines following pattern '$2' must be unique in Client output" + return + fi + ;; + "-F") + if ! $2 "$SRV_OUT"; then + fail "function call to '$2' failed on Server output" + return + fi + ;; + "-f") + if ! $2 "$CLI_OUT"; then + fail "function call to '$2' failed on Client output" + return + fi + ;; + "-g") + if ! eval "$2 '$SRV_OUT' '$CLI_OUT'"; then + fail "function call to '$2' failed on Server and Client output" + return + fi + ;; + + *) + echo "Unknown test: $1" >&2 + exit 1 + esac + shift 2 + done + + # check valgrind's results + if [ "$MEMCHECK" -gt 0 ]; then + if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then + fail "Server has memory errors" + return + fi + if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then + fail "Client has memory errors" + return + fi + fi + + # if we're here, everything is ok + outcome=PASS +} + +# Run the current test case: start the server and if applicable the proxy, run +# the client, wait for all processes to finish or time out. +# +# Inputs: +# * $NAME: test case name +# * $CLI_CMD, $SRV_CMD, $PXY_CMD: commands to run +# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files to contain client/server/proxy logs +# +# Outputs: +# * $CLI_EXIT: client return code +# * $SRV_RET: server return code +do_run_test_once() { + # run the commands + if [ -n "$PXY_CMD" ]; then + printf "# %s\n%s\n" "$NAME" "$PXY_CMD" > $PXY_OUT + $PXY_CMD >> $PXY_OUT 2>&1 & + PXY_PID=$! + wait_proxy_start "$PXY_PORT" "$PXY_PID" + fi + + check_osrv_dtls + printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT + provide_input | $SRV_CMD >> $SRV_OUT 2>&1 & + SRV_PID=$! + wait_server_start "$SRV_PORT" "$SRV_PID" + + printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT + eval "$CLI_CMD" >> $CLI_OUT 2>&1 & + wait_client_done + + sleep 0.05 + + # terminate the server (and the proxy) + kill $SRV_PID + wait $SRV_PID + SRV_RET=$? + + if [ -n "$PXY_CMD" ]; then + kill $PXY_PID >/dev/null 2>&1 + wait $PXY_PID + fi +} + # Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] # Options: -s pattern pattern that must be present in server output # -c pattern pattern that must be present in client output @@ -760,234 +1158,23 @@ run_test() { return fi - # update DTLS variable - detect_dtls "$SRV_CMD" - - # if the test uses DTLS but no custom proxy, add a simple proxy - # as it provides timing info that's useful to debug failures - if [ -z "$PXY_CMD" ] && [ "$DTLS" -eq 1 ]; then - PXY_CMD="$P_PXY" - case " $SRV_CMD " in - *' server_addr=::1 '*) - PXY_CMD="$PXY_CMD server_addr=::1 listen_addr=::1";; - esac - fi - - # update CMD_IS_GNUTLS variable - is_gnutls "$SRV_CMD" - - # if the server uses gnutls but doesn't set priority, explicitly - # set the default priority - if [ "$CMD_IS_GNUTLS" -eq 1 ]; then - case "$SRV_CMD" in - *--priority*) :;; - *) SRV_CMD="$SRV_CMD --priority=NORMAL";; - esac - fi - - # update CMD_IS_GNUTLS variable - is_gnutls "$CLI_CMD" - - # if the client uses gnutls but doesn't set priority, explicitly - # set the default priority - if [ "$CMD_IS_GNUTLS" -eq 1 ]; then - case "$CLI_CMD" in - *--priority*) :;; - *) CLI_CMD="$CLI_CMD --priority=NORMAL";; - esac - fi - - # fix client port - if [ -n "$PXY_CMD" ]; then - CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g ) - else - CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$SRV_PORT/g ) - fi - - # prepend valgrind to our commands if active - if [ "$MEMCHECK" -gt 0 ]; then - if is_polar "$SRV_CMD"; then - SRV_CMD="valgrind --leak-check=full $SRV_CMD" - fi - if is_polar "$CLI_CMD"; then - CLI_CMD="valgrind --leak-check=full $CLI_CMD" - fi - fi + analyze_test_commands "$@" TIMES_LEFT=2 while [ $TIMES_LEFT -gt 0 ]; do TIMES_LEFT=$(( $TIMES_LEFT - 1 )) - # run the commands - if [ -n "$PXY_CMD" ]; then - printf "# %s\n%s\n" "$NAME" "$PXY_CMD" > $PXY_OUT - $PXY_CMD >> $PXY_OUT 2>&1 & - PXY_PID=$! - wait_proxy_start "$PXY_PORT" "$PXY_PID" - fi + do_run_test_once - check_osrv_dtls - printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT - provide_input | $SRV_CMD >> $SRV_OUT 2>&1 & - SRV_PID=$! - wait_server_start "$SRV_PORT" "$SRV_PID" - - printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT - eval "$CLI_CMD" >> $CLI_OUT 2>&1 & - wait_client_done - - sleep 0.05 - - # terminate the server (and the proxy) - kill $SRV_PID - wait $SRV_PID - SRV_RET=$? - - if [ -n "$PXY_CMD" ]; then - kill $PXY_PID >/dev/null 2>&1 - wait $PXY_PID - fi - - # retry only on timeouts - if grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null; then - printf "RETRY " - else - TIMES_LEFT=0 - fi - done - - # check if the client and server went at least to the handshake stage - # (useful to avoid tests with only negative assertions and non-zero - # expected client exit to incorrectly succeed in case of catastrophic - # failure) - if [ "X$SKIP_HANDSHAKE_CHECK" != "XYES" ] - then - if is_polar "$SRV_CMD"; then - if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :; - else - fail "server or client failed to reach handshake stage" - return - fi - fi - if is_polar "$CLI_CMD"; then - if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :; - else - fail "server or client failed to reach handshake stage" - return - fi - fi - fi - - SKIP_HANDSHAKE_CHECK="NO" - # Check server exit code (only for Mbed TLS: GnuTLS and OpenSSL don't - # exit with status 0 when interrupted by a signal, and we don't really - # care anyway), in case e.g. the server reports a memory leak. - if [ $SRV_RET != 0 ] && is_polar "$SRV_CMD"; then - fail "Server exited with status $SRV_RET" - return - fi - - # check client exit code - if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \ - \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ] - then - fail "bad client exit code (expected $CLI_EXPECT, got $CLI_EXIT)" - return - fi - - # check other assertions - # lines beginning with == are added by valgrind, ignore them - # lines with 'Serious error when reading debug info', are valgrind issues as well - while [ $# -gt 0 ] - do - case $1 in - "-s") - if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else - fail "pattern '$2' MUST be present in the Server output" - return - fi - ;; - - "-c") - if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else - fail "pattern '$2' MUST be present in the Client output" - return - fi - ;; - - "-S") - if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then - fail "pattern '$2' MUST NOT be present in the Server output" - return - fi - ;; - - "-C") - if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then - fail "pattern '$2' MUST NOT be present in the Client output" - return - fi - ;; - - # The filtering in the following two options (-u and -U) do the following - # - ignore valgrind output - # - filter out everything but lines right after the pattern occurrences - # - keep one of each non-unique line - # - count how many lines remain - # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1 - # if there were no duplicates. - "-U") - if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then - fail "lines following pattern '$2' must be unique in Server output" - return - fi - ;; - - "-u") - if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then - fail "lines following pattern '$2' must be unique in Client output" - return - fi - ;; - "-F") - if ! $2 "$SRV_OUT"; then - fail "function call to '$2' failed on Server output" - return - fi - ;; - "-f") - if ! $2 "$CLI_OUT"; then - fail "function call to '$2' failed on Client output" - return - fi - ;; - "-g") - if ! eval "$2 '$SRV_OUT' '$CLI_OUT'"; then - fail "function call to '$2' failed on Server and Client output" - return - fi - ;; - - *) - echo "Unknown test: $1" >&2 - exit 1 + check_test_failure "$@" + case $outcome in + PASS) break;; + RETRY*) printf "$outcome ";; + FAIL) return;; esac - shift 2 done - # check valgrind's results - if [ "$MEMCHECK" -gt 0 ]; then - if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then - fail "Server has memory errors" - return - fi - if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then - fail "Client has memory errors" - return - fi - fi - - # if we're here, everything is ok + # If we get this far, the test case passed. record_outcome "PASS" if [ "$PRESERVE_LOGS" -gt 0 ]; then mv $SRV_OUT o-srv-${TESTS}.log @@ -1212,17 +1399,24 @@ SRV_DELAY_SECONDS=0 # fix commands to use this port, force IPv4 while at it # +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later +# Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many +# machines that will resolve to ::1, and we don't want ipv6 here. P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" O_SRV="$O_SRV -accept $SRV_PORT" -O_CLI="$O_CLI -connect localhost:+SRV_PORT" +O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT" G_SRV="$G_SRV -p $SRV_PORT" G_CLI="$G_CLI -p +SRV_PORT" if [ -n "${OPENSSL_LEGACY:-}" ]; then O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" - O_LEGACY_CLI="$O_LEGACY_CLI -connect localhost:+SRV_PORT" + O_LEGACY_CLI="$O_LEGACY_CLI -connect 127.0.0.1:+SRV_PORT" +fi + +if [ -n "${OPENSSL_NEXT:-}" ]; then + O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT" + O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT" fi if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then @@ -1333,12 +1527,53 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SHA256_C run_test "Opaque key for client authentication" \ - "$P_SRV auth_mode=required" \ + "$P_SRV auth_mode=required crt_file=data_files/server5.crt \ + key_file=data_files/server5.key" \ "$P_CLI key_opaque=1 crt_file=data_files/server5.crt \ key_file=data_files/server5.key" \ 0 \ -c "key type: Opaque" \ + -c "Ciphersuite is TLS-ECDHE-ECDSA" \ -s "Verifying peer X.509 certificate... ok" \ + -s "Ciphersuite is TLS-ECDHE-ECDSA" \ + -S "error" \ + -C "error" + +# Test using an opaque private key for server authentication +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_SHA256_C +run_test "Opaque key for server authentication" \ + "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \ + key_file=data_files/server5.key" \ + "$P_CLI crt_file=data_files/server5.crt \ + key_file=data_files/server5.key" \ + 0 \ + -c "Verifying peer X.509 certificate... ok" \ + -c "Ciphersuite is TLS-ECDHE-ECDSA" \ + -s "key types: Opaque - invalid PK" \ + -s "Ciphersuite is TLS-ECDHE-ECDSA" \ + -S "error" \ + -C "error" + +# Test using an opaque private key for client/server authentication +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_SHA256_C +run_test "Opaque key for client/server authentication" \ + "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \ + key_file=data_files/server5.key" \ + "$P_CLI key_opaque=1 crt_file=data_files/server5.crt \ + key_file=data_files/server5.key" \ + 0 \ + -c "key type: Opaque" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "Ciphersuite is TLS-ECDHE-ECDSA" \ + -s "key types: Opaque - invalid PK" \ + -s "Verifying peer X.509 certificate... ok" \ + -s "Ciphersuite is TLS-ECDHE-ECDSA" \ -S "error" \ -C "error" @@ -1453,6 +1688,40 @@ run_test "SHA-256 allowed by default in client certificate" \ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \ 0 +# Dummy TLS 1.3 test +# Currently only checking that passing TLS 1.3 key exchange modes to +# ssl_client2/ssl_server2 example programs works. +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +run_test "TLS 1.3, key exchange mode parameter passing: PSK only" \ + "$P_SRV tls13_kex_modes=psk" \ + "$P_CLI tls13_kex_modes=psk" \ + 0 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +run_test "TLS 1.3, key exchange mode parameter passing: PSK-ephemeral only" \ + "$P_SRV tls13_kex_modes=psk_ephemeral" \ + "$P_CLI tls13_kex_modes=psk_ephemeral" \ + 0 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +run_test "TLS 1.3, key exchange mode parameter passing: Pure-ephemeral only" \ + "$P_SRV tls13_kex_modes=ephemeral" \ + "$P_CLI tls13_kex_modes=ephemeral" \ + 0 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +run_test "TLS 1.3, key exchange mode parameter passing: All ephemeral" \ + "$P_SRV tls13_kex_modes=ephemeral_all" \ + "$P_CLI tls13_kex_modes=ephemeral_all" \ + 0 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +run_test "TLS 1.3, key exchange mode parameter passing: All PSK" \ + "$P_SRV tls13_kex_modes=psk_all" \ + "$P_CLI tls13_kex_modes=psk_all" \ + 0 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +run_test "TLS 1.3, key exchange mode parameter passing: All" \ + "$P_SRV tls13_kex_modes=all" \ + "$P_CLI tls13_kex_modes=all" \ + 0 + # Tests for datagram packing run_test "DTLS: multiple records in same datagram, client and server" \ "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ @@ -2558,10 +2827,13 @@ run_test "Session resume using tickets, DTLS: openssl server" \ -c "parse new session ticket" \ -c "a session has been resumed" +# For reasons that aren't fully understood, this test randomly fails with high +# probability with OpenSSL 1.0.2g on the CI, see #5012. +requires_openssl_next run_test "Session resume using tickets, DTLS: openssl client" \ "$P_SRV dtls=1 debug_level=3 tickets=1" \ - "( $O_CLI -dtls -sess_out $SESSION; \ - $O_CLI -dtls -sess_in $SESSION; \ + "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ + $O_NEXT_CLI -dtls -sess_in $SESSION; \ rm -f $SESSION )" \ 0 \ -s "found session ticket extension" \ @@ -2758,10 +3030,13 @@ run_test "Session resume using cache, DTLS: session copy" \ -s "a session has been resumed" \ -c "a session has been resumed" +# For reasons that aren't fully understood, this test randomly fails with high +# probability with OpenSSL 1.0.2g on the CI, see #5012. +requires_openssl_next run_test "Session resume using cache, DTLS: openssl client" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ - "( $O_CLI -dtls -sess_out $SESSION; \ - $O_CLI -dtls -sess_in $SESSION; \ + "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ + $O_NEXT_CLI -dtls -sess_in $SESSION; \ rm -f $SESSION )" \ 0 \ -s "found session ticket extension" \ @@ -8477,7 +8752,6 @@ run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ -s "Extra-header:" \ -c "Extra-header:" -requires_config_enabled MBEDTLS_SSL_EXPORT_KEYS run_test "export keys functionality" \ "$P_SRV eap_tls=1 debug_level=3" \ "$P_CLI eap_tls=1 debug_level=3" \ @@ -8487,6 +8761,28 @@ run_test "export keys functionality" \ -c "EAP-TLS IV is:" \ -s "EAP-TLS IV is:" +# openssl feature tests: check if tls1.3 exists. +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +run_test "TLS1.3: Test openssl tls1_3 feature" \ + "$O_NEXT_SRV -tls1_3 -msg" \ + "$O_NEXT_CLI -tls1_3 -msg" \ + 0 \ + -c "TLS 1.3" \ + -s "TLS 1.3" + +# gnutls feature tests: check if TLS 1.3 is supported as well as the NO_TICKETS and DISABLE_TLS13_COMPAT_MODE options. +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +run_test "TLS1.3: Test gnutls tls1_3 feature" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert " \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ + 0 \ + -s "Version: TLS1.3" \ + -c "Version: TLS1.3" + # TLS1.3 test cases # TODO: remove or rewrite this test case if #4832 is resolved. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -8504,11 +8800,73 @@ run_test "TLS1.3: Not supported version check: tls1_2 and tls1_3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL run_test "TLS1.3: handshake dispatch test: tls1_3 only" \ - "$P_SRV min_version=tls1_3 max_version=tls1_3" \ - "$P_CLI min_version=tls1_3 max_version=tls1_3" \ + "$P_SRV debug_level=2 min_version=tls1_3 max_version=tls1_3" \ + "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \ 1 \ - -s "SSL - The requested feature is not available" \ - -c "SSL - The requested feature is not available" + -s "tls1_3 server state: 0" \ + -c "tls1_3 client state: 0" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS1.3: minimal feature sets - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \ + 0 \ + -c "tls1_3 client state: 0" \ + -c "tls1_3 client state: 2" \ + -c "tls1_3 client state: 19" \ + -c "tls1_3 client state: 5" \ + -c "tls1_3 client state: 3" \ + -c "tls1_3 client state: 9" \ + -c "tls1_3 client state: 13" \ + -c "tls1_3 client state: 11" \ + -c "tls1_3 client state: 14" \ + -c "tls1_3 client state: 15" \ + -c "<= ssl_tls1_3_process_server_hello" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "ECDH curve: x25519" \ + -c "=> ssl_tls1_3_process_server_hello" \ + -c "<= parse encrypted extensions" \ + -c "Certificate verification flags clear" \ + -c "=> parse certificate verify" \ + -c "<= parse certificate verify" \ + -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ + -c "<= parse finished message" \ + -c "HTTP/1.0 200 ok" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS1.3: minimal feature sets - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \ + "$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \ + 0 \ + -s "SERVER HELLO was queued" \ + -c "tls1_3 client state: 0" \ + -c "tls1_3 client state: 2" \ + -c "tls1_3 client state: 19" \ + -c "tls1_3 client state: 5" \ + -c "tls1_3 client state: 3" \ + -c "tls1_3 client state: 9" \ + -c "tls1_3 client state: 13" \ + -c "tls1_3 client state: 11" \ + -c "tls1_3 client state: 14" \ + -c "tls1_3 client state: 15" \ + -c "<= ssl_tls1_3_process_server_hello" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "ECDH curve: x25519" \ + -c "=> ssl_tls1_3_process_server_hello" \ + -c "<= parse encrypted extensions" \ + -c "Certificate verification flags clear" \ + -c "=> parse certificate verify" \ + -c "<= parse certificate verify" \ + -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ + -c "<= parse finished message" \ + -c "HTTP/1.0 200 OK" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_MEMORY_DEBUG diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index a5fd7179b6..17926ebb3c 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -778,6 +778,12 @@ int execute_tests( int argc , const char ** argv ) mbedtls_fprintf( stdout, "line %d, %s", mbedtls_test_info.line_no, mbedtls_test_info.filename ); + if( mbedtls_test_info.line1[0] != 0 ) + mbedtls_fprintf( stdout, "\n %s", + mbedtls_test_info.line1 ); + if( mbedtls_test_info.line2[0] != 0 ) + mbedtls_fprintf( stdout, "\n %s", + mbedtls_test_info.line2 ); } fflush( stdout ); } diff --git a/tests/suites/target_test.function b/tests/suites/target_test.function deleted file mode 100644 index 637a79d5ee..0000000000 --- a/tests/suites/target_test.function +++ /dev/null @@ -1,449 +0,0 @@ -#line 2 "suites/target_test.function" - -#include "greentea-client/test_env.h" - -/** - * \brief Increments pointer and asserts that it does not overflow. - * - * \param p Pointer to byte array - * \param start Pointer to start of byte array - * \param len Length of byte array - * \param step Increment size - * - */ -#define INCR_ASSERT(p, start, len, step) do \ -{ \ - TEST_HELPER_ASSERT( ( p ) >= ( start ) ); \ - TEST_HELPER_ASSERT( sizeof( *( p ) ) == sizeof( *( start ) ) ); \ - /* <= is checked to support use inside a loop where \ - pointer is incremented after reading data. */ \ - TEST_HELPER_ASSERT( (uint32_t)( ( ( p ) - ( start ) ) + ( step ) ) <= ( len ) );\ - ( p ) += ( step ); \ -} \ -while( 0 ) - - -/** - * \brief 4 byte align unsigned char pointer - * - * \param p Pointer to byte array - * \param start Pointer to start of byte array - * \param len Length of byte array - * - */ -#define ALIGN_32BIT(p, start, len) do \ -{ \ - uint32_t align = ( - (uintptr_t)( p ) ) % 4; \ - INCR_ASSERT( ( p ), ( start ), ( len ), align );\ -} \ -while( 0 ) - - -/** - * \brief Verify dependencies. Dependency identifiers are - * encoded in the buffer as 8 bit unsigned integers. - * - * \param count Number of dependencies. - * \param dep_p Pointer to buffer. - * - * \return DEPENDENCY_SUPPORTED if success else DEPENDENCY_NOT_SUPPORTED. - */ -int verify_dependencies( uint8_t count, uint8_t * dep_p ) -{ - uint8_t i; - for ( i = 0; i < count; i++ ) - { - if ( dep_check( (int)(dep_p[i]) ) != DEPENDENCY_SUPPORTED ) - return( DEPENDENCY_NOT_SUPPORTED ); - } - return( DEPENDENCY_SUPPORTED ); -} - -/** - * \brief Receives hex string on serial interface, and converts to a byte. - * - * \param none - * - * \return unsigned int8 - */ -uint8_t receive_byte() -{ - uint8_t byte; - uint8_t c[3]; - size_t len; - - c[0] = greentea_getc(); - c[1] = greentea_getc(); - c[2] = '\0'; - - TEST_HELPER_ASSERT( mbedtls_test_unhexify( &byte, sizeof( byte ), - c, &len ) == 0 ); - TEST_HELPER_ASSERT( len != 2 ); - - return( byte ); -} - -/** - * \brief Receives unsigned integer on serial interface. - * Integers are encoded in network order, and sent as hex ascii string. - * - * \param none - * - * \return unsigned int - */ -uint32_t receive_uint32() -{ - uint32_t value; - size_t len; - const uint8_t c_be[8] = { greentea_getc(), - greentea_getc(), - greentea_getc(), - greentea_getc(), - greentea_getc(), - greentea_getc(), - greentea_getc(), - greentea_getc() - }; - const uint8_t c[9] = { c_be[6], c_be[7], c_be[4], c_be[5], c_be[2], - c_be[3], c_be[0], c_be[1], '\0' }; - - TEST_HELPER_ASSERT( mbedtls_test_unhexify( (uint8_t*)&value, sizeof( value ), - c, &len ) == 0 ); - TEST_HELPER_ASSERT( len != 8 ); - - return( value ); -} - -/** - * \brief Parses out an unsigned 32 int value from the byte array. - * Integers are encoded in network order. - * - * \param p Pointer to byte array - * - * \return unsigned int - */ -uint32_t parse_uint32( uint8_t * p ) -{ - uint32_t value; - value = *p++ << 24; - value |= *p++ << 16; - value |= *p++ << 8; - value |= *p; - return( value ); -} - - -/** - * \brief Receives test data on serial as greentea key,value pair: - * {{;}} - * - * \param data_len Out pointer to hold received data length. - * - * \return Byte array. - */ -uint8_t * receive_data( uint32_t * data_len ) -{ - uint32_t i = 0, errors = 0; - char c; - uint8_t * data = NULL; - - /* Read opening braces */ - i = 0; - while ( i < 2 ) - { - c = greentea_getc(); - /* Ignore any prevous CR LF characters */ - if ( c == '\n' || c == '\r' ) - continue; - i++; - if ( c != '{' ) - return( NULL ); - } - - /* Read data length */ - *data_len = receive_uint32(); - data = (uint8_t *)malloc( *data_len ); - TEST_HELPER_ASSERT( data != NULL ); - - greentea_getc(); // read ';' received after key i.e. *data_len - - for( i = 0; i < *data_len; i++ ) - data[i] = receive_byte(); - - /* Read closing braces */ - for( i = 0; i < 2; i++ ) - { - c = greentea_getc(); - if ( c != '}' ) - { - errors++; - break; - } - } - - if ( errors ) - { - free( data ); - data = NULL; - *data_len = 0; - } - - return( data ); -} - -/** - * \brief Parse the received byte array and count the number of arguments - * to the test function passed as type hex. - * - * \param count Parameter count - * \param data Received Byte array - * \param data_len Byte array length - * - * \return count of hex params - */ -uint32_t find_hex_count( uint8_t count, uint8_t * data, uint32_t data_len ) -{ - uint32_t i = 0, sz = 0; - char c; - uint8_t * p = NULL; - uint32_t hex_count = 0; - - p = data; - - for( i = 0; i < count; i++ ) - { - c = (char)*p; - INCR_ASSERT( p, data, data_len, 1 ); - - /* Align p to 4 bytes for int, expression, string len or hex length */ - ALIGN_32BIT( p, data, data_len ); - - /* Network to host conversion */ - sz = (int32_t)parse_uint32( p ); - - INCR_ASSERT( p, data, data_len, sizeof( int32_t ) ); - - if ( c == 'H' || c == 'S' ) - { - INCR_ASSERT( p, data, data_len, sz ); - hex_count += ( c == 'H' )?1:0; - } - } - - return( hex_count ); -} - -/** - * \brief Parses received byte array for test parameters. - * - * \param count Parameter count - * \param data Received Byte array - * \param data_len Byte array length - * \param error Parsing error out variable. - * - * \return Array of parsed parameters allocated on heap. - * Note: Caller has the responsibility to delete - * the memory after use. - */ -void ** parse_parameters( uint8_t count, uint8_t * data, uint32_t data_len, - int * error ) -{ - uint32_t i = 0, hex_count = 0; - char c; - void ** params = NULL; - void ** cur = NULL; - uint8_t * p = NULL; - - hex_count = find_hex_count(count, data, data_len); - - params = (void **)malloc( sizeof( void *) * ( count + hex_count ) ); - TEST_HELPER_ASSERT( params != NULL ); - cur = params; - - p = data; - - /* Parameters */ - for( i = 0; i < count; i++ ) - { - c = (char)*p; - INCR_ASSERT( p, data, data_len, 1 ); - - /* Align p to 4 bytes for int, expression, string len or hex length */ - ALIGN_32BIT( p, data, data_len ); - - /* Network to host conversion */ - *( (int32_t *)p ) = (int32_t)parse_uint32( p ); - - switch( c ) - { - case 'E': - { - if ( get_expression( *( (int32_t *)p ), (int32_t *)p ) ) - { - *error = KEY_VALUE_MAPPING_NOT_FOUND; - goto exit; - } - } /* Intentional fall through */ - case 'I': - { - *cur++ = (void *)p; - INCR_ASSERT( p, data, data_len, sizeof( int32_t ) ); - } - break; - case 'H': /* Intentional fall through */ - case 'S': - { - uint32_t * sz = (uint32_t *)p; - INCR_ASSERT( p, data, data_len, sizeof( int32_t ) ); - *cur++ = (void *)p; - if ( c == 'H' ) - *cur++ = (void *)sz; - INCR_ASSERT( p, data, data_len, ( *sz ) ); - } - break; - default: - { - *error = DISPATCH_INVALID_TEST_DATA; - goto exit; - } - break; - } - } - -exit: - if ( *error ) - { - free( params ); - params = NULL; - } - - return( params ); -} - -/** - * \brief Sends greentea key and int value pair to host. - * - * \param key key string - * \param value integer value - * - * \return void - */ -void send_key_integer( char * key, int value ) -{ - char str[50]; - snprintf( str, sizeof( str ), "%d", value ); - greentea_send_kv( key, str ); -} - -/** - * \brief Sends test setup failure to the host. - * - * \param failure Test set failure - * - * \return void - */ -void send_failure( int failure ) -{ - send_key_integer( "F", failure ); -} - -/** - * \brief Sends test status to the host. - * - * \param status Test status (PASS=0/FAIL=!0) - * - * \return void - */ -void send_status( int status ) -{ - send_key_integer( "R", status ); -} - - -/** - * \brief Embedded implementation of execute_tests(). - * Ignores command line and received test data - * on serial. - * - * \param argc not used - * \param argv not used - * - * \return Program exit status. - */ -int execute_tests( int args, const char ** argv ) -{ - int ret = 0; - uint32_t data_len = 0; - uint8_t count = 0, function_id; - void ** params = NULL; - uint8_t * data = NULL, * p = NULL; - - GREENTEA_SETUP( 800, "mbedtls_test" ); - greentea_send_kv( "GO", " " ); - - while ( 1 ) - { - ret = 0; - mbedtls_test_info_reset( ); - data_len = 0; - - data = receive_data( &data_len ); - if ( data == NULL ) - continue; - p = data; - - do - { - /* Read dependency count */ - count = *p; - TEST_HELPER_ASSERT( count < data_len ); - INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) ); - ret = verify_dependencies( count, p ); - if ( ret != DEPENDENCY_SUPPORTED ) - break; - - if ( count ) - INCR_ASSERT( p, data, data_len, count ); - - /* Read function id */ - function_id = *p; - INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) ); - if ( ( ret = check_test( function_id ) ) != DISPATCH_TEST_SUCCESS ) - break; - - /* Read number of parameters */ - count = *p; - INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) ); - - /* Parse parameters if present */ - if ( count ) - { - params = parse_parameters( count, p, data_len - ( p - data ), &ret ); - if ( ret ) - break; - } - - ret = dispatch_test( function_id, params ); - } - while ( 0 ); - - if ( data ) - { - free( data ); - data = NULL; - } - - if ( params ) - { - free( params ); - params = NULL; - } - - if ( ret ) - send_failure( ret ); - else - send_status( mbedtls_test_info.result ); - } - return( 0 ); -} - diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 1892c2595a..52af8e02f2 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -67,7 +67,7 @@ void aes_encrypt_cbc( data_t * key_str, data_t * iv_str, mbedtls_aes_init( &ctx ); - mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); + TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 ); TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result ); if( cbc_result == 0 ) { @@ -92,7 +92,7 @@ void aes_decrypt_cbc( data_t * key_str, data_t * iv_str, memset(output, 0x00, 100); mbedtls_aes_init( &ctx ); - mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ); + TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == 0 ); TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result ); if( cbc_result == 0) { @@ -241,7 +241,7 @@ void aes_encrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_aes_init( &ctx ); - mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); + TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 ); TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 ); @@ -263,7 +263,7 @@ void aes_decrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_aes_init( &ctx ); - mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); + TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 ); TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 ); @@ -284,7 +284,7 @@ void aes_encrypt_cfb8( data_t * key_str, data_t * iv_str, mbedtls_aes_init( &ctx ); - mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); + TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 ); TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, @@ -306,7 +306,7 @@ void aes_decrypt_cfb8( data_t * key_str, data_t * iv_str, mbedtls_aes_init( &ctx ); - mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); + TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 ); TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, diff --git a/tests/suites/test_suite_base64.data b/tests/suites/test_suite_base64.data index 3a892f4792..555666807d 100644 --- a/tests/suites/test_suite_base64.data +++ b/tests/suites/test_suite_base64.data @@ -1,3 +1,33 @@ +mask_of_range empty (1..0) +mask_of_range:1:0 + +mask_of_range empty (255..0) +mask_of_range:255:0 + +mask_of_range empty (42..7) +mask_of_range:42:7 + +mask_of_range 0..0 +mask_of_range:0:0 + +mask_of_range 42..42 +mask_of_range:42:42 + +mask_of_range 255..255 +mask_of_range:255:255 + +mask_of_range 0..255 +mask_of_range:0:255 + +mask_of_range 'A'..'Z' +mask_of_range:65:90 + +enc_char (all digits) +enc_chars: + +dec_value (all characters) +dec_chars: + Test case mbedtls_base64_encode #1 buffer just right mbedtls_base64_encode:"":"":0:0 diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function index be9b6e8c3e..67fbb67505 100644 --- a/tests/suites/test_suite_base64.function +++ b/tests/suites/test_suite_base64.function @@ -1,6 +1,13 @@ /* BEGIN_HEADER */ #include "mbedtls/base64.h" +#include "base64_invasive.h" #include + +#if defined(MBEDTLS_TEST_HOOKS) +static const char base64_digits[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; +#endif /* MBEDTLS_TEST_HOOKS */ + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -8,6 +15,65 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ +void mask_of_range( int low_arg, int high_arg ) +{ + unsigned char low = low_arg, high = high_arg; + unsigned c; + for( c = 0; c <= 0xff; c++ ) + { + mbedtls_test_set_step( c ); + TEST_CF_SECRET( &c, sizeof( c ) ); + unsigned char m = mbedtls_base64_mask_of_range( low, high, c ); + TEST_CF_PUBLIC( &c, sizeof( c ) ); + TEST_CF_PUBLIC( &m, sizeof( m ) ); + if( low <= c && c <= high ) + TEST_EQUAL( m, 0xff ); + else + TEST_EQUAL( m, 0 ); + } +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ +void enc_chars( ) +{ + for( unsigned value = 0; value < 64; value++ ) + { + mbedtls_test_set_step( value ); + TEST_CF_SECRET( &value, sizeof( value ) ); + unsigned char digit = mbedtls_base64_enc_char( value ); + TEST_CF_PUBLIC( &value, sizeof( value ) ); + TEST_CF_PUBLIC( &digit, sizeof( digit ) ); + TEST_EQUAL( digit, base64_digits[value] ); + } +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ +void dec_chars( ) +{ + char *p; + signed char expected; + + for( unsigned c = 0; c <= 0xff; c++ ) + { + mbedtls_test_set_step( c ); + /* base64_digits is 0-terminated. sizeof()-1 excludes the trailing 0. */ + p = memchr( base64_digits, c, sizeof( base64_digits ) - 1 ); + if( p == NULL ) + expected = -1; + else + expected = p - base64_digits; + TEST_CF_SECRET( &c, sizeof( c ) ); + signed char actual = mbedtls_base64_dec_value( c ); + TEST_CF_PUBLIC( &c, sizeof( c ) ); + TEST_CF_PUBLIC( &actual, sizeof( actual ) ); + TEST_EQUAL( actual, expected ); + } +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_base64_encode( char * src_string, char * dst_string, int dst_buf_size, int result ) diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data index a14d4be252..61e6e9b991 100644 --- a/tests/suites/test_suite_ccm.data +++ b/tests/suites/test_suite_ccm.data @@ -174,6 +174,10 @@ CCM encrypt and tag RFC 3610 #24 depends_on:MBEDTLS_AES_C mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"D7828D13B2B0BDC325A76236DF93CC6B":"ABF21C0B02FEB88F856DF4A37381BCE3CC128517D4":"008D493B30AE8B3C9696766CFA":"6E37A6EF546D955D34AB6059":"F32905B88A641B04B9C9FFB58CC390900F3DA12AB16DCE9E82EFA16DA62059" +CCM encrypt and tag AES-128 (P=0, N=13, A=0, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"54caf96ef6d448734700aadab50faf7a":"":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053" + CCM encrypt and tag NIST VTT AES-128 #1 (P=24, N=13, A=32, T=4) depends_on:MBEDTLS_AES_C mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"43b1a6bc8d0d22d6d1ca95c18593cca5":"a2b381c7d1545c408fe29817a21dc435a154c87256346b05":"9882578e750b9682c6ca7f8f86":"2084f3861c9ad0ccee7c63a7e05aece5db8b34bd8724cc06b4ca99a7f9c4914f":"cc69ed76985e0ed4c8365a72775e5a19bfccc71aeb116c85a8c74677" @@ -1517,3 +1521,234 @@ mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"D75C2778078CA93D971F96FD CCM-Camellia encrypt and tag RFC 5528 #24 depends_on:MBEDTLS_CAMELLIA_C mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"D75C2778078CA93D971F96FDE720F4CD":"9DC9EDAE2FF5DF8636E8C6DE0EED55F7867E33337D":"003B8FD8D3A937B160B6A31C1C":"A4D499F78419728C19178B0C":"4B198156393B0F7796086AAFB454F8C3F034CCA966945F1FCEA7E11BEE6A2F" + +CCM encrypt, skip ad AES-128 (P=0, N=13, A=0, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"54caf96ef6d448734700aadab50faf7a":"":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053" + +CCM* encrypt, skip