From c34b839d85186aeafe6b29cfa85dda812f7456d3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 8 Oct 2019 14:21:18 +0200 Subject: [PATCH 01/65] Improve the descriptions of some entropy test cases --- tests/suites/test_suite_entropy.data | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/tests/suites/test_suite_entropy.data b/tests/suites/test_suite_entropy.data index 11ced64b32..7460d74b86 100644 --- a/tests/suites/test_suite_entropy.data +++ b/tests/suites/test_suite_entropy.data @@ -1,43 +1,43 @@ Create NV seed_file nv_seed_file_create: -Entropy write/update seed file [#1] +Entropy write/update seed file: good entropy_seed_file:"data_files/entropy_seed":0 -Entropy write/update seed file [#2] +Entropy write/update seed file: nonexistent entropy_seed_file:"no_such_dir/file":MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR Entropy too many sources entropy_too_many_sources: -Entropy output length #1 +Entropy output length: 0 entropy_func_len:0:0 -Entropy output length #2 +Entropy output length: 1 entropy_func_len:1:0 -Entropy output length #3 +Entropy output length: 2 entropy_func_len:2:0 -Entropy output length #4 +Entropy output length: 31 entropy_func_len:31:0 -Entropy output length #5 +Entropy output length: 65 > BLOCK_SIZE entropy_func_len:65:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED Entropy failing source entropy_source_fail:"data_files/entropy_seed" -Entropy threshold #1 +Entropy threshold: 16=2*8 entropy_threshold:16:2:8 -Entropy threshold #2 +Entropy threshold: 32=1*32 entropy_threshold:32:1:32 -Entropy threshold #3 +Entropy threshold: 0* never reaches the threshold entropy_threshold:16:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -Entropy threshold #4 +Entropy threshold: 1024 never reached entropy_threshold:1024:1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED Check NV seed standard IO From ed04a676ee52e3ce54192dd4ff15f79bc5636a9e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 8 Oct 2019 14:37:27 +0200 Subject: [PATCH 02/65] Entropy tests: support multiple dummy sources Always pass a context object to entropy_dummy_source. This lets us write tests that register more than one source and keep track of how many times each one is called. --- tests/suites/test_suite_entropy.function | 54 ++++++++++++++---------- 1 file changed, 32 insertions(+), 22 deletions(-) diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 0d86eadbed..8563b11f0c 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -3,10 +3,19 @@ #include "mbedtls/entropy_poll.h" #include "string.h" -/* - * Number of calls made to entropy_dummy_source() - */ -static size_t entropy_dummy_calls; +typedef enum +{ + DUMMY_CONSTANT_LENGTH, /* Output context->length bytes */ + DUMMY_REQUESTED_LENGTH, /* Output whatever length was requested */ + DUMMY_FAIL, /* Return an error code */ +} entropy_dummy_instruction; + +typedef struct +{ + entropy_dummy_instruction instruction; + size_t length; /* Length to return for DUMMY_CONSTANT_LENGTH */ + size_t calls; /* Incremented at each call */ +} entropy_dummy_context; /* * Dummy entropy source @@ -14,25 +23,25 @@ static size_t entropy_dummy_calls; * If data is NULL, write exactly the requested length. * Otherwise, write the length indicated by data or error if negative */ -static int entropy_dummy_source( void *data, unsigned char *output, +static int entropy_dummy_source( void *arg, unsigned char *output, size_t len, size_t *olen ) { - entropy_dummy_calls++; + entropy_dummy_context *context = arg; + ++context->calls; - if( data == NULL ) - *olen = len; - else + switch( context->instruction ) { - int *d = (int *) data; - - if( *d < 0 ) + case DUMMY_CONSTANT_LENGTH: + *olen = context->length; + break; + case DUMMY_REQUESTED_LENGTH: + *olen = len; + break; + case DUMMY_FAIL: return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); - else - *olen = *d; } memset( output, 0x2a, *olen ); - return( 0 ); } @@ -144,6 +153,7 @@ void entropy_too_many_sources( ) { mbedtls_entropy_context ctx; size_t i; + entropy_dummy_context dummy = {DUMMY_REQUESTED_LENGTH, 0, 0}; mbedtls_entropy_init( &ctx ); @@ -152,10 +162,10 @@ void entropy_too_many_sources( ) * since we don't know how many sources were automatically added. */ for( i = 0; i < MBEDTLS_ENTROPY_MAX_SOURCES; i++ ) - (void) mbedtls_entropy_add_source( &ctx, entropy_dummy_source, NULL, + (void) mbedtls_entropy_add_source( &ctx, entropy_dummy_source, &dummy, 16, MBEDTLS_ENTROPY_SOURCE_WEAK ); - TEST_ASSERT( mbedtls_entropy_add_source( &ctx, entropy_dummy_source, NULL, + TEST_ASSERT( mbedtls_entropy_add_source( &ctx, entropy_dummy_source, &dummy, 16, MBEDTLS_ENTROPY_SOURCE_WEAK ) == MBEDTLS_ERR_ENTROPY_MAX_SOURCES ); @@ -197,13 +207,13 @@ void entropy_func_len( int len, int ret ) void entropy_source_fail( char * path ) { mbedtls_entropy_context ctx; - int fail = -1; unsigned char buf[16]; + entropy_dummy_context dummy = {DUMMY_FAIL, 0, 0}; mbedtls_entropy_init( &ctx ); TEST_ASSERT( mbedtls_entropy_add_source( &ctx, entropy_dummy_source, - &fail, 16, + &dummy, 16, MBEDTLS_ENTROPY_SOURCE_WEAK ) == 0 ); @@ -229,16 +239,16 @@ exit: void entropy_threshold( int threshold, int chunk_size, int result ) { mbedtls_entropy_context ctx; + entropy_dummy_context dummy = {DUMMY_CONSTANT_LENGTH, chunk_size, 0}; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 }; int ret; mbedtls_entropy_init( &ctx ); TEST_ASSERT( mbedtls_entropy_add_source( &ctx, entropy_dummy_source, - &chunk_size, threshold, + &dummy, threshold, MBEDTLS_ENTROPY_SOURCE_WEAK ) == 0 ); - entropy_dummy_calls = 0; ret = mbedtls_entropy_func( &ctx, buf, sizeof( buf ) ); if( result >= 0 ) @@ -248,7 +258,7 @@ void entropy_threshold( int threshold, int chunk_size, int result ) // Two times as much calls due to the NV seed update result *= 2; #endif - TEST_ASSERT( entropy_dummy_calls == (size_t) result ); + TEST_ASSERT( dummy.calls == (size_t) result ); } else { From 7f246510d0b5f19e3e1fcf16167b1c4e3cae0143 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 8 Oct 2019 14:51:49 +0200 Subject: [PATCH 03/65] Add a test case for MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED --- tests/suites/test_suite_entropy.data | 3 +++ tests/suites/test_suite_entropy.function | 20 ++++++++++++++++++-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_entropy.data b/tests/suites/test_suite_entropy.data index 7460d74b86..abf36c0ec2 100644 --- a/tests/suites/test_suite_entropy.data +++ b/tests/suites/test_suite_entropy.data @@ -7,6 +7,9 @@ entropy_seed_file:"data_files/entropy_seed":0 Entropy write/update seed file: nonexistent entropy_seed_file:"no_such_dir/file":MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR +Entropy no sources +entropy_no_sources: + Entropy too many sources entropy_too_many_sources: diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 8563b11f0c..a125f62029 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -45,7 +45,6 @@ static int entropy_dummy_source( void *arg, unsigned char *output, return( 0 ); } -#if defined(MBEDTLS_ENTROPY_NV_SEED) /* * Ability to clear entropy sources to allow testing with just predefined * entropy sources. This function or tests depending on it might break if there @@ -57,11 +56,12 @@ static int entropy_dummy_source( void *arg, unsigned char *output, * This might break memory checks in the future if sources need 'free-ing' then * as well. */ -void entropy_clear_sources( mbedtls_entropy_context *ctx ) +static void entropy_clear_sources( mbedtls_entropy_context *ctx ) { ctx->source_count = 0; } +#if defined(MBEDTLS_ENTROPY_NV_SEED) /* * NV seed read/write functions that use a buffer instead of a file */ @@ -148,6 +148,22 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void entropy_no_sources( ) +{ + mbedtls_entropy_context ctx; + unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; + + mbedtls_entropy_init( &ctx ); + entropy_clear_sources( &ctx ); + TEST_EQUAL( mbedtls_entropy_func( &ctx, buf, sizeof( buf ) ), + MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED ); + +exit: + mbedtls_entropy_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE */ void entropy_too_many_sources( ) { From 65fc0686a7df290fc3f0f58d318241bf8f61c76a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 8 Oct 2019 15:01:34 +0200 Subject: [PATCH 04/65] Add tests to ensure that we gather as much entropy as expected There were tests to ensure that each entropy source reaches its threshold, but no test that covers the total amount of entropy. Add test cases with a known set of entropy sources and make sure that we always gather at least MBEDTLS_ENTROPY_BLOCK_SIZE bytes from a strong source. --- tests/suites/test_suite_entropy.data | 18 ++++++++++ tests/suites/test_suite_entropy.function | 43 ++++++++++++++++++++++++ 2 files changed, 61 insertions(+) diff --git a/tests/suites/test_suite_entropy.data b/tests/suites/test_suite_entropy.data index abf36c0ec2..b2d20b4729 100644 --- a/tests/suites/test_suite_entropy.data +++ b/tests/suites/test_suite_entropy.data @@ -43,6 +43,24 @@ entropy_threshold:16:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED Entropy threshold: 1024 never reached entropy_threshold:1024:1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED +Entropy calls: no strong +entropy_calls:MBEDTLS_ENTROPY_SOURCE_WEAK:MBEDTLS_ENTROPY_SOURCE_WEAK:1:MBEDTLS_ENTROPY_BLOCK_SIZE:MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE + +Entropy calls: 1 strong, 1*BLOCK_SIZE +entropy_calls:MBEDTLS_ENTROPY_SOURCE_STRONG:MBEDTLS_ENTROPY_SOURCE_WEAK:1:MBEDTLS_ENTROPY_BLOCK_SIZE:1 + +Entropy calls: 1 strong, 2*(BLOCK_SIZE/2) +entropy_calls:MBEDTLS_ENTROPY_SOURCE_STRONG:MBEDTLS_ENTROPY_SOURCE_WEAK:1:(MBEDTLS_ENTROPY_BLOCK_SIZE+1)/2:2 + +Entropy calls: 1 strong, BLOCK_SIZE*1 +entropy_calls:MBEDTLS_ENTROPY_SOURCE_STRONG:MBEDTLS_ENTROPY_SOURCE_WEAK:1:1:MBEDTLS_ENTROPY_BLOCK_SIZE + +Entropy calls: 1 strong, 2*BLOCK_SIZE to reach threshold +entropy_calls:MBEDTLS_ENTROPY_SOURCE_STRONG:MBEDTLS_ENTROPY_SOURCE_WEAK:MBEDTLS_ENTROPY_BLOCK_SIZE+1:MBEDTLS_ENTROPY_BLOCK_SIZE:2 + +Entropy calls: 2 strong, BLOCK_SIZE/2 each +entropy_calls:MBEDTLS_ENTROPY_SOURCE_STRONG:MBEDTLS_ENTROPY_SOURCE_WEAK:(MBEDTLS_ENTROPY_BLOCK_SIZE+1)/2:(MBEDTLS_ENTROPY_BLOCK_SIZE+1)/2:2 + Check NV seed standard IO entropy_nv_seed_std_io: diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index a125f62029..d1d88c5fa5 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -286,6 +286,49 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void entropy_calls( int strength1, int strength2, + int threshold, int chunk_size, + int result ) +{ + /* + * if result >= 0: result = expected number of calls to source 1 + * if result < 0: result = expected return code from mbedtls_entropy_func() + */ + + mbedtls_entropy_context ctx; + entropy_dummy_context dummy1 = {DUMMY_CONSTANT_LENGTH, chunk_size, 0}; + entropy_dummy_context dummy2 = {DUMMY_CONSTANT_LENGTH, chunk_size, 0}; + unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 }; + int ret; + + mbedtls_entropy_init( &ctx ); + entropy_clear_sources( &ctx ); + + TEST_ASSERT( mbedtls_entropy_add_source( &ctx, entropy_dummy_source, + &dummy1, threshold, + strength1 ) == 0 ); + TEST_ASSERT( mbedtls_entropy_add_source( &ctx, entropy_dummy_source, + &dummy2, threshold, + strength2 ) == 0 ); + + ret = mbedtls_entropy_func( &ctx, buf, sizeof( buf ) ); + + if( result >= 0 ) + { + TEST_ASSERT( ret == 0 ); + TEST_ASSERT( dummy1.calls == (size_t) result ); + } + else + { + TEST_ASSERT( ret == result ); + } + +exit: + mbedtls_entropy_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */ void nv_seed_file_create( ) { From 85485c73380e44e6d6e00a340883d1972d5f9e21 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 8 Oct 2019 15:04:16 +0200 Subject: [PATCH 05/65] Always gather MBEDTLS_ENTROPY_BLOCK_SIZE bytes of entropy mbedtls_entropy_func returns up to MBEDTLS_ENTROPY_BLOCK_SIZE bytes. This is the output of a hash function and does not indicate how many bytes of entropy went into the hash computation. Enforce that mbedtls_entropy_func gathers a total of MBEDTLS_ENTROPY_BLOCK_SIZE bytes or more from strong sources. Weak sources don't count for this calculation. This is complementary to the per-source threshold mechanism. In particular, we define system sources with a threshold of 32. But when using SHA-512 for the entropy accumulator, MBEDTLS_ENTROPY_BLOCK_SIZE = 64, so users can expect 64 bytes' worth of entropy. Before, you only got 64 bytes of entropy if there were two sources. Now you get 64 bytes of entropy even with a single source with a threshold of 32. --- library/entropy.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/library/entropy.c b/library/entropy.c index f8db1a5503..565525396a 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -325,7 +325,8 @@ int mbedtls_entropy_gather( mbedtls_entropy_context *ctx ) int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) { - int ret, count = 0, i, done; + int ret, count = 0, i, thresholds_reached; + size_t strong_size; mbedtls_entropy_context *ctx = (mbedtls_entropy_context *) data; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; @@ -363,12 +364,17 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) if( ( ret = entropy_gather_internal( ctx ) ) != 0 ) goto exit; - done = 1; + thresholds_reached = 1; + strong_size = 0; for( i = 0; i < ctx->source_count; i++ ) + { if( ctx->source[i].size < ctx->source[i].threshold ) - done = 0; + thresholds_reached = 0; + if( ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG ) + strong_size += ctx->source[i].size; + } } - while( ! done ); + while( ! thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE ); memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); From 5033db293bd2a93128d09573e7ca2cce2f0e2862 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 31 Oct 2019 15:07:08 +0100 Subject: [PATCH 06/65] Clarify that the "FATAL" message is expected The test case "Memory buffer small buffer" emits a message "FATAL: verification of first header failed". In this test case, it's actually expected, but it looks weird to see this message from a passing test. Add a comment that states this explicitly, and modify the test description to indicate that the failure is expected, and change the test function name to be more accurate. Fix #309 --- tests/suites/test_suite_memory_buffer_alloc.data | 4 ++-- tests/suites/test_suite_memory_buffer_alloc.function | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_memory_buffer_alloc.data b/tests/suites/test_suite_memory_buffer_alloc.data index d59f1135ae..660ca0a379 100644 --- a/tests/suites/test_suite_memory_buffer_alloc.data +++ b/tests/suites/test_suite_memory_buffer_alloc.data @@ -16,8 +16,8 @@ memory_buffer_alloc_free_alloc:100:64:100:100:0:0:0:1:200:0 Memory buffer alloc - Out of Memory test memory_buffer_alloc_oom_test: -Memory buffer small buffer -memory_buffer_small_buffer: +Memory buffer: heap too small (header verification should fail) +memory_buffer_heap_too_small: Memory buffer underalloc memory_buffer_underalloc: diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function index bc034367a6..886d22b07b 100644 --- a/tests/suites/test_suite_memory_buffer_alloc.function +++ b/tests/suites/test_suite_memory_buffer_alloc.function @@ -232,11 +232,14 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */ -void memory_buffer_small_buffer( ) +void memory_buffer_heap_too_small( ) { unsigned char buf[1]; mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) ); + /* With MBEDTLS_MEMORY_DEBUG enabled, this prints a message + * "FATAL: verification of first header failed". + */ TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() != 0 ); } /* END_CASE */ From 02348c6fce071f4c46083a3d5059eb996672942b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 31 Oct 2019 15:07:35 +0100 Subject: [PATCH 07/65] More accurate test case description --- tests/suites/test_suite_memory_buffer_alloc.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_memory_buffer_alloc.data b/tests/suites/test_suite_memory_buffer_alloc.data index 660ca0a379..d780fd41b2 100644 --- a/tests/suites/test_suite_memory_buffer_alloc.data +++ b/tests/suites/test_suite_memory_buffer_alloc.data @@ -19,5 +19,5 @@ memory_buffer_alloc_oom_test: Memory buffer: heap too small (header verification should fail) memory_buffer_heap_too_small: -Memory buffer underalloc +Memory buffer: attempt to allocate SIZE_MAX memory_buffer_underalloc: From cf5abd812a8d4a6c7da0a6c4de1c14f639b3f466 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 31 Oct 2019 15:07:45 +0100 Subject: [PATCH 08/65] Enable more test cases without MBEDTLS_MEMORY_DEBUG None of the test cases in tests_suite_memory_buffer_alloc actually need MBEDTLS_MEMORY_DEBUG. Some have additional checks when MBEDTLS_MEMORY_DEBUG but all are useful even without it. So enable them all and #ifdef out the parts that require DEBUG. --- .../test_suite_memory_buffer_alloc.function | 25 +++++++++++++++---- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function index 886d22b07b..cc884c28e5 100644 --- a/tests/suites/test_suite_memory_buffer_alloc.function +++ b/tests/suites/test_suite_memory_buffer_alloc.function @@ -29,7 +29,7 @@ void mbedtls_memory_buffer_alloc_self_test( ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */ +/* BEGIN_CASE */ void memory_buffer_alloc_free_alloc( int a_bytes, int b_bytes, int c_bytes, int d_bytes, int free_a, int free_b, int free_c, int free_d, int e_bytes, @@ -39,8 +39,11 @@ void memory_buffer_alloc_free_alloc( int a_bytes, int b_bytes, int c_bytes, unsigned char *ptr_a = NULL, *ptr_b = NULL, *ptr_c = NULL, *ptr_d = NULL, *ptr_e = NULL, *ptr_f = NULL; +#if defined(MBEDTLS_MEMORY_DEBUG) size_t reported_blocks; - size_t allocated_bytes = 0, reported_bytes; + size_t reported_bytes; +#endif + size_t allocated_bytes = 0; mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) ); @@ -78,8 +81,10 @@ void memory_buffer_alloc_free_alloc( int a_bytes, int b_bytes, int c_bytes, allocated_bytes += d_bytes * sizeof(char); } +#if defined(MBEDTLS_MEMORY_DEBUG) mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); TEST_ASSERT( reported_bytes == allocated_bytes ); +#endif if( free_a ) { @@ -117,8 +122,10 @@ void memory_buffer_alloc_free_alloc( int a_bytes, int b_bytes, int c_bytes, allocated_bytes -= d_bytes * sizeof(char); } +#if defined(MBEDTLS_MEMORY_DEBUG) mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); TEST_ASSERT( reported_bytes == allocated_bytes ); +#endif if( e_bytes > 0 ) { @@ -178,8 +185,10 @@ void memory_buffer_alloc_free_alloc( int a_bytes, int b_bytes, int c_bytes, ptr_f = NULL; } +#if defined(MBEDTLS_MEMORY_DEBUG) mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); TEST_ASSERT( reported_bytes == 0 ); +#endif TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); @@ -188,12 +197,14 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */ +/* BEGIN_CASE */ void memory_buffer_alloc_oom_test( ) { unsigned char buf[1024]; unsigned char *ptr_a = NULL, *ptr_b = NULL, *ptr_c = NULL; +#if defined(MBEDTLS_MEMORY_DEBUG) size_t reported_blocks, reported_bytes; +#endif (void)ptr_c; @@ -210,8 +221,10 @@ void memory_buffer_alloc_oom_test( ) ptr_c = mbedtls_calloc( 431, sizeof(char) ); TEST_ASSERT( ptr_c == NULL ); +#if defined(MBEDTLS_MEMORY_DEBUG) mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); TEST_ASSERT( reported_bytes >= 864 && reported_bytes <= sizeof(buf) ); +#endif mbedtls_free( ptr_a ); ptr_a = NULL; @@ -221,8 +234,10 @@ void memory_buffer_alloc_oom_test( ) ptr_b = NULL; TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); +#if defined(MBEDTLS_MEMORY_DEBUG) mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); TEST_ASSERT( reported_bytes == 0 ); +#endif TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); @@ -231,7 +246,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */ +/* BEGIN_CASE */ void memory_buffer_heap_too_small( ) { unsigned char buf[1]; @@ -244,7 +259,7 @@ void memory_buffer_heap_too_small( ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */ +/* BEGIN_CASE */ void memory_buffer_underalloc( ) { unsigned char buf[100]; From 20180ca919227c65b9341901452210461be5de95 Mon Sep 17 00:00:00 2001 From: Mykhailo Sopiha Date: Tue, 29 Oct 2019 15:58:10 +0200 Subject: [PATCH 09/65] Add ASN.1 ENUMERATED tag support Add ASN.1 ENUMERATED [1] tag to supported tag list. 1. https://tools.ietf.org/html/rfc3641#page-8 Signed-off-by: Mykhailo Sopiha --- include/mbedtls/asn1.h | 26 ++++++++++++++++++++++---- include/mbedtls/asn1write.h | 15 +++++++++++++++ library/asn1parse.c | 27 ++++++++++++++++++++++----- library/asn1write.c | 14 ++++++++++++-- 4 files changed, 71 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 1a76111684..1c6683f63e 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -75,6 +75,7 @@ #define MBEDTLS_ASN1_OCTET_STRING 0x04 #define MBEDTLS_ASN1_NULL 0x05 #define MBEDTLS_ASN1_OID 0x06 +#define MBEDTLS_ASN1_ENUMERATED 0x0A #define MBEDTLS_ASN1_UTF8_STRING 0x0C #define MBEDTLS_ASN1_SEQUENCE 0x10 #define MBEDTLS_ASN1_SET 0x11 @@ -254,13 +255,32 @@ int mbedtls_asn1_get_bool( unsigned char **p, * a valid ASN.1 INTEGER. * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does * not fit in an \c int. - * \return An ASN.1 error code if the input does not start with - * a valid ASN.1 INTEGER. */ int mbedtls_asn1_get_int( unsigned char **p, const unsigned char *end, int *val ); +/** + * \brief Retrieve an enumerated ASN.1 tag and its value. + * Updates the pointer to immediately behind the full tag. + * + * \param p On entry, \c *p points to the start of the ASN.1 element. + * On successful completion, \c *p points to the first byte + * beyond the ASN.1 element. + * On error, the value of \c *p is undefined. + * \param end End of data. + * \param val On success, the parsed value. + * + * \return 0 if successful. + * \return An ASN.1 error code if the input does not start with + * a valid ASN.1 ENUMERATED. + * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does + * not fit in an \c int. + */ +int mbedtls_asn1_get_enum( unsigned char **p, + const unsigned char *end, + int *val ); + /** * \brief Retrieve a bitstring ASN.1 tag and its value. * Updates the pointer to immediately behind the full tag. @@ -367,8 +387,6 @@ int mbedtls_asn1_get_sequence_of( unsigned char **p, * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does * not fit in an \c int. * \return An MPI error code if the parsed value is too large. - * \return An ASN.1 error code if the input does not start with - * a valid ASN.1 INTEGER. */ int mbedtls_asn1_get_mpi( unsigned char **p, const unsigned char *end, diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h index 982414626e..0bce28ed13 100644 --- a/include/mbedtls/asn1write.h +++ b/include/mbedtls/asn1write.h @@ -192,6 +192,21 @@ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, */ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ); +/** + * \brief Write an enum tag (#MBEDTLS_ASN1_ENUMERATED) and value + * in ASN.1 format. + * + * \note This function works backwards in data buffer. + * + * \param p The reference to the current position pointer. + * \param start The start of the buffer, for bounds-checking. + * \param val The integer value to write. + * + * \return The number of bytes written to \p p on success. + * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. + */ +int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val ); + /** * \brief Write a string in ASN.1 format using a specific * string encoding tag. diff --git a/library/asn1parse.c b/library/asn1parse.c index 412259e358..87e7aa989a 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -139,17 +139,20 @@ int mbedtls_asn1_get_bool( unsigned char **p, return( 0 ); } -int mbedtls_asn1_get_int( unsigned char **p, - const unsigned char *end, - int *val ) +static int asn1_get_tagged_int( unsigned char **p, + const unsigned char *end, + int tag, int *val ) { int ret; size_t len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) + if( ( ret = mbedtls_asn1_get_tag( p, end, &len, tag ) ) != 0 ) return( ret ); - /* len==0 is malformed (0 must be represented as 020100). */ + /* + * len==0 is malformed (0 must be represented as 020100 for INTEGER, + * or 0A0100 for ENUMERATED tags + */ if( len == 0 ) return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); /* This is a cryptography library. Reject negative integers. */ @@ -180,6 +183,20 @@ int mbedtls_asn1_get_int( unsigned char **p, return( 0 ); } +int mbedtls_asn1_get_int( unsigned char **p, + const unsigned char *end, + int *val ) +{ + return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_INTEGER, val) ); +} + +int mbedtls_asn1_get_enum( unsigned char **p, + const unsigned char *end, + int *val ) +{ + return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_ENUMERATED, val) ); +} + #if defined(MBEDTLS_BIGNUM_C) int mbedtls_asn1_get_mpi( unsigned char **p, const unsigned char *end, diff --git a/library/asn1write.c b/library/asn1write.c index a138d0b75c..b3a3ad5084 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -231,7 +231,7 @@ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolea return( (int) len ); } -int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ) +static int asn1_write_tagged_int( unsigned char **p, unsigned char *start, int val, int tag ) { int ret; size_t len = 0; @@ -255,11 +255,21 @@ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ) } MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_INTEGER ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, tag ) ); return( (int) len ); } +int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ) +{ + return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_INTEGER ) ); +} + +int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val ) +{ + return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_ENUMERATED ) ); +} + int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, int tag, const char *text, size_t text_len ) { From 6af7bf91f20ac487c93991933862b83a86aa9766 Mon Sep 17 00:00:00 2001 From: Mykhailo Sopiha Date: Thu, 31 Oct 2019 15:55:16 +0200 Subject: [PATCH 10/65] Add test cases for ASN.1 ENUMERATED tag Add test cases for writing and parsing ASN.1 ENUMERATED tag values. Signed-off-by: Mykhailo Sopiha --- tests/suites/test_suite_asn1parse.data | 84 ++++++++++++++++++++++ tests/suites/test_suite_asn1parse.function | 43 +++++++++++ tests/suites/test_suite_asn1write.data | 42 +++++++++++ tests/suites/test_suite_asn1write.function | 21 ++++++ 4 files changed, 190 insertions(+) diff --git a/tests/suites/test_suite_asn1parse.data b/tests/suites/test_suite_asn1parse.data index 4abae0bb4c..e26f93af7a 100644 --- a/tests/suites/test_suite_asn1parse.data +++ b/tests/suites/test_suite_asn1parse.data @@ -286,6 +286,90 @@ get_integer:"010101":"":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG INTEGER too large for mpi get_mpi_too_large: +ENUMERATED 0 +get_enum:"0A0100":"0":0 + +ENUMERATED 0, extra leading 0 +get_enum:"0A020000":"0":0 + +ENUMERATED 1 +get_enum:"0A0101":"1":0 + +ENUMERATED 1, extra leading 0 +get_enum:"0A020001":"1":0 + +ENUMERATED 0x7f +get_enum:"0A017f":"7f":0 + +ENUMERATED 0x80 +get_enum:"0A020080":"80":0 + +ENUMERATED 0x80, extra leading 0 +get_enum:"0A03000080":"80":0 + +ENUMERATED 0xff +get_enum:"0A0200ff":"ff":0 + +ENUMERATED 0x7fff +get_enum:"0A027fff":"7fff":0 + +ENUMERATED 0x12345678 +get_enum:"0A0412345678":"12345678":0 + +ENUMERATED 0x12345678, extra leading 0 +get_enum:"0A050012345678":"12345678":0 + +ENUMERATED 0x7fffffff +get_enum:"0A047fffffff":"7fffffff":0 + +ENUMERATED 0x7fffffff, extra leading 0 +get_enum:"0A05007fffffff":"7fffffff":0 + +ENUMERATED 0x80000000 +get_enum:"0A050080000000":"80000000":0 + +ENUMERATED 0xffffffff +get_enum:"0A0500ffffffff":"ffffffff":0 + +ENUMERATED 0x100000000 +get_enum:"0A050100000000":"0100000000":0 + +ENUMERATED -1 +get_enum:"0A01ff":"-1":0 + +ENUMERATED -1, extra leading ff +get_enum:"0A02ffff":"-1":0 + +ENUMERATED -0x7f +get_enum:"0A0181":"-7f":0 + +ENUMERATED -0x80 +get_enum:"0A0180":"-80":0 + +ENUMERATED -0x81 +get_enum:"0A02ff7f":"-81":0 + +ENUMERATED -0xff +get_enum:"0A02ff01":"-ff":0 + +ENUMERATED -0x100 +get_enum:"0A02ff00":"-100":0 + +ENUMERATED -0x7fffffff +get_enum:"0A0480000001":"-7fffffff":0 + +ENUMERATED -0x80000000 +get_enum:"0A0480000000":"-80000000":0 + +ENUMERATED -0x80000001 +get_enum:"0A05ff7fffffff":"-80000001":0 + +ENUMERATED -0xffffffff +get_enum:"0A05ff00000001":"-ffffffff":0 + +ENUMERATED -0x100000000 +get_enum:"0A05ff00000000":"-100000000":0 + BIT STRING: empty get_bitstring:"0300":0:0:MBEDTLS_ERR_ASN1_OUT_OF_DATA:MBEDTLS_ERR_ASN1_INVALID_DATA diff --git a/tests/suites/test_suite_asn1parse.function b/tests/suites/test_suite_asn1parse.function index defbd01bb6..d747cc254f 100644 --- a/tests/suites/test_suite_asn1parse.function +++ b/tests/suites/test_suite_asn1parse.function @@ -393,6 +393,49 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void get_enum( const data_t *input, + const char *expected_hex, int expected_result ) +{ + unsigned char *p; + long expected_value; + int expected_result_for_enum = expected_result; + int val; + int ret; + + errno = 0; + expected_value = strtol( expected_hex, NULL, 16 ); + if( expected_result == 0 && + ( errno == ERANGE +#if LONG_MAX > INT_MAX + || expected_value > INT_MAX || expected_value < INT_MIN +#endif + ) ) + { + /* The library returns the dubious error code INVALID_LENGTH + * for integers that are out of range. */ + expected_result_for_enum = MBEDTLS_ERR_ASN1_INVALID_LENGTH; + } + if( expected_result == 0 && expected_value < 0 ) + { + /* The library does not support negative INTEGERs and + * returns the dubious error code INVALID_LENGTH. + * Test that we preserve the historical behavior. If we + * decide to change the behavior, we'll also change this test. */ + expected_result_for_enum = MBEDTLS_ERR_ASN1_INVALID_LENGTH; + } + + p = input->x; + ret = mbedtls_asn1_get_enum( &p, input->x + input->len, &val ); + TEST_EQUAL( ret, expected_result_for_enum ); + if( ret == 0 ) + { + TEST_EQUAL( val, expected_value ); + TEST_ASSERT( p == input->x + input->len ); + } +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_BIGNUM_C */ void get_mpi_too_large( ) { diff --git a/tests/suites/test_suite_asn1write.data b/tests/suites/test_suite_asn1write.data index fd589fb23e..7f5f5360e2 100644 --- a/tests/suites/test_suite_asn1write.data +++ b/tests/suites/test_suite_asn1write.data @@ -49,6 +49,48 @@ mbedtls_asn1_write_int:0x12345678:"020412345678" ASN.1 Write int 2147483647 mbedtls_asn1_write_int:0x7fffffff:"02047fffffff" +ASN.1 Write enum 0 +mbedtls_asn1_write_enum:0:"0A0100" + +ASN.1 Write enum 1 +mbedtls_asn1_write_enum:1:"0A0101" + +ASN.1 Write enum 127 +mbedtls_asn1_write_enum:0x7f:"0A017f" + +ASN.1 Write enum 128 +mbedtls_asn1_write_enum:0x80:"0A020080" + +ASN.1 Write enum 255 +mbedtls_asn1_write_enum:0xff:"0A0200ff" + +ASN.1 Write enum 256 +mbedtls_asn1_write_enum:0x100:"0A020100" + +ASN.1 Write enum 32767 +mbedtls_asn1_write_enum:0x7fff:"0A027fff" + +ASN.1 Write enum 32768 +mbedtls_asn1_write_enum:0x8000:"0A03008000" + +ASN.1 Write enum 65535 +mbedtls_asn1_write_enum:0xffff:"0A0300ffff" + +ASN.1 Write enum 65536 +mbedtls_asn1_write_enum:0x10000:"0A03010000" + +ASN.1 Write enum 8388607 +mbedtls_asn1_write_enum:0x7fffff:"0A037fffff" + +ASN.1 Write enum 8388608 +mbedtls_asn1_write_enum:0x800000:"0A0400800000" + +ASN.1 Write enum 0x12345678 +mbedtls_asn1_write_enum:0x12345678:"0A0412345678" + +ASN.1 Write enum 2147483647 +mbedtls_asn1_write_enum:0x7fffffff:"0A047fffffff" + #ASN.1 Write mpi 0 #mbedtls_asn1_write_mpi:"00":"020100" diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function index b69f6b5c3a..21465c756f 100644 --- a/tests/suites/test_suite_asn1write.function +++ b/tests/suites/test_suite_asn1write.function @@ -117,6 +117,27 @@ exit: } /* END_CASE */ + +/* BEGIN_CASE */ +void mbedtls_asn1_write_enum( int val, data_t *expected ) +{ + generic_write_data_t data = { NULL, NULL, NULL, NULL, 0 }; + int ret; + + for( data.size = 0; data.size < expected->len + 1; data.size++ ) + { + if( ! generic_write_start_step( &data ) ) + goto exit; + ret = mbedtls_asn1_write_enum( &data.p, data.start, val ); + if( ! generic_write_finish_step( &data, expected, ret ) ) + goto exit; + } + +exit: + mbedtls_free( data.output ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_BIGNUM_C */ void mbedtls_asn1_write_mpi( data_t *val, data_t *expected ) { From d296e82e2d654e0981477b51cbc6c085251667a9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 12 Nov 2019 18:00:51 +0100 Subject: [PATCH 11/65] Mbed Crypto implements mbedtls_xxx as well as PSA Link to the Mbed TLS documentation. --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 9d34c556a9..9f4467591f 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,9 @@ Mbed Crypto is a reference implementation of the PSA cryptography API. It is wri ## Documentation -The Mbed Crypto library is a reference implementation of the PSA cryptography API. Please refer to the PSA Cryptography API documents for an overview of the library's interfaces and a detailed description of the types, macros and functions that it provides. +The Mbed Crypto library implements both the legacy Mbed TLS interfaces to cryptographic primitives (`mbedtls_xxx`) and the new PSA Cryptography interfaces (`psa_xxx`). + +Documentation for the Mbed TLS interfaces in the default library configuration is available as part of the [Mbed TLS documentation](https://tls.mbed.org/api/). There are currently a few deviations where the library does not yet implement the latest version of the specification. Please refer to the [compliance issues on Github](https://github.com/ARMmbed/mbed-crypto/labels/compliance) for an up-to-date list. From 7dd0b45b7f2e110b6cfbc4eb9a4fa7e962cbe407 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 12 Nov 2019 18:01:51 +0100 Subject: [PATCH 12/65] Note that local documentation will be tailored to a specific config --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9f4467591f..af047ab7dd 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ You can read the [complete PSA cryptography API specification as a PDF document] ### Browsable library documentation -To generate a local copy of the library documentation in HTML format: +To generate a local copy of the library documentation in HTML format, tailored to your compile-time configuration: 1. Make sure that [Doxygen](http://www.doxygen.nl/) is installed. We use version 1.8.11 but slightly older or more recent versions should work. 1. Run `make apidoc`. From 24354a74a23c47609a5c46a816ccd0f8729c5585 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 12 Nov 2019 18:02:05 +0100 Subject: [PATCH 13/65] Link to PSA documentation websites Link to the official PSA documentation page. Link to the PSA Crypto portal page. --- README.