ad AES-128 (P=0, N=13, A=0, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"54caf96ef6d448734700aadab50faf7a":"":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053" + +CCM decrypt, skip ad AES-128 (P=0, N=13, A=0, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"54caf96ef6d448734700aadab50faf7a":"":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053" + +CCM* decrypt, skip ad AES-128 (P=0, N=13, A=0, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"54caf96ef6d448734700aadab50faf7a":"":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053" + +CCM encrypt, skip ad NIST VADT AES-128 (P=24, N=13, A=0, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d24a3d3dde8c84830280cb87abad0bb3":"7c86135ed9c2a515aaae0e9a208133897269220f30870006":"f1100035bb24a8d26004e0e24b":"1faeb0ee2ca2cd52f0aa3966578344f24e69b742c4ab37ab":"1123301219c70599b7c373ad4b3ad67b" + +CCM* encrypt, skip ad NIST VADT AES-128 (P=24, N=13, A=0, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d24a3d3dde8c84830280cb87abad0bb3":"7c86135ed9c2a515aaae0e9a208133897269220f30870006":"f1100035bb24a8d26004e0e24b":"1faeb0ee2ca2cd52f0aa3966578344f24e69b742c4ab37ab":"1123301219c70599b7c373ad4b3ad67b" + +CCM decrypt, skip ad NIST DVPT AES-192 (P=24, N=7, A=0, T=4) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"411986d04d6463100bff03f7d0bde7ea2c3488784378138c":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":"ddc93a54" + +CCM* decrypt, skip ad NIST DVPT AES-192 (P=24, N=7, A=0, T=4) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_skip_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"411986d04d6463100bff03f7d0bde7ea2c3488784378138c":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":"ddc93a54" + +CCM encrypt, skip update AES-128 (P=0, N=13, A=0, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053" + +CCM decrypt, skip update AES-128 (P=0, N=13, A=0, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053" + +CCM* encrypt, skip update AES-128 (P=0, N=13, A=0, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053" + +CCM* decrypt, skip update AES-128 (P=0, N=13, A=0, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af":"":"eba8347baa6d61f87b67c2dd7c6d2053" + +CCM encrypt, skip update NIST VPT AES-128 #1 (P=0, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"2ebf60f0969013a54a3dedb19d20f6c8":"1de8c5e21f9db33123ff870add":"e1de6c6119d7db471136285d10b47a450221b16978569190ef6a22b055295603":"0ead29ef205fbb86d11abe5ed704b880" + +CCM* encrypt, skip update NIST VPT AES-128 #1 (P=0, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"2ebf60f0969013a54a3dedb19d20f6c8":"1de8c5e21f9db33123ff870add":"e1de6c6119d7db471136285d10b47a450221b16978569190ef6a22b055295603":"0ead29ef205fbb86d11abe5ed704b880" + +CCM decrypt, skip update NIST DVPT AES-256 #23 (P=0, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"867b0d87cf6e0f718200a97b4f6d5ad5" + +CCM* decrypt, skip update NIST DVPT AES-256 #23 (P=0, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_skip_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"867b0d87cf6e0f718200a97b4f6d5ad5" + +CCM encrypt, overflow ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" + +CCM encrypt, incomplete ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" + +CCM encrypt, full ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" + +CCM encrypt, incomplete ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_incomplete_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" + +CCM encrypt, overflow update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" + +CCM encrypt, incomplete update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" + +CCM encrypt, full update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" + +CCM encrypt, incomplete update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_incomplete_update_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" + +CCM decrypt, overflow ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" + +CCM decrypt, incomplete ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" + +CCM decrypt, full ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" + +CCM decrypt, incomplete ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_incomplete_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" + +CCM decrypt, overflow update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" + +CCM decrypt, incomplete update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" + +CCM decrypt, full update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" + +CCM decrypt, incomplete update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_incomplete_update_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" + +CCM* encrypt, overflow ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" + +CCM* encrypt, incomplete ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" + +CCM* encrypt, full ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" + +CCM* encrypt, overflow update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" + +CCM* encrypt, incomplete ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_incomplete_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" + +CCM* encrypt, incomplete update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" + +CCM* encrypt, full update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" + +CCM* encrypt, incomplete update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_incomplete_update_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" + +CCM* decrypt, overflow ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_overflow_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" + +CCM* decrypt, incomplete ad NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_incomplete_ad:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" + +CCM* decrypt, full ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_full_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" + +CCM* decrypt, incomplete ad and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_incomplete_ad_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"a6f73242f2f227350c0277e4e72cdaa6" + +CCM* decrypt, overflow update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_overflow_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" + +CCM* decrypt, incomplete update NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_incomplete_update:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" + +CCM* decrypt, full update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_full_update_and_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" + +CCM* decrypt, incomplete update and overflow NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_incomplete_update_overflow:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" + +CCM encrypt, instant finish NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98" + +CCM decrypt, instant finish NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98" + +CCM* encrypt, instant finish NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98" + +CCM* decrypt, instant finish NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98" + +CCM encrypt, instant finish AES-128 (P=0, N=13, A=0, T=16) +mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af" + +CCM decrypt, instant finish AES-128 (P=0, N=13, A=0, T=16) +mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_DECRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af" + +CCM* encrypt, instant finish AES-128 (P=0, N=13, A=0, T=16) +mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af" + +CCM* decrypt, instant finish AES-128 (P=0, N=13, A=0, T=16) +mbedtls_ccm_instant_finish:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"54caf96ef6d448734700aadab50faf7a":"a3803e752ae849c910d8da36af" + +CCM pass unexpected auth data, NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +mbedtls_ccm_unexpected_ad::MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" + +CCM encrypt, unexpected ciphertext/plaintext data, NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_unexpected_text:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa" + +CCM* encrypt, no auth NIST VADT AES-256 #1 (P=24, N=13) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_star_no_tag:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886df3ba3e6da3a1389":"30d56ff2a25b83fee791110fcaea48e41db7c7f098a81000":"72a60f345a1978fb40f28a2fa4":"55f068c0bbba8b598013dd1841fd740fda2902322148ab5e" + +CCM* decrypt, no auth NIST DVPT AES-128 #15 (P=24, N=13) +depends_on:MBEDTLS_AES_C +mbedtls_ccm_star_no_tag:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"90929a4b0ac65b350ad1591611fe4829":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697" diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 840583c5ca..a7ba0dea20 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -1,5 +1,64 @@ /* BEGIN_HEADER */ #include "mbedtls/ccm.h" + +/* Use the multipart interface to process the encrypted data in two parts + * and check that the output matches the expected output. + * The context must have been set up with the key. */ +static int check_multipart( mbedtls_ccm_context *ctx, + int mode, + const data_t *iv, + const data_t *add, + const data_t *input, + const data_t *expected_output, + const data_t *tag, + size_t n1, + size_t n1_add) +{ + int ok = 0; + uint8_t *output = NULL; + size_t n2 = input->len - n1; + size_t n2_add = add->len - n1_add; + size_t olen; + + /* Sanity checks on the test data */ + TEST_ASSERT( n1 <= input->len ); + TEST_ASSERT( n1_add <= add->len ); + TEST_EQUAL( input->len, expected_output->len ); + TEST_EQUAL( 0, mbedtls_ccm_starts( ctx, mode, iv->x, iv->len ) ); + TEST_EQUAL( 0, mbedtls_ccm_set_lengths( ctx, add->len, input->len, tag->len ) ); + TEST_EQUAL( 0, mbedtls_ccm_update_ad( ctx, add->x, n1_add) ); + TEST_EQUAL( 0, mbedtls_ccm_update_ad( ctx, add->x + n1_add, n2_add ) ); + + /* Allocate a tight buffer for each update call. This way, if the function + * tries to write beyond the advertised required buffer size, this will + * count as an overflow for memory sanitizers and static checkers. */ + ASSERT_ALLOC( output, n1 ); + olen = 0xdeadbeef; + TEST_EQUAL( 0, mbedtls_ccm_update( ctx, input->x, n1, output, n1, &olen ) ); + TEST_EQUAL( n1, olen ); + ASSERT_COMPARE( output, olen, expected_output->x, n1 ); + mbedtls_free( output ); + output = NULL; + + ASSERT_ALLOC( output, n2 ); + olen = 0xdeadbeef; + TEST_EQUAL( 0, mbedtls_ccm_update( ctx, input->x + n1, n2, output, n2, &olen ) ); + TEST_EQUAL( n2, olen ); + ASSERT_COMPARE( output, olen, expected_output->x + n1, n2 ); + mbedtls_free( output ); + output = NULL; + + ASSERT_ALLOC( output, tag->len ); + TEST_EQUAL( 0, mbedtls_ccm_finish( ctx, output, tag->len ) ); + ASSERT_COMPARE( output, tag->len, tag->x, tag->len ); + mbedtls_free( output ); + output = NULL; + + ok = 1; +exit: + mbedtls_free( output ); + return( ok ); +} /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -122,71 +181,140 @@ void mbedtls_ccm_encrypt_and_tag( int cipher_id, data_t * key, data_t * add, data_t * result ) { mbedtls_ccm_context ctx; - size_t tag_len; - uint8_t * msg_n_tag = (uint8_t *)malloc( result->len + 2 ); + size_t n1, n1_add; + uint8_t* io_msg_buf = NULL; + uint8_t* tag_buf = NULL; + const size_t expected_tag_len = result->len - msg->len; + const uint8_t* expected_tag = result->x + msg->len; + + /* Prepare input/output message buffer */ + ASSERT_ALLOC( io_msg_buf, msg->len ); + if( msg->len != 0 ) + memcpy( io_msg_buf, msg->x, msg->len ); + + /* Prepare tag buffer */ + ASSERT_ALLOC( tag_buf, expected_tag_len ); mbedtls_ccm_init( &ctx ); - - memset( msg_n_tag, 0, result->len + 2 ); - memcpy( msg_n_tag, msg->x, msg->len ); - - tag_len = result->len - msg->len; - - TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 ); - + TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); /* Test with input == output */ - TEST_ASSERT( mbedtls_ccm_encrypt_and_tag( &ctx, msg->len, iv->x, iv->len, add->x, add->len, - msg_n_tag, msg_n_tag, msg_n_tag + msg->len, tag_len ) == 0 ); + TEST_EQUAL( mbedtls_ccm_encrypt_and_tag( &ctx, msg->len, iv->x, iv->len, add->x, add->len, + io_msg_buf, io_msg_buf, tag_buf, expected_tag_len ), 0); - TEST_ASSERT( memcmp( msg_n_tag, result->x, result->len ) == 0 ); + ASSERT_COMPARE( io_msg_buf, msg->len, result->x, msg->len ); + ASSERT_COMPARE( tag_buf, expected_tag_len, expected_tag, expected_tag_len ); - /* Check we didn't write past the end */ - TEST_ASSERT( msg_n_tag[result->len] == 0 && msg_n_tag[result->len + 1] == 0 ); + /* Prepare data_t structures for multipart testing */ + const data_t encrypted_expected = { .x = result->x, + .len = msg->len }; + const data_t tag_expected = { .x = (uint8_t*) expected_tag, /* cast to conform with data_t x type */ + .len = expected_tag_len }; + + for( n1 = 0; n1 <= msg->len; n1 += 1 ) + { + for( n1_add = 0; n1_add <= add->len; n1_add += 1 ) + { + mbedtls_test_set_step( n1 * 10000 + n1_add ); + if( !check_multipart( &ctx, MBEDTLS_CCM_ENCRYPT, + iv, add, msg, + &encrypted_expected, + &tag_expected, + n1, n1_add ) ) + goto exit; + } + } exit: mbedtls_ccm_free( &ctx ); - free( msg_n_tag ); + mbedtls_free( io_msg_buf ); + mbedtls_free( tag_buf ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mbedtls_ccm_star_no_tag( int cipher_id, int mode, data_t * key, + data_t * msg, data_t * iv, data_t * result ) +{ + mbedtls_ccm_context ctx; + uint8_t *output = NULL; + size_t olen; + + mbedtls_ccm_init( &ctx ); + TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); + TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); + TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 0, msg->len, 0 ) ); + + ASSERT_ALLOC( output, msg->len ); + TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) ); + TEST_EQUAL( result->len, olen ); + ASSERT_COMPARE( output, olen, result->x, result->len ); + + TEST_EQUAL( 0, mbedtls_ccm_finish( &ctx, NULL, 0 ) ); +exit: + mbedtls_free(output); + mbedtls_ccm_free( &ctx ); } /* END_CASE */ /* BEGIN_CASE */ void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key, data_t * msg, data_t * iv, - data_t * add, int tag_len, int result, + data_t * add, int expected_tag_len, int result, data_t * expected_msg ) { - unsigned char tag[16]; mbedtls_ccm_context ctx; + size_t n1, n1_add; + + const size_t expected_msg_len = msg->len - expected_tag_len; + const uint8_t* expected_tag = msg->x + expected_msg_len; + + /* Prepare input/output message buffer */ + uint8_t* io_msg_buf = NULL; + ASSERT_ALLOC( io_msg_buf, expected_msg_len ); + if( expected_msg_len ) + memcpy( io_msg_buf, msg->x, expected_msg_len ); mbedtls_ccm_init( &ctx ); - - memset( tag, 0x00, sizeof( tag ) ); - - msg->len -= tag_len; - memcpy( tag, msg->x + msg->len, tag_len ); - - TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 ); - + TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); /* Test with input == output */ - TEST_ASSERT( mbedtls_ccm_auth_decrypt( &ctx, msg->len, iv->x, iv->len, add->x, add->len, - msg->x, msg->x, msg->x + msg->len, tag_len ) == result ); + TEST_EQUAL( mbedtls_ccm_auth_decrypt( &ctx, expected_msg_len, iv->x, iv->len, add->x, add->len, + io_msg_buf, io_msg_buf, expected_tag, expected_tag_len ), result ); if( result == 0 ) { - TEST_ASSERT( memcmp( msg->x, expected_msg->x, expected_msg->len ) == 0 ); + ASSERT_COMPARE( io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len ); + + /* Prepare data_t structures for multipart testing */ + const data_t encrypted = { .x = msg->x, + .len = expected_msg_len }; + + const data_t tag_expected = { .x = (uint8_t*) expected_tag, + .len = expected_tag_len }; + + for( n1 = 0; n1 <= expected_msg_len; n1 += 1 ) + { + for( n1_add = 0; n1_add <= add->len; n1_add += 1 ) + { + mbedtls_test_set_step( n1 * 10000 + n1_add ); + if( !check_multipart( &ctx, MBEDTLS_CCM_DECRYPT, + iv, add, &encrypted, + expected_msg, + &tag_expected, + n1, n1_add ) ) + goto exit; + } + } } else { size_t i; - for( i = 0; i < msg->len; i++ ) - TEST_ASSERT( msg->x[i] == 0 ); + for( i = 0; i < expected_msg_len; i++ ) + TEST_EQUAL( io_msg_buf[i], 0 ); } - /* Check we didn't write past the end (where the original tag is) */ - TEST_ASSERT( memcmp( msg->x + msg->len, tag, tag_len ) == 0 ); - exit: + mbedtls_free(io_msg_buf); mbedtls_ccm_free( &ctx ); } /* END_CASE */ @@ -199,20 +327,32 @@ void mbedtls_ccm_star_encrypt_and_tag( int cipher_id, data_t *expected_result, int output_ret ) { unsigned char iv[13]; - unsigned char result[50]; mbedtls_ccm_context ctx; - size_t iv_len, tag_len; - int ret; + size_t iv_len, expected_tag_len; + size_t n1, n1_add; + uint8_t* io_msg_buf = NULL; + uint8_t* tag_buf = NULL; - mbedtls_ccm_init( &ctx ); - - memset( result, 0x00, sizeof( result ) ); + const uint8_t* expected_tag = expected_result->x + msg->len; + /* Calculate tag length */ if( sec_level % 4 == 0) - tag_len = 0; + expected_tag_len = 0; else - tag_len = 1 << ( sec_level % 4 + 1); + expected_tag_len = 1 << ( sec_level % 4 + 1); + /* Prepare input/output message buffer */ + ASSERT_ALLOC( io_msg_buf, msg->len ); + if( msg->len ) + memcpy( io_msg_buf, msg->x, msg->len ); + + /* Prepare tag buffer */ + if( expected_tag_len == 0 ) + ASSERT_ALLOC( tag_buf, 16 ); + else + ASSERT_ALLOC( tag_buf, expected_tag_len ); + + /* Calculate iv */ TEST_ASSERT( source_address->len == 8 ); TEST_ASSERT( frame_counter->len == 4 ); memcpy( iv, source_address->x, source_address->len ); @@ -220,24 +360,46 @@ void mbedtls_ccm_star_encrypt_and_tag( int cipher_id, iv[source_address->len + frame_counter->len] = sec_level; iv_len = sizeof( iv ); - TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, - key->x, key->len * 8 ) == 0 ); + mbedtls_ccm_init( &ctx ); + TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, + key->x, key->len * 8 ), 0 ); + /* Test with input == output */ + TEST_EQUAL( mbedtls_ccm_star_encrypt_and_tag( &ctx, msg->len, iv, iv_len, + add->x, add->len, io_msg_buf, + io_msg_buf, tag_buf, expected_tag_len), output_ret ); - ret = mbedtls_ccm_star_encrypt_and_tag( &ctx, msg->len, iv, iv_len, - add->x, add->len, msg->x, - result, result + msg->len, tag_len ); + ASSERT_COMPARE( io_msg_buf, msg->len, expected_result->x, msg->len ); + ASSERT_COMPARE( tag_buf, expected_tag_len, expected_tag, expected_tag_len ); - TEST_ASSERT( ret == output_ret ); + if( output_ret == 0 ) + { + const data_t iv_data = { .x = iv, + .len = iv_len }; - TEST_ASSERT( memcmp( result, - expected_result->x, expected_result->len ) == 0 ); + const data_t encrypted_expected = { .x = expected_result->x, + .len = msg->len }; + const data_t tag_expected = { .x = (uint8_t*)expected_tag, + .len = expected_tag_len }; - /* Check we didn't write past the end */ - TEST_ASSERT( result[expected_result->len] == 0 && - result[expected_result->len + 1] == 0 ); + for( n1 = 0; n1 <= msg->len; n1 += 1 ) + { + for( n1_add = 0; n1_add <= add->len; n1_add += 1 ) + { + mbedtls_test_set_step( n1 * 10000 + n1_add ); + if( !check_multipart( &ctx, MBEDTLS_CCM_STAR_ENCRYPT, + &iv_data, add, msg, + &encrypted_expected, + &tag_expected, + n1, n1_add ) ) + goto exit; + } + } + } exit: mbedtls_ccm_free( &ctx ); + mbedtls_free( io_msg_buf ); + mbedtls_free( tag_buf ); } /* END_CASE */ @@ -249,21 +411,27 @@ void mbedtls_ccm_star_auth_decrypt( int cipher_id, data_t *expected_result, int output_ret ) { unsigned char iv[13]; - unsigned char result[50]; mbedtls_ccm_context ctx; - size_t iv_len, tag_len; - int ret; - - mbedtls_ccm_init( &ctx ); - - memset( iv, 0x00, sizeof( iv ) ); - memset( result, '+', sizeof( result ) ); + size_t iv_len, expected_tag_len; + size_t n1, n1_add; + /* Calculate tag length */ if( sec_level % 4 == 0) - tag_len = 0; + expected_tag_len = 0; else - tag_len = 1 << ( sec_level % 4 + 1); + expected_tag_len = 1 << ( sec_level % 4 + 1); + const size_t expected_msg_len = msg->len - expected_tag_len; + const uint8_t* expected_tag = msg->x + expected_msg_len; + + /* Prepare input/output message buffer */ + uint8_t* io_msg_buf = NULL; + ASSERT_ALLOC( io_msg_buf, expected_msg_len ); + if( expected_msg_len ) + memcpy( io_msg_buf, msg->x, expected_msg_len ); + + /* Calculate iv */ + memset( iv, 0x00, sizeof( iv ) ); TEST_ASSERT( source_address->len == 8 ); TEST_ASSERT( frame_counter->len == 4 ); memcpy( iv, source_address->x, source_address->len ); @@ -271,23 +439,405 @@ void mbedtls_ccm_star_auth_decrypt( int cipher_id, iv[source_address->len + frame_counter->len] = sec_level; iv_len = sizeof( iv ); + mbedtls_ccm_init( &ctx ); TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 ); + /* Test with input == output */ + TEST_EQUAL( mbedtls_ccm_star_auth_decrypt( &ctx, expected_msg_len, iv, iv_len, + add->x, add->len, io_msg_buf, io_msg_buf, + expected_tag, expected_tag_len ), output_ret ); - ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg->len - tag_len, iv, iv_len, - add->x, add->len, msg->x, result, - msg->x + msg->len - tag_len, tag_len ); + ASSERT_COMPARE( io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len ); - TEST_ASSERT( ret == output_ret ); + if( output_ret == 0 ) + { + const data_t iv_data = { .x = iv, + .len = iv_len }; - TEST_ASSERT( memcmp( result, expected_result->x, - expected_result->len ) == 0 ); + const data_t encrypted = { .x = msg->x, + .len = expected_msg_len} ; - /* Check we didn't write past the end (where the original tag is) */ - TEST_ASSERT( ( msg->len + 2 ) <= sizeof( result ) ); - TEST_EQUAL( result[msg->len], '+' ); - TEST_EQUAL( result[msg->len + 1], '+' ); + const data_t tag_expected = { .x = (uint8_t*) expected_tag, + .len = expected_tag_len }; + for( n1 = 0; n1 <= expected_msg_len; n1 += 1 ) + { + for( n1_add = 0; n1_add <= add->len; n1_add += 1 ) + { + mbedtls_test_set_step( n1 * 10000 + n1_add ); + if( !check_multipart( &ctx, MBEDTLS_CCM_STAR_DECRYPT, + &iv_data, add, &encrypted, + expected_result, + &tag_expected, + n1, n1_add ) ) + goto exit; + } + } + } + +exit: + mbedtls_ccm_free( &ctx ); + mbedtls_free( io_msg_buf ); +} +/* END_CASE */ + +/* Skip auth data, provide full text */ +/* BEGIN_CASE */ +void mbedtls_ccm_skip_ad( int cipher_id, int mode, + data_t * key, data_t * msg, data_t * iv, + data_t * result, data_t * tag ) +{ + mbedtls_ccm_context ctx; + uint8_t *output = NULL; + size_t olen; + + /* Sanity checks on the test data */ + TEST_EQUAL( msg->len, result->len ); + + mbedtls_ccm_init( &ctx ); + TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); + TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); + TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 0, msg->len, tag->len ) ); + + ASSERT_ALLOC( output, result->len ); + olen = 0xdeadbeef; + TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, result->len, &olen ) ); + TEST_EQUAL( result->len, olen ); + ASSERT_COMPARE( output, olen, result->x, result->len ); + mbedtls_free( output ); + output = NULL; + + ASSERT_ALLOC( output, tag->len ); + TEST_EQUAL( 0, mbedtls_ccm_finish( &ctx, output, tag->len ) ); + ASSERT_COMPARE( output, tag->len, tag->x, tag->len ); + mbedtls_free( output ); + output = NULL; + +exit: + mbedtls_free( output ); + mbedtls_ccm_free( &ctx ); +} +/* END_CASE */ + +/* Provide auth data, skip full text */ +/* BEGIN_CASE */ +void mbedtls_ccm_skip_update( int cipher_id, int mode, + data_t * key, data_t * iv, data_t* add, + data_t * tag ) +{ + mbedtls_ccm_context ctx; + uint8_t *output = NULL; + + mbedtls_ccm_init( &ctx ); + TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); + TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); + TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 0, tag->len ) ); + + TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) ); + + ASSERT_ALLOC( output, tag->len ); + TEST_EQUAL( 0, mbedtls_ccm_finish( &ctx, output, tag->len ) ); + ASSERT_COMPARE( output, tag->len, tag->x, tag->len ); + mbedtls_free( output ); + output = NULL; + +exit: + mbedtls_free( output ); + mbedtls_ccm_free( &ctx ); +} +/* END_CASE */ + +/* Provide too much auth data */ +/* BEGIN_CASE */ +void mbedtls_ccm_overflow_ad( int cipher_id, int mode, + data_t * key, data_t * iv, + data_t * add ) +{ + mbedtls_ccm_context ctx; + + mbedtls_ccm_init( &ctx ); + TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); + TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); + // use hardcoded values for msg length and tag length. They are not a part of this test + // subtract 1 from configured auth data length to provoke an overflow + TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len - 1, 16, 16 ) ); + + TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add->x, add->len) ); exit: mbedtls_ccm_free( &ctx ); } /* END_CASE */ + +/* Provide unexpected auth data */ +/* BEGIN_CASE */ +void mbedtls_ccm_unexpected_ad( int cipher_id, int mode, + data_t * key, data_t * iv, + data_t * add ) +{ + mbedtls_ccm_context ctx; + + mbedtls_ccm_init( &ctx ); + TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); + TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); + // use hardcoded values for msg length and tag length. They are not a part of this test + TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 0, 16, 16 ) ); + + TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add->x, add->len) ); +exit: + mbedtls_ccm_free( &ctx ); +} +/* END_CASE */ + +/* Provide unexpected plaintext/ciphertext data */ +/* BEGIN_CASE */ +void mbedtls_ccm_unexpected_text( int cipher_id, int mode, + data_t * key, data_t * msg, data_t * iv, + data_t * add ) +{ + mbedtls_ccm_context ctx; + uint8_t *output = NULL; + size_t olen; + + mbedtls_ccm_init( &ctx ); + TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); + TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); + // use hardcoded value for tag length. It is not a part of this test + TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 0, 16 ) ); + + TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) ); + + ASSERT_ALLOC( output, msg->len ); + olen = 0xdeadbeef; + TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) ); +exit: + mbedtls_free( output ); + mbedtls_ccm_free( &ctx ); +} +/* END_CASE */ + +/* Provide incomplete auth data and finish */ +/* BEGIN_CASE */ +void mbedtls_ccm_incomplete_ad( int cipher_id, int mode, + data_t * key, data_t * iv, data_t* add ) +{ + mbedtls_ccm_context ctx; + uint8_t *output = NULL; + + mbedtls_ccm_init( &ctx ); + TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); + TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); + // use hardcoded values for msg length and tag length. They are not a part of this test + TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 0, 16 ) ); + + TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len - 1) ); + + ASSERT_ALLOC( output, 16 ); + TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish( &ctx, output, 16 ) ); + +exit: + mbedtls_free( output ); + mbedtls_ccm_free( &ctx ); +} +/* END_CASE */ + +/* Provide complete auth data on first update_ad. + * Provide unexpected auth data on second update_ad */ +/* BEGIN_CASE */ +void mbedtls_ccm_full_ad_and_overflow( int cipher_id, int mode, + data_t * key, data_t * iv, + data_t * add ) +{ + mbedtls_ccm_context ctx; + + mbedtls_ccm_init( &ctx ); + TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); + TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); + // use hardcoded values for msg length and tag length. They are not a part of this test + TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 16, 16 ) ); + + // pass full auth data + TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) ); + // pass 1 extra byte + TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add->x, 1) ); +exit: + mbedtls_ccm_free( &ctx ); +} +/* END_CASE */ + +/* Provide incomplete auth data on first update_ad. + * Provide too much auth data on second update_ad */ +/* BEGIN_CASE */ +void mbedtls_ccm_incomplete_ad_and_overflow( int cipher_id, int mode, + data_t * key, data_t * iv, + data_t * add ) +{ + mbedtls_ccm_context ctx; + uint8_t add_second_buffer[2]; + + add_second_buffer[0] = add->x[ add->len - 1 ]; + add_second_buffer[1] = 0xAB; // some magic value + + mbedtls_ccm_init( &ctx ); + TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); + TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); + // use hardcoded values for msg length and tag length. They are not a part of this test + TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 16, 16 ) ); + + // pass incomplete auth data + TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len - 1) ); + // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte) + TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add_second_buffer, 2) ); +exit: + mbedtls_ccm_free( &ctx ); +} +/* END_CASE */ + +/* Provide too much plaintext/ciphertext */ +/* BEGIN_CASE */ +void mbedtls_ccm_overflow_update( int cipher_id, int mode, + data_t * key, data_t * msg, data_t * iv, + data_t * add ) +{ + mbedtls_ccm_context ctx; + uint8_t *output = NULL; + size_t olen; + + mbedtls_ccm_init( &ctx ); + TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); + TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); + // use hardcoded value for tag length. It is a not a part of this test + // subtract 1 from configured msg length to provoke an overflow + TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len - 1, 16 ) ); + + TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) ); + + ASSERT_ALLOC( output, msg->len ); + TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, \ + mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) ); +exit: + mbedtls_free( output ); + mbedtls_ccm_free( &ctx ); +} +/* END_CASE */ + +/* Provide incomplete plaintext/ciphertext and finish */ +/* BEGIN_CASE */ +void mbedtls_ccm_incomplete_update( int cipher_id, int mode, + data_t * key, data_t * msg, data_t * iv, + data_t * add ) +{ + mbedtls_ccm_context ctx; + uint8_t *output = NULL; + size_t olen; + + mbedtls_ccm_init( &ctx ); + TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); + TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); + // use hardcoded value for tag length. It is not a part of this test + TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len, 16 ) ); + + TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) ); + + ASSERT_ALLOC( output, msg->len ); + olen = 0xdeadbeef; + TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len - 1, output, msg->len, &olen ) ); + mbedtls_free( output ); + output = NULL; + + ASSERT_ALLOC( output, 16 ); + TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish( &ctx, output, 16 ) ); + +exit: + mbedtls_free( output ); + mbedtls_ccm_free( &ctx ); +} +/* END_CASE */ + +/* Provide full plaintext/ciphertext of first update + * Provide unexpected plaintext/ciphertext on second update */ +/* BEGIN_CASE */ +void mbedtls_ccm_full_update_and_overflow( int cipher_id, int mode, + data_t * key, data_t * msg, data_t * iv, + data_t * add ) +{ + mbedtls_ccm_context ctx; + uint8_t *output = NULL; + size_t olen; + + mbedtls_ccm_init( &ctx ); + TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); + TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); + // use hardcoded value for tag length. It is a not a part of this test + TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len, 16 ) ); + + TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) ); + + ASSERT_ALLOC( output, msg->len ); + // pass full text + TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) ); + // pass 1 extra byte + TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, \ + mbedtls_ccm_update( &ctx, msg->x, 1, output, 1, &olen ) ); +exit: + mbedtls_free( output ); + mbedtls_ccm_free( &ctx ); +} +/* END_CASE */ + +/* Provide incomplete plaintext/ciphertext of first update + * Provide too much plaintext/ciphertext on second update */ +/* BEGIN_CASE */ +void mbedtls_ccm_incomplete_update_overflow( int cipher_id, int mode, + data_t * key, data_t * msg, data_t * iv, + data_t * add ) +{ + mbedtls_ccm_context ctx; + uint8_t *output = NULL; + size_t olen; + uint8_t msg_second_buffer[2]; + + msg_second_buffer[0] = msg->x[ msg->len - 1 ]; + msg_second_buffer[1] = 0xAB; // some magic value + + mbedtls_ccm_init( &ctx ); + TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); + TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); + // use hardcoded value for tag length. It is a not a part of this test + TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len, 16 ) ); + + TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) ); + + ASSERT_ALLOC( output, msg->len + 1 ); + // pass incomplete text + TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len - 1, output, msg->len + 1, &olen ) ); + // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte) + TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, \ + mbedtls_ccm_update( &ctx, msg_second_buffer, 2, output + msg->len - 1, 2, &olen ) ); +exit: + mbedtls_free( output ); + mbedtls_ccm_free( &ctx ); +} +/* END_CASE */ + +/* Finish without passing any auth data or plaintext/ciphertext input */ +/* BEGIN_CASE */ +void mbedtls_ccm_instant_finish( int cipher_id, int mode, + data_t * key, data_t * iv ) +{ + mbedtls_ccm_context ctx; + uint8_t *output = NULL; + + mbedtls_ccm_init( &ctx ); + TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); + TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); + // use hardcoded values for add length, msg length and tag length. + // They are not a part of this test + TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 16, 16, 16 ) ); + + ASSERT_ALLOC( output, 16 ); + TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish( &ctx, output, 16 ) ); + +exit: + mbedtls_free( output ); + mbedtls_ccm_free( &ctx ); +} +/* END_CASE */ diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data index 4dbdd52529..8c2ba3c221 100644 --- a/tests/suites/test_suite_cipher.aes.data +++ b/tests/suites/test_suite_cipher.aes.data @@ -790,6 +790,318 @@ AES-256 OFB - Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_OFB:256:16:16:-1:16:16:16:16 +AES-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:0:-1 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 1 byte +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:1:-1 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 2 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:2:-1 