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index af047ab7dd..a954a168e3 100644 --- a/README.md +++ b/README.md @@ -6,9 +6,9 @@ Mbed Crypto is distributed under the Apache License, version 2.0. See the [LICEN ## PSA cryptography API -Arm's Platform Security Architecture (PSA) is a holistic set of threat models, security analyses, hardware and firmware architecture specifications, and an open source firmware reference implementation. PSA provides a recipe, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level. +Arm's [Platform Security Architecture (PSA)](https://developer.arm.com/architectures/security-architectures/platform-security-architecture) is a holistic set of threat models, security analyses, hardware and firmware architecture specifications, and an open source firmware reference implementation. PSA provides a recipe, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level. -The PSA cryptography API provides access to a set of cryptographic primitives. It has a dual purpose. First, it can be used in a PSA-compliant platform to build services, such as secure boot, secure storage and secure communication. Second, it can also be used independently of other PSA components on any platform. +The [PSA cryptography API](https://armmbed.github.io/mbed-crypto/psa/#application-programming-interface) provides access to a set of cryptographic primitives. It has a dual purpose. First, it can be used in a PSA-compliant platform to build services, such as secure boot, secure storage and secure communication. Second, it can also be used independently of other PSA components on any platform. The design goals of the PSA cryptography API include: @@ -28,12 +28,10 @@ The Mbed Crypto library implements both the legacy Mbed TLS interfaces to crypto Documentation for the Mbed TLS interfaces in the default library configuration is available as part of the [Mbed TLS documentation](https://tls.mbed.org/api/). +For the PSA interfaces, please refer to the PSA Cryptography API documents linked from the [PSA cryptography interfaces documentation portal](https://armmbed.github.io/mbed-crypto/psa/#application-programming-interface) for an overview of the library's interfaces and a detailed description of the types, macros and functions that it provides. The API reference is available in [PDF](https://armmbed.github.io/mbed-crypto/PSA_Cryptography_API_Specification.pdf) and [HTML](https://armmbed.github.io/mbed-crypto/html/index.html) formats. + There are currently a few deviations where the library does not yet implement the latest version of the specification. Please refer to the [compliance issues on Github](https://github.com/ARMmbed/mbed-crypto/labels/compliance) for an up-to-date list. -### PSA Cryptography API - -You can read the [complete PSA cryptography API specification as a PDF document](https://github.com/ARMmbed/mbed-crypto/raw/psa-crypto-api/docs/PSA_Cryptography_API_Specification.pdf). The API reference is also available in [HTML format](https://armmbed.github.io/mbed-crypto/html/index.html). - ### Browsable library documentation To generate a local copy of the library documentation in HTML format, tailored to your compile-time configuration: From 02e79a4e4388e26a724173b5ee7b7d098e4aabad Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Oct 2019 17:06:06 +0200 Subject: [PATCH 14/65] MBEDTLS_CTR_DRBG_USE_128_BIT_KEY: add selftest data In the CTR_DRBG module, add selftest data for when MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled. I generated the test data by running our own code. This is ok because we have other tests that ensure that the algorithm is implemented correctly. This makes programs/self/selftest pass when MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled. --- library/ctr_drbg.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 047bb2a3e1..b6fcc0203f 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -712,6 +712,15 @@ static const unsigned char nonce_pers_nopr[16] = { 0x1b, 0x54, 0xb8, 0xff, 0x06, 0x42, 0xbf, 0xf5, 0x21, 0xf1, 0x5c, 0x1c, 0x0b, 0x66, 0x5f, 0x3f }; +#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) +static const unsigned char result_pr[16] = + { 0x95, 0x3c, 0xa5, 0xbd, 0x44, 0x1, 0x34, 0xb7, + 0x13, 0x58, 0x3e, 0x6a, 0x6c, 0x7e, 0x88, 0x8a }; + +static const unsigned char result_nopr[16] = + { 0x6c, 0x25, 0x27, 0x95, 0xa3, 0x62, 0xd6, 0xdb, + 0x90, 0xfd, 0x69, 0xb5, 0x42, 0x9, 0x4b, 0x84 }; +#else /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */ static const unsigned char result_pr[16] = { 0x34, 0x01, 0x16, 0x56, 0xb4, 0x29, 0x00, 0x8f, 0x35, 0x63, 0xec, 0xb5, 0xf2, 0x59, 0x07, 0x23 }; @@ -719,6 +728,7 @@ static const unsigned char result_pr[16] = static const unsigned char result_nopr[16] = { 0xa0, 0x54, 0x30, 0x3d, 0x8a, 0x7e, 0xa9, 0x88, 0x9d, 0x90, 0x3e, 0x07, 0x7c, 0x6f, 0x21, 0x8f }; +#endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */ static size_t test_offset; static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf, From bbf67b98bb2b8c0245cc6225772498c9fe6471f5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Oct 2019 17:07:30 +0200 Subject: [PATCH 15/65] Remove selftest dependency in the test suite The test suites should always run self-tests for all enabled features. Otherwise we miss failing self-tests in CI runs, because we don't always run the selftest program independently. There was one spurious dependency to remove: MBEDTLS_CTR_DRBG_USE_128_BIT_KEY for ctr_drbg, which was broken but has now been fixed. --- tests/suites/test_suite_ctr_drbg.data | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data index b50df2ba33..09195f04bd 100644 --- a/tests/suites/test_suite_ctr_drbg.data +++ b/tests/suites/test_suite_ctr_drbg.data @@ -1097,6 +1097,4 @@ CTR_DRBG Special Behaviours ctr_drbg_special_behaviours: CTR_DRBG self test -depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ctr_drbg_selftest: - From 80a607171ad14ff02e9340074f259c3fa951cd8b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Oct 2019 17:11:03 +0200 Subject: [PATCH 16/65] config.pl full: exclude MBEDTLS_ENTROPY_FORCE_SHA256 This is a variant toggle, not an extra feature, so it should be tested separately. We test most of the effect of MBEDTLS_ENTROPY_FORCE_SHA256 (namely, using SHA-256 in the entropy module) when we test the library with the SHA512 module disabled (which we do at least via depends-hashes.pl). This commit removes testing of the MBEDTLS_ENTROPY_FORCE_SHA256 option itself, which should be added separately. --- scripts/config.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/config.py b/scripts/config.py index db2661c92b..cb0e1c5fe8 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -168,6 +168,7 @@ def include_in_full(name): 'MBEDTLS_DEPRECATED_REMOVED', 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', 'MBEDTLS_ECP_RESTARTABLE', + 'MBEDTLS_ENTROPY_FORCE_SHA256', # Variant toggle, tested separately 'MBEDTLS_HAVE_SSE2', 'MBEDTLS_MEMORY_BACKTRACE', 'MBEDTLS_MEMORY_BUFFER_ALLOC_C', From 2ef377d56de6da8ccfe249a88c05d19677a8fbcc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Oct 2019 18:44:21 +0200 Subject: [PATCH 17/65] all.sh: support variable seedfile size The size of the seedfile used by the entropy module when MBEDTLS_ENTROPY_NV_SEED is enabled is 32 byte when MBEDTLS_ENTROPY_FORCE_SHA256 is enabled or MBEDTLS_SHA512_C is disabled, and 64 bytes otherwise. A larger seedfile is ok on entry (the code just grabs the first N bytes), but a smaller seedfile is not ok. Therefore, if you run a component with a 32-byte seedfile and then a component with a 64-byte seedfile, the second component fails in the unit tests (up to test_suite_entropy which erases the seedfile and creates a fresh one). This is ok up to now because we only enable MBEDTLS_ENTROPY_NV_SEED together with MBEDTLS_ENTROPY_FORCE_SHA256. But it prevents enabling MBEDTLS_ENTROPY_NV_SEED without MBEDTLS_ENTROPY_FORCE_SHA256. To fix this, unconditionally create a seedfile before each component. --- tests/scripts/all.sh | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2567cc0dd3..3b2aef3247 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -403,12 +403,6 @@ pre_check_git () { fi } -pre_check_seedfile () { - if [ ! -f "./tests/seedfile" ]; then - dd if=/dev/urandom of=./tests/seedfile bs=32 count=1 - fi -} - pre_setup_keep_going () { failure_summary= failure_count=0 @@ -1272,7 +1266,16 @@ run_component () { cp -p "$CONFIG_H" "$CONFIG_BAK" current_component="$1" export MBEDTLS_TEST_CONFIGURATION="$current_component" + + # Unconditionally create a seedfile that's sufficiently long. + # Do this before each component, because a previous component may + # have messed it up or shortened it. + dd if=/dev/urandom of=./tests/seedfile bs=64 count=1 + + # Run the component code. "$@" + + # Restore the build tree to a clean state. cleanup } @@ -1282,7 +1285,6 @@ pre_initialize_variables pre_parse_command_line "$@" pre_check_git -pre_check_seedfile build_status=0 if [ $KEEP_GOING -eq 1 ]; then From 592f591c0df15ee1fe966f0c7bc2c3dd048912fe Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Oct 2019 18:49:32 +0200 Subject: [PATCH 18/65] all.sh: test CTR_DRBG_USE_128_BIT_KEY and ENTROPY_FORCE_SHA256 Test MBEDTLS_CTR_DRBG_USE_128_BIT_KEY and MBEDTLS_ENTROPY_FORCE_SHA256 together and separately. --- tests/scripts/all.sh | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 3b2aef3247..02ca38173f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -920,6 +920,43 @@ component_test_aes_fewer_tables_and_rom_tables () { make test } +component_test_ctr_drbg_aes_256_sha_256 () { + msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + scripts/config.pl set MBEDTLS_ENTROPY_FORCE_SHA256 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" + make test +} + +component_test_ctr_drbg_aes_128_sha_512 () { + msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + scripts/config.pl set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" + make test +} + +component_test_ctr_drbg_aes_128_sha_256 () { + msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + scripts/config.pl set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + scripts/config.pl set MBEDTLS_ENTROPY_FORCE_SHA256 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" + make test +} + component_test_se_default () { msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C" scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C From 5a994c15f4a3699abe55507f327c762f177fa3cf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Nov 2019 16:46:51 +0100 Subject: [PATCH 19/65] More readable code around expression generation FOO(BAR) is an expression, not a name. Pack expression generation into a method. No behavior change. --- tests/scripts/test_psa_constant_names.py | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 724f8d94b0..4a32851e41 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -145,6 +145,9 @@ class Inputs: except BaseException as e: raise Exception('distribute_arguments({})'.format(name)) from e + def generate_expressions(self, names): + return itertools.chain(*map(self.distribute_arguments, names)) + _argument_split_re = re.compile(r' *, *') @classmethod def _argument_split(cls, arguments): @@ -252,8 +255,8 @@ def remove_file_if_exists(filename): except OSError: pass -def run_c(options, type_word, names): - """Generate and run a program to print out numerical values for names.""" +def run_c(options, type_word, expressions): + """Generate and run a program to print out numerical values for expressions.""" if type_word == 'status': cast_to = 'long' printf_format = '%ld' @@ -278,9 +281,9 @@ def run_c(options, type_word, names): int main(void) { ''') - for name in names: + for expr in expressions: c_file.write(' printf("{}\\n", ({}) {});\n' - .format(printf_format, cast_to, name)) + .format(printf_format, cast_to, expr)) c_file.write(''' return 0; } ''') @@ -313,14 +316,14 @@ def do_test(options, inputs, type_word, names): Use inputs to figure out what arguments to pass to macros that take arguments. """ - names = sorted(itertools.chain(*map(inputs.distribute_arguments, names))) - values = run_c(options, type_word, names) + expressions = sorted(inputs.generate_expressions(names)) + values = run_c(options, type_word, expressions) output = subprocess.check_output([options.program, type_word] + values) outputs = output.decode('ascii').strip().split('\n') - errors = [(type_word, name, value, output) - for (name, value, output) in zip(names, values, outputs) - if normalize(name) != normalize(output)] - return len(names), errors + errors = [(type_word, expr, value, output) + for (expr, value, output) in zip(expressions, values, outputs) + if normalize(expr) != normalize(output)] + return len(expressions), errors def report_errors(errors): """Describe each case where the output is not as expected.""" From 5a6dc895f227182ab97009967e5e1678f9750555 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Nov 2019 16:48:07 +0100 Subject: [PATCH 20/65] Simplify expression normalization No need to split lines, or remove whitespace after removing whitespace. No behavior change. --- tests/scripts/test_psa_constant_names.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 4a32851e41..73b67ca01d 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -307,8 +307,7 @@ def normalize(expr): """Normalize the C expression so as not to care about trivial differences. Currently "trivial differences" means whitespace. """ - expr = re.sub(NORMALIZE_STRIP_RE, '', expr, len(expr)) - return expr.strip().split('\n') + return re.sub(NORMALIZE_STRIP_RE, '', expr) def do_test(options, inputs, type_word, names): """Test psa_constant_names for the specified type. From 8f5a5018e89aa15b770bea316aa7c5e527c8996f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Nov 2019 16:49:10 +0100 Subject: [PATCH 21/65] Describe options in alphabetical order No behavior change. --- tests/scripts/test_psa_constant_names.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 73b67ca01d..785d1a4beb 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -354,15 +354,15 @@ def main(): parser.add_argument('--include', '-I', action='append', default=['include'], help='Directory for header files') - parser.add_argument('--program', - default='programs/psa/psa_constant_names', - help='Program to test') parser.add_argument('--keep-c', action='store_true', dest='keep_c', default=False, help='Keep the intermediate C file') parser.add_argument('--no-keep-c', action='store_false', dest='keep_c', help='Don\'t keep the intermediate C file (default)') + parser.add_argument('--program', + default='programs/psa/psa_constant_names', + help='Program to test') options = parser.parse_args() headers = [os.path.join(options.include[0], 'psa', h) for h in ['crypto.h', 'crypto_extra.h', 'crypto_values.h']] From 69f93b5040c593f800bb0d5c80e3fa4bd2e60c2b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Nov 2019 16:49:50 +0100 Subject: [PATCH 22/65] Move the names of input files to global variables No behavior change. --- tests/scripts/test_psa_constant_names.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 785d1a4beb..6ae393643a 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -349,6 +349,9 @@ def run_tests(options, inputs): errors += e return count, errors +HEADERS = ['psa/crypto.h', 'psa/crypto_extra.h', 'psa/crypto_values.h'] +TEST_SUITES = ['tests/suites/test_suite_psa_crypto_metadata.data'] + def main(): parser = argparse.ArgumentParser(description=globals()['__doc__']) parser.add_argument('--include', '-I', @@ -364,10 +367,8 @@ def main(): default='programs/psa/psa_constant_names', help='Program to test') options = parser.parse_args() - headers = [os.path.join(options.include[0], 'psa', h) - for h in ['crypto.h', 'crypto_extra.h', 'crypto_values.h']] - test_suites = ['tests/suites/test_suite_psa_crypto_metadata.data'] - inputs = gather_inputs(headers, test_suites) + headers = [os.path.join(options.include[0], h) for h in HEADERS] + inputs = gather_inputs(headers, TEST_SUITES) count, errors = run_tests(options, inputs) report_errors(errors) if errors == []: From 4408dfd0fc0e05c9b860957f92d6b13d27e6d9f2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Nov 2019 17:16:21 +0100 Subject: [PATCH 23/65] Minor docstring improvements No behavior change. --- tests/scripts/test_psa_constant_names.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 6ae393643a..a40a82959f 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -61,6 +61,7 @@ class read_file_lines: class Inputs: """Accumulate information about macros to test. + This includes macro names as well as information about their arguments when applicable. """ @@ -101,6 +102,7 @@ class Inputs: def gather_arguments(self): """Populate the list of values for macro arguments. + Call this after parsing all the inputs. """ self.arguments_for['hash_alg'] = sorted(self.hash_algorithms) @@ -118,6 +120,7 @@ class Inputs: def distribute_arguments(self, name): """Generate macro calls with each tested argument set. + If name is a macro without arguments, just yield "name". If name is a macro with arguments, yield a series of "name(arg1,...,argN)" where each argument takes each possible @@ -305,15 +308,21 @@ int main(void) NORMALIZE_STRIP_RE = re.compile(r'\s+') def normalize(expr): """Normalize the C expression so as not to care about trivial differences. + Currently "trivial differences" means whitespace. """ return re.sub(NORMALIZE_STRIP_RE, '', expr) def do_test(options, inputs, type_word, names): """Test psa_constant_names for the specified type. + Run program on names. Use inputs to figure out what arguments to pass to macros that take arguments. + + Return ``(count, errors)`` where ``count`` is the number of expressions + that have been tested and ``errors`` is the list of errors that were + encountered. """ expressions = sorted(inputs.generate_expressions(names)) values = run_c(options, type_word, expressions) @@ -332,6 +341,7 @@ def report_errors(errors): def run_tests(options, inputs): """Run psa_constant_names on all the gathered inputs. + Return a tuple (count, errors) where count is the total number of inputs that were tested and errors is the list of cases where the output was not as expected. From ffe2d6e71b9125d6a45d6d682699caf36efee8a3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Nov 2019 17:17:01 +0100 Subject: [PATCH 24/65] Move the type_word->name_set mapping into its own method No behavior change. --- tests/scripts/test_psa_constant_names.py | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index a40a82959f..a43a3e888f 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -100,6 +100,17 @@ class Inputs: 'tag_length': ['1', '63'], } + def get_names(self, type_word): + """Return the set of known names of values of the given type.""" + return { + 'status': self.statuses, + 'algorithm': self.algorithms, + 'ecc_curve': self.ecc_curves, + 'dh_group': self.dh_groups, + 'key_type': self.key_types, + 'key_usage': self.key_usage_flags, + }[type_word] + def gather_arguments(self): """Populate the list of values for macro arguments. @@ -313,7 +324,7 @@ def normalize(expr): """ return re.sub(NORMALIZE_STRIP_RE, '', expr) -def do_test(options, inputs, type_word, names): +def do_test(options, inputs, type_word): """Test psa_constant_names for the specified type. Run program on names. @@ -324,6 +335,7 @@ def do_test(options, inputs, type_word, names): that have been tested and ``errors`` is the list of errors that were encountered. """ + names = inputs.get_names(type_word) expressions = sorted(inputs.generate_expressions(names)) values = run_c(options, type_word, expressions) output = subprocess.check_output([options.program, type_word] + values) @@ -348,13 +360,9 @@ def run_tests(options, inputs): """ count = 0 errors = [] - for type_word, names in [('status', inputs.statuses), - ('algorithm', inputs.algorithms), - ('ecc_curve', inputs.ecc_curves), - ('dh_group', inputs.dh_groups), - ('key_type', inputs.key_types), - ('key_usage', inputs.key_usage_flags)]: - c, e = do_test(options, inputs, type_word, names) + for type_word in ['status', 'algorithm', 'ecc_curve', 'dh_group', + 'key_type', 'key_usage']: + c, e = do_test(options, inputs, type_word) count += c errors += e return count, errors From c231711dbc8ed339d37698afe66fce46931cdc18 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Nov 2019 17:17:39 +0100 Subject: [PATCH 25/65] Move value collection into its own function No behavior change. --- tests/scripts/test_psa_constant_names.py | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index a43a3e888f..53af0a5240 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -324,6 +324,17 @@ def normalize(expr): """ return re.sub(NORMALIZE_STRIP_RE, '', expr) +def collect_values(options, inputs, type_word): + """Generate expressions using known macro names and calculate their values. + + Return a list of pairs of (expr, value) where expr is an expression and + value is a string representation of its integer value. + """ + names = inputs.get_names(type_word) + expressions = sorted(inputs.generate_expressions(names)) + values = run_c(options, type_word, expressions) + return expressions, values + def do_test(options, inputs, type_word): """Test psa_constant_names for the specified type. @@ -335,9 +346,7 @@ def do_test(options, inputs, type_word): that have been tested and ``errors`` is the list of errors that were encountered. """ - names = inputs.get_names(type_word) - expressions = sorted(inputs.generate_expressions(names)) - values = run_c(options, type_word, expressions) + expressions, values = collect_values(options, inputs, type_word) output = subprocess.check_output([options.program, type_word] + values) outputs = output.decode('ascii').strip().split('\n') errors = [(type_word, expr, value, output) From b86b6d32f98a21d85c061d14b1a05254b49c6f96 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Nov 2019 17:26:10 +0100 Subject: [PATCH 26/65] Path options that affect run_c as separate arguments No behavior change. --- tests/scripts/test_psa_constant_names.