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 7 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:7:-1 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 8 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:8:-1 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 9 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:9:-1 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 15 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:15:-1 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:16:-1 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 17 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:17:-1 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 31 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:31:-1 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 32 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:32:-1 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 33 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:33:-1 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 47 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:47:-1 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 48 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:48:-1 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 49 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:49:-1 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:0:0:-1:0:0:0:0 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:1:0:-1:1:0:1:0 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:0:1:-1:0:1:0:1 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:16:0:-1:16:0:16:0 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:0:16:-1:0:16:0:16 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:1:15:-1:1:15:1:15 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:15:1:-1:15:1:15:1 + +AES-128 CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:15:7:-1:15:7:15:7 + +AES-128-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:16:6:-1:16:6:16:6 + +AES-128-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:17:6:-1:17:6:17:6 + +AES-128-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:16:16:-1:16:16:16:16 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 0 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:0:-1 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 1 byte +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:1:-1 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 2 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:2:-1 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 7 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:7:-1 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 8 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:8:-1 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 9 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:9:-1 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 15 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:15:-1 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:16:-1 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 17 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:17:-1 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 31 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:31:-1 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 32 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:32:-1 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 33 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:33:-1 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 47 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:47:-1 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 48 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:48:-1 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 49 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:49:-1 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:0:0:-1:0:0:0:0 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:1:0:-1:1:0:1:0 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:0:1:-1:0:1:0:1 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:16:0:-1:16:0:16:0 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:0:16:-1:0:16:0:16 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:1:15:-1:1:15:1:15 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:15:1:-1:15:1:15:1 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:15:7:-1:15:7:15:7 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:16:6:-1:16:6:16:6 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:17:6:-1:17:6:17:6 + +AES-192-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:16:16:-1:16:16:16:16 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 0 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:0:-1 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 1 byte +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:1:-1 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 2 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:2:-1 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 7 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:7:-1 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 8 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:8:-1 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 9 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:9:-1 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 15 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:15:-1 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:16:-1 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 17 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:17:-1 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 31 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:31:-1 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:32:-1 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 33 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:33:-1 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 47 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:47:-1 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 48 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:48:-1 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 49 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:49:-1 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:0:0:-1:0:0:0:0 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:1:0:-1:1:0:1:0 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:0:1:-1:0:1:0:1 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:16:0:-1:16:0:16:0 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:0:16:-1:0:16:0:16 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:1:15:-1:1:15:1:15 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:15:1:-1:15:1:15:1 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:15:7:-1:15:7:15:7 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:16:6:-1:16:6:16:6 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:17:6:-1:17:6:17:6 + +AES-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:16:16:-1:16:16:16:16 + AES-128 XTS - Encrypt and decrypt 16 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_XTS enc_dec_buf:MBEDTLS_CIPHER_AES_128_XTS:"AES-128-XTS":256:16:-1 @@ -1798,6 +2110,150 @@ AES-256-CBC crypt Decrypt NIST KAT #4 PSA depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0:1 +AES-128-ECB crypt Encrypt NIST KAT #1 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"80000000000000000000000000000000":"3ad78e726c1ec02b7ebfe92b23d9ec34":0:1 + +AES-128-ECB crypt Encrypt NIST KAT #2 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffe000":"":"00000000000000000000000000000000":"323994cfb9da285a5d9642e1759b224a":0:1 + +AES-128-ECB crypt Encrypt NIST KAT #3 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"10a58869d74be5a374cf867cfb473859":"":"00000000000000000000000000000000":"6d251e6944b051e04eaa6fb4dbf78465":0:1 + +AES-128-ECB crypt Encrypt NIST KAT #4 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0:1 + +AES-128-ECB crypt Decrypt NIST KAT #1 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"3ad78e726c1ec02b7ebfe92b23d9ec34":"80000000000000000000000000000000":0:1 + +AES-128-ECB crypt Decrypt NIST KAT #2 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffc000000000000000000000000000":"":"df556a33438db87bc41b1752c55e5e49":"00000000000000000000000000000000":0:1 + +AES-128-ECB crypt Decrypt NIST KAT #3 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"10a58869d74be5a374cf867cfb473859":"":"6d251e6944b051e04eaa6fb4dbf78465":"00000000000000000000000000000000":0:1 + +AES-128-ECB crypt Decrypt NIST KAT #4 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"0336763e966d92595a567cc9ce537f5e":"f34481ec3cc627bacd5dc3fb08f273e6":0:1 + +AES-192-ECB crypt Encrypt NIST KAT #1 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"80000000000000000000000000000000":"6cd02513e8d4dc986b4afe087a60bd0c":0:1 + +AES-192-ECB crypt Encrypt NIST KAT #2 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"ff0000000000000000000000000000000000000000000000":"":"00000000000000000000000000000000":"833f71258d53036b02952c76c744f5a1":0:1 + +AES-192-ECB crypt Encrypt NIST KAT #3 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"":"00000000000000000000000000000000":"0956259c9cd5cfd0181cca53380cde06":0:1 + +AES-192-ECB crypt Encrypt NIST KAT #4 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"1b077a6af4b7f98229de786d7516b639":"275cfc0413d8ccb70513c3859b1d0f72":0:1 + +AES-192-ECB crypt Decrypt NIST KAT #1 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"6cd02513e8d4dc986b4afe087a60bd0c":"80000000000000000000000000000000":0:1 + +AES-192-ECB crypt Decrypt NIST KAT #2 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"ffe000000000000000000000000000000000000000000000":"":"7ababc4b3f516c9aafb35f4140b548f9":"00000000000000000000000000000000":0:1 + +AES-192-ECB crypt Decrypt NIST KAT #3 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"":"0956259c9cd5cfd0181cca53380cde06":"00000000000000000000000000000000":0:1 + +AES-192-ECB crypt Decrypt NIST KAT #4 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0:1 + +AES-256-ECB crypt Encrypt NIST KAT #1 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"80000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":0:1 + +AES-256-ECB crypt Encrypt NIST KAT #2 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ff00000000000000000000000000000000000000000000000000000000000000":"":"00000000000000000000000000000000":"ec52a212f80a09df6317021bc2a9819e":0:1 + +AES-256-ECB crypt Encrypt NIST KAT #3 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"":"00000000000000000000000000000000":"46f2fb342d6f0ab477476fc501242c5f":0:1 + +AES-256-ECB crypt Encrypt NIST KAT #4 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"014730f80ac625fe84f026c60bfd547d":"5c9d844ed46f9885085e5d6a4f94c7d7":0:1 + +AES-256-ECB crypt Decrypt NIST KAT #1 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0:1 + +AES-256-ECB crypt Decrypt NIST KAT #2 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"ffe0000000000000000000000000000000000000000000000000000000000000":"":"d1ccb9b1337002cbac42c520b5d67722":"00000000000000000000000000000000":0:1 + +AES-256-ECB crypt Decrypt NIST KAT #3 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"":"46f2fb342d6f0ab477476fc501242c5f":"00000000000000000000000000000000":0:1 + +AES-256-ECB crypt Decrypt NIST KAT #4 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0:1 + +AES-128-CCM*-NO-TAG crypt Encrypt NIST VPT AES-128 #15 +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"7301c907b9d2aaac355c5416ff25c59b":"7304b65b6dab466273862c88b9":"484300aa3a506afcd313b49ead8d":"928ca58b0d373dc50c52afac787c":0:0 + +AES-128-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-128 #15 +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":0:0 + +AES-192-CCM*-NO-TAG crypt Encrypt NIST VTT AES-192 #1 +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"11fd45743d946e6d37341fec49947e8c70482494a8f07fcc":"c6aeebcb146cfafaae66f78aab":"ee7e6075ba52846de5d6254959a18affc4faf59c8ef63489":"137d9da59baf5cbfd46620c5f298fc766de10ac68e774edf":0:0 + +AES-192-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-192 #15 +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9403aff859fbb":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671e":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":0:0 + +AES-256-CCM*-NO-TAG crypt Encrypt NIST VADT AES-256 #1 +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886df3ba3e6da3a1389":"72a60f345a1978fb40f28a2fa4":"30d56ff2a25b83fee791110fcaea48e41db7c7f098a81000":"55f068c0bbba8b598013dd1841fd740fda2902322148ab5e":0:0 + +AES-256-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-256 #13 +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c10583db49cf39":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f412":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e":0:0 + +AES-128-CCM*-NO-TAG crypt Encrypt NIST VPT AES-128 #15 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"7301c907b9d2aaac355c5416ff25c59b":"7304b65b6dab466273862c88b9":"484300aa3a506afcd313b49ead8d":"928ca58b0d373dc50c52afac787c":0:1 + +AES-128-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-128 #15 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":0:1 + +AES-192-CCM*-NO-TAG crypt Encrypt NIST VTT AES-192 #1 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"11fd45743d946e6d37341fec49947e8c70482494a8f07fcc":"c6aeebcb146cfafaae66f78aab":"ee7e6075ba52846de5d6254959a18affc4faf59c8ef63489":"137d9da59baf5cbfd46620c5f298fc766de10ac68e774edf":0:1 + +AES-192-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-192 #15 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9403aff859fbb":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671e":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":0:1 + +AES-256-CCM*-NO-TAG crypt Encrypt NIST VADT AES-256 #1 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886df3ba3e6da3a1389":"72a60f345a1978fb40f28a2fa4":"30d56ff2a25b83fee791110fcaea48e41db7c7f098a81000":"55f068c0bbba8b598013dd1841fd740fda2902322148ab5e":0:1 + +AES-256-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-256 #13 PSA +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c10583db49cf39":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f412":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e":0:1 + Cipher Corner Case behaviours depends_on:MBEDTLS_AES_C cipher_special_behaviours: diff --git a/tests/suites/test_suite_cipher.aria.data b/tests/suites/test_suite_cipher.aria.data index 2c50a21fc7..c1e19909bc 100644 --- a/tests/suites/test_suite_cipher.aria.data +++ b/tests/suites/test_suite_cipher.aria.data @@ -1,3 +1,339 @@ Aria CBC Decrypt empty buffer depends_on:MBEDTLS_ARIA_C:MBEDTLS_CIPHER_MODE_CBC dec_empty_buf:MBEDTLS_CIPHER_ARIA_128_CBC:0:0 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:0:-1 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 1 byte +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:1:-1 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 2 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:2:-1 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 7 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:7:-1 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 8 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:8:-1 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 9 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:9:-1 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 15 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:15:-1 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:16:-1 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 17 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:17:-1 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 31 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:31:-1 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 32 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:32:-1 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 33 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:33:-1 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 47 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:47:-1 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 48 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:48:-1 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 49 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:49:-1 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:0:0:-1:0:0:0:0 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:1:0:-1:1:0:1:0 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:0:1:-1:0:1:0:1 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:16:0:-1:16:0:16:0 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:0:16:-1:0:16:0:16 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:1:15:-1:1:15:1:15 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:15:1:-1:15:1:15:1 + +ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:15:7:-1:15:7:15:7 + +ARIA-128-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:16:6:-1:16:6:16:6 + +ARIA-128-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:17:6:-1:17:6:17:6 + +ARIA-128-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:16:16:-1:16:16:16:16 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 0 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:0:-1 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 1 byte +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:1:-1 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 2 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:2:-1 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 7 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:7:-1 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 8 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:8:-1 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 9 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:9:-1 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 15 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:15:-1 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:16:-1 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 17 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:17:-1 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 31 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:31:-1 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 32 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:32:-1 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 33 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:33:-1 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 47 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:47:-1 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 48 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:48:-1 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 49 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:49:-1 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:0:0:-1:0:0:0:0 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:1:0:-1:1:0:1:0 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:0:1:-1:0:1:0:1 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:16:0:-1:16:0:16:0 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:0:16:-1:0:16:0:16 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:1:15:-1:1:15:1:15 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:15:1:-1:15:1:15:1 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:15:7:-1:15:7:15:7 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:16:6:-1:16:6:16:6 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:17:6:-1:17:6:17:6 + +ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:16:16:-1:16:16:16:16 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 0 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:0:-1 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 1 byte +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:1:-1 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 2 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:2:-1 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 7 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:7:-1 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 8 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:8:-1 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 9 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:9:-1 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 15 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:15:-1 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:16:-1 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 17 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:17:-1 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 31 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:31:-1 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:32:-1 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 33 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:33:-1 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 47 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:47:-1 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 48 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:48:-1 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 49 bytes +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:49:-1 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:0:0:-1:0:0:0:0 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:1:0:-1:1:0:1:0 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:0:1:-1:0:1:0:1 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:16:0:-1:16:0:16:0 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:0:16:-1:0:16:0:16 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:1:15:-1:1:15:1:15 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:15:1:-1:15:1:15:1 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:15:7:-1:15:7:15:7 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:16:6:-1:16:6:16:6 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:17:6:-1:17:6:17:6 + +ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:16:16:-1:16:16:16:16 + +ARIA-128-CCM*-NO-TAG crypt Encrypt +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"6781f39fdf8d1c44165fc40ee2fb11f1d6e2ddc8c6512b":0:0 + +ARIA-128-CCM*-NO-TAG crypt Decrypt +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"6781f39fdf8d1c44165fc40ee2fb11f1d6e2ddc8c6512b":0:0 + +ARIA-192-CCM*-NO-TAG crypt Encrypt +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"993df86214d98ae70582c784903702e349dd64ece488c2":0:0 + +ARIA-192-CCM*-NO-TAG crypt Decrypt +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"993df86214d98ae70582c784903702e349dd64ece488c2":0:0 + +ARIA-256-CCM*-NO-TAG crypt Encrypt +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"5fdd984a6aa77c1d9a204c08f28172c4b4528bee27c41f":0:0 + +ARIA-256-CCM*-NO-TAG crypt Decrypt +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"5fdd984a6aa77c1d9a204c08f28172c4b4528bee27c41f":0:0 diff --git a/tests/suites/test_suite_cipher.camellia.data b/tests/suites/test_suite_cipher.camellia.data index 3e7bffa45b..31fe92286f 100644 --- a/tests/suites/test_suite_cipher.camellia.data +++ b/tests/suites/test_suite_cipher.camellia.data @@ -765,3 +765,339 @@ enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:17:6:-1:16:0:16:0 CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1 [#5] depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:16:-1:16:16:0:32 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:0:-1 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 1 byte +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:1:-1 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 2 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:2:-1 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 7 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:7:-1 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 8 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:8:-1 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 9 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:9:-1 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 15 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:15:-1 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:16:-1 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 17 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:17:-1 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 31 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:31:-1 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 32 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:32:-1 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 33 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:33:-1 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 47 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:47:-1 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 48 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:48:-1 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 49 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:49:-1 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:0:0:-1:0:0:0:0 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:1:0:-1:1:0:1:0 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:0:1:-1:0:1:0:1 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:16:0:-1:16:0:16:0 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:0:16:-1:0:16:0:16 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:1:15:-1:1:15:1:15 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:15:1:-1:15:1:15:1 + +CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:15:7:-1:15:7:15:7 + +CAMELLIA-128-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:16:6:-1:16:6:16:6 + +CAMELLIA-128-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:17:6:-1:17:6:17:6 + +CAMELLIA-128-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:16:16:-1:16:16:16:16 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 0 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:0:-1 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 1 byte +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:1:-1 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 2 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:2:-1 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 7 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:7:-1 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 8 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:8:-1 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 9 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:9:-1 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 15 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:15:-1 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:16:-1 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 17 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:17:-1 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 31 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:31:-1 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 32 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:32:-1 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 33 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:33:-1 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 47 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:47:-1 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 48 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:48:-1 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 49 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:49:-1 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:0:0:-1:0:0:0:0 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:1:0:-1:1:0:1:0 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:0:1:-1:0:1:0:1 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:16:0:-1:16:0:16:0 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:0:16:-1:0:16:0:16 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:1:15:-1:1:15:1:15 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:15:1:-1:15:1:15:1 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:15:7:-1:15:7:15:7 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:16:6:-1:16:6:16:6 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:17:6:-1:17:6:17:6 + +CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:16:16:-1:16:16:16:16 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 0 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:0:-1 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 1 byte +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:1:-1 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 2 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:2:-1 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 7 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:7:-1 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 8 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:8:-1 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 9 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:9:-1 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 15 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:15:-1 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:16:-1 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 17 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:17:-1 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 31 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:31:-1 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:32:-1 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 33 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:33:-1 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 47 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:47:-1 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 48 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:48:-1 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 49 bytes +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:49:-1 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:0:0:-1:0:0:0:0 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:1:0:-1:1:0:1:0 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:0:1:-1:0:1:0:1 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:16:0:-1:16:0:16:0 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:0:16:-1:0:16:0:16 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:1:15:-1:1:15:1:15 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:15:1:-1:15:1:15:1 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:15:7:-1:15:7:15:7 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:16:6:-1:16:6:16:6 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:17:6:-1:17:6:17:6 + +CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:16:16:-1:16:16:16:16 + +CAMELLIA-128-CCM*-NO-TAG crypt Encrypt +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"BA737185E719310492F38A5F1251DA55FAFBC949848A0D":0:0 + +CAMELLIA-128-CCM*-NO-TAG crypt Decrypt +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"BA737185E719310492F38A5F1251DA55FAFBC949848A0D":0:0 + +CAMELLIA-192-CCM*-NO-TAG crypt Encrypt +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"c3ceaa2a68fb31d8347a83950f25f3a7956b8a284a5b35":0:0 + +CAMELLIA-192-CCM*-NO-TAG crypt Decrypt +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"c3ceaa2a68fb31d8347a83950f25f3a7956b8a284a5b35":0:0 + +CAMELLIA-256-CCM*-NO-TAG crypt Encrypt +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"933f749801d0e1262cd101831defd8366ab2a22e7c03cd":0:0 + +CAMELLIA-256-CCM*-NO-TAG crypt Decrypt +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C +test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"933f749801d0e1262cd101831defd8366ab2a22e7c03cd":0:0 diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 674349f764..e496856e2e 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -13,6 +13,59 @@ #define MBEDTLS_CIPHER_AUTH_CRYPT #endif +/* Check the internal consistency of a cipher info structure, and + * check it against mbedtls_cipher_info_from_xxx(). */ +static int check_cipher_info( mbedtls_cipher_type_t type, + const mbedtls_cipher_info_t *info ) +{ + size_t key_bitlen; + + TEST_ASSERT( info != NULL ); + TEST_EQUAL( type, mbedtls_cipher_info_get_type( info ) ); + TEST_EQUAL( type, info->type ); + TEST_ASSERT( mbedtls_cipher_info_from_type( type ) == info ); + + TEST_EQUAL( info->mode, mbedtls_cipher_info_get_mode( info ) ); + + /* Insist that get_name() return the string from the structure and + * not a copy. A copy would have an unknown storage duration. */ + TEST_ASSERT( mbedtls_cipher_info_get_name( info ) == info->name ); + TEST_ASSERT( mbedtls_cipher_info_from_string( info->name ) == info ); + + key_bitlen = mbedtls_cipher_info_get_key_bitlen( info ); + if( info->type == MBEDTLS_CIPHER_NULL ) + TEST_ASSERT( key_bitlen == 0 ); + else if( info->mode == MBEDTLS_MODE_XTS ) + { + TEST_ASSERT( key_bitlen == 256 || + key_bitlen == 384 || + key_bitlen == 512 ); + } + else if( ! strncmp( info->name, "DES-EDE3-", 9 ) ) + { + TEST_ASSERT( key_bitlen == 192 ); + } + else if( ! strncmp( info->name, "DES-EDE-", 8 ) ) + { + TEST_ASSERT( key_bitlen == 128 ); + } + else if( ! strncmp( info->name, "DES-", 4 ) ) + { + TEST_ASSERT( key_bitlen == 64 ); + } + else + { + TEST_ASSERT( key_bitlen == 128 || + key_bitlen == 192 || + key_bitlen == 256 ); + } + + return( 1 ); + +exit: + return( 0 ); +} + #if defined(MBEDTLS_CIPHER_AUTH_CRYPT) /* Helper for resetting key/direction * @@ -81,7 +134,13 @@ void mbedtls_cipher_list( ) const int *cipher_type; for( cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++ ) - TEST_ASSERT( mbedtls_cipher_info_from_type( *cipher_type ) != NULL ); + { + const mbedtls_cipher_info_t *info = + mbedtls_cipher_info_from_type( *cipher_type ); + mbedtls_test_set_step( *cipher_type ); + if( ! check_cipher_info( *cipher_type, info ) ) + goto exit; + } } /* END_CASE */ @@ -284,7 +343,7 @@ exit: void enc_dec_buf( int cipher_id, char * cipher_string, int key_len, int length_val, int pad_mode ) { - size_t length = length_val, outlen, total_len, i, block_size; + size_t length = length_val, outlen, total_len, i, block_size, iv_len; unsigned char key[64]; unsigned char iv[16]; unsigned char ad[13]; @@ -309,6 +368,8 @@ void enc_dec_buf( int cipher_id, char * cipher_string, int key_len, cipher_info = mbedtls_cipher_info_from_type( cipher_id ); TEST_ASSERT( NULL != cipher_info ); TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info ); + TEST_ASSERT( strcmp( mbedtls_cipher_info_get_name( cipher_info ), + cipher_string ) == 0 ); /* Initialise enc and dec contexts */ TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) ); @@ -340,8 +401,14 @@ void enc_dec_buf( int cipher_id, char * cipher_string, int key_len, memset( decbuf, 0, sizeof( decbuf ) ); memset( tag, 0, sizeof( tag ) ); - TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, sizeof( iv ) ) ); - TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, sizeof( iv ) ) ); + if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") ) + iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. + * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ + else + iv_len = sizeof(iv); + + TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) ); + TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) ); TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) ); TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) ); @@ -536,6 +603,7 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, size_t second_length = second_length_val; size_t length = first_length + second_length; size_t block_size; + size_t iv_len; unsigned char key[32]; unsigned char iv[16]; @@ -580,8 +648,14 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, (void) pad_mode; #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ - TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) ); - TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, 16 ) ); + if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") ) + iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. + * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ + else + iv_len = sizeof(iv); + + TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) ); + TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) ); TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) ); TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) ); diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function index 5b249355b6..7256fb5376 100644 --- a/tests/suites/test_suite_des.function +++ b/tests/suites/test_suite_des.function @@ -24,7 +24,7 @@ void des_encrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst ) mbedtls_des_init( &ctx ); - mbedtls_des_setkey_enc( &ctx, key_str->x ); + TEST_ASSERT( mbedtls_des_setkey_enc( &ctx, key_str->x ) == 0 ); TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 ); TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); @@ -44,7 +44,7 @@ void des_decrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst ) mbedtls_des_init( &ctx ); - mbedtls_des_setkey_dec( &ctx, key_str->x ); + TEST_ASSERT( mbedtls_des_setkey_dec( &ctx, key_str->x ) == 0 ); TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 ); TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); @@ -65,7 +65,7 @@ void des_encrypt_cbc( data_t * key_str, data_t * iv_str, mbedtls_des_init( &ctx ); - mbedtls_des_setkey_enc( &ctx, key_str->x ); + TEST_ASSERT( mbedtls_des_setkey_enc( &ctx, key_str->x ) == 0 ); TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result ); if( cbc_result == 0 ) { @@ -91,7 +91,7 @@ void des_decrypt_cbc( data_t * key_str, data_t * iv_str, mbedtls_des_init( &ctx ); - mbedtls_des_setkey_dec( &ctx, key_str->x ); + TEST_ASSERT( mbedtls_des_setkey_dec( &ctx, key_str->x ) == 0 ); TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result ); if( cbc_result == 0 ) { @@ -117,9 +117,9 @@ void des3_encrypt_ecb( int key_count, data_t * key_str, if( key_count == 2 ) - mbedtls_des3_set2key_enc( &ctx, key_str->x ); + TEST_ASSERT( mbedtls_des3_set2key_enc( &ctx, key_str->x ) == 0 ); else if( key_count == 3 ) - mbedtls_des3_set3key_enc( &ctx, key_str->x ); + TEST_ASSERT( mbedtls_des3_set3key_enc( &ctx, key_str->x ) == 0 ); else TEST_ASSERT( 0 ); @@ -144,9 +144,9 @@ void des3_decrypt_ecb( int key_count, data_t * key_str, if( key_count == 2 ) - mbedtls_des3_set2key_dec( &ctx, key_str->x ); + TEST_ASSERT( mbedtls_des3_set2key_dec( &ctx, key_str->x ) == 0 ); else if( key_count == 3 ) - mbedtls_des3_set3key_dec( &ctx, key_str->x ); + TEST_ASSERT( mbedtls_des3_set3key_dec( &ctx, key_str->x ) == 0 ); else TEST_ASSERT( 0 ); @@ -172,9 +172,9 @@ void des3_encrypt_cbc( int key_count, data_t * key_str, if( key_count == 2 ) - mbedtls_des3_set2key_enc( &ctx, key_str->x ); + TEST_ASSERT( mbedtls_des3_set2key_enc( &ctx, key_str->x ) == 0 ); else if( key_count == 3 ) - mbedtls_des3_set3key_enc( &ctx, key_str->x ); + TEST_ASSERT( mbedtls_des3_set3key_enc( &ctx, key_str->x ) == 0 ); else TEST_ASSERT( 0 ); @@ -205,9 +205,9 @@ void des3_decrypt_cbc( int key_count, data_t * key_str, if( key_count == 2 ) - mbedtls_des3_set2key_dec( &ctx, key_str->x ); + TEST_ASSERT( mbedtls_des3_set2key_dec( &ctx, key_str->x ) == 0 ); else if( key_count == 3 ) - mbedtls_des3_set3key_dec( &ctx, key_str->x ); + TEST_ASSERT( mbedtls_des3_set3key_dec( &ctx, key_str->x ) == 0 ); else TEST_ASSERT( 0 ); diff --git a/tests/suites/test_suite_gcm.aes128_de.data b/tests/suites/test_suite_gcm.aes128_de.data index 3df31e56bf..ede6f243c1 100644 --- a/tests/suites/test_suite_gcm.aes128_de.data +++ b/tests/suites/test_suite_gcm.aes128_de.data @@ -726,6 +726,10 @@ AES-GCM Bad IV (AES-128,128,0,0,32) #0 depends_on:MBEDTLS_AES_C gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT +AES-GCM, output buffer too small, NIST Validation (AES-128,128,1024,0,128) #0 +depends_on:MBEDTLS_AES_C +gcm_update_output_buffer_too_small:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"0dd358bc3f992f26e81e3a2f3aa2d517":"87cc4fd75788c9d5cc83bae5d764dd249d178ab23224049795d4288b5ed9ea3f317068a39a7574b300c8544226e87b08e008fbe241d094545c211d56ac44437d41491a438272738968c8d371aa7787b5f606c8549a9d868d8a71380e9657d3c0337979feb01de5991fc1470dfc59eb02511efbbff3fcb479a862ba3844a25aaa":"d8c750bb443ee1a169dfe97cfe4d855b" + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes128_en.data b/tests/suites/test_suite_gcm.aes128_en.data index d60c458bcd..273642cbd7 100644 --- a/tests/suites/test_suite_gcm.aes128_en.data +++ b/tests/suites/test_suite_gcm.aes128_en.data @@ -726,6 +726,9 @@ AES-GCM Bad IV (AES-128,128,0,0,32) #0 depends_on:MBEDTLS_AES_C gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT +AES-GCM, output buffer too small, NIST Validation (AES-128,128,1024,0,128) #0 +gcm_update_output_buffer_too_small:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"ce0f8cfe9d64c4f4c045d11b97c2d918":"dfff250d380f363880963b42d6913c1ba11e8edf7c4ab8b76d79ccbaac628f548ee542f48728a9a2620a0d69339c8291e8d398440d740e310908cdee7c273cc91275ce7271ba12f69237998b07b789b3993aaac8dc4ec1914432a30f5172f79ea0539bd1f70b36d437e5170bc63039a5280816c05e1e41760b58e35696cebd55":"ad4c3627a494fc628316dc03faf81db8" + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index c530e6b429..5696679ea9 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -431,6 +431,29 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void gcm_update_output_buffer_too_small( int cipher_id, int mode, + data_t * key_str, const data_t *input, + const data_t *iv ) +{ + mbedtls_gcm_context ctx; + uint8_t *output = NULL; + size_t olen = 0; + size_t output_len = input->len - 1; + + mbedtls_gcm_init( &ctx ); + TEST_EQUAL( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ), 0 ); + TEST_EQUAL( 0, mbedtls_gcm_starts( &ctx, mode, iv->x, iv->len ) ); + + ASSERT_ALLOC( output, output_len ); + TEST_EQUAL( MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL, mbedtls_gcm_update( &ctx, input->x, input->len, output, output_len, &olen ) ); + +exit: + mbedtls_free( output ); + mbedtls_gcm_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void gcm_selftest( ) { diff --git a/tests/suites/test_suite_net.function b/tests/suites/test_suite_net.function index f429fc9221..513b72364b 100644 --- a/tests/suites/test_suite_net.function +++ b/tests/suites/test_suite_net.function @@ -9,11 +9,11 @@ #endif #if defined(MBEDTLS_PLATFORM_IS_UNIXLIKE) -#include #include #include #include #include +#include #include #endif diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index e3e9a5225a..2c5537f391 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2,25 +2,49 @@ PSA compile-time sanity checks static_checks: PSA import/export raw: 1 bytes -import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:8:0:PSA_SUCCESS:1 +import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:0:8:0:PSA_SUCCESS:1 PSA import/export raw: 1 bytes, larger buffer -import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:8:1:PSA_SUCCESS:1 +import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:0:8:1:PSA_SUCCESS:1 PSA import/export raw: 2 bytes, buffer too small -import_export:"2a2b":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:16:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 +import_export:"2a2b":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:0:16:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export AES-128 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES -import_export:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:128:0:PSA_SUCCESS:1 +import_export:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:128:0:PSA_SUCCESS:1 PSA import/export AES-192 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES -import_export:"0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:192:0:PSA_SUCCESS:1 +import_export:"0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:192:0:PSA_SUCCESS:1 PSA import/export AES-256 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES -import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:256:0:PSA_SUCCESS:1 +import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:256:0:PSA_SUCCESS:1 + +PSA import/export raw: 1 bytes, opaque +depends_on:PSA_CRYPTO_DRIVER_TEST +import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):8:0:PSA_SUCCESS:1 + +PSA import/export raw: 1 bytes, larger buffer, opaque +depends_on:PSA_CRYPTO_DRIVER_TEST +import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):8:1:PSA_SUCCESS:1 + +PSA import/export raw: 2 bytes, buffer too small, opaque +depends_on:PSA_CRYPTO_DRIVER_TEST +import_export:"2a2b":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):16:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 + +PSA import/export AES-128, opaque +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +import_export:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):128:0:PSA_SUCCESS:1 + +PSA import/export AES-192, opaque +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +import_export:"0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):192:0:PSA_SUCCESS:1 + +PSA import/export AES-256, opaque +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1 PSA import: bad usage flag import_with_policy:PSA_KEY_TYPE_RAW_DATA:0x40000000:0:PSA_ERROR_INVALID_ARGUMENT @@ -31,55 +55,107 @@ import_with_data:"0123456789abcdef":PSA_KEY_TYPE_AES:0:PSA_ERROR_INVALID_ARGUMEN PSA import/export RSA public key: good, 1024-bit depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_SUCCESS:1 +import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:1 PSA import/export RSA public key: good, larger buffer (+1 byte) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:1:PSA_SUCCESS:1 +import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:1:PSA_SUCCESS:1 PSA import/export RSA public key: good, larger buffer (*2-1) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:161:PSA_SUCCESS:1 +import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:161:PSA_SUCCESS:1 PSA import/export RSA public key: good, larger buffer (*2) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:162:PSA_SUCCESS:1 +import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:162:PSA_SUCCESS:1 PSA import/export RSA public key: good, larger buffer (*2+1) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:163:PSA_SUCCESS:1 +import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:163:PSA_SUCCESS:1 PSA import/export RSA public key: export buffer too small depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 +import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export RSA keypair: good, 1024-bit depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_SUCCESS:1 +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (+1 byte) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:1:PSA_SUCCESS:1 +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:1:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (*2-1) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:609:PSA_SUCCESS:1 +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:609:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (*2) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:610:PSA_SUCCESS:1 +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:610:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (*2+1) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:611:PSA_SUCCESS:1 +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:611:PSA_SUCCESS:1 PSA import/export RSA keypair: export buffer too small depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export RSA keypair: trailing garbage ignored depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:-1:PSA_SUCCESS:0 +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:-1:PSA_SUCCESS:0 + +PSA import/export RSA public key: good, 1024-bit, opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_SUCCESS:1 + +PSA import/export RSA public key: good, larger buffer (+1 byte), opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:1:PSA_SUCCESS:1 + +PSA import/export RSA public key: good, larger buffer (*2-1), opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:161:PSA_SUCCESS:1 + +PSA import/export RSA public key: good, larger buffer (*2), opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:162:PSA_SUCCESS:1 + +PSA import/export RSA public key: good, larger buffer (*2+1), opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:163:PSA_SUCCESS:1 + +PSA import/export RSA public key: export buffer too small, opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 + +PSA import/export RSA keypair: good, 1024-bit, opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_SUCCESS:1 + +PSA import/export RSA keypair: good, larger buffer (+1 byte), opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:1:PSA_SUCCESS:1 + +PSA import/export RSA keypair: good, larger buffer (*2-1), opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:609:PSA_SUCCESS:1 + +PSA import/export RSA keypair: good, larger buffer (*2), opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:610:PSA_SUCCESS:1 + +PSA import/export RSA keypair: good, larger buffer (*2+1), opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:611:PSA_SUCCESS:1 + +PSA import/export RSA keypair: export buffer too small, opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 + +PSA import/export RSA keypair: trailing garbage ignored, opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_SUCCESS:0 PSA import RSA keypair: truncated depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C @@ -99,27 +175,51 @@ import_with_data:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43 PSA import/export-public RSA public key: good, 1024-bit depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" +import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export-public RSA keypair: good, 1024-bit depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" +import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export-public RSA public key: buffer too small depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" +import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export-public RSA keypair: buffer too small depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" +import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" + +PSA import/export-public RSA public key: good, 1024-bit, opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" + +PSA import/export-public RSA keypair: good, 1024-bit, opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" + +PSA import/export-public RSA public key: buffer too small, opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" + +PSA import/export-public RSA keypair: buffer too small, opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export RSA public key: 1016-bit (good) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"30818802818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1016:0:PSA_SUCCESS:1 +import_export:"30818802818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1016:0:PSA_SUCCESS:1 PSA import/export RSA keypair: 1016-bit (good) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1016:0:PSA_SUCCESS:1 +import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1016:0:PSA_SUCCESS:1 + +PSA import/export RSA public key: 1016-bit (good), opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export:"30818802818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1016:0:PSA_SUCCESS:1 + +PSA import/export RSA keypair: 1016-bit (good), opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1016:0:PSA_SUCCESS:1 PSA import RSA public key: 1022-bit (not supported) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C @@ -139,141 +239,269 @@ import_with_data:"3082025a0201000281806c49704e91f3df44fc99e9b3c0fee5025cc04d0952 PSA import/export EC secp224r1 key pair: good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_224 -import_export:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:224:0:PSA_SUCCESS:1 +import_export:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:224:0:PSA_SUCCESS:1 PSA import/export-public EC secp224r1: good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_224 -import_export_public_key:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"041693a290f7f0b571fe2b41d5d84b01327631f4a860f995fa332c097f54192bb10f00113f2affb13c1a24ce44914571a95440ae014a00cbf7" +import_export_public_key:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"041693a290f7f0b571fe2b41d5d84b01327631f4a860f995fa332c097f54192bb10f00113f2affb13c1a24ce44914571a95440ae014a00cbf7" PSA import/export EC secp256r1 key pair: good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 -import_export:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1 +import_export:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:256:0:PSA_SUCCESS:1 PSA import/export-public EC secp256r1: good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 -import_export_public_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45" +import_export_public_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45" PSA import/export EC secp384r1 key pair: good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_384 -import_export:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:384:0:PSA_SUCCESS:1 +import_export:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:384:0:PSA_SUCCESS:1 PSA import/export-public EC secp384r1: good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_384 -import_export_public_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747" +import_export_public_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747" PSA import/export EC secp521r1 key pair: good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521 -import_export:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:521:0:PSA_SUCCESS:1 +import_export:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:521:0:PSA_SUCCESS:1 PSA import/export-public EC secp521r1: good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521 -import_export_public_key:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1" +import_export_public_key:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1" PSA import/export EC brainpool256r1 key pair: good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256 -import_export:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1 +import_export:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:256:0:PSA_SUCCESS:1 PSA import/export-public EC brainpool256r1: good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256 -import_export_public_key:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d" +import_export_public_key:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d" PSA import/export EC brainpool384r1 key pair: good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384 -import_export:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:384:0:PSA_SUCCESS:1 +import_export:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:384:0:PSA_SUCCESS:1 PSA import/export-public EC brainpool384r1: good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384 -import_export_public_key:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a" +import_export_public_key:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a" PSA import/export EC brainpool512r1 key pair: good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512 -import_export:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:512:0:PSA_SUCCESS:1 +import_export:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:512:0:PSA_SUCCESS:1 PSA import/export-public EC brainpool512r1: good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512 -import_export_public_key:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a" +import_export_public_key:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a" PSA import/export EC curve25519 key pair: good (already properly masked) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255 -import_export:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:255:0:PSA_SUCCESS:1 +import_export:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0:255:0:PSA_SUCCESS:1 PSA import/export EC curve25519 key pair: unmasked input (check export-import-export yields properly masked output) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255 -import_export:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:255:0:PSA_SUCCESS:0 +import_export:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0:255:0:PSA_SUCCESS:0 PSA import/export-public EC curve25519: accept unmasked input depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255 -import_export_public_key:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" +import_export_public_key:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" PSA import/export-public EC curve25519: accept masked input depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255 -import_export_public_key:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" +import_export_public_key:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" PSA import/export EC curve448 key pair: good (already properly masked, key from RFC 7748 6.2 Alice)) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448 -import_export:"988f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a59872eb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:448:0:PSA_SUCCESS:1 +import_export:"988f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a59872eb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0:448:0:PSA_SUCCESS:1 PSA import/export EC curve448 key pair: unmasked input (check export-import-export yields properly masked output, key from RFC 7748 6.2 Alice)) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448 -import_export:"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:448:0:PSA_SUCCESS:0 +import_export:"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0:448:0:PSA_SUCCESS:0 PSA import/export-public EC curve448: accept masked input (key from RFC 7748 6.2 Alice) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448 -import_export_public_key:"988f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a59872eb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:PSA_SUCCESS:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0" +import_export_public_key:"988f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a59872eb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:0:PSA_SUCCESS:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0" PSA import/export-public EC curve448: accept unmasked input (key from RFC 7748 6.2 Alice) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448 -import_export_public_key:"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:PSA_SUCCESS:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0" +import_export_public_key:"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:0:PSA_SUCCESS:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0" PSA import/export-public: cannot export-public a symmetric key depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export_public_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:PSA_ALG_CBC_NO_PADDING:0:PSA_ERROR_INVALID_ARGUMENT:"2b7e151628aed2a6abf7158809cf4f3c" +import_export_public_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:PSA_ALG_CBC_NO_PADDING:0:0:PSA_ERROR_INVALID_ARGUMENT:"2b7e151628aed2a6abf7158809cf4f3c" PSA import/export EC secp256r1 public key: good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 -import_export:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1 +import_export:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:256:0:PSA_SUCCESS:1 PSA import/export EC secp521r1 public key: good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521 -import_export:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:521:0:PSA_SUCCESS:1 +import_export:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:521:0:PSA_SUCCESS:1 PSA import/export EC brainpoolP256r1 public key: good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256 -import_export:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1 +import_export:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:256:0:PSA_SUCCESS:1 PSA import/export curve25519 public key: good depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255 -import_export:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:255:0:PSA_SUCCESS:1 +import_export:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0:255:0:PSA_SUCCESS:1 PSA import/export curve448 Public Key: good (key from RFC 7748 6.2 Alice) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448 -import_export:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:448:0:PSA_SUCCESS:0 +import_export:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0:448:0:PSA_SUCCESS:0 PSA import/export AES key: policy forbids export depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES -import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:128:0:PSA_ERROR_NOT_PERMITTED:1 +import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:128:0:PSA_ERROR_NOT_PERMITTED:1 PSA import/export HMAC key: policy forbids export depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):256:0:PSA_ERROR_NOT_PERMITTED:1 +import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):0:256:0:PSA_ERROR_NOT_PERMITTED:1 PSA import/export RSA keypair: policy forbids export (crypt) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:1024:0:PSA_ERROR_NOT_PERMITTED:1 +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:1024:0:PSA_ERROR_NOT_PERMITTED:1 PSA import/export RSA keypair: policy forbids export (sign) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_ERROR_NOT_PERMITTED:1 +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_ERROR_NOT_PERMITTED:1 + +PSA import/export EC secp224r1 key pair: good, opaque +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_224:PSA_CRYPTO_DRIVER_TEST +import_export:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):224:0:PSA_SUCCESS:1 + +PSA import/export-public EC secp224r1: good, opaque +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_224:PSA_CRYPTO_DRIVER_TEST +import_export_public_key:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"041693a290f7f0b571fe2b41d5d84b01327631f4a860f995fa332c097f54192bb10f00113f2affb13c1a24ce44914571a95440ae014a00cbf7" + +PSA import/export EC secp256r1 key pair: good, opaque +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST +import_export:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1 + +PSA import/export-public EC secp256r1: good, opaque +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST +import_export_public_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45" + +PSA import/export EC secp384r1 key pair: good, opaque +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_384:PSA_CRYPTO_DRIVER_TEST +import_export:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):384:0:PSA_SUCCESS:1 + +PSA import/export-public EC secp384r1: good, opaque +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_384:PSA_CRYPTO_DRIVER_TEST +import_export_public_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747" + +PSA import/export EC secp521r1 key pair: good, opaque +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521:PSA_CRYPTO_DRIVER_TEST +import_export:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):521:0:PSA_SUCCESS:1 + +PSA import/export-public EC secp521r1: good, opaque +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521:PSA_CRYPTO_DRIVER_TEST +import_export_public_key:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1" + +PSA import/export EC brainpool256r1 key pair: good, opaque +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_CRYPTO_DRIVER_TEST +import_export:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY::PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1 + +PSA import/export-public EC brainpool256r1: good, opaque +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_CRYPTO_DRIVER_TEST +import_export_public_key:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d" + +PSA import/export EC brainpool384r1 key pair: good, opaque +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384:PSA_CRYPTO_DRIVER_TEST +import_export:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):384:0:PSA_SUCCESS:1 + +PSA import/export-public EC brainpool384r1: good, opaque +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384:PSA_CRYPTO_DRIVER_TEST +import_export_public_key:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a" + +PSA import/export EC brainpool512r1 key pair: good, opaque +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512:PSA_CRYPTO_DRIVER_TEST +import_export:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):512:0:PSA_SUCCESS:1 + +PSA import/export-public EC brainpool512r1: good, opaque +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512:PSA_CRYPTO_DRIVER_TEST +import_export_public_key:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a" + +PSA import/export EC curve25519 key pair: good (already properly masked), opaque +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST +import_export:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):255:0:PSA_SUCCESS:1 + +PSA import/export EC curve25519 key pair: unmasked input (check export-import-export yields properly masked output), opaque +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST +import_export:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):255:0:PSA_SUCCESS:0 + +PSA import/export-public EC curve25519: accept unmasked input, opaque +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST +import_export_public_key:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" + +PSA import/export-public EC curve25519: accept masked input, opaque +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST +import_export_public_key:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" + +PSA import/export EC curve448 key pair: good (already properly masked, key from RFC 7748 6.2 Alice)), opaque +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST +import_export:"988f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a59872eb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):448:0:PSA_SUCCESS:1 + +PSA import/export EC curve448 key pair: unmasked input (check export-import-export yields properly masked output, key from RFC 7748 6.2 Alice)), opaque +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST +import_export:"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):448:0:PSA_SUCCESS:0 + +PSA import/export-public EC curve448: accept masked input (key from RFC 7748 6.2 Alice), opaque +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST +import_export_public_key:"988f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a59872eb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0" + +PSA import/export-public EC curve448: accept unmasked input (key from RFC 7748 6.2 Alice), opaque +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST +import_export_public_key:"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0" + +PSA import/export-public: cannot export-public a symmetric key, opaque +depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +import_export_public_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:PSA_ALG_CBC_NO_PADDING:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_ERROR_INVALID_ARGUMENT:"2b7e151628aed2a6abf7158809cf4f3c" + +PSA import/export EC secp256r1 public key: good, opaque +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST +import_export:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1 + +PSA import/export EC secp521r1 public key: good, opaque +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521:PSA_CRYPTO_DRIVER_TEST +import_export:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):521:0:PSA_SUCCESS:1 + +PSA import/export EC brainpoolP256r1 public key: good, opaque +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_CRYPTO_DRIVER_TEST +import_export:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1 + +PSA import/export curve25519 public key: good, opaque +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST +import_export:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):255:0:PSA_SUCCESS:1 + +PSA import/export curve448 Public Key: good (key from RFC 7748 6.2 Alice), opaque +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST +import_export:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):448:0:PSA_SUCCESS:0 + +PSA import/export AES key: policy forbids export, opaque +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):128:0:PSA_ERROR_NOT_PERMITTED:1 + +PSA import/export HMAC key: policy forbids export, opaque +depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC:PSA_CRYPTO_DRIVER_TEST +import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_ERROR_NOT_PERMITTED:1 + +PSA import/export RSA keypair: policy forbids export (crypt), opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_CRYPTO_DRIVER_TEST +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_ERROR_NOT_PERMITTED:1 + +PSA import/export RSA keypair: policy forbids export (sign), opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_ERROR_NOT_PERMITTED:1 # Test PEM import. Note that this is not a PSA feature, it's an Mbed TLS # extension which we may drop in the future. PSA import/export RSA public key: import PEM depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d4947664d413047435371475349623344514542415155414134474e4144434269514b4267514376425830356275685074312f6274634b7850482f6c706c53710a69714a4843315165346636777353306c7835635255784a4a34524b574b41517475376242494e46454e5354765441357548596c57377249486576456a536433750a355553447641624378686c497a514b7941756557727232553036664c2b466e43775947634d6b79344b357a545474346d4f69712f2f6b637a384865476e6f5a670a3939614454615539615137336d46397277774944415141420a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d0a00":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_SUCCESS:0 +import_export:"2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d4947664d413047435371475349623344514542415155414134474e4144434269514b4267514376425830356275685074312f6274634b7850482f6c706c53710a69714a4843315165346636777353306c7835635255784a4a34524b574b41517475376242494e46454e5354765441357548596c57377249486576456a536433750a355553447641624378686c497a514b7941756557727232553036664c2b466e43775947634d6b79344b357a545474346d4f69712f2f6b637a384865476e6f5a670a3939614454615539615137336d46397277774944415141420a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d0a00":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:0 PSA import/export RSA keypair: import PEM depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_SUCCESS:0 +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:0 PSA import: reject raw data key of length 0 # The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED @@ -418,111 +646,111 @@ key_attributes_init: PSA key policy: MAC, SIGN_HASH -> SIGN_HASH+MESSAGE depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS:PSA_ERROR_NOT_PERMITTED PSA key policy: MAC, VERIFY_HASH -> VERIFY_HASH+MESSAGE depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS +mac_key_policy:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED:PSA_SUCCESS PSA key policy: MAC, SIGN+VERIFY_HASH -> {SIGN,VERIFY}_{HASH,MESSAGE} depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS:PSA_SUCCESS PSA key policy: MAC, {SIGN,VERIFY}_{HASH,MESSAGE} depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS:PSA_SUCCESS PSA key policy: MAC, SIGN_MESSAGE depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS +mac_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS:PSA_ERROR_NOT_PERMITTED PSA key policy: MAC, VERIFY_MESSAGE depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS +mac_key_policy:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED:PSA_SUCCESS PSA key policy: MAC, SIGN+VERIFY_MESSAGE depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS +mac_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS:PSA_SUCCESS PSA key policy: MAC, neither sign nor verify depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:0:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED +mac_key_policy:0:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED PSA key policy: MAC, wrong algorithm depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224):PSA_ERROR_NOT_PERMITTED +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED PSA key policy: MAC, alg=0 in policy depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED PSA key policy: MAC, ANY_HASH in policy is not meaningful depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED PSA key policy: HMAC, sign-verify, tag length > min-length policy depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 30):PSA_SUCCESS +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 30):PSA_SUCCESS:PSA_SUCCESS PSA key policy: HMAC, sign-verify, tag length = min-length policy depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_SUCCESS +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_SUCCESS:PSA_SUCCESS PSA key policy: HMAC, sign-verify, tag length < min-length policy depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_ERROR_NOT_PERMITTED +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED PSA key policy: CMAC, sign-verify, tag length > min-length policy depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 16):PSA_SUCCESS +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 16):PSA_SUCCESS:PSA_SUCCESS PSA key policy: CMAC, sign-verify, tag length = min-length policy depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 10):PSA_SUCCESS +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 10):PSA_SUCCESS:PSA_SUCCESS PSA key policy: CMAC, sign-verify, tag length < min-length policy depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 8):PSA_ERROR_NOT_PERMITTED +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 8):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED PSA key policy: HMAC, sign-verify, default tag length > min-length policy depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 31):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 31):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS:PSA_SUCCESS PSA key policy: HMAC, sign-verify, default tag length = min-length policy depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 32):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 32):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS:PSA_SUCCESS PSA key policy: HMAC, sign-verify, default tag length < min-length policy depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 33):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 33):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED PSA key policy: HMAC, sign-verify, min-length policy, unmatched base alg depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 20):PSA_ERROR_NOT_PERMITTED +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 20):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED PSA key policy: HMAC, sign-verify, min-length policy, unmatched base alg (different hash base) depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 20):PSA_ERROR_NOT_PERMITTED +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 20):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED PSA key policy: HMAC, sign-verify, min-length policy, unmatched base alg (different algorithm) depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_CMAC:PSA_ERROR_NOT_PERMITTED +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_CMAC:PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED PSA key policy: HMAC, sign-verify, min-length policy used as algorithm depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_ERROR_INVALID_ARGUMENT +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_INVALID_ARGUMENT PSA key policy: HMAC, sign-verify, tag length > exact-length policy depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_ERROR_NOT_PERMITTED +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED PSA key policy: HMAC, sign-verify, tag length = exact-length policy depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_SUCCESS +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_SUCCESS:PSA_SUCCESS PSA key policy: HMAC, sign-verify, tag length < exact-length policy depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_ERROR_NOT_PERMITTED +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_ERROR_NOT_PERMITTED:PSA_ERROR_NOT_PERMITTED PSA key policy: cipher, encrypt | decrypt depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES @@ -684,11 +912,19 @@ PSA key policy: asymmetric signature, sign | verify, key usage extension depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE -PSA key policy: asymmetric signature, wrong algorithm family +PSA key policy: asymmetric signature, wrong alg family (PSS std/any salt) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE + +PSA key policy: asymmetric signature, wrong alg family (PSS any/std salt) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE + +PSA key policy: asymmetric signature, wrong alg family (RSA v15/PSS) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE -PSA key policy: asymmetric signature, wildcard in policy, wrong algorithm family +PSA key policy: asymmetric signature, wildcard in policy, wrong alg family depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE @@ -724,39 +960,47 @@ PSA key policy: asymmetric signature, neither sign nor verify depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C asymmetric_signature_key_policy:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:0 -PSA key policy: asymmetric signature for message, sign | verify +PSA key policy: msg asymmetric signature, sign | verify depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE -PSA key policy: asymmetric signature for message, wrong algorithm family +PSA key policy: msg asymmetric signature, wrong alg family (PSS std/any salt) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE + +PSA key policy: msg asymmetric signature, wrong alg family (PSS any/std salt) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE + +PSA key policy: msg asymmetric signature, wrong alg family (RSA v15/PSS) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE -PSA key policy: asymmetric signature for message, wildcard in policy, wrong algorithm family +PSA key policy: msg asymmetric signature, wildcard in policy, wrong alg family depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE -PSA key policy: asymmetric signature for message, wildcard in policy, ECDSA SHA-256 +PSA key policy: msg asymmetric signature, wildcard in policy, ECDSA SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE -PSA key policy: asymmetric signature for message, wildcard in policy, PKCS#1v1.5 SHA-256 +PSA key policy: msg asymmetric signature, wildcard in policy, PKCS#1v1.5 SHA-256 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE -PSA key policy: asymmetric signature for message, wrong hash algorithm +PSA key policy: msg asymmetric signature, wrong hash algorithm depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE -PSA key policy: asymmetric signature for message, alg=0 in policy +PSA key policy: msg asymmetric signature, alg=0 in policy depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE -PSA key policy: asymmetric signature for message, sign but not verify +PSA key policy: msg asymmetric signature, sign but not verify depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1:PSA_KEY_USAGE_SIGN_MESSAGE -PSA key policy: asymmetric signature for message, verify but not sign +PSA key policy: msg asymmetric signature, verify but not sign depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_signature_key_policy:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1:PSA_KEY_USAGE_VERIFY_MESSAGE @@ -841,225 +1085,365 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_ECDSA:PSA_WANT_KE key_policy_alg2:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256) Copy key: raw, 1 byte -copy_success:PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"2a":1:-1:-1:0:PSA_KEY_USAGE_COPY:0:0 +copy_success:PSA_KEY_USAGE_COPY:0:0:0:PSA_KEY_TYPE_RAW_DATA:"2a":1:-1:-1:0:0:PSA_KEY_USAGE_COPY:0:0 Copy key: AES, copy attributes depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":1:-1:-1:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":1:-1:-1:0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0 Copy key: AES, same usage flags depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0 Copy key: AES, fewer usage flags (-EXPORT) depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0 Copy key: AES, fewer usage flags (-COPY) depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0 Copy key: AES, 1 more usage flag depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0 Copy key: AES, 2 more usage flags depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0 Copy key: AES, intersect usage flags #1 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0 Copy key: AES, intersect usage flags #2 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0 Copy key: RSA key pair, same usage flags depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, extended usage flags depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, fewer usage flags depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, more usage flags depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, intersect usage flags #0 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, intersect usage flags #1 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, wildcard algorithm in source depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, wildcard algorithm in target depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, wildcard algorithm in source and target depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0 Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH, extended usage flags depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH Copy key: source=ECDSA+ECDH, target=ECDSA+0 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0 Copy key: source=ECDSA+ECDH, target=0+ECDH depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:0:PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:0:PSA_ALG_ECDH +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:0:PSA_ALG_ECDH:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:0:PSA_ALG_ECDH Copy key: source=ECDSA(any)+ECDH, target=ECDSA(SHA256)+ECDH depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH Copy key: source=ECDH+ECDSA(any), target=ECDH+ECDSA(SHA256) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256) +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256) + +Copy key: raw, 1 byte, opaque +depends_on:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY:0:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RAW_DATA:"2a":1:-1:-1:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY:0:0 + +Copy key: AES, copy attributes, opaque +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":1:-1:-1:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0 + +Copy key: AES, same usage flags, opaque +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0 + +Copy key: AES, fewer usage flags (-EXPORT), opaque +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0 + +Copy key: AES, fewer usage flags (-COPY), opaque +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0 + +Copy key: AES, 1 more usage flag, opaque +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0 + +Copy key: AES, 2 more usage flags, opaque +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0 + +Copy key: AES, intersect usage flags #1, opaque +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0 + +Copy key: AES, intersect usage flags #2, opaque +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0 + +Copy key: RSA key pair, same usage flags, opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 + +Copy key: RSA key pair, extended usage flags, opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 + +Copy key: RSA key pair, fewer usage flags, opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 + +Copy key: RSA key pair, more usage flags, opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 + +Copy key: RSA key pair, intersect usage flags #0, opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 + +Copy key: RSA key pair, intersect usage flags #1, opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 + +Copy key: RSA key pair, wildcard algorithm in source, opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 + +Copy key: RSA key pair, wildcard algorithm in target, opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 + +Copy key: RSA key pair, wildcard algorithm in source and target, opaque +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0 + +Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH, opaque +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH + +Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH, extended usage flags, opaque +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH + +Copy key: source=ECDSA+ECDH, target=ECDSA+0, opaque +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0 + +Copy key: source=ECDSA+ECDH, target=0+ECDH, opaque +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:0:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:0:PSA_ALG_ECDH + +Copy key: source=ECDSA(any)+ECDH, target=ECDSA(SHA256)+ECDH, opaque +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH + +Copy key: source=ECDH+ECDSA(any), target=ECDH+ECDSA(SHA256), opaque +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256) Copy fail: raw data, no COPY flag -copy_fail:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_NOT_PERMITTED +copy_fail:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_NOT_PERMITTED Copy key: AES, no COPY flag depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES -copy_fail:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_NOT_PERMITTED +copy_fail:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_NOT_PERMITTED Copy fail: AES, incompatible target policy depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES -copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT +copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy key: source=MAC, target=MAC extended usage flags depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_256):0 +copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_256):0 Copy key: source=MAC min-length, target=MAC length > min-length depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0 +copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0 Copy key: source=MAC min-length, target=MAC length = min-length depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0 +copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0 Copy fail: source=MAC min-length, target=MAC length < min-length depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -copy_fail:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT +copy_fail:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy key: source=MAC min-length, target=MAC min-length, src > tgt depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0 +copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0 Copy key: source=MAC min-length, target=MAC min-length, src = tgt depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0 +copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0 Copy key: source=MAC min-length, target=MAC min-length, src < tgt depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0 +copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0 Copy fail: source=MAC, target=MAC min-length > length depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -copy_fail:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT +copy_fail:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy key: source=MAC, target=MAC min-length = length depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0 +copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0 Copy key: source=MAC, target=MAC min-length < length depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC -copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0 +copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0 Copy key: source=AEAD min-length, target=AEAD length > min-length depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES -copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0 +copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0 Copy key: source=AEAD min-length, target=AEAD length = min-length depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES -copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0 +copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0 Copy fail: source=AEAD min-length, target=AEAD length < min-length depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES -copy_fail:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT +copy_fail:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy key: source=AEAD min-length, target=AEAD min-length, src > tgt depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES -copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0 +copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0 Copy key: source=AEAD min-length, target=AEAD min-length, src = tgt depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES -copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0 +copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0 Copy key: source=AEAD min-length, target=AEAD min-length, src < tgt depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES -copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0 +copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0 + +Copy key: source=MAC, target=MAC min-length = length, opaque +depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0 + +Copy key: source=MAC, target=MAC min-length < length, opaque +depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0 + +Copy key: source=AEAD min-length, target=AEAD length > min-length, opaque +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0 + +Copy key: source=AEAD min-length, target=AEAD length = min-length, opaque +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0 + +Copy key: source=AEAD min-length, target=AEAD min-length, src > tgt, opaque +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0 + +Copy key: source=AEAD min-length, target=AEAD min-length, src = tgt, opaque +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION )::PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0 + +Copy key: source=AEAD min-length, target=AEAD min-length, src < tgt, opaque +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0 Copy fail: source=AEAD, target=AEAD min-length > length depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES -copy_fail:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT +copy_fail:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy key: source=AEAD, target=AEAD min-length = length depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES -copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0 +copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0 Copy key: source=AEAD, target=AEAD min-length < length depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES -copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0 +copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0 + +Copy key: source=AEAD, target=AEAD min-length = length, opaque +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0 + +Copy key: source=AEAD, target=AEAD min-length < length, opaque +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0 Copy fail: RSA, incompatible target policy (source wildcard) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT +copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy fail: RSA, incompatible target policy (target wildcard) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT +copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy fail: RSA, incompatible target policy (source and target wildcard) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT +copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy fail: RSA, ANY_HASH is not meaningful with OAEP depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT +copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy fail: incorrect type in attributes depends_on:PSA_WANT_KEY_TYPE_AES -copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT +copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy fail: incorrect size in attributes -copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":0:42:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT +copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":0:42:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy fail: source=ECDSA(SHA224)+ECDH, target=ECDSA(SHA256)+ECDH depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 -copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_224):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT +copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_224):PSA_ALG_ECDH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy fail: source=ECDH+ECDSA(SHA224), target=ECDH+ECDSA(SHA256) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 -copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_224):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT +copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_224):0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy fail: AES, invalid persistent key identifier in attributes depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C -copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_LIFETIME_PERSISTENT:PSA_ERROR_INVALID_ARGUMENT +copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_LIFETIME_PERSISTENT:PSA_ERROR_INVALID_ARGUMENT Copy fail: AES, invalid lifetime (unknown location) in attributes +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C:!MBEDTLS_PSA_CRYPTO_DRIVERS +copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:1:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, 11):PSA_ERROR_INVALID_ARGUMENT + +Copy fail: AES, copy to a readonly lifetime in attributes depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C -copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:1:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_PERSISTENT, 11):PSA_ERROR_INVALID_ARGUMENT +copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:1:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_READ_ONLY, 0 ):PSA_ERROR_INVALID_ARGUMENT + +Copy fail: AES, across locations (unsupported) in attributes +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST +copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:1:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_VOLATILE, 0):PSA_ERROR_NOT_SUPPORTED Hash operation object initializers zero properly hash_operation_init: @@ -1527,6 +1911,7 @@ PSA symmetric encrypt: AES-CBC-nopad, input too short depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES cipher_encrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT +PSA symmetric encrypt: AES-ECB, 0 bytes, good depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES cipher_encrypt_alg_without_iv:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"" @@ -1578,6 +1963,10 @@ PSA symmetric encrypt validation: 3-key 3DES-CBC-nopad, 8 bytes, good depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES cipher_encrypt_validation:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"eda4011239bc3ac9" +PSA symmetric encrypt validation: CCM*-no-tag, 15 bytes, good +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES +cipher_encrypt_validation:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"d24a3d3dde8c84830280cb87abad0bb3":"6bc1bee22e409f96e93d7e11739317" + PSA symmetric encrypt multipart: AES-ECB, 0 bytes, good depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":0:0:0:"":PSA_SUCCESS @@ -1638,6 +2027,10 @@ PSA symmetric encrypt multipart: 3-key 3DES-ECB, 8 bytes, good depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"c78e2b38139610e3":8:8:0:"817ca7d69b80d86a":PSA_SUCCESS +PSA symmetric encrypt multipart: CCM*-no-tag, AES, 24 bytes, good +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES +cipher_encrypt_multipart:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"d24a3d3dde8c84830280cb87abad0bb3":"f1100035bb24a8d26004e0e24b":"7c86135ed9c2a515aaae0e9a208133897269220f30870006":10:10:14:"1faeb0ee2ca2cd52f0aa3966578344f24e69b742c4ab37ab":PSA_SUCCESS + PSA cipher decrypt: without initialization depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES cipher_decrypt_fail:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"":"":"":PSA_ERROR_BAD_STATE @@ -1670,6 +2063,10 @@ PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes) depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES cipher_decrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT +PSA symetric decrypt: CCM*-no-tag, input too short (15 bytes) +depends_on:MBEDTLS_AES_C +cipher_decrypt_fail:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"2a2a2a2a2a2a2a2a":PSA_ERROR_INVALID_ARGUMENT + PSA symmetric decrypt: AES-ECB, 0 bytes, good depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":"" @@ -1718,6 +2115,10 @@ PSA symmetric decrypt: 3-key 3DES-ECB, 8 bytes, good depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"817ca7d69b80d86a":"c78e2b38139610e3" +PSA symmetric decrypt: CCM*-no-tag, NIST DVPT AES-128 #15 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES +cipher_decrypt:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697" + PSA symmetric decrypt multipart: AES-ECB, 0 bytes, good depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":0:0:0:"":PSA_SUCCESS @@ -1778,6 +2179,10 @@ PSA symmetric decrypt multipart: 3-key 3DES-ECB, 8 bytes, good depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"817ca7d69b80d86a":8:8:0:"c78e2b38139610e3":PSA_SUCCESS +PSA symmetric decrypt multipart: CCM*-no-tag, 24 bytes, good +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES +cipher_decrypt_multipart:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9403aff859fbb":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134":10:10:14:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":PSA_SUCCESS + PSA symmetric encrypt/decrypt: AES-ECB, 16 bytes, good depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES cipher_verify_output:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a" @@ -1798,6 +2203,22 @@ PSA symmetric encrypt/decrypt: AES-CTR depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES cipher_verify_output:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a" +PSA symmetric encrypt/decrypt: CCM*-no-tag, AES +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES +cipher_verify_output:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a" + +CCM*-no-tag encrypt, iv_length = 14, bad +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES +cipher_encrypt_validate_iv_length:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":14:PSA_ERROR_INVALID_ARGUMENT + +CCM*-no-tag encrypt, iv_length = 13, good +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES +cipher_encrypt_validate_iv_length:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":13:PSA_SUCCESS + +CCM*-no-tag encrypt, iv_length = 12, bad +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES +cipher_encrypt_validate_iv_length:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":12:PSA_ERROR_INVALID_ARGUMENT + PSA symmetric encryption multipart: AES-ECB, 16+16 bytes depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":PSA_SUCCESS @@ -2114,6 +2535,22 @@ PSA AEAD decrypt: AES-CCM, invalid tag length 18 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT +PSA AEAD decrypt: AES-CCM, invalid nonce length 6 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c090693056":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT + +PSA AEAD decrypt: AES-CCM, invalid nonce length 14 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd97200":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT + +PSA AEAD decrypt: AES-CCM_8, invalid nonce length 6 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c090693056":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT + +PSA AEAD decrypt: AES-CCM_8, invalid nonce length 14 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c0906930561e0ab0ef4cd97200":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT + PSA AEAD encrypt/decrypt, AES-GCM, 19 bytes #1 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E":PSA_SUCCESS @@ -2266,6 +2703,14 @@ PSA AEAD decrypt: AES-GCM, invalid tag length 2 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT +PSA AEAD decrypt: AES-GCM, nonce=0 (bad) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_INVALID_ARGUMENT + +PSA AEAD decrypt: AES-GCM, nonce=0 (bad), TAG=12 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_INVALID_ARGUMENT + PSA AEAD decrypt: AES-GCM, invalid tag length 18 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT @@ -2370,6 +2815,18 @@ PSA AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_SUCCESS +PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=8, not supported) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"0700000040414243":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED + +PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=11, too short) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"0700000040414243444546":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_INVALID_ARGUMENT + +PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=13, too long) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"07000000404142434445464700":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_INVALID_ARGUMENT + PSA AEAD encrypt/decrypt: invalid algorithm (CTR) depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_NOT_SUPPORTED @@ -2378,6 +2835,614 @@ PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20) depends_on:MBEDTLS_CHACHA20_C aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_NOT_SUPPORTED +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #2 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #2 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=4 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=4 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=16 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=0, TAG=16, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":"":0:"f149e2b5f0adaa9842ca5f45b768a8fc" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=0, TAG=16, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":"":1:"f149e2b5f0adaa9842ca5f45b768a8fc" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=16, TAG=16, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":"":0:"204bdb1bd62154bf08922aaa54eed705" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=16, TAG=16, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":"":1:"204bdb1bd62154bf08922aaa54eed705" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=20, TAG=16, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":"":0:"1b2d2764573e20ae640bf29d48e5fe05" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=20, TAG=16, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":"":1:"1b2d2764573e20ae640bf29d48e5fe05" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=48, TAG=15, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":"":0:"77e5682a49243d5b9016eb1adafa2d" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=48, TAG=15, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":"":1:"77e5682a49243d5b9016eb1adafa2d" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=16, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":0:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=16, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":1:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=8, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":"d3f3f57033df30c22860231334b099cb":0:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=8, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":"d3f3f57033df30c22860231334b099cb":1:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=14, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":0:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=14, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":1:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=4, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":"636871d4c0aae3da7b55abd8b5f21297":0:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=4, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":"636871d4c0aae3da7b55abd8b5f21297":1:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=20, TAG=13, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":"3d952be11deb421b56e0ce9d7ce99553":0:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=20, TAG=13, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":"3d952be11deb421b56e0ce9d7ce99553":1:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=48, TAG=15, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":"fdd8a462c86d4365c8bfee0e25fc8a62":0:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=48, TAG=15, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":"fdd8a462c86d4365c8bfee0e25fc8a62":1:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=16, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":"":0:"bdc1ac884d332457a1d2664f168c76f0" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=16, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":"":1:"bdc1ac884d332457a1d2664f168c76f0" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=12, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":"":0:"2fb9c3e41fff24ef07437c47" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=12, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":"":1:"2fb9c3e41fff24ef07437c47" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=16, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":"":0:"f6d47505ec96c98a42dc3ae719877b87" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=16, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":"":1:"f6d47505ec96c98a42dc3ae719877b87" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=13, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":"":0:"5233f95bdcf5d666fb957acdcb" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=13, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":"":1:"5233f95bdcf5d666fb957acdcb" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=15, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":"":0:"d57e27914ecb4a764359d3c0f8d4d6" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=15, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":"":1:"d57e27914ecb4a764359d3c0f8d4d6" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=4, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":"":0:"72901467" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=4, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":"":1:"72901467" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=15, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":"722ee47da4b77424733546c2d400c4e5":0:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=15, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":"722ee47da4b77424733546c2d400c4e5":1:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=12, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":"bcf48ddcfe9d011a1003973d68d2d78a":0:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=12, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":"bcf48ddcfe9d011a1003973d68d2d78a":1:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=16, TAG=14, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":"c37aada3d4408e880d47e41df77da9b9":0:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=16, TAG=14, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":"c37aada3d4408e880d47e41df77da9b9":1:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=48, TAG=15, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":"e5f410fe939e79b7ad33fbd3aaf5856f":0:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=48, TAG=15, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":"e5f410fe939e79b7ad33fbd3aaf5856f":1:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3" + +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #1 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" + +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #1 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" + +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #2 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013" + +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #2 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013" + +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 4 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,4):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" + +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 4 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,4):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" + +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" + +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" + +PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" + +PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":"db1a74ffb5f7de26f5742e0942b1b9cb":0:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":"db1a74ffb5f7de26f5742e0942b1b9cb":1:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":"434ff68f2436f48418fd69f52158":0:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":"434ff68f2436f48418fd69f52158":1:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":0:"b03c2c20f758a93a8d1220232ad87098" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:"b03c2c20f758a93a8d1220232ad87098" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":0:"b22b2dcdcc18adc30d16297b84b459d8" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:"b22b2dcdcc18adc30d16297b84b459d8" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":0:"7e5fd8b595ddc4753676107951d900e2" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:"7e5fd8b595ddc4753676107951d900e2" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":0:"37245449db8f72b1ecdb420f629d3d80" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:"37245449db8f72b1ecdb420f629d3d80" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":0:"496909523f574b205d757659c5" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:"496909523f574b205d757659c5" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":0:"b6e056de521a27266dffbc0d96" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:"b6e056de521a27266dffbc0d96" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":0:"f6d56f8c86f27d957fa63aea22" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:"f6d56f8c86f27d957fa63aea22" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":0:"bd94b34511bc65ae47684805cb" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:"bd94b34511bc65ae47684805cb" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":"15e051a5e4a5f5da6cea92e2ebee5bac":0:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":"15e051a5e4a5f5da6cea92e2ebee5bac":1:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":"84c8beff4b0d160ee68ac613097f51":0:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":"84c8beff4b0d160ee68ac613097f51":1:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":"8d6351f18d873242204c20144e2b83":0:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":"8d6351f18d873242204c20144e2b83":1:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":"3bfd3d99fe2063e8ef8255519fe0":0:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":"3bfd3d99fe2063e8ef8255519fe0":1:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":0:"7789b41cb3ee548814ca0b388c10b343" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:"7789b41cb3ee548814ca0b388c10b343" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":"58375442ab1c0e6a8952c83d128d9fc5f45bb315":0:"4860116a6d2deb9bf794bfd6ac5bbbd6" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:"4860116a6d2deb9bf794bfd6ac5bbbd6" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":0:"ff426dd751190ff826e8b4a0792d746e" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:"ff426dd751190ff826e8b4a0792d746e" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":0:"0a0b284515694188b6b6c15bc8a09036" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:"0a0b284515694188b6b6c15bc8a09036" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":0:"f386b28e7eb4c2fb8eb5dc66a2" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:"f386b28e7eb4c2fb8eb5dc66a2" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":0:"da1c61fbfcdb73445ad4c7d889" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:"da1c61fbfcdb73445ad4c7d889" + +PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":0:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" + +PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539) (lengths set) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" + +PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (zero-length input) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"":0:"a0784d7a4716f3feb4f64e7f4b39bf04" + +PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (zero-length input) (lengths set) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04" + +PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (RFC7539, good tag) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e" + +PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (RFC7539, good tag) (lengths set) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e" + +PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (good tag, zero - length input) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"a0784d7a4716f3feb4f64e7f4b39bf04":0:"" + +PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (good tag, zero - length input) (lengths set) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"a0784d7a4716f3feb4f64e7f4b39bf04":1:"" + +PSA Multipart AEAD verify, AES - GCM, invalid signature +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f":"6bac793bdc2190a195122c98544ccf56":1:PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 16 bytes +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":1:PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 14 bytes +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df34":1:PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 0 bytes (valid buffer) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"":1:PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 0 bytes (NULL buffer) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"":0:PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD verify: AES - GCM, invalid tag length 0 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,0):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":1:PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart AEAD verify: AES - GCM, invalid tag length 2 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,2):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd":"10b6":1:PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart AEAD verify: ChaCha20 - Poly1305 (RFC7539, bad tag) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600690":1:PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 12 / Expect 12) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:12:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS + +PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 11 / Expect 0) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:11:0:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_ERROR_BUFFER_TOO_SMALL + +PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 0 / Expect 0) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL + +PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 16 / Expect 12) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:16:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS + +PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 12 / Expect 12) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS + +PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 11 / Expect 0) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:11:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL + +PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 0 / Expect 0) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL + +PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 16 / Expect 12) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:12:"":"":PSA_SUCCESS + +PSA Multipart Set Nonce, AES - GCM, NONCE = 0 (NULL) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:0:"":"":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce, AES - GCM, NONCE = 0 (Non-NULL) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:-1:"":"":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce, AES - GCM, NONCE = 16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS + +PSA Multipart Set Nonce, AES - GCM, NONCE = 20 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS + +PSA Multipart Set Nonce, AES - GCM_12, NONCE = 0 (NULL) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):0:"":"":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce, AES - GCM_12, NONCE = 0 (Non-NULL) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):-1:"":"":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce, AES - GCM_12, NONCE = 16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS + +PSA Multipart Set Nonce, AES - GCM_12, NONCE = 20 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS + +PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 11 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:11:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 12 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS + +PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 13 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:13:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 0 (NULL) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"":"":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 0 (Non-NULL) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:-1:"":"":PSA_ERROR_INVALID_ARGUMENT + +PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 0 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:0:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 129 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:129:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 0 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD finish buffer test: AES - GCM, BUF = 8, TAG = 16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:8:16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS + +PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 20 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:15:20:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS + +PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:15:15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 0 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:15:0:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0, TAG = 20 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:20:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_SUCCESS + +PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0, TAG = 15 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:15:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0, TAG = 0 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD setup: invalid algorithm (CTR) +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES +aead_multipart_setup:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT + +PSA AEAD setup: invalid algorithm (ChaCha20) +depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:PSA_ERROR_INVALID_ARGUMENT + +PSA AEAD setup: invalid algorithm (ChaCha20 - Poly1305 with short tag) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,12):PSA_ERROR_NOT_SUPPORTED + +PSA Multipart State Checks, AES - GCM +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E" + PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128 @@ -2394,6 +3459,10 @@ PSA signature size: RSA keypair, 1024 bits, PSS depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):128 +PSA signature size: RSA keypair, 1024 bits, PSS-any-salt +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR +signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS_ANY_SALT( PSA_ALG_SHA_256 ):128 + PSA signature size: RSA keypair, 1023 bits, PKCS#1 v1.5 raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1023:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128 @@ -2410,6 +3479,10 @@ PSA import/exercise RSA keypair, PSS-SHA-256 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256) +PSA import/exercise RSA keypair, PSS-any-salt-SHA-256 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256) + PSA import/exercise RSA public key, PKCS#1 v1.5 raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C import_and_exercise_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW @@ -2418,6 +3491,10 @@ PSA import/exercise RSA public key, PSS-SHA-256 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C import_and_exercise_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256) +PSA import/exercise RSA public key, PSS-any-salt-SHA-256 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +import_and_exercise_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256) + PSA import/exercise: ECP SECP256R1 keypair, ECDSA depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA_ANY @@ -2478,10 +3555,18 @@ PSA sign hash: RSA PSS SHA-256, wrong hash length (0 bytes) depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":127:PSA_ERROR_INVALID_ARGUMENT +PSA sign hash: RSA PSS-any-salt SHA-256, wrong hash length (0 bytes) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"":127:PSA_ERROR_INVALID_ARGUMENT + PSA sign hash: RSA PSS SHA-256, wrong hash length (129 bytes) depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":127:PSA_ERROR_INVALID_ARGUMENT +PSA sign hash: RSA PSS-any-salt SHA-256, wrong hash length (129 bytes) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":127:PSA_ERROR_INVALID_ARGUMENT + PSA sign hash: deterministic ECDSA SECP256R1 SHA-256, output buffer too small depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_ERROR_BUFFER_TOO_SMALL @@ -2526,6 +3611,10 @@ PSA sign/verify hash: RSA PSS SHA-256, 32 bytes (hash size) depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" +PSA sign/verify hash: RSA PSS-any-salt SHA-256, 32 bytes (hash size) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" + PSA sign/verify hash: randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" @@ -2582,18 +3671,86 @@ PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (leading junk) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"21a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE -PSA verify hash: RSA PSS SHA-256, good signature, 32 bytes (hash size) +PSA verify hash: RSA-1024 PSS SHA-256, slen=0 (bad) depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"1967ae568cc071dfebeeca76b11d40bd1ec5af241c50b3dcceff21f4536c0693a7179a8d5d163a7625fefd37c161127800edeebc24fa73ca772096827bd3f75e8ccf2c64f07b7171b5c99022a4d73b760f34a385ccff0bd5ed7997d2a29d2847acb0767f93a2a404bc046c97de66d95dc9f7646fdb216b627b2ea0de8afcefb7" +verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"abc4b612c6b71e13fa5965b2e25ee6adec5b1f211b2db158e9f3c4547d6cbef909a73dfb474b8caaf6c8fcafa10ec0bbadfd1883289ce33ad08ad533c61ea004fef4d9b76a1efc267efd066ae8918cb8e994faad30ff5e340e14c941926ba7ca9422b86e8055df1c1b90a5959a59cc7a5fc15cbd0d848cd40f7857b7629b668b":PSA_ERROR_INVALID_SIGNATURE + +PSA verify hash: RSA-1024 PSS-any-salt SHA-256, slen=0 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"abc4b612c6b71e13fa5965b2e25ee6adec5b1f211b2db158e9f3c4547d6cbef909a73dfb474b8caaf6c8fcafa10ec0bbadfd1883289ce33ad08ad533c61ea004fef4d9b76a1efc267efd066ae8918cb8e994faad30ff5e340e14c941926ba7ca9422b86e8055df1c1b90a5959a59cc7a5fc15cbd0d848cd40f7857b7629b668b" + +PSA verify hash: RSA-1024 PSS SHA-256, slen=31 (bad) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"797914eadbbe8293a7b0fe29d2db9fb246b519128d46d3ec93142a1a08a2992ba5325ad9b5ce55344b37996dbb81eb89628263cae4e3fc0e947dec0b8b0c7b0ee94bca02dd287f9cc619e2d88fb2279fb2a8f8301271c58009bb1223f3cfa730cb852947685678cfdef2968c82a9b8bffd8c0d518476b1ea2a5ad6c100045d8e":PSA_ERROR_INVALID_SIGNATURE + +PSA verify hash: RSA-1024 PSS-any-salt SHA-256, slen=31 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"797914eadbbe8293a7b0fe29d2db9fb246b519128d46d3ec93142a1a08a2992ba5325ad9b5ce55344b37996dbb81eb89628263cae4e3fc0e947dec0b8b0c7b0ee94bca02dd287f9cc619e2d88fb2279fb2a8f8301271c58009bb1223f3cfa730cb852947685678cfdef2968c82a9b8bffd8c0d518476b1ea2a5ad6c100045d8e" + +PSA verify hash: RSA-1024 PSS SHA-256, slen=32 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df" + +PSA verify hash: RSA-1024 PSS-any-salt SHA-256, slen=32 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df" + +PSA verify hash: RSA-1024 PSS SHA-256, slen=94 (bad) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"44a09fa66f1b2e790474960e90517e418747cfcd18423dff957516a598569d74f26ef1eae4a200d12d801e16fc6fde375330c79c0d8430825e0a7f69c664faefccfa25e7fbfc68af02af0f67fe4c49f68f6abc68c8f66d3fd77fc838961f4415827340c66e39c79ed7dae0738c08ce8272aebe50c72e31994b9b6db640b51800":PSA_ERROR_INVALID_SIGNATURE + +PSA verify hash: RSA-1024 PSS-any-salt SHA-256, slen=94 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"44a09fa66f1b2e790474960e90517e418747cfcd18423dff957516a598569d74f26ef1eae4a200d12d801e16fc6fde375330c79c0d8430825e0a7f69c664faefccfa25e7fbfc68af02af0f67fe4c49f68f6abc68c8f66d3fd77fc838961f4415827340c66e39c79ed7dae0738c08ce8272aebe50c72e31994b9b6db640b51800" + +PSA verify hash: RSA-1024 PSS SHA-512, slen=61 (bad) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"23f5b30c8d612d8f31206c177ac2023c4f44754d03c7ff67daff99f24fa369b3e5f7c15b228a4417a1ff1c93fb8d645d619c2f4f559ac6c7f7bac20ba9df32353d19941265a4e74261adaf45d48682c0bc86cea6128f11ad172ff461fb1d97bded615861843996e2a98e7b8313b695519d001ae35305d6cbf3c0ee6c7ab06d1a":PSA_ERROR_INVALID_SIGNATURE + +PSA verify hash: RSA-1024 PSS-any-salt SHA-512, slen=61 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"23f5b30c8d612d8f31206c177ac2023c4f44754d03c7ff67daff99f24fa369b3e5f7c15b228a4417a1ff1c93fb8d645d619c2f4f559ac6c7f7bac20ba9df32353d19941265a4e74261adaf45d48682c0bc86cea6128f11ad172ff461fb1d97bded615861843996e2a98e7b8313b695519d001ae35305d6cbf3c0ee6c7ab06d1a" + +PSA verify hash: RSA-1024 PSS SHA-512, slen=62 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"6b215d77cf88b2d08be53b4f3ac6e72ebfbf7e0dc6c1e77b238cfb661c247a011b8746709fbefe4bc05d37343391683e9489d720ecbb7df37f4e36967918958996939461703465c2014a4c12faf875f8def70070e55b765b165c7e9c6f2eb05c98351b1e82219c31a2fb3ddce05f8988f552ff92f0b3471f63c0e53824c550a4" + +PSA verify hash: RSA-1024 PSS-any-salt SHA-512, slen=62 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"6b215d77cf88b2d08be53b4f3ac6e72ebfbf7e0dc6c1e77b238cfb661c247a011b8746709fbefe4bc05d37343391683e9489d720ecbb7df37f4e36967918958996939461703465c2014a4c12faf875f8def70070e55b765b165c7e9c6f2eb05c98351b1e82219c31a2fb3ddce05f8988f552ff92f0b3471f63c0e53824c550a4" + +PSA verify hash: RSA-528 PSS SHA-512, slen=0 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"304a024300e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f0203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"a14ad0fef77d36c28658a66129ee632e40e1032003eefe7fcda8e52b06675a051c80b2ca1cb99ed0762e90c9a48c434cd1063638eed7895a9c770e5435af750a1955" + +PSA verify hash: RSA-528 PSS-any-salt SHA-512, slen=0 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"304a024300e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f0203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"a14ad0fef77d36c28658a66129ee632e40e1032003eefe7fcda8e52b06675a051c80b2ca1cb99ed0762e90c9a48c434cd1063638eed7895a9c770e5435af750a1955" + +PSA verify hash: RSA-520 PSS SHA-512 (hash too large) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"3049024200d5a06f86e5b9d87428540165ca966fa8893a62e2a59d0bfd7617780bb039f9165a373a8e119d0766f8de556710f33f67019153bad8223775e797d451d48206f3bf0203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"deaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddead42":PSA_ERROR_INVALID_ARGUMENT + +PSA verify hash: RSA-520 PSS-any-salt SHA-512 (hash too large) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"3049024200d5a06f86e5b9d87428540165ca966fa8893a62e2a59d0bfd7617780bb039f9165a373a8e119d0766f8de556710f33f67019153bad8223775e797d451d48206f3bf0203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"deaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddead42":PSA_ERROR_INVALID_ARGUMENT PSA verify hash: RSA PSS SHA-256, wrong hash length (0 bytes) depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"34c011b625c32d992f4ab8fcfa52b616ea66270b5b75a4fc71af712f9b8806bcdd374ce50eafcbb489562b93347885f93c2de1d404c45cacccefceb112ff6ffdfe4264f91d66320bbbe09304b851b8ad6280bbccc571eebcd49c7db5dfa399a6289e1978407904598751613d9870770cdd8507e3dc7b46851dbf05ae1df2988d":PSA_ERROR_INVALID_ARGUMENT +PSA verify hash: RSA PSS-any-salt SHA-256, wrong hash length (0 bytes) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"":"34c011b625c32d992f4ab8fcfa52b616ea66270b5b75a4fc71af712f9b8806bcdd374ce50eafcbb489562b93347885f93c2de1d404c45cacccefceb112ff6ffdfe4264f91d66320bbbe09304b851b8ad6280bbccc571eebcd49c7db5dfa399a6289e1978407904598751613d9870770cdd8507e3dc7b46851dbf05ae1df2988d":PSA_ERROR_INVALID_ARGUMENT + PSA verify hash: RSA PSS SHA-256, wrong hash length (129 bytes) depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"1491cead330b4ad5b092f8351518141ac11d0888591572669c1e79d6e932c488acd62d44479b0e14cd91a048778bc02398a772ad6bdb4f7764780cf0afe70293d0cac86f2695a1dcb54568bb37d7086f9e86f95a6802d2ee5a4facaa762beff5261bb2816b62cb5af86404974c3f6b67985ac1fbfdf46d6de54f6e29d9274308":PSA_ERROR_INVALID_ARGUMENT +PSA verify hash: RSA PSS-any-salt SHA-256, wrong hash length (129 bytes) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"1491cead330b4ad5b092f8351518141ac11d0888591572669c1e79d6e932c488acd62d44479b0e14cd91a048778bc02398a772ad6bdb4f7764780cf0afe70293d0cac86f2695a1dcb54568bb37d7086f9e86f95a6802d2ee5a4facaa762beff5261bb2816b62cb5af86404974c3f6b67985ac1fbfdf46d6de54f6e29d9274308":PSA_ERROR_INVALID_ARGUMENT + PSA verify hash: ECDSA SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" @@ -2710,6 +3867,10 @@ PSA sign/verify message: RSA PSS SHA-256 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"616263" +PSA sign/verify message: RSA PSS-any-salt SHA-256 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"616263" + PSA sign/verify message: RSA PSS SHA-256, 0 bytes depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"" @@ -2774,22 +3935,46 @@ PSA verify message with keypair: RSA PKCS#1 v1.5 SHA-256, good signature depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" -PSA verify message: RSA PSS SHA-256, good signature, 0 bytes +PSA verify message: RSA-1024 PSS SHA-256, slen=0 (bad) depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"50c06249deb97228e277b51d3e3542a6e5c140d6f6d1cb8a3dff53b5ce6e6fcb39d0767703174135208adf5d75399dd7525702b275153e7605ec38b65d33337bb9bbeb8c392ee22e3e9c0dafa43074a8205e17df2106bedd7bf6f1ada702aeb2ce04864c0ca9ec31964f9a957d8ebb9abc82454ad37c541e9b4d9842436c14a4" +verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"616263":"abc4b612c6b71e13fa5965b2e25ee6adec5b1f211b2db158e9f3c4547d6cbef909a73dfb474b8caaf6c8fcafa10ec0bbadfd1883289ce33ad08ad533c61ea004fef4d9b76a1efc267efd066ae8918cb8e994faad30ff5e340e14c941926ba7ca9422b86e8055df1c1b90a5959a59cc7a5fc15cbd0d848cd40f7857b7629b668b":PSA_ERROR_INVALID_SIGNATURE + +PSA verify message: RSA-1024 PSS-any-salt SHA-256, slen=0 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"616263":"abc4b612c6b71e13fa5965b2e25ee6adec5b1f211b2db158e9f3c4547d6cbef909a73dfb474b8caaf6c8fcafa10ec0bbadfd1883289ce33ad08ad533c61ea004fef4d9b76a1efc267efd066ae8918cb8e994faad30ff5e340e14c941926ba7ca9422b86e8055df1c1b90a5959a59cc7a5fc15cbd0d848cd40f7857b7629b668b" + +PSA verify message: RSA-1024 PSS SHA-256, slen=32 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"616263":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df" + +PSA verify message: RSA-1024 PSS-any-salt SHA-256, slen=32 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"616263":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df" PSA verify message: RSA PSS SHA-256, good signature, 32 bytes (hash size) depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d" +PSA verify message: RSA PSS-any-salt SHA-256, good signature, 32 bytes (hash size) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d" + PSA verify message: RSA PSS SHA-256, good signature, 128 bytes (signature size) depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5" +PSA verify message: RSA-any-salt PSS SHA-256, good signature, 128 bytes (signature size) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5" + PSA verify message: RSA PSS SHA-256, good signature, 129 bytes depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"43286cc0fc599603fbb0cd1fd70c3a17b08d2adf4f90202dddfa4b9d74be8c720bbb1c714665466de6452d401ca061b68225785ff387c2615f03c81351cc3838cd3014a031a4f4c9f70bba06f504c6a9942ac2dbfed2329e590d526a9be26b4025a6d7c4151b4e795cfe756c9a8a5e8fa9228a6f5f6f427a5a070e5c0ea69830" +PSA verify message: RSA PSS-any-salt SHA-256, good signature, 129 bytes +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"43286cc0fc599603fbb0cd1fd70c3a17b08d2adf4f90202dddfa4b9d74be8c720bbb1c714665466de6452d401ca061b68225785ff387c2615f03c81351cc3838cd3014a031a4f4c9f70bba06f504c6a9942ac2dbfed2329e590d526a9be26b4025a6d7c4151b4e795cfe756c9a8a5e8fa9228a6f5f6f427a5a070e5c0ea69830" + PSA verify message: ECDSA SECP256R1 SHA-256, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_message:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf0b" @@ -3077,7 +4262,7 @@ PSA key derivation: HKDF-SHA-256, bad key type, key output depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 # Whether we get NOT_PERMITTED or BAD_STATE for the output is an implementation # detail. -derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_RAW_DATA:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_RAW_DATA:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_BAD_STATE PSA key derivation: HKDF-SHA-256, direct secret, direct output depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 @@ -3410,19 +4595,19 @@ derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_ PSA key derivation: HKDF SHA-256, request maximum capacity depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 -derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":255 * 32:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"" +derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256):"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"" PSA key derivation: HKDF SHA-1, request maximum capacity depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 -derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_KEY_DERIVATION_INPUT_INFO:"":255 * 20:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"" +derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_KEY_DERIVATION_INPUT_INFO:"":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1):"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"" PSA key derivation: HKDF SHA-256, request too much capacity depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 -derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256):255 * 32 + 1:PSA_ERROR_INVALID_ARGUMENT +derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) + 1:PSA_ERROR_INVALID_ARGUMENT PSA key derivation: HKDF SHA-1, request too much capacity depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 -derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_1):255 * 20 + 1:PSA_ERROR_INVALID_ARGUMENT +derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_1):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT PSA key derivation: over capacity 42: output 42+1 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 @@ -3442,19 +4627,19 @@ derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"00010 PSA key derivation: HKDF SHA-256, read maximum capacity minus 1 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 -derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32 - 1 +derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1 PSA key derivation: HKDF SHA-256, read maximum capacity depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 -derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32 +derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity minus 1 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF -derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32 - 1 +derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1 PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF -derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32 +derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) PSA key derivation: HKDF SHA-256, exercise AES128-CTR depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES @@ -3693,7 +4878,7 @@ generate_random:2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1 PSA generate key: bad type (RSA public key) depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY -generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:512:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED:0 +generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:512:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0 PSA generate key: raw data, 0 bits: invalid argument # The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED @@ -3756,6 +4941,10 @@ PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256) depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_GENPRIME:MBEDTLS_MD_C generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:0 +PSA generate key: RSA, 1024 bits, good, sign (PSS-any-salt SHA-256) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_GENPRIME:MBEDTLS_MD_C +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:0 + PSA generate key: RSA, 512 bits, good, encrypt (PKCS#1 v1.5) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_GENPRIME generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0 diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 150a3f43e3..d28de0c206 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -15,6 +15,12 @@ #include "test/asn1_helpers.h" #include "test/psa_crypto_helpers.h" #include "test/psa_exercise_key.h" +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include "test/drivers/test_driver.h" +#define TEST_DRIVER_LOCATION PSA_CRYPTO_TEST_DRIVER_LOCATION +#else +#define TEST_DRIVER_LOCATION 0x7fffff +#endif /* If this comes up, it's a bug in the test code or in the test data. */ #define UNUSED 0xdeadbeef @@ -272,6 +278,316 @@ typedef enum { DERIVE_KEY = 2 } generate_method; +typedef enum +{ + DO_NOT_SET_LENGTHS = 0, + SET_LENGTHS_BEFORE_NONCE = 1, + SET_LENGTHS_AFTER_NONCE = 2 +} set_lengths_method_t; + +typedef enum +{ + USE_NULL_TAG = 0, + USE_GIVEN_TAG = 1, +} tag_usage_method_t; + +/*! + * \brief Internal Function for AEAD multipart tests. + * \param key_type_arg Type of key passed in + * \param key_data The encryption / decryption key data + * \param alg_arg The type of algorithm used + * \param nonce Nonce data + * \param additional_data Additional data + * \param ad_part_len_arg If not -1, the length of chunks to + * feed additional data in to be encrypted / + * decrypted. If -1, no chunking. + * \param input_data Data to encrypt / decrypt + * \param data_part_len_arg If not -1, the length of chunks to feed + * the data in to be encrypted / decrypted. If + * -1, no chunking + * \param set_lengths_method A member of the set_lengths_method_t enum is + * expected here, this controls whether or not + * to set lengths, and in what order with + * respect to set nonce. + * \param expected_output Expected output + * \param is_encrypt If non-zero this is an encryption operation. + * \param do_zero_parts If non-zero, interleave zero length chunks + * with normal length chunks. + * \return int Zero on failure, non-zero on success. + */ +static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + int ad_part_len_arg, + data_t *input_data, + int data_part_len_arg, + set_lengths_method_t set_lengths_method, + data_t *expected_output, + int is_encrypt, + int do_zero_parts ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; + unsigned char *output_data = NULL; + unsigned char *part_data = NULL; + unsigned char *final_data = NULL; + size_t data_true_size = 0; + size_t part_data_size = 0; + size_t output_size = 0; + size_t final_output_size = 0; + size_t output_length = 0; + size_t key_bits = 0; + size_t tag_length = 0; + size_t part_offset = 0; + size_t part_length = 0; + size_t output_part_length = 0; + size_t tag_size = 0; + size_t ad_part_len = 0; + size_t data_part_len = 0; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + + int test_ok = 0; + size_t part_count = 0; + + PSA_ASSERT( psa_crypto_init( ) ); + + if( is_encrypt ) + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + else + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + key_bits = psa_get_key_bits( &attributes ); + + tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); + + if( is_encrypt ) + { + /* Tag gets written at end of buffer. */ + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( input_data->len + + tag_length ) ); + data_true_size = input_data->len; + } + else + { + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( input_data->len - + tag_length ) ); + + /* Do not want to attempt to decrypt tag. */ + data_true_size = input_data->len - tag_length; + } + + ASSERT_ALLOC( output_data, output_size ); + + if( is_encrypt ) + { + final_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + TEST_ASSERT( final_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + } + else + { + final_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg ); + TEST_ASSERT( final_output_size <= PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE ); + } + + ASSERT_ALLOC( final_data, final_output_size ); + + if( is_encrypt ) + status = psa_aead_encrypt_setup( &operation, key, alg ); + else + status = psa_aead_decrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); + } + + PSA_ASSERT( status ); + + if( set_lengths_method == DO_NOT_SET_LENGTHS ) + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + else if( set_lengths_method == SET_LENGTHS_BEFORE_NONCE ) + { + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + data_true_size ) ); + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + } + else if( set_lengths_method == SET_LENGTHS_AFTER_NONCE ) + { + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + data_true_size ) ); + } + + if( ad_part_len_arg != -1 ) + { + /* Pass additional data in parts */ + ad_part_len = (size_t) ad_part_len_arg; + + for( part_offset = 0, part_count = 0; + part_offset < additional_data->len; + part_offset += part_length, part_count++ ) + { + if( do_zero_parts && ( part_count & 0x01 ) ) + { + part_length = 0; + } + else if( additional_data->len - part_offset < ad_part_len ) + { + part_length = additional_data->len - part_offset; + } + else + { + part_length = ad_part_len; + } + + PSA_ASSERT( psa_aead_update_ad( &operation, + additional_data->x + part_offset, + part_length ) ); + + } + } + else + { + /* Pass additional data in one go. */ + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + } + + if( data_part_len_arg != -1 ) + { + /* Pass data in parts */ + data_part_len = ( size_t ) data_part_len_arg; + part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( size_t ) data_part_len ); + + ASSERT_ALLOC( part_data, part_data_size ); + + for( part_offset = 0, part_count = 0; + part_offset < data_true_size; + part_offset += part_length, part_count++ ) + { + if( do_zero_parts && ( part_count & 0x01 ) ) + { + part_length = 0; + } + else if( ( data_true_size - part_offset ) < data_part_len ) + { + part_length = ( data_true_size - part_offset ); + } + else + { + part_length = data_part_len; + } + + PSA_ASSERT( psa_aead_update( &operation, + ( input_data->x + part_offset ), + part_length, part_data, + part_data_size, + &output_part_length ) ); + + if( output_data && output_part_length ) + { + memcpy( ( output_data + part_offset ), part_data, + output_part_length ); + } + + output_length += output_part_length; + } + } + else + { + /* Pass all data in one go. */ + PSA_ASSERT( psa_aead_update( &operation, input_data->x, + data_true_size, output_data, + output_size, &output_length ) ); + } + + if( is_encrypt ) + PSA_ASSERT( psa_aead_finish( &operation, final_data, + final_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ) ); + else + { + PSA_ASSERT( psa_aead_verify( &operation, final_data, + final_output_size, + &output_part_length, + ( input_data->x + data_true_size ), + tag_length ) ); + } + + if( output_data && output_part_length ) + memcpy( ( output_data + output_length ), final_data, + output_part_length ); + + output_length += output_part_length; + + + /* For all currently defined algorithms, PSA_AEAD_xxx_OUTPUT_SIZE + * should be exact.*/ + if( is_encrypt ) + { + TEST_EQUAL( tag_length, tag_size ); + + if( output_data && tag_length ) + memcpy( ( output_data + output_length ), tag_buffer, + tag_length ); + + output_length += tag_length; + + TEST_EQUAL( output_length, + PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, + input_data->len ) ); + TEST_ASSERT( output_length <= + PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); + } + else + { + TEST_EQUAL( output_length, + PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, + input_data->len ) ); + TEST_ASSERT( output_length <= + PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); + } + + + ASSERT_COMPARE( expected_output->x, expected_output->len, + output_data, output_length ); + + + test_ok = 1; + +exit: + psa_destroy_key( key ); + psa_aead_abort( &operation ); + mbedtls_free( output_data ); + mbedtls_free( part_data ); + mbedtls_free( final_data ); + PSA_DONE( ); + + return( test_ok ); +} + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -484,6 +800,7 @@ exit: void import_export( data_t *data, int type_arg, int usage_arg, int alg_arg, + int lifetime_arg, int expected_bits, int export_size_delta, int expected_export_status_arg, @@ -494,6 +811,7 @@ void import_export( data_t *data, psa_algorithm_t alg = alg_arg; psa_status_t expected_export_status = expected_export_status_arg; psa_status_t status; + psa_key_lifetime_t lifetime = lifetime_arg; unsigned char *exported = NULL; unsigned char *reexported = NULL; size_t export_size; @@ -508,6 +826,7 @@ void import_export( data_t *data, ASSERT_ALLOC( reexported, export_size ); PSA_ASSERT( psa_crypto_init( ) ); + psa_set_key_lifetime( &attributes, lifetime ); psa_set_key_usage_flags( &attributes, usage_arg ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, type ); @@ -543,8 +862,11 @@ void import_export( data_t *data, * this validates the canonical representations. For canonical inputs, * this doesn't directly validate the implementation, but it still helps * by cross-validating the test data with the sanity check code. */ - if( ! mbedtls_test_psa_exercise_key( key, usage_arg, 0 ) ) - goto exit; + if( !psa_key_lifetime_is_external( lifetime ) ) + { + if( ! mbedtls_test_psa_exercise_key( key, usage_arg, 0 ) ) + goto exit; + } if( canonical_input ) ASSERT_COMPARE( data->x, data->len, exported, exported_length ); @@ -558,12 +880,12 @@ void import_export( data_t *data, export_size, &reexported_length ) ); ASSERT_COMPARE( exported, exported_length, - reexported, reexported_length ); + reexported, reexported_length ); PSA_ASSERT( psa_destroy_key( key2 ) ); } TEST_ASSERT( exported_length <= - PSA_EXPORT_KEY_OUTPUT_SIZE( type, - psa_get_key_bits( &got_attributes ) ) ); + PSA_EXPORT_KEY_OUTPUT_SIZE( type, + psa_get_key_bits( &got_attributes ) ) ); TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE ); destroy: @@ -577,7 +899,7 @@ exit: * thus reset them as required. */ psa_reset_key_attributes( &got_attributes ); - + psa_destroy_key( key ) ; mbedtls_free( exported ); mbedtls_free( reexported ); PSA_DONE( ); @@ -588,6 +910,7 @@ exit: void import_export_public_key( data_t *data, int type_arg, int alg_arg, + int lifetime_arg, int export_size_delta, int expected_export_status_arg, data_t *expected_public_key ) @@ -597,6 +920,7 @@ void import_export_public_key( data_t *data, psa_algorithm_t alg = alg_arg; psa_status_t expected_export_status = expected_export_status_arg; psa_status_t status; + psa_key_lifetime_t lifetime = lifetime_arg; unsigned char *exported = NULL; size_t export_size = expected_public_key->len + export_size_delta; size_t exported_length = INVALID_EXPORT_LENGTH; @@ -604,6 +928,7 @@ void import_export_public_key( data_t *data, PSA_ASSERT( psa_crypto_init( ) ); + psa_set_key_lifetime( &attributes, lifetime ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, type ); @@ -632,7 +957,6 @@ void import_export_public_key( data_t *data, ASSERT_COMPARE( expected_public_key->x, expected_public_key->len, exported, exported_length ); } - exit: /* * Key attributes may have been returned by psa_get_key_attributes() @@ -792,7 +1116,8 @@ void mac_key_policy( int policy_usage_arg, int key_type_arg, data_t *key_data, int exercise_alg_arg, - int expected_status_arg ) + int expected_status_sign_arg, + int expected_status_verify_arg ) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -802,7 +1127,8 @@ void mac_key_policy( int policy_usage_arg, psa_algorithm_t exercise_alg = exercise_alg_arg; psa_key_usage_t policy_usage = policy_usage_arg; psa_status_t status; - psa_status_t expected_status = expected_status_arg; + psa_status_t expected_status_sign = expected_status_sign_arg; + psa_status_t expected_status_verify = expected_status_verify_arg; unsigned char mac[PSA_MAC_MAX_SIZE]; PSA_ASSERT( psa_crypto_init( ) ); @@ -818,19 +1144,30 @@ void mac_key_policy( int policy_usage_arg, mbedtls_test_update_key_usage_flags( policy_usage ) ); status = psa_mac_sign_setup( &operation, key, exercise_alg ); - if( ( policy_usage & PSA_KEY_USAGE_SIGN_HASH ) == 0 ) - TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); + TEST_EQUAL( status, expected_status_sign ); + + /* Calculate the MAC, one-shot case. */ + uint8_t input[128] = {0}; + size_t mac_len; + TEST_EQUAL( psa_mac_compute( key, exercise_alg, + input, 128, + mac, PSA_MAC_MAX_SIZE, &mac_len ), + expected_status_sign ); + + /* Verify correct MAC, one-shot case. */ + status = psa_mac_verify( key, exercise_alg, input, 128, + mac, mac_len ); + + if( expected_status_sign != PSA_SUCCESS && expected_status_verify == PSA_SUCCESS ) + TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE ); else - TEST_EQUAL( status, expected_status ); + TEST_EQUAL( status, expected_status_verify ); psa_mac_abort( &operation ); memset( mac, 0, sizeof( mac ) ); status = psa_mac_verify_setup( &operation, key, exercise_alg ); - if( ( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) == 0 ) - TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); - else - TEST_EQUAL( status, expected_status ); + TEST_EQUAL( status, expected_status_verify ); exit: psa_mac_abort( &operation ); @@ -1085,7 +1422,7 @@ void asymmetric_signature_key_policy( int policy_usage_arg, else TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); - if( PSA_ALG_IS_HASH_AND_SIGN( exercise_alg ) && + if( PSA_ALG_IS_SIGN_HASH( exercise_alg ) && PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( exercise_alg ) ) ) { status = psa_sign_message( key, exercise_alg, @@ -1281,10 +1618,12 @@ exit: /* BEGIN_CASE */ void copy_success( int source_usage_arg, int source_alg_arg, int source_alg2_arg, + unsigned int source_lifetime_arg, int type_arg, data_t *material, int copy_attributes, int target_usage_arg, int target_alg_arg, int target_alg2_arg, + unsigned int target_lifetime_arg, int expected_usage_arg, int expected_alg_arg, int expected_alg2_arg ) { @@ -1293,6 +1632,8 @@ void copy_success( int source_usage_arg, psa_key_usage_t expected_usage = expected_usage_arg; psa_algorithm_t expected_alg = expected_alg_arg; psa_algorithm_t expected_alg2 = expected_alg2_arg; + psa_key_lifetime_t source_lifetime = source_lifetime_arg; + psa_key_lifetime_t target_lifetime = target_lifetime_arg; mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT; mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT; uint8_t *export_buffer = NULL; @@ -1304,6 +1645,7 @@ void copy_success( int source_usage_arg, psa_set_key_algorithm( &source_attributes, source_alg_arg ); psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg ); psa_set_key_type( &source_attributes, type_arg ); + psa_set_key_lifetime( &source_attributes, source_lifetime); PSA_ASSERT( psa_import_key( &source_attributes, material->x, material->len, &source_key ) ); @@ -1313,9 +1655,8 @@ void copy_success( int source_usage_arg, if( copy_attributes ) { target_attributes = source_attributes; - /* Set volatile lifetime to reset the key identifier to 0. */ - psa_set_key_lifetime( &target_attributes, PSA_KEY_LIFETIME_VOLATILE ); } + psa_set_key_lifetime( &target_attributes, target_lifetime); if( target_usage_arg != -1 ) psa_set_key_usage_flags( &target_attributes, target_usage_arg ); @@ -1324,6 +1665,7 @@ void copy_success( int source_usage_arg, if( target_alg2_arg != -1 ) psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg ); + /* Copy the key. */ PSA_ASSERT( psa_copy_key( source_key, &target_attributes, &target_key ) ); @@ -1351,10 +1693,13 @@ void copy_success( int source_usage_arg, export_buffer, length ); } - if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg ) ) - goto exit; - if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg2 ) ) - goto exit; + if( !psa_key_lifetime_is_external( target_lifetime ) ) + { + if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg ) ) + goto exit; + if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg2 ) ) + goto exit; + } PSA_ASSERT( psa_destroy_key( target_key ) ); @@ -1374,6 +1719,7 @@ exit: /* BEGIN_CASE */ void copy_fail( int source_usage_arg, int source_alg_arg, int source_alg2_arg, + int source_lifetime_arg, int type_arg, data_t *material, int target_type_arg, int target_bits_arg, int target_usage_arg, @@ -1394,6 +1740,7 @@ void copy_fail( int source_usage_arg, psa_set_key_algorithm( &source_attributes, source_alg_arg ); psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg ); psa_set_key_type( &source_attributes, type_arg ); + psa_set_key_lifetime( &source_attributes, source_lifetime_arg ); PSA_ASSERT( psa_import_key( &source_attributes, material->x, material->len, &source_key ) ); @@ -2516,6 +2863,40 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void cipher_encrypt_validate_iv_length( int alg, int key_type, data_t* key_data, + data_t *input, int iv_length, + int expected_result ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + size_t output_buffer_size = 0; + unsigned char *output = NULL; + + output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ); + ASSERT_ALLOC( output, output_buffer_size ); + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); + TEST_EQUAL( expected_result, psa_cipher_set_iv( &operation, output, + iv_length ) ); + +exit: + psa_cipher_abort( &operation ); + mbedtls_free( output ); + psa_destroy_key( key ); + PSA_DONE( ); +} +/* END_CASE */ + /* BEGIN_CASE */ void cipher_encrypt_alg_without_iv( int alg_arg, int key_type_arg, @@ -3436,6 +3817,1209 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void aead_multipart_encrypt( int key_type_arg, data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + data_t *input_data, + int do_set_lengths, + data_t *expected_output ) +{ + size_t ad_part_len = 0; + size_t data_part_len = 0; + set_lengths_method_t set_lengths_method = DO_NOT_SET_LENGTHS; + + for( ad_part_len = 1; ad_part_len <= additional_data->len; ad_part_len++ ) + { + mbedtls_test_set_step( ad_part_len ); + + if( do_set_lengths ) + { + if( ad_part_len & 0x01 ) + set_lengths_method = SET_LENGTHS_AFTER_NONCE; + else + set_lengths_method = SET_LENGTHS_BEFORE_NONCE; + } + + /* Split ad into length(ad_part_len) parts. */ + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, + ad_part_len, + input_data, -1, + set_lengths_method, + expected_output, + 1, 0 ) ) + break; + + /* length(0) part, length(ad_part_len) part, length(0) part... */ + mbedtls_test_set_step( 1000 + ad_part_len ); + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, + ad_part_len, + input_data, -1, + set_lengths_method, + expected_output, + 1, 1 ) ) + break; + } + + for( data_part_len = 1; data_part_len <= input_data->len; data_part_len++ ) + { + /* Split data into length(data_part_len) parts. */ + mbedtls_test_set_step( 2000 + data_part_len ); + + if( do_set_lengths ) + { + if( data_part_len & 0x01 ) + set_lengths_method = SET_LENGTHS_AFTER_NONCE; + else + set_lengths_method = SET_LENGTHS_BEFORE_NONCE; + } + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, -1, + input_data, data_part_len, + set_lengths_method, + expected_output, + 1, 0 ) ) + break; + + /* length(0) part, length(data_part_len) part, length(0) part... */ + mbedtls_test_set_step( 3000 + data_part_len ); + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, -1, + input_data, data_part_len, + set_lengths_method, + expected_output, + 1, 1 ) ) + break; + } + + /* Goto is required to silence warnings about unused labels, as we + * don't actually do any test assertions in this function. */ + goto exit; +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_multipart_decrypt( int key_type_arg, data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + data_t *input_data, + int do_set_lengths, + data_t *expected_output ) +{ + size_t ad_part_len = 0; + size_t data_part_len = 0; + set_lengths_method_t set_lengths_method = DO_NOT_SET_LENGTHS; + + for( ad_part_len = 1; ad_part_len <= additional_data->len; ad_part_len++ ) + { + /* Split ad into length(ad_part_len) parts. */ + mbedtls_test_set_step( ad_part_len ); + + if( do_set_lengths ) + { + if( ad_part_len & 0x01 ) + set_lengths_method = SET_LENGTHS_AFTER_NONCE; + else + set_lengths_method = SET_LENGTHS_BEFORE_NONCE; + } + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, + ad_part_len, + input_data, -1, + set_lengths_method, + expected_output, + 0, 0 ) ) + break; + + /* length(0) part, length(ad_part_len) part, length(0) part... */ + mbedtls_test_set_step( 1000 + ad_part_len ); + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, + ad_part_len, + input_data, -1, + set_lengths_method, + expected_output, + 0, 1 ) ) + break; + } + + for( data_part_len = 1; data_part_len <= input_data->len; data_part_len++ ) + { + /* Split data into length(data_part_len) parts. */ + mbedtls_test_set_step( 2000 + data_part_len ); + + if( do_set_lengths ) + { + if( data_part_len & 0x01 ) + set_lengths_method = SET_LENGTHS_AFTER_NONCE; + else + set_lengths_method = SET_LENGTHS_BEFORE_NONCE; + } + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, -1, + input_data, data_part_len, + set_lengths_method, + expected_output, + 0, 0 ) ) + break; + + /* length(0) part, length(data_part_len) part, length(0) part... */ + mbedtls_test_set_step( 3000 + data_part_len ); + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, -1, + input_data, data_part_len, + set_lengths_method, + expected_output, + 0, 1 ) ) + break; + } + + /* Goto is required to silence warnings about unused labels, as we + * don't actually do any test assertions in this function. */ + goto exit; +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, + int alg_arg, + int nonce_length, + int expected_nonce_length_arg, + data_t *additional_data, + data_t *input_data, + int expected_status_arg ) +{ + + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; + uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE]; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_status = expected_status_arg; + size_t actual_nonce_length = 0; + size_t expected_nonce_length = expected_nonce_length_arg; + unsigned char *output = NULL; + unsigned char *ciphertext = NULL; + size_t output_size = 0; + size_t ciphertext_size = 0; + size_t ciphertext_length = 0; + size_t tag_length = 0; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( & attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( & attributes, alg ); + psa_set_key_type( & attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); + + ASSERT_ALLOC( output, output_size ); + + ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + + TEST_ASSERT( ciphertext_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + + ASSERT_ALLOC( ciphertext, ciphertext_size ); + + status = psa_aead_encrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_length ); + } + + PSA_ASSERT( status ); + + status = psa_aead_generate_nonce( &operation, nonce_buffer, + nonce_length, + &actual_nonce_length ); + + TEST_EQUAL( status, expected_status ); + + TEST_EQUAL( actual_nonce_length, expected_nonce_length ); + + if( expected_status == PSA_SUCCESS ) + TEST_EQUAL( actual_nonce_length, PSA_AEAD_NONCE_LENGTH( key_type, + alg ) ); + + TEST_ASSERT( actual_nonce_length < PSA_AEAD_NONCE_MAX_SIZE ); + + if( expected_status == PSA_SUCCESS ) + { + + /* Ensure we can still complete operation. */ + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len, + output, output_size, + &ciphertext_length ) ); + + PSA_ASSERT( psa_aead_finish( &operation, ciphertext, ciphertext_size, + &ciphertext_length, tag_buffer, + PSA_AEAD_TAG_MAX_SIZE, &tag_length ) ); + } + +exit: + psa_destroy_key( key ); + mbedtls_free( output ); + mbedtls_free( ciphertext ); + psa_aead_abort( &operation ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, + int alg_arg, + int nonce_length_arg, + data_t *additional_data, + data_t *input_data, + int expected_status_arg ) +{ + + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; + uint8_t *nonce_buffer = NULL; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_status = expected_status_arg; + unsigned char *output = NULL; + unsigned char *ciphertext = NULL; + size_t nonce_length; + size_t output_size = 0; + size_t ciphertext_size = 0; + size_t ciphertext_length = 0; + size_t tag_length = 0; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; + size_t index = 0; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); + + ASSERT_ALLOC( output, output_size ); + + ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + + TEST_ASSERT( ciphertext_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + + ASSERT_ALLOC( ciphertext, ciphertext_size ); + + status = psa_aead_encrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_length_arg ); + } + + PSA_ASSERT( status ); + + /* -1 == zero length and valid buffer, 0 = zero length and NULL buffer. */ + if( nonce_length_arg == -1 ) + { + /* Arbitrary size buffer, to test zero length valid buffer. */ + ASSERT_ALLOC( nonce_buffer, 4 ); + nonce_length = 0; + } + else + { + /* If length is zero, then this will return NULL. */ + nonce_length = ( size_t ) nonce_length_arg; + ASSERT_ALLOC( nonce_buffer, nonce_length ); + + if( nonce_buffer ) + { + for( index = 0; index < nonce_length - 1; ++index ) + { + nonce_buffer[index] = 'a' + index; + } + } + } + + status = psa_aead_set_nonce( &operation, nonce_buffer, nonce_length ); + + TEST_EQUAL( status, expected_status ); + + if( expected_status == PSA_SUCCESS ) + { + /* Ensure we can still complete operation. */ + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len, + output, output_size, + &ciphertext_length ) ); + + PSA_ASSERT( psa_aead_finish( &operation, ciphertext, ciphertext_size, + &ciphertext_length, tag_buffer, + PSA_AEAD_TAG_MAX_SIZE, &tag_length ) ); + } + +exit: + psa_destroy_key( key ); + mbedtls_free( output ); + mbedtls_free( ciphertext ); + mbedtls_free( nonce_buffer ); + psa_aead_abort( &operation ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_multipart_update_buffer_test( int key_type_arg, data_t *key_data, + int alg_arg, + int output_size_arg, + data_t *nonce, + data_t *additional_data, + data_t *input_data, + int expected_status_arg ) +{ + + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_status = expected_status_arg; + unsigned char *output = NULL; + unsigned char *ciphertext = NULL; + size_t output_size = output_size_arg; + size_t ciphertext_size = 0; + size_t ciphertext_length = 0; + size_t tag_length = 0; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + + ASSERT_ALLOC( output, output_size ); + + ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + + ASSERT_ALLOC( ciphertext, ciphertext_size ); + + status = psa_aead_encrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); + } + + PSA_ASSERT( status ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + status = psa_aead_update( &operation, input_data->x, input_data->len, + output, output_size, &ciphertext_length ); + + TEST_EQUAL( status, expected_status ); + + if( expected_status == PSA_SUCCESS ) + { + /* Ensure we can still complete operation. */ + PSA_ASSERT( psa_aead_finish( &operation, ciphertext, ciphertext_size, + &ciphertext_length, tag_buffer, + PSA_AEAD_TAG_MAX_SIZE, &tag_length ) ); + } + +exit: + psa_destroy_key( key ); + mbedtls_free( output ); + mbedtls_free( ciphertext ); + psa_aead_abort( &operation ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data, + int alg_arg, + int finish_ciphertext_size_arg, + int tag_size_arg, + data_t *nonce, + data_t *additional_data, + data_t *input_data, + int expected_status_arg ) +{ + + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_status = expected_status_arg; + unsigned char *ciphertext = NULL; + unsigned char *finish_ciphertext = NULL; + unsigned char *tag_buffer = NULL; + size_t ciphertext_size = 0; + size_t ciphertext_length = 0; + size_t finish_ciphertext_size = ( size_t ) finish_ciphertext_size_arg; + size_t tag_size = ( size_t ) tag_size_arg; + size_t tag_length = 0; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + + ciphertext_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); + + ASSERT_ALLOC( ciphertext, ciphertext_size ); + + ASSERT_ALLOC( finish_ciphertext, finish_ciphertext_size ); + + ASSERT_ALLOC( tag_buffer, tag_size ); + + status = psa_aead_encrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); + } + + PSA_ASSERT( status ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len, + ciphertext, ciphertext_size, &ciphertext_length ) ); + + /* Ensure we can still complete operation. */ + status = psa_aead_finish( &operation, finish_ciphertext, + finish_ciphertext_size, + &ciphertext_length, tag_buffer, + tag_size, &tag_length ); + + TEST_EQUAL( status, expected_status ); + +exit: + psa_destroy_key( key ); + mbedtls_free( ciphertext ); + mbedtls_free( finish_ciphertext ); + mbedtls_free( tag_buffer ); + psa_aead_abort( &operation ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_multipart_verify( int key_type_arg, data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + data_t *input_data, + data_t *tag, + int tag_usage_arg, + int expected_status_arg ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_status = expected_status_arg; + unsigned char *plaintext = NULL; + unsigned char *finish_plaintext = NULL; + size_t plaintext_size = 0; + size_t plaintext_length = 0; + size_t verify_plaintext_size = 0; + tag_usage_method_t tag_usage = tag_usage_arg; + unsigned char *tag_buffer = NULL; + size_t tag_size = 0; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + + plaintext_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + input_data->len ); + + ASSERT_ALLOC( plaintext, plaintext_size ); + + verify_plaintext_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg ); + + ASSERT_ALLOC( finish_plaintext, verify_plaintext_size ); + + status = psa_aead_decrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); + } + + PSA_ASSERT( status ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, + input_data->len, + plaintext, plaintext_size, + &plaintext_length ) ); + + if( tag_usage == USE_GIVEN_TAG ) + { + tag_buffer = tag->x; + tag_size = tag->len; + } + + status = psa_aead_verify( &operation, finish_plaintext, + verify_plaintext_size, + &plaintext_length, + tag_buffer, tag_size ); + + TEST_EQUAL( status, expected_status ); + +exit: + psa_destroy_key( key ); + mbedtls_free( plaintext ); + mbedtls_free( finish_plaintext ); + psa_aead_abort( &operation ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_multipart_setup( int key_type_arg, data_t *key_data, + int alg_arg, int expected_status_arg ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_status = expected_status_arg; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + status = psa_aead_encrypt_setup( &operation, key, alg ); + + TEST_EQUAL( status, expected_status ); + + psa_aead_abort( &operation ); + + status = psa_aead_decrypt_setup( &operation, key, alg ); + + TEST_EQUAL(status, expected_status ); + +exit: + psa_destroy_key( key ); + psa_aead_abort( &operation ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_multipart_state_test( int key_type_arg, data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + data_t *input_data ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; + unsigned char *output_data = NULL; + unsigned char *final_data = NULL; + size_t output_size = 0; + size_t finish_output_size = 0; + size_t output_length = 0; + size_t key_bits = 0; + size_t tag_length = 0; + size_t tag_size = 0; + size_t nonce_length = 0; + uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE]; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; + size_t output_part_length = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( & attributes, + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( & attributes, alg ); + psa_set_key_type( & attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + key_bits = psa_get_key_bits( &attributes ); + + tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); + + TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE ); + + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); + + ASSERT_ALLOC( output_data, output_size ); + + finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + + TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + + ASSERT_ALLOC( final_data, finish_output_size ); + + /* Test all operations error without calling setup first. */ + + TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + TEST_EQUAL( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + TEST_EQUAL( psa_aead_finish( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + TEST_EQUAL( psa_aead_verify( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, + tag_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for double setups. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_encrypt_setup( &operation, key, alg ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_decrypt_setup( &operation, key, alg ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_decrypt_setup( &operation, key, alg ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_encrypt_setup( &operation, key, alg ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for not setting a nonce. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_finish( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_verify( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, + tag_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for double setting nonce. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for double generating nonce. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ) ); + + TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ), + PSA_ERROR_BAD_STATE ); + + + psa_aead_abort( &operation ); + + /* Test for generate nonce then set and vice versa */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ) ); + + TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for generating nonce in decrypt setup. */ + + PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for setting lengths twice. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for setting lengths after already starting data. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ) ); + + TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for not sending any additional data or data after setting non zero + * lengths for them. (encrypt) */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + TEST_EQUAL( psa_aead_finish( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* Test for not sending any additional data or data after setting non-zero + * lengths for them. (decrypt) */ + + PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + TEST_EQUAL( psa_aead_verify( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, + tag_length ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* Test for not sending any additional data after setting a non-zero length + * for it. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + TEST_EQUAL( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* Test for not sending any data after setting a non-zero length for it.*/ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + TEST_EQUAL( psa_aead_finish( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* Test for sending too much additional data after setting lengths. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, 0, 0 ) ); + + + TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, + 1 ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* Test for sending too much data after setting lengths. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, 0, 0 ) ); + + TEST_EQUAL( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ) ); + + TEST_EQUAL( psa_aead_update( &operation, input_data->x, + 1, output_data, + output_size, &output_length ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* Test sending additional data after data. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ) ); + + TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test calling finish on decryption. */ + + PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + TEST_EQUAL( psa_aead_finish( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test calling verify on encryption. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + TEST_EQUAL( psa_aead_verify( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, + tag_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + +exit: + psa_destroy_key( key ); + psa_aead_abort( &operation ); + mbedtls_free( output_data ); + mbedtls_free( final_data ); + PSA_DONE( ); +} +/* END_CASE */ + /* BEGIN_CASE */ void signature_size( int type_arg, int bits, @@ -4350,7 +5934,7 @@ void derive_input( int alg_arg, if( output_key_type != PSA_KEY_TYPE_NONE ) { psa_reset_key_attributes( &attributes ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); + psa_set_key_type( &attributes, output_key_type ); psa_set_key_bits( &attributes, 8 ); actual_output_status = psa_key_derivation_output_key( &attributes, &operation, diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 6d78ad51a0..bc6ff34716 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -1063,7 +1063,7 @@ void aead_encrypt( int key_type_arg, data_t *key_data, input_data->x, input_data->len, output_data, output_size, &output_length ); - TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits, 1 ); + TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_encrypt, 1 ); TEST_EQUAL( mbedtls_test_driver_aead_hooks.driver_status, forced_status ); TEST_EQUAL( status, ( forced_status == PSA_ERROR_NOT_SUPPORTED ) ? @@ -1127,7 +1127,7 @@ void aead_decrypt( int key_type_arg, data_t *key_data, input_data->x, input_data->len, output_data, output_size, &output_length ); - TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits, 1 ); + TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_decrypt, 1 ); TEST_EQUAL( mbedtls_test_driver_aead_hooks.driver_status, forced_status ); TEST_EQUAL( status, ( forced_status == PSA_ERROR_NOT_SUPPORTED ) ? diff --git a/tests/suites/test_suite_psa_crypto_generate_key.function b/tests/suites/test_suite_psa_crypto_generate_key.function new file mode 100644 index 0000000000..dbe9a0ecf9 --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_generate_key.function @@ -0,0 +1,49 @@ +/* BEGIN_HEADER */ + +#include "psa/crypto.h" +#include "test/psa_crypto_helpers.h" + +#define INVALID_KEY_ID mbedtls_svc_key_id_make( 0, 0xfedcba98 ) + +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_PSA_CRYPTO_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE */ +void generate_key( int key_type_arg, int bits_arg, int expected_status_arg) +{ + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t key_id = INVALID_KEY_ID; + + // key lifetiem, usage flags, algorithm are irrelevant for this test + psa_key_type_t key_type = key_type_arg; + size_t bits = bits_arg; + psa_status_t expected_status = expected_status_arg; + + PSA_ASSERT( psa_crypto_init( ) ); + psa_set_key_type( &attributes, key_type ); + psa_set_key_bits( &attributes, bits ); + TEST_EQUAL( psa_generate_key( &attributes, &key_id ), + expected_status ); + + // Verify attributes of the created key on success + if ( expected_status == PSA_SUCCESS ) + { + psa_reset_key_attributes(&attributes); + PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) ); + TEST_EQUAL( psa_get_key_lifetime( &attributes ), PSA_KEY_LIFETIME_VOLATILE ); + TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 ); + TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); + TEST_EQUAL( psa_get_key_type( &attributes ), key_type ); + TEST_EQUAL( psa_get_key_bits( &attributes ), bits ); + } + +exit: + psa_reset_key_attributes(&attributes); + psa_destroy_key( key_id ); + PSA_DONE( ); +} +/* END_CASE */ diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index a3668fcc94..83763c55d9 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -130,6 +130,18 @@ AEAD: CCM-AES-256 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_AES:256 +AEAD: CCM-ARIA-128 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CCM +aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_ARIA:128 + +AEAD: CCM-ARIA-192 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CCM +aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_ARIA:192 + +AEAD: CCM-ARIA-256 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CCM +aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_ARIA:256 + AEAD: CCM-CAMELLIA-128 depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CCM aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_CAMELLIA:128 @@ -154,6 +166,18 @@ AEAD: GCM-AES-256 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_AES:256 +AEAD: GCM-ARIA-128 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_GCM +aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_ARIA:128 + +AEAD: GCM-ARIA-192 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_GCM +aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_ARIA:192 + +AEAD: GCM-ARIA-256 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_GCM +aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_ARIA:256 + AEAD: GCM-CAMELLIA-128 depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_GCM aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_CAMELLIA:128 @@ -172,27 +196,31 @@ aead_algorithm:PSA_ALG_CHACHA20_POLY1305:0:16:PSA_KEY_TYPE_CHACHA20:256 Asymmetric signature: RSA PKCS#1 v1.5 raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN -asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:ALG_IS_RSA_PKCS1V15_SIGN | ALG_IS_HASH_AND_SIGN +asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:ALG_IS_RSA_PKCS1V15_SIGN | ALG_IS_SIGN_HASH Asymmetric signature: RSA PKCS#1 v1.5 SHA-256 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256 -asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ):ALG_IS_RSA_PKCS1V15_SIGN | ALG_IS_HASH_AND_SIGN +asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ):ALG_IS_RSA_PKCS1V15_SIGN | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN Asymmetric signature: RSA PSS SHA-256 depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256 -asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_HASH_AND_SIGN +asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_STANDARD_SALT | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN + +Asymmetric signature: RSA PSS-any-salt SHA-256 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256 +asymmetric_signature_algorithm:PSA_ALG_RSA_PSS_ANY_SALT( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_ANY_SALT | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN Asymmetric signature: randomized ECDSA (no hashing) depends_on:PSA_WANT_ALG_ECDSA -asymmetric_signature_algorithm:PSA_ALG_ECDSA_ANY:ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_HASH_AND_SIGN +asymmetric_signature_algorithm:PSA_ALG_ECDSA_ANY:ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_SIGN_HASH Asymmetric signature: SHA-256 + randomized ECDSA depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256 -asymmetric_signature_algorithm:PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_HASH_AND_SIGN +asymmetric_signature_algorithm:PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN Asymmetric signature: SHA-256 + deterministic ECDSA using SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256 -asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC | ALG_IS_HASH_AND_SIGN +asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN Asymmetric signature: pure EdDSA depends_on:PSA_WANT_ALG_EDDSA @@ -200,11 +228,11 @@ asymmetric_signature_algorithm:PSA_ALG_PURE_EDDSA:0 Asymmetric signature: Ed25519ph depends_on:PSA_WANT_ALG_EDDSA -asymmetric_signature_algorithm:PSA_ALG_ED25519PH:ALG_IS_HASH_EDDSA | ALG_IS_HASH_AND_SIGN +asymmetric_signature_algorithm:PSA_ALG_ED25519PH:ALG_IS_HASH_EDDSA | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN Asymmetric signature: Ed448ph depends_on:PSA_WANT_ALG_EDDSA -asymmetric_signature_algorithm:PSA_ALG_ED448PH:ALG_IS_HASH_EDDSA | ALG_IS_HASH_AND_SIGN +asymmetric_signature_algorithm:PSA_ALG_ED448PH:ALG_IS_HASH_EDDSA | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN Asymmetric signature: RSA PKCS#1 v1.5 with wildcard hash depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN @@ -212,7 +240,11 @@ asymmetric_signature_wildcard:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ):ALG_ Asymmetric signature: RSA PSS with wildcard hash depends_on:PSA_WANT_ALG_RSA_PSS -asymmetric_signature_wildcard:PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ):ALG_IS_RSA_PSS +asymmetric_signature_wildcard:PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_STANDARD_SALT + +Asymmetric signature: RSA PSS-any-salt with wildcard hash +depends_on:PSA_WANT_ALG_RSA_PSS +asymmetric_signature_wildcard:PSA_ALG_RSA_PSS_ANY_SALT( PSA_ALG_ANY_HASH ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_ANY_SALT Asymmetric signature: randomized ECDSA with wildcard hash depends_on:PSA_WANT_ALG_ECDSA @@ -295,6 +327,10 @@ Block cipher key type: AES depends_on:PSA_WANT_KEY_TYPE_AES block_cipher_key_type:PSA_KEY_TYPE_AES:16 +Block cipher key type: ARIA +depends_on:PSA_WANT_KEY_TYPE_ARIA +block_cipher_key_type:PSA_KEY_TYPE_ARIA:16 + Block cipher key type: DES depends_on:PSA_WANT_KEY_TYPE_DES block_cipher_key_type:PSA_KEY_TYPE_DES:8 diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index 9f4fc75495..092780c4db 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -22,25 +22,29 @@ #define ALG_IS_STREAM_CIPHER ( 1u << 3 ) #define ALG_IS_RSA_PKCS1V15_SIGN ( 1u << 4 ) #define ALG_IS_RSA_PSS ( 1u << 5 ) -#define ALG_IS_DSA ( 1u << 6 ) -#define ALG_DSA_IS_DETERMINISTIC ( 1u << 7 ) -#define ALG_IS_DETERMINISTIC_DSA ( 1u << 8 ) -#define ALG_IS_RANDOMIZED_DSA ( 1u << 9 ) -#define ALG_IS_ECDSA ( 1u << 10 ) -#define ALG_ECDSA_IS_DETERMINISTIC ( 1u << 11 ) -#define ALG_IS_DETERMINISTIC_ECDSA ( 1u << 12 ) -#define ALG_IS_RANDOMIZED_ECDSA ( 1u << 13 ) -#define ALG_IS_HASH_EDDSA ( 1u << 14 ) -#define ALG_IS_HASH_AND_SIGN ( 1u << 15 ) -#define ALG_IS_RSA_OAEP ( 1u << 16 ) -#define ALG_IS_HKDF ( 1u << 17 ) -#define ALG_IS_FFDH ( 1u << 18 ) -#define ALG_IS_ECDH ( 1u << 19 ) -#define ALG_IS_WILDCARD ( 1u << 20 ) -#define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 21 ) -#define ALG_IS_AEAD_ON_BLOCK_CIPHER ( 1u << 22 ) -#define ALG_IS_TLS12_PRF ( 1u << 23 ) -#define ALG_IS_TLS12_PSK_TO_MS ( 1u << 24 ) +#define ALG_IS_RSA_PSS_ANY_SALT ( 1u << 6 ) +#define ALG_IS_RSA_PSS_STANDARD_SALT ( 1u << 7 ) +#define ALG_IS_DSA ( 1u << 8 ) +#define ALG_DSA_IS_DETERMINISTIC ( 1u << 9 ) +#define ALG_IS_DETERMINISTIC_DSA ( 1u << 10 ) +#define ALG_IS_RANDOMIZED_DSA ( 1u << 11 ) +#define ALG_IS_ECDSA ( 1u << 12 ) +#define ALG_ECDSA_IS_DETERMINISTIC ( 1u << 13 ) +#define ALG_IS_DETERMINISTIC_ECDSA ( 1u << 14 ) +#define ALG_IS_RANDOMIZED_ECDSA ( 1u << 15 ) +#define ALG_IS_HASH_EDDSA ( 1u << 16 ) +#define ALG_IS_SIGN_HASH ( 1u << 17 ) +#define ALG_IS_HASH_AND_SIGN ( 1u << 18 ) +#define ALG_IS_RSA_OAEP ( 1u << 19 ) +#define ALG_IS_HKDF ( 1u << 20 ) +#define ALG_IS_FFDH ( 1u << 21 ) +#define ALG_IS_ECDH ( 1u << 22 ) +#define ALG_IS_WILDCARD ( 1u << 23 ) +#define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 24 ) +#define ALG_IS_AEAD_ON_BLOCK_CIPHER ( 1u << 25 ) +#define ALG_IS_TLS12_PRF ( 1u << 26 ) +#define ALG_IS_TLS12_PSK_TO_MS ( 1u << 27 ) +#define ALG_FLAG_MASK_PLUS_ONE ( 1u << 28 ) /* must be last! */ /* Flags for key type classification macros. There is a flag for every * key type classification macro PSA_KEY_TYPE_IS_xxx except for some that @@ -49,26 +53,43 @@ #define KEY_TYPE_IS_VENDOR_DEFINED ( 1u << 0 ) #define KEY_TYPE_IS_UNSTRUCTURED ( 1u << 1 ) #define KEY_TYPE_IS_PUBLIC_KEY ( 1u << 2 ) -#define KEY_TYPE_IS_KEY_PAIR ( 1u << 3 ) +#define KEY_TYPE_IS_KEY_PAIR ( 1u << 3 ) #define KEY_TYPE_IS_RSA ( 1u << 4 ) #define KEY_TYPE_IS_DSA ( 1u << 5 ) #define KEY_TYPE_IS_ECC ( 1u << 6 ) #define KEY_TYPE_IS_DH ( 1u << 7 ) +#define KEY_TYPE_FLAG_MASK_PLUS_ONE ( 1u << 8 ) /* must be last! */ /* Flags for lifetime classification macros. There is a flag for every * lifetime classification macro PSA_KEY_LIFETIME_IS_xxx. The name of the * flag is the name of the classification macro without the PSA_ prefix. */ #define KEY_LIFETIME_IS_VOLATILE ( 1u << 0 ) #define KEY_LIFETIME_IS_READ_ONLY ( 1u << 1 ) +#define KEY_LIFETIME_FLAG_MASK_PLUS_ONE ( 1u << 2 ) /* must be last! */ -#define TEST_CLASSIFICATION_MACRO( flag, alg, flags ) \ - do \ - { \ - if( ( flags ) & ( flag ) ) \ - TEST_ASSERT( PSA_##flag( alg ) ); \ - else \ - TEST_ASSERT( ! PSA_##flag( alg ) ); \ - } \ +/* Check that in the value of flags, the bit flag (which should be a macro + * expanding to a number of the form 1 << k) is set if and only if + * PSA_##flag(alg) is true. + * + * Only perform this check if cond is true. Typically cond is 1, but it can + * be different if the value of the flag bit is only specified under specific + * conditions. + * + * Unconditionally mask flag into the ambient variable + * classification_flags_tested. + */ +#define TEST_CLASSIFICATION_MACRO( cond, flag, alg, flags ) \ + do \ + { \ + if( cond ) \ + { \ + if( ( flags ) & ( flag ) ) \ + TEST_ASSERT( PSA_##flag( alg ) ); \ + else \ + TEST_ASSERT( ! PSA_##flag( alg ) ); \ + } \ + classification_flags_tested |= ( flag ); \ + } \ while( 0 ) /* Check the parity of value. @@ -95,44 +116,55 @@ int has_even_parity( uint32_t value ) void algorithm_classification( psa_algorithm_t alg, unsigned flags ) { - TEST_CLASSIFICATION_MACRO( ALG_IS_VENDOR_DEFINED, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_HMAC, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_BLOCK_CIPHER_MAC, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_STREAM_CIPHER, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_PKCS1V15_SIGN, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_PSS, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_DSA, alg, flags ); - if ( PSA_ALG_IS_DSA( alg ) ) - TEST_CLASSIFICATION_MACRO( ALG_DSA_IS_DETERMINISTIC, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_DETERMINISTIC_DSA, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_RANDOMIZED_DSA, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_ECDSA, alg, flags ); - if ( PSA_ALG_IS_ECDSA( alg ) ) - TEST_CLASSIFICATION_MACRO( ALG_ECDSA_IS_DETERMINISTIC, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_DETERMINISTIC_ECDSA, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_RANDOMIZED_ECDSA, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_HASH_EDDSA, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_HASH_AND_SIGN, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_OAEP, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_HKDF, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_WILDCARD, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_ECDH, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_FFDH, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_RAW_KEY_AGREEMENT, alg, flags ); - TEST_CLASSIFICATION_MACRO( ALG_IS_AEAD_ON_BLOCK_CIPHER, alg, flags ); + unsigned classification_flags_tested = 0; + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_VENDOR_DEFINED, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HMAC, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_BLOCK_CIPHER_MAC, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_STREAM_CIPHER, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PKCS1V15_SIGN, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PSS, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PSS_ANY_SALT, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PSS_STANDARD_SALT, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_DSA, alg, flags ); + TEST_CLASSIFICATION_MACRO( PSA_ALG_IS_DSA( alg ), + ALG_DSA_IS_DETERMINISTIC, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_DETERMINISTIC_DSA, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RANDOMIZED_DSA, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_ECDSA, alg, flags ); + TEST_CLASSIFICATION_MACRO( PSA_ALG_IS_ECDSA( alg ), + ALG_ECDSA_IS_DETERMINISTIC, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_DETERMINISTIC_ECDSA, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RANDOMIZED_ECDSA, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HASH_EDDSA, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_SIGN_HASH, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HASH_AND_SIGN, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_OAEP, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HKDF, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_WILDCARD, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_ECDH, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_FFDH, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RAW_KEY_AGREEMENT, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_AEAD_ON_BLOCK_CIPHER, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_TLS12_PRF, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_TLS12_PSK_TO_MS, alg, flags ); + TEST_EQUAL( classification_flags_tested, ALG_FLAG_MASK_PLUS_ONE - 1 ); exit: ; } void key_type_classification( psa_key_type_t type, unsigned flags ) { + unsigned classification_flags_tested = 0; + /* Macros tested based on the test case parameter */ - TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_VENDOR_DEFINED, type, flags ); - TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_UNSTRUCTURED, type, flags ); - TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_PUBLIC_KEY, type, flags ); - TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_KEY_PAIR, type, flags ); - TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_RSA, type, flags ); - TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_ECC, type, flags ); - TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_DH, type, flags ); + TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_VENDOR_DEFINED, type, flags ); + TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_UNSTRUCTURED, type, flags ); + TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_PUBLIC_KEY, type, flags ); + TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_KEY_PAIR, type, flags ); + TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_RSA, type, flags ); + TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_DSA, type, flags ); + TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_ECC, type, flags ); + TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_DH, type, flags ); + TEST_EQUAL( classification_flags_tested, KEY_TYPE_FLAG_MASK_PLUS_ONE - 1 ); /* Macros with derived semantics */ TEST_EQUAL( PSA_KEY_TYPE_IS_ASYMMETRIC( type ), @@ -351,6 +383,7 @@ void hmac_algorithm( int alg_arg, TEST_ASSERT( PSA_ALG_IS_HASH( hash_alg ) ); TEST_EQUAL( PSA_ALG_HMAC( hash_alg ), alg ); + TEST_ASSERT( block_size == PSA_HASH_BLOCK_LENGTH( alg ) ); TEST_ASSERT( block_size <= PSA_HMAC_MAX_HASH_BLOCK_SIZE ); test_mac_algorithm( alg_arg, ALG_IS_HMAC, length, @@ -487,7 +520,9 @@ void asymmetric_signature_algorithm( int alg_arg, int classification_flags ) /* BEGIN_CASE */ void asymmetric_signature_wildcard( int alg_arg, int classification_flags ) { - classification_flags |= ALG_IS_HASH_AND_SIGN | ALG_IS_WILDCARD; + classification_flags |= ALG_IS_WILDCARD; + classification_flags |= ALG_IS_SIGN_HASH; + classification_flags |= ALG_IS_HASH_AND_SIGN; test_asymmetric_signature_algorithm( alg_arg, classification_flags ); /* Any failure of this test function comes from * asymmetric_signature_algorithm. Pacify -Werror=unused-label. */ @@ -691,9 +726,12 @@ void lifetime( int lifetime_arg, int classification_flags, psa_key_persistence_t persistence = persistence_arg; psa_key_location_t location = location_arg; unsigned flags = classification_flags; + unsigned classification_flags_tested = 0; - TEST_CLASSIFICATION_MACRO( KEY_LIFETIME_IS_VOLATILE, lifetime, flags ); - TEST_CLASSIFICATION_MACRO( KEY_LIFETIME_IS_READ_ONLY, lifetime, flags ); + TEST_CLASSIFICATION_MACRO( 1, KEY_LIFETIME_IS_VOLATILE, lifetime, flags ); + TEST_CLASSIFICATION_MACRO( 1, KEY_LIFETIME_IS_READ_ONLY, lifetime, flags ); + TEST_EQUAL( classification_flags_tested, + KEY_LIFETIME_FLAG_MASK_PLUS_ONE - 1 ); TEST_EQUAL( PSA_KEY_LIFETIME_GET_PERSISTENCE( lifetime ), persistence ); TEST_EQUAL( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ), location ); diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tests/suites/test_suite_psa_crypto_se_driver_hal.data index a57e9b360a..2bcf4e4b7b 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.data +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.data @@ -78,6 +78,21 @@ import_key_smoke:PSA_KEY_TYPE_AES:PSA_ALG_CCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" Key import smoke test: AES-GCM import_key_smoke:PSA_KEY_TYPE_AES:PSA_ALG_GCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +Key import smoke test: ARIA-CTR +import_key_smoke:PSA_KEY_TYPE_ARIA:PSA_ALG_CTR:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +Key import smoke test: ARIA-CBC +import_key_smoke:PSA_KEY_TYPE_ARIA:PSA_ALG_CBC_NO_PADDING:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +Key import smoke test: ARIA-CMAC +import_key_smoke:PSA_KEY_TYPE_ARIA:PSA_ALG_CMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +Key import smoke test: ARIA-CCM +import_key_smoke:PSA_KEY_TYPE_ARIA:PSA_ALG_CCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +Key import smoke test: ARIA-GCM +import_key_smoke:PSA_KEY_TYPE_ARIA:PSA_ALG_GCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + Key import smoke test: CAMELLIA-CTR import_key_smoke:PSA_KEY_TYPE_CAMELLIA:PSA_ALG_CTR:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index 68b196d32a..1477734165 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -160,7 +160,7 @@ depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX + 1:PSA_ERROR_INVALID_ARGUMENT Open not supported -depends_on:!MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:!MBEDTLS_PSA_CRYPTO_STORAGE_C:!MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS open_fail:1:PSA_ERROR_NOT_SUPPORTED Create not supported diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 5d92469ad7..9dabb51c21 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -6021,6 +6021,62 @@ SSL TLS 1.3 Key schedule: Handshake secrets derivation helper # Vector from RFC 8448 ssl_tls1_3_derive_handshake_secrets:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803" +SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #1 +# - Server App Key: 0b6d22c8ff68097ea871c672073773bf +# - Server App IV: 1b13dd9f8d8f17091d34b349 +# - Client App Key: 49134b95328f279f0183860589ac6707 +# - Client App IV: bc4dd5f7b98acff85466261d +# - App data payload: 70696e67 +# - Complete record: 1703030015c74061535eb12f5f25a781957874742ab7fb305dd5 +# - Padding used: No (== granularity 1) +ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5" + +SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2 +# - Server App Key: 0b6d22c8ff68097ea871c672073773bf +# - Server App IV: 1b13dd9f8d8f17091d34b349 +# - Client App Key: 49134b95328f279f0183860589ac6707 +# - Client App IV: bc4dd5f7b98acff85466261d +# - App data payload: 706f6e67 +# - Complete record: 1703030015370e5f168afa7fb16b663ecdfca3dbb81931a90ca7 +# - Padding used: No (== granularity 1) +ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7" + +SSL TLS 1.3 Record Encryption RFC 8448 Example #1 +# Application Data record sent by Client in 1-RTT example of RFC 8448, Section 3 +# - Server App Key: 9f 02 28 3b 6c 9c 07 ef c2 6b b9 f2 ac 92 e3 56 +# - Server App IV: cf 78 2b 88 dd 83 54 9a ad f1 e9 84 +# - Client App Key: 17 42 2d da 59 6e d5 d9 ac d8 90 e3 c6 3f 50 51 +# - Client App IV: 5b 78 92 3d ee 08 57 90 33 e5 23 d9 +# - App data payload: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f +# 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f +# 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f +# 30 31 +# - Complete record: 17 03 03 00 43 a2 3f 70 54 b6 2c 94 d0 af fa fe +# 82 28 ba 55 cb ef ac ea 42 f9 14 aa 66 bc ab 3f +# 2b 98 19 a8 a5 b4 6b 39 5b d5 4a 9a 20 44 1e 2b +# 62 97 4e 1f 5a 62 92 a2 97 70 14 bd 1e 3d ea e6 +# 3a ee bb 21 69 49 15 e4 +# - Padding used: No (== granularity 1) +ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4" + +SSL TLS 1.3 Record Encryption RFC 8448 Example #2 +# Application Data record sent by Server in 1-RTT example of RFC 8448, Section 3 +# - Server App Key: 9f 02 28 3b 6c 9c 07 ef c2 6b b9 f2 ac 92 e3 56 +# - Server App IV: cf 78 2b 88 dd 83 54 9a ad f1 e9 84 +# - Client App Key: 17 42 2d da 59 6e d5 d9 ac d8 90 e3 c6 3f 50 51 +# - Client App IV: 5b 78 92 3d ee 08 57 90 33 e5 23 d9 +# - App data payload: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f +# 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f +# 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f +# 30 31 +# - Complete record: 17 03 03 00 43 2e 93 7e 11 ef 4a c7 40 e5 38 ad +# 36 00 5f c4 a4 69 32 fc 32 25 d0 5f 82 aa 1b 36 +# e3 0e fa f9 7d 90 e6 df fc 60 2d cb 50 1a 59 a8 +# fc c4 9c 4b f2 e5 f0 a2 1c 00 47 c2 ab f3 32 54 +# 0d d0 32 e1 67 c2 95 5d +# - Padding used: No (== granularity 1) +ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d" + SSL TLS 1.3 Key schedule: Application secrets derivation helper # Vector from RFC 8448 ssl_tls1_3_derive_application_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4" @@ -6173,3 +6229,9 @@ ssl_cf_memcpy_offset:0:255:32 # we could get this with 255-bytes plaintext and untruncated SHA-384 Constant-flow memcpy from offset: large ssl_cf_memcpy_offset:100:339:48 + +Test configuration of groups for DHE through mbedtls_ssl_conf_curves() +conf_curve: + +Test configuration of groups for DHE through mbedtls_ssl_conf_groups() +conf_group: diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8ac2af1819..3f79035f9e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3944,6 +3944,104 @@ void ssl_tls1_3_create_psk_binder( int hash_alg, } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ +void ssl_tls1_3_record_protection( int ciphersuite, + int endpoint, + int ctr, + int padding_used, + data_t *server_write_key, + data_t *server_write_iv, + data_t *client_write_key, + data_t *client_write_iv, + data_t *plaintext, + data_t *ciphertext ) +{ + mbedtls_ssl_key_set keys; + mbedtls_ssl_transform transform_send; + mbedtls_ssl_transform transform_recv; + mbedtls_record rec; + unsigned char *buf = NULL; + size_t buf_len; + int other_endpoint; + + TEST_ASSERT( endpoint == MBEDTLS_SSL_IS_CLIENT || + endpoint == MBEDTLS_SSL_IS_SERVER ); + + if( endpoint == MBEDTLS_SSL_IS_SERVER ) + other_endpoint = MBEDTLS_SSL_IS_CLIENT; + if( endpoint == MBEDTLS_SSL_IS_CLIENT ) + other_endpoint = MBEDTLS_SSL_IS_SERVER; + + TEST_ASSERT( server_write_key->len == client_write_key->len ); + TEST_ASSERT( server_write_iv->len == client_write_iv->len ); + + memcpy( keys.client_write_key, + client_write_key->x, client_write_key->len ); + memcpy( keys.client_write_iv, + client_write_iv->x, client_write_iv->len ); + memcpy( keys.server_write_key, + server_write_key->x, server_write_key->len ); + memcpy( keys.server_write_iv, + server_write_iv->x, server_write_iv->len ); + + keys.key_len = server_write_key->len; + keys.iv_len = server_write_iv->len; + + mbedtls_ssl_transform_init( &transform_recv ); + mbedtls_ssl_transform_init( &transform_send ); + + TEST_ASSERT( mbedtls_ssl_tls13_populate_transform( + &transform_send, endpoint, + ciphersuite, &keys, NULL ) == 0 ); + TEST_ASSERT( mbedtls_ssl_tls13_populate_transform( + &transform_recv, other_endpoint, + ciphersuite, &keys, NULL ) == 0 ); + + /* Make sure we have enough space in the buffer even if + * we use more padding than the KAT. */ + buf_len = ciphertext->len + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY; + ASSERT_ALLOC( buf, buf_len ); + rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA; + + /* TLS 1.3 uses the version identifier from TLS 1.2 on the wire. */ + mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3, + MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_TRANSPORT_STREAM, + rec.ver ); + + /* Copy plaintext into record structure */ + rec.buf = buf; + rec.buf_len = buf_len; + rec.data_offset = 0; + TEST_ASSERT( plaintext->len <= ciphertext->len ); + memcpy( rec.buf + rec.data_offset, plaintext->x, plaintext->len ); + rec.data_len = plaintext->len; +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + rec.cid_len = 0; +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + + memset( &rec.ctr[0], 0, 8 ); + rec.ctr[7] = ctr; + + TEST_ASSERT( mbedtls_ssl_encrypt_buf( NULL, &transform_send, &rec, + NULL, NULL ) == 0 ); + + if( padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY ) + { + ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len, + ciphertext->x, ciphertext->len ); + } + + TEST_ASSERT( mbedtls_ssl_decrypt_buf( NULL, &transform_recv, &rec ) == 0 ); + ASSERT_COMPARE( rec.buf + rec.data_offset, rec.data_len, + plaintext->x, plaintext->len ); + + mbedtls_free( buf ); + mbedtls_ssl_transform_free( &transform_send ); + mbedtls_ssl_transform_free( &transform_recv ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ void ssl_tls1_3_key_evolution( int hash_alg, data_t *secret, @@ -4783,3 +4881,72 @@ exit: } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +void conf_curve() +{ + + mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP192R1, + MBEDTLS_ECP_DP_SECP224R1, + MBEDTLS_ECP_DP_SECP256R1, + MBEDTLS_ECP_DP_NONE }; + mbedtls_ecp_group_id iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, + MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; + + mbedtls_ssl_config conf; + mbedtls_ssl_config_init( &conf ); + + mbedtls_ssl_conf_max_version( &conf, 3, 3 ); + mbedtls_ssl_conf_min_version( &conf, 3, 3 ); + mbedtls_ssl_conf_curves( &conf, curve_list ); + + mbedtls_ssl_context ssl; + mbedtls_ssl_init( &ssl ); + mbedtls_ssl_setup( &ssl, &conf ); + + TEST_ASSERT( ssl.handshake != NULL && ssl.handshake->group_list != NULL ); + TEST_ASSERT( ssl.conf != NULL && ssl.conf->group_list == NULL ); + + TEST_EQUAL( ssl.handshake->group_list[ARRAY_LENGTH( iana_tls_group_list ) - 1], MBEDTLS_SSL_IANA_TLS_GROUP_NONE ); + + for( size_t i = 0; i < ARRAY_LENGTH( iana_tls_group_list ); i++ ) + TEST_EQUAL( iana_tls_group_list[i], ssl.handshake->group_list[i] ); + + mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_DEPRECATED_REMOVED */ +void conf_group() +{ + uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, + MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; + + mbedtls_ssl_config conf; + mbedtls_ssl_config_init( &conf ); + + mbedtls_ssl_conf_max_version( &conf, 3, 3 ); + mbedtls_ssl_conf_min_version( &conf, 3, 3 ); + + mbedtls_ssl_conf_groups( &conf, iana_tls_group_list ); + + mbedtls_ssl_context ssl; + mbedtls_ssl_init( &ssl ); + mbedtls_ssl_setup( &ssl, &conf ); + + TEST_ASSERT( ssl.conf != NULL && ssl.conf->group_list != NULL ); + + TEST_EQUAL( ssl.conf->group_list[ARRAY_LENGTH( iana_tls_group_list ) - 1], MBEDTLS_SSL_IANA_TLS_GROUP_NONE ); + + for( size_t i = 0; i < ARRAY_LENGTH( iana_tls_group_list ); i++ ) + TEST_EQUAL( iana_tls_group_list[i], ssl.conf->group_list[i] ); + + mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); +} +/* END_CASE */