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 53af0a5240..e640408023 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -269,8 +269,10 @@ def remove_file_if_exists(filename): except OSError: pass -def run_c(options, type_word, expressions): +def run_c(type_word, expressions, include_path=None, keep_c=False): """Generate and run a program to print out numerical values for expressions.""" + if include_path is None: + include_path = [] if type_word == 'status': cast_to = 'long' printf_format = '%ld' @@ -304,9 +306,9 @@ int main(void) c_file.close() cc = os.getenv('CC', 'cc') subprocess.check_call([cc] + - ['-I' + dir for dir in options.include] + + ['-I' + dir for dir in include_path] + ['-o', exe_name, c_name]) - if options.keep_c: + if keep_c: sys.stderr.write('List of {} tests kept at {}\n' .format(type_word, c_name)) else: @@ -324,7 +326,7 @@ def normalize(expr): """ return re.sub(NORMALIZE_STRIP_RE, '', expr) -def collect_values(options, inputs, type_word): +def collect_values(inputs, type_word, include_path=None, keep_c=False): """Generate expressions using known macro names and calculate their values. Return a list of pairs of (expr, value) where expr is an expression and @@ -332,7 +334,8 @@ def collect_values(options, inputs, type_word): """ names = inputs.get_names(type_word) expressions = sorted(inputs.generate_expressions(names)) - values = run_c(options, type_word, expressions) + values = run_c(type_word, expressions, + include_path=include_path, keep_c=keep_c) return expressions, values def do_test(options, inputs, type_word): @@ -346,7 +349,9 @@ def do_test(options, inputs, type_word): that have been tested and ``errors`` is the list of errors that were encountered. """ - expressions, values = collect_values(options, inputs, type_word) + expressions, values = collect_values(inputs, type_word, + include_path=options.include, + keep_c=options.keep_c) output = subprocess.check_output([options.program, type_word] + values) outputs = output.decode('ascii').strip().split('\n') errors = [(type_word, expr, value, output) From 2460933a6f546c9b50f28fd597adc9c23c9b71a8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Nov 2019 17:44:21 +0100 Subject: [PATCH 27/65] Move test running and reporting functions into their own class This makes the structure of the code more apparent. No behavior change. --- tests/scripts/test_psa_constant_names.py | 88 ++++++++++++------------ 1 file changed, 45 insertions(+), 43 deletions(-) diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index e640408023..e261b4f566 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -338,48 +338,52 @@ def collect_values(inputs, type_word, include_path=None, keep_c=False): include_path=include_path, keep_c=keep_c) return expressions, values -def do_test(options, inputs, type_word): - """Test psa_constant_names for the specified type. +class Tests: + """An object representing tests and their results.""" - Run program on names. - Use inputs to figure out what arguments to pass to macros that - take arguments. + def __init__(self, options): + self.options = options + self.count = 0 + self.errors = [] - Return ``(count, errors)`` where ``count`` is the number of expressions - that have been tested and ``errors`` is the list of errors that were - encountered. - """ - expressions, values = collect_values(inputs, type_word, - include_path=options.include, - keep_c=options.keep_c) - output = subprocess.check_output([options.program, type_word] + values) - outputs = output.decode('ascii').strip().split('\n') - errors = [(type_word, expr, value, output) - for (expr, value, output) in zip(expressions, values, outputs) - if normalize(expr) != normalize(output)] - return len(expressions), errors + def run_one(self, inputs, type_word): + """Test psa_constant_names for the specified type. -def report_errors(errors): - """Describe each case where the output is not as expected.""" - for type_word, name, value, output in errors: - print('For {} "{}", got "{}" (value: {})' - .format(type_word, name, output, value)) + Run the program on the names for this type. + Use the inputs to figure out what arguments to pass to macros that + take arguments. + """ + expressions, values = collect_values(inputs, type_word, + include_path=self.options.include, + keep_c=self.options.keep_c) + output = subprocess.check_output([self.options.program, type_word] + + values) + outputs = output.decode('ascii').strip().split('\n') + self.count += len(expressions) + for expr, value, output in zip(expressions, values, outputs): + if normalize(expr) != normalize(output): + self.errors.append((type_word, expr, value, output)) -def run_tests(options, inputs): - """Run psa_constant_names on all the gathered inputs. + def run_all(self, inputs): + """Run psa_constant_names on all the gathered inputs.""" + for type_word in ['status', 'algorithm', 'ecc_curve', 'dh_group', + 'key_type', 'key_usage']: + self.run_one(inputs, type_word) - Return a tuple (count, errors) where count is the total number of inputs - that were tested and errors is the list of cases where the output was - not as expected. - """ - count = 0 - errors = [] - for type_word in ['status', 'algorithm', 'ecc_curve', 'dh_group', - 'key_type', 'key_usage']: - c, e = do_test(options, inputs, type_word) - count += c - errors += e - return count, errors + def report(self, out): + """Describe each case where the output is not as expected. + + Write the errors to ``out``. + Also write a total. + """ + for type_word, name, value, output in self.errors: + out.write('For {} "{}", got "{}" (value: {})\n' + .format(type_word, name, output, value)) + out.write('{} test cases'.format(self.count)) + if self.errors: + out.write(', {} FAIL\n'.format(len(self.errors))) + else: + out.write(' PASS\n') HEADERS = ['psa/crypto.h', 'psa/crypto_extra.h', 'psa/crypto_values.h'] TEST_SUITES = ['tests/suites/test_suite_psa_crypto_metadata.data'] @@ -401,12 +405,10 @@ def main(): options = parser.parse_args() headers = [os.path.join(options.include[0], h) for h in HEADERS] inputs = gather_inputs(headers, TEST_SUITES) - count, errors = run_tests(options, inputs) - report_errors(errors) - if errors == []: - print('{} test cases PASS'.format(count)) - else: - print('{} test cases, {} FAIL'.format(count, len(errors))) + tests = Tests(options) + tests.run_all(inputs) + tests.report(sys.stdout) + if tests.errors: exit(1) if __name__ == '__main__': From a5000f1dc65f5cc530c0438284dc6d7df82f59e1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Nov 2019 17:51:11 +0100 Subject: [PATCH 28/65] Make a class for error data No behavior change. --- tests/scripts/test_psa_constant_names.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index e261b4f566..5780f25b18 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -8,6 +8,7 @@ or 1 (with a Python backtrace) if there was an operational error. """ import argparse +from collections import namedtuple import itertools import os import platform @@ -341,6 +342,9 @@ def collect_values(inputs, type_word, include_path=None, keep_c=False): class Tests: """An object representing tests and their results.""" + Error = namedtuple('Error', + ['type', 'expression', 'value', 'output']) + def __init__(self, options): self.options = options self.count = 0 @@ -362,7 +366,10 @@ class Tests: self.count += len(expressions) for expr, value, output in zip(expressions, values, outputs): if normalize(expr) != normalize(output): - self.errors.append((type_word, expr, value, output)) + self.errors.append(self.Error(type=type_word, + expression=expr, + value=value, + output=output)) def run_all(self, inputs): """Run psa_constant_names on all the gathered inputs.""" @@ -376,9 +383,10 @@ class Tests: Write the errors to ``out``. Also write a total. """ - for type_word, name, value, output in self.errors: + for error in self.errors: out.write('For {} "{}", got "{}" (value: {})\n' - .format(type_word, name, output, value)) + .format(error.type, error.expression, + error.output, error.value)) out.write('{} test cases'.format(self.count)) if self.errors: out.write(', {} FAIL\n'.format(len(self.errors))) From 84a45817a45004002e7b644dc02345c0c971b39c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Nov 2019 19:50:33 +0100 Subject: [PATCH 29/65] Allow gather_inputs to work with a derived Inputs class No behavior change. --- tests/scripts/test_psa_constant_names.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 5780f25b18..ee909cf81e 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -251,9 +251,9 @@ class Inputs: if m: self.add_test_case_line(m.group(1), m.group(2)) -def gather_inputs(headers, test_suites): +def gather_inputs(headers, test_suites, inputs_class=Inputs): """Read the list of inputs to test psa_constant_names with.""" - inputs = Inputs() + inputs = inputs_class() for header in headers: inputs.parse_header(header) for test_cases in test_suites: From 8c8694c14de578034c06f3971749e2d3967786cf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Nov 2019 19:22:45 +0100 Subject: [PATCH 30/65] add_test_case_line: data-driven dispatch No behavior change. --- tests/scripts/test_psa_constant_names.py | 30 ++++++++++++++---------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index ee909cf81e..5b86b247da 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -61,6 +61,7 @@ class read_file_lines: from exc_value class Inputs: + # pylint: disable=too-many-instance-attributes """Accumulate information about macros to test. This includes macro names as well as information about their arguments @@ -93,6 +94,16 @@ class Inputs: 'KEY_TYPE': self.key_types, 'KEY_USAGE': self.key_usage_flags, } + # Test functions + self.table_by_test_function = { + 'key_type': self.key_types, + 'ecc_key_types': self.ecc_curves, + 'dh_key_types': self.dh_groups, + 'hash_algorithm': self.hash_algorithms, + 'mac_algorithm': self.mac_algorithms, + 'hmac_algorithm': self.mac_algorithms, + 'aead_algorithm': self.aead_algorithms, + } # macro name -> list of argument names self.argspecs = {} # argument name -> list of values @@ -220,24 +231,17 @@ class Inputs: def add_test_case_line(self, function, argument): """Parse a test case data line, looking for algorithm metadata tests.""" + sets = [] if function.endswith('_algorithm'): # As above, ECDH and FFDH algorithms are excluded for now. # Support for them will be added in the future. if 'ECDH' in argument or 'FFDH' in argument: return - self.algorithms.add(argument) - if function == 'hash_algorithm': - self.hash_algorithms.add(argument) - elif function in ['mac_algorithm', 'hmac_algorithm']: - self.mac_algorithms.add(argument) - elif function == 'aead_algorithm': - self.aead_algorithms.add(argument) - elif function == 'key_type': - self.key_types.add(argument) - elif function == 'ecc_key_types': - self.ecc_curves.add(argument) - elif function == 'dh_key_types': - self.dh_groups.add(argument) + sets.append(self.algorithms) + if function in self.table_by_test_function: + sets.append(self.table_by_test_function[function]) + for s in sets: + s.add(argument) # Regex matching a *.data line containing a test function call and # its arguments. The actual definition is partly positional, but this From 98a710c5b2a3e35f5dbe55d003aadffca655f08f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Nov 2019 18:58:36 +0100 Subject: [PATCH 31/65] Fix the collection of ECC curves and DH groups PSA_ECC_CURVE_xxx and PSA_DH_GROUP_xxx were not collected from headers, only from test suites. --- tests/scripts/test_psa_constant_names.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 5b86b247da..af536866c6 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -89,8 +89,8 @@ class Inputs: self.table_by_prefix = { 'ERROR': self.statuses, 'ALG': self.algorithms, - 'CURVE': self.ecc_curves, - 'GROUP': self.dh_groups, + 'ECC_CURVE': self.ecc_curves, + 'DH_GROUP': self.dh_groups, 'KEY_TYPE': self.key_types, 'KEY_USAGE': self.key_usage_flags, } @@ -183,7 +183,7 @@ class Inputs: # Groups: 1=macro name, 2=type, 3=argument list (optional). _header_line_re = \ re.compile(r'#define +' + - r'(PSA_((?:KEY_)?[A-Z]+)_\w+)' + + r'(PSA_((?:(?:DH|ECC|KEY)_)?[A-Z]+)_\w+)' + r'(?:\(([^\n()]*)\))?') # Regex of macro names to exclude. _excluded_name_re = re.compile(r'_(?:GET|IS|OF)_|_(?:BASE|FLAG|MASK)\Z') From 2bcfc714d2fcaa502186a307056fceea973a3ee7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Nov 2019 19:49:26 +0100 Subject: [PATCH 32/65] Error out if a test case uses an unknown macro name Insist that test cases must only use macro names that are declared in a header. This may catch errors such as not parsing the intended files. Make this check easily overridden in a derived class. --- tests/scripts/test_psa_constant_names.py | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index af536866c6..8f393a1ab5 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -69,6 +69,7 @@ class Inputs: """ def __init__(self): + self.all_declared = set() # Sets of names per type self.statuses = set(['PSA_SUCCESS']) self.algorithms = set(['0xffffffff']) @@ -213,6 +214,7 @@ class Inputs: if not m: return name = m.group(1) + self.all_declared.add(name) if re.search(self._excluded_name_re, name) or \ name in self._excluded_names: return @@ -229,6 +231,19 @@ class Inputs: for line in lines: self.parse_header_line(line) + _macro_identifier_re = r'[A-Z]\w+' + def generate_undeclared_names(self, expr): + for name in re.findall(self._macro_identifier_re, expr): + if name not in self.all_declared: + yield name + + def accept_test_case_line(self, function, argument): + #pylint: disable=unused-argument + undeclared = list(self.generate_undeclared_names(argument)) + if undeclared: + raise Exception('Undeclared names in test case', undeclared) + return True + def add_test_case_line(self, function, argument): """Parse a test case data line, looking for algorithm metadata tests.""" sets = [] @@ -240,8 +255,9 @@ class Inputs: sets.append(self.algorithms) if function in self.table_by_test_function: sets.append(self.table_by_test_function[function]) - for s in sets: - s.add(argument) + if self.accept_test_case_line(function, argument): + for s in sets: + s.add(argument) # Regex matching a *.data line containing a test function call and # its arguments. The actual definition is partly positional, but this From 79616687383c9ad8afe99d39d835ffd3d6145ea4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Nov 2019 20:08:10 +0100 Subject: [PATCH 33/65] Support key agreement Key agreement algorithms were excluded back when they were constructed with a macro conveying the key agreement itself taking the KDF as an argument, because that was hard to support. Now the encoding has changed and key agreement algorithms are constructed with PSA_ALG_KEY_AGREEMENT taking two arguments, one that identifies the raw key agreement and one that identifies the KDF. This is easy to process, so add support. --- tests/scripts/test_psa_constant_names.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 8f393a1ab5..6e7bf48b13 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -104,6 +104,8 @@ class Inputs: 'mac_algorithm': self.mac_algorithms, 'hmac_algorithm': self.mac_algorithms, 'aead_algorithm': self.aead_algorithms, + 'key_derivation_algorithm': self.kdf_algorithms, + 'key_agreement_algorithm': self.ka_algorithms, } # macro name -> list of argument names self.argspecs = {} @@ -197,10 +199,6 @@ class Inputs: # Auxiliary macro whose name doesn't fit the usual patterns for # auxiliary macros. 'PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE', - # PSA_ALG_ECDH and PSA_ALG_FFDH are excluded for now as the script - # currently doesn't support them. - 'PSA_ALG_ECDH', - 'PSA_ALG_FFDH', # Deprecated aliases. 'PSA_ERROR_UNKNOWN_ERROR', 'PSA_ERROR_OCCUPIED_SLOT', @@ -248,11 +246,13 @@ class Inputs: """Parse a test case data line, looking for algorithm metadata tests.""" sets = [] if function.endswith('_algorithm'): - # As above, ECDH and FFDH algorithms are excluded for now. - # Support for them will be added in the future. - if 'ECDH' in argument or 'FFDH' in argument: - return sets.append(self.algorithms) + if function == 'key_agreement_algorithm' and \ + argument.startswith('PSA_ALG_KEY_AGREEMENT('): + # We only want *raw* key agreement algorithms as such, so + # exclude ones that are already chained with a KDF. + # Keep the expression as one to test as an algorithm. + function = 'other_algorithm' if function in self.table_by_test_function: sets.append(self.table_by_test_function[function]) if self.accept_test_case_line(function, argument): From d2cea9f57c2da5ea4582bc423334dbbb5bcd6d69 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Nov 2019 20:10:13 +0100 Subject: [PATCH 34/65] Add some more KDF test cases --- .../test_suite_psa_crypto_metadata.data | 28 +++++++++++++++++++ .../test_suite_psa_crypto_metadata.function | 2 ++ 2 files changed, 30 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index e989895d28..9cdee03530 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -262,6 +262,26 @@ Key derivation: HKDF using SHA-256 depends_on:MBEDTLS_SHA256_C key_derivation_algorithm:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):ALG_IS_HKDF +Key derivation: HKDF using SHA-384 +depends_on:MBEDTLS_SHA512_C +key_derivation_algorithm:PSA_ALG_HKDF( PSA_ALG_SHA_384 ):ALG_IS_HKDF + +Key derivation: TLS 1.2 PRF using SHA-256 +depends_on:MBEDTLS_SHA256_C +key_derivation_algorithm:PSA_ALG_TLS12_PRF( PSA_ALG_SHA_256 ):ALG_IS_TLS12_PRF + +Key derivation: TLS 1.2 PRF using SHA-384 +depends_on:MBEDTLS_SHA512_C +key_derivation_algorithm:PSA_ALG_TLS12_PRF( PSA_ALG_SHA_384 ):ALG_IS_TLS12_PRF + +Key derivation: TLS 1.2 PSK-to-MS using SHA-256 +depends_on:MBEDTLS_SHA256_C +key_derivation_algorithm:PSA_ALG_TLS12_PSK_TO_MS( PSA_ALG_SHA_256 ):ALG_IS_TLS12_PSK_TO_MS + +Key derivation: TLS 1.2 PSK-to-MS using SHA-384 +depends_on:MBEDTLS_SHA512_C +key_derivation_algorithm:PSA_ALG_TLS12_PSK_TO_MS( PSA_ALG_SHA_384 ):ALG_IS_TLS12_PSK_TO_MS + Key agreement: FFDH, raw output depends_on:MBEDTLS_DHM_C key_agreement_algorithm:PSA_ALG_FFDH:ALG_IS_FFDH | ALG_IS_RAW_KEY_AGREEMENT:PSA_ALG_FFDH:PSA_ALG_CATEGORY_KEY_DERIVATION @@ -270,6 +290,10 @@ Key agreement: FFDH, HKDF using SHA-256 depends_on:MBEDTLS_DHM_C key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_FFDH, PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_FFDH:PSA_ALG_FFDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 ) +Key agreement: FFDH, HKDF using SHA-384 +depends_on:MBEDTLS_DHM_C +key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_FFDH, PSA_ALG_HKDF( PSA_ALG_SHA_384 ) ):ALG_IS_FFDH:PSA_ALG_FFDH:PSA_ALG_HKDF( PSA_ALG_SHA_384 ) + Key agreement: ECDH, raw output depends_on:MBEDTLS_ECDH_C key_agreement_algorithm:PSA_ALG_ECDH:ALG_IS_ECDH | ALG_IS_RAW_KEY_AGREEMENT:PSA_ALG_ECDH:PSA_ALG_CATEGORY_KEY_DERIVATION @@ -278,6 +302,10 @@ Key agreement: ECDH, HKDF using SHA-256 depends_on:MBEDTLS_ECDH_C key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_ECDH:PSA_ALG_ECDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 ) +Key agreement: ECDH, HKDF using SHA-384 +depends_on:MBEDTLS_ECDH_C +key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_384 ) ):ALG_IS_ECDH:PSA_ALG_ECDH:PSA_ALG_HKDF( PSA_ALG_SHA_384 ) + Key type: raw data key_type:PSA_KEY_TYPE_RAW_DATA:KEY_TYPE_IS_UNSTRUCTURED diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index a9f1b3938a..3a9347e2fd 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -37,6 +37,8 @@ #define ALG_IS_WILDCARD ( 1u << 19 ) #define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 20 ) #define ALG_IS_AEAD_ON_BLOCK_CIPHER ( 1u << 21 ) +#define ALG_IS_TLS12_PRF ( 1u << 22 ) +#define ALG_IS_TLS12_PSK_TO_MS ( 1u << 23 ) /* Flags for key type classification macros. There is a flag for every * key type classification macro PSA_KEY_TYPE_IS_xxx except for some that From 8fa1348276fc07a322de309aa79f85b8d5709493 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 25 Nov 2019 17:10:12 +0100 Subject: [PATCH 35/65] Enumerate metadata test functions explicitly When gathering test cases from test_suite_psa_crypto_metadata, look up the test function explicitly. This way test_psa_constant_names will error out if we add a new test function that needs coverage here. This change highlights an omission in the previous version: asymmetric_signature_wildcard was silently ignored as a source of algorithm expressions to test. Fix that. --- tests/scripts/test_psa_constant_names.py | 28 ++++++++++++++---------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 6e7bf48b13..89319870d6 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -97,15 +97,22 @@ class Inputs: } # Test functions self.table_by_test_function = { - 'key_type': self.key_types, - 'ecc_key_types': self.ecc_curves, - 'dh_key_types': self.dh_groups, - 'hash_algorithm': self.hash_algorithms, - 'mac_algorithm': self.mac_algorithms, - 'hmac_algorithm': self.mac_algorithms, - 'aead_algorithm': self.aead_algorithms, - 'key_derivation_algorithm': self.kdf_algorithms, - 'key_agreement_algorithm': self.ka_algorithms, + # Any function ending in _algorithm also gets added to + # self.algorithms. + 'key_type': [self.key_types], + 'ecc_key_types': [self.ecc_curves], + 'dh_key_types': [self.dh_groups], + 'hash_algorithm': [self.hash_algorithms], + 'mac_algorithm': [self.mac_algorithms], + 'cipher_algorithm': [], + 'hmac_algorithm': [self.mac_algorithms], + 'aead_algorithm': [self.aead_algorithms], + 'key_derivation_algorithm': [self.kdf_algorithms], + 'key_agreement_algorithm': [self.ka_algorithms], + 'asymmetric_signature_algorithm': [], + 'asymmetric_signature_wildcard': [self.algorithms], + 'asymmetric_encryption_algorithm': [], + 'other_algorithm': [], } # macro name -> list of argument names self.argspecs = {} @@ -253,8 +260,7 @@ class Inputs: # exclude ones that are already chained with a KDF. # Keep the expression as one to test as an algorithm. function = 'other_algorithm' - if function in self.table_by_test_function: - sets.append(self.table_by_test_function[function]) + sets += self.table_by_test_function[function] if self.accept_test_case_line(function, argument): for s in sets: s.add(argument) From ae679390a20d8fbd0a32b7b70f4e569d89939c4a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 25 Nov 2019 18:26:23 +0100 Subject: [PATCH 36/65] Fix entropy_calls when MBEDTLS_ENTROPY_NV_SEED is enabled --- tests/suites/test_suite_entropy.function | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index d1d88c5fa5..1a4fefde3a 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -271,7 +271,8 @@ void entropy_threshold( int threshold, int chunk_size, int result ) { TEST_ASSERT( ret == 0 ); #if defined(MBEDTLS_ENTROPY_NV_SEED) - // Two times as much calls due to the NV seed update + /* If the NV seed functionality is enabled, there are two entropy + * updates: before and after updating the NV seed. */ result *= 2; #endif TEST_ASSERT( dummy.calls == (size_t) result ); @@ -317,6 +318,11 @@ void entropy_calls( int strength1, int strength2, if( result >= 0 ) { TEST_ASSERT( ret == 0 ); +#if defined(MBEDTLS_ENTROPY_NV_SEED) + /* If the NV seed functionality is enabled, there are two entropy + * updates: before and after updating the NV seed. */ + result *= 2; +#endif TEST_ASSERT( dummy1.calls == (size_t) result ); } else From cbd91e013c6cd39b05963ac51ef59a70d458c097 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 25 Nov 2019 19:50:54 +0100 Subject: [PATCH 37/65] Fix entropy_threshold when MBEDTLS_TEST_NULL_ENTROPY is enabled Don't use the default entropy sources so as not to depend on their characteristics. --- tests/suites/test_suite_entropy.function | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 1a4fefde3a..9f10a90432 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -251,18 +251,26 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:ENTROPY_HAVE_STRONG */ +/* BEGIN_CASE */ void entropy_threshold( int threshold, int chunk_size, int result ) { mbedtls_entropy_context ctx; - entropy_dummy_context dummy = {DUMMY_CONSTANT_LENGTH, chunk_size, 0}; + entropy_dummy_context strong = + {DUMMY_CONSTANT_LENGTH, MBEDTLS_ENTROPY_BLOCK_SIZE, 0}; + entropy_dummy_context weak = {DUMMY_CONSTANT_LENGTH, chunk_size, 0}; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 }; int ret; mbedtls_entropy_init( &ctx ); + entropy_clear_sources( &ctx ); + /* Set strong source that reaches its threshold immediately and + * a weak source whose threshold is a test parameter. */ TEST_ASSERT( mbedtls_entropy_add_source( &ctx, entropy_dummy_source, - &dummy, threshold, + &strong, 1, + MBEDTLS_ENTROPY_SOURCE_STRONG ) == 0 ); + TEST_ASSERT( mbedtls_entropy_add_source( &ctx, entropy_dummy_source, + &weak, threshold, MBEDTLS_ENTROPY_SOURCE_WEAK ) == 0 ); ret = mbedtls_entropy_func( &ctx, buf, sizeof( buf ) ); @@ -275,7 +283,7 @@ void entropy_threshold( int threshold, int chunk_size, int result ) * updates: before and after updating the NV seed. */ result *= 2; #endif - TEST_ASSERT( dummy.calls == (size_t) result ); + TEST_ASSERT( weak.calls == (size_t) result ); } else { From 7a894f214221a1792f584ff56b4e8f0064c08848 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 26 Nov 2019 16:06:46 +0100 Subject: [PATCH 38/65] Move backward compatibility aliases to their own header Move backward compatibility aliases to a separate header. Reserve crypto_extra.h for implementation-specific extensions that we intend to keep supporting. This is better documentation for users. New users should simply ignore backward compatibility aliases, and old users can look at crypto_compat.h to see what is deprecated without bothering about new features appearing in crypto_extra.h. This facilitates maintenance because scripts such as generate_psa_constants that want to ignore backward compability aliases can simply exclude crypto_compat.h from their parsing. --- include/psa/crypto_compat.h | 57 ++++++++++++++++++++++++ include/psa/crypto_extra.h | 17 +------ tests/scripts/test_psa_constant_names.py | 6 --- visualc/VS2010/mbedTLS.vcxproj | 1 + 4 files changed, 60 insertions(+), 21 deletions(-) create mode 100644 include/psa/crypto_compat.h diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h new file mode 100644 index 0000000000..c6443dff62 --- /dev/null +++ b/include/psa/crypto_compat.h @@ -0,0 +1,57 @@ +/** + * \file psa/crypto_compat.h + * + * \brief PSA cryptography module: Backward compatibility aliases + * + * \note This file may not be included directly. Applications must + * include psa/crypto.h. + */ +/* + * Copyright (C) 2019, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef PSA_CRYPTO_COMPAT_H +#define PSA_CRYPTO_COMPAT_H + +#include "mbedtls/platform_util.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Deprecated PSA Crypto error code definitions + */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#define PSA_ERROR_UNKNOWN_ERROR \ + MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_GENERIC_ERROR ) +#define PSA_ERROR_OCCUPIED_SLOT \ + MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_ALREADY_EXISTS ) +#define PSA_ERROR_EMPTY_SLOT \ + MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_DOES_NOT_EXIST ) +#define PSA_ERROR_INSUFFICIENT_CAPACITY \ + MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_INSUFFICIENT_DATA ) +#define PSA_ERROR_TAMPERING_DETECTED \ + MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_CORRUPTION_DETECTED ) +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* PSA_CRYPTO_COMPAT_H */ diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index c5313d619e..62b4c2ee4a 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -32,6 +32,8 @@ #include "mbedtls/platform_util.h" +#include "crypto_compat.h" + #ifdef __cplusplus extern "C" { #endif @@ -39,21 +41,6 @@ extern "C" { /* UID for secure storage seed */ #define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52 -/* - * Deprecated PSA Crypto error code definitions - */ -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -#define PSA_ERROR_UNKNOWN_ERROR \ - MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_GENERIC_ERROR ) -#define PSA_ERROR_OCCUPIED_SLOT \ - MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_ALREADY_EXISTS ) -#define PSA_ERROR_EMPTY_SLOT \ - MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_DOES_NOT_EXIST ) -#define PSA_ERROR_INSUFFICIENT_CAPACITY \ - MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_INSUFFICIENT_DATA ) -#define PSA_ERROR_TAMPERING_DETECTED \ - MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_CORRUPTION_DETECTED ) -#endif /** \addtogroup attributes * @{ diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 89319870d6..7553394f90 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -206,12 +206,6 @@ class Inputs: # Auxiliary macro whose name doesn't fit the usual patterns for # auxiliary macros. 'PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE', - # Deprecated aliases. - 'PSA_ERROR_UNKNOWN_ERROR', - 'PSA_ERROR_OCCUPIED_SLOT', - 'PSA_ERROR_EMPTY_SLOT', - 'PSA_ERROR_INSUFFICIENT_CAPACITY', - 'PSA_ERROR_TAMPERING_DETECTED', ]) def parse_header_line(self, line): """Parse a C header line, looking for "#define PSA_xxx".""" diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 7f71a5ab6a..0e40e35776 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -212,6 +212,7 @@ + From 7b0ab6d34a2ec8abf3cfc4bbf1f4f0b9c94bf62f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 26 Nov 2019 16:32:12 +0100 Subject: [PATCH 39/65] Simplify support for deprecated constants of various types Generalize MBEDTLS_DEPRECATED_NUMERIC_CONSTANT into macros that can accommodate types other than int. --- include/psa/crypto_compat.h | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index c6443dff62..7eb43cd0f2 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -28,27 +28,38 @@ #ifndef PSA_CRYPTO_COMPAT_H #define PSA_CRYPTO_COMPAT_H -#include "mbedtls/platform_util.h" - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_DEPRECATED_REMOVED) + +#if defined(MBEDTLS_DEPRECATED_WARNING) && !defined(MBEDTLS_PSA_DEPRECATED) +#define MBEDTLS_PSA_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_PSA_DEPRECATED +#endif + +typedef MBEDTLS_PSA_DEPRECATED psa_status_t mbedtls_deprecated_psa_status_t; + +#define MBEDTLS_DEPRECATED_CONSTANT( type, value ) \ + ( (mbedtls_deprecated_##type) ( value ) ) + /* * Deprecated PSA Crypto error code definitions */ -#if !defined(MBEDTLS_DEPRECATED_REMOVED) #define PSA_ERROR_UNKNOWN_ERROR \ - MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_GENERIC_ERROR ) + MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_GENERIC_ERROR ) #define PSA_ERROR_OCCUPIED_SLOT \ - MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_ALREADY_EXISTS ) + MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_ALREADY_EXISTS ) #define PSA_ERROR_EMPTY_SLOT \ - MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_DOES_NOT_EXIST ) + MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_DOES_NOT_EXIST ) #define PSA_ERROR_INSUFFICIENT_CAPACITY \ - MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_INSUFFICIENT_DATA ) + MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_INSUFFICIENT_DATA ) #define PSA_ERROR_TAMPERING_DETECTED \ - MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_CORRUPTION_DETECTED ) -#endif + MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_CORRUPTION_DETECTED ) + +#endif /* MBEDTLS_DEPRECATED_REMOVED */ #ifdef __cplusplus } From 89d8c5c44708ad9a5c496e8dad7e72b715f078ec Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 26 Nov 2019 17:01:59 +0100 Subject: [PATCH 40/65] Rename some signature-related identifiers Rename some macros and functions related to signature which are changing as part of the addition of psa_sign_message and psa_verify_message. perl -i -pe '%t = ( PSA_KEY_USAGE_SIGN => PSA_KEY_USAGE_SIGN_HASH, PSA_KEY_USAGE_VERIFY => PSA_KEY_USAGE_VERIFY_HASH, PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE => PSA_SIGNATURE_MAX_SIZE, PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE => PSA_SIGN_OUTPUT_SIZE, psa_asymmetric_sign => psa_sign_hash, psa_asymmetric_verify => psa_verify_hash, ); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files . ':!:**/crypto_compat.h') --- docs/getting_started.md | 18 +-- include/mbedtls/pk.h | 6 +- include/psa/crypto.h | 28 ++-- include/psa/crypto_sizes.h | 12 +- include/psa/crypto_values.h | 14 +- library/pk.c | 2 +- library/pk_wrap.c | 12 +- library/psa_crypto.c | 36 ++--- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_psa_crypto.data | 86 +++++------ tests/suites/test_suite_psa_crypto.function | 137 +++++++++--------- ...st_suite_psa_crypto_se_driver_hal.function | 81 +++++------ ...te_psa_crypto_se_driver_hal_mocks.function | 18 +-- ...test_suite_psa_crypto_slot_management.data | 12 +- 14 files changed, 230 insertions(+), 234 deletions(-) diff --git a/docs/getting_started.md b/docs/getting_started.md index 9938909f27..aff687bf3f 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -119,8 +119,8 @@ Mbed Crypto supports encrypting, decrypting, signing and verifying messages usin **Prerequisites to performing asymmetric signature operations:** * Initialize the library with a successful call to `psa_crypto_init()`. * Have a valid key with appropriate attributes set: - * Usage flag `PSA_KEY_USAGE_SIGN` to allow signing. - * Usage flag `PSA_KEY_USAGE_VERIFY` to allow signature verification. + * Usage flag `PSA_KEY_USAGE_SIGN_HASH` to allow signing. + * Usage flag `PSA_KEY_USAGE_VERIFY_HASH` to allow signature verification. * Algorithm set to the desired signature algorithm. This example shows how to sign a hash that has already been calculated: @@ -133,7 +133,7 @@ void sign_a_message_using_rsa(const uint8_t *key, size_t key_len) 0x60, 0x41, 0x8a, 0xaf, 0x0c, 0xc5, 0xab, 0x58, 0x7f, 0x42, 0xc2, 0x57, 0x0a, 0x88, 0x40, 0x95, 0xa9, 0xe8, 0xcc, 0xac, 0xd0, 0xf6, 0x54, 0x5c}; - uint8_t signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0}; + uint8_t signature[PSA_SIGNATURE_MAX_SIZE] = {0}; size_t signature_length; psa_key_handle_t handle; @@ -148,7 +148,7 @@ void sign_a_message_using_rsa(const uint8_t *key, size_t key_len) } /* Set key attributes */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_SIGN_RAW); psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); psa_set_key_bits(&attributes, 1024); @@ -161,10 +161,10 @@ void sign_a_message_using_rsa(const uint8_t *key, size_t key_len) } /* Sign message using the key */ - status = psa_asymmetric_sign(handle, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, - hash, sizeof(hash), - signature, sizeof(signature), - &signature_length); + status = psa_sign_hash(handle, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, + hash, sizeof(hash), + signature, sizeof(signature), + &signature_length); if (status != PSA_SUCCESS) { printf("Failed to sign\n"); return; @@ -861,7 +861,7 @@ Mbed Crypto provides a simple way to generate a key or key pair. } /* Generate a key */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)); psa_set_key_type(&attributes, diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 6343563348..99e7a55a1d 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -134,11 +134,11 @@ typedef struct mbedtls_pk_rsassa_pss_options #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) -#if PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE -/* PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE is the maximum size of a signature made +#if PSA_SIGNATURE_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE +/* PSA_SIGNATURE_MAX_SIZE is the maximum size of a signature made * through the PSA API in the PSA representation. */ #undef MBEDTLS_PK_SIGNATURE_MAX_SIZE -#define MBEDTLS_PK_SIGNATURE_MAX_SIZE PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE +#define MBEDTLS_PK_SIGNATURE_MAX_SIZE PSA_SIGNATURE_MAX_SIZE #endif #if PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 > MBEDTLS_PK_SIGNATURE_MAX_SIZE diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 7291c3e576..9c610838e1 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2879,7 +2879,7 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p signature buffer is too small. You can * determine a sufficient buffer size by calling - * #PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) + * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) * where \c key_type and \c key_bits are the type and bit-size * respectively of \p handle. * \retval #PSA_ERROR_NOT_SUPPORTED @@ -2895,13 +2895,13 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_asymmetric_sign(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length); +psa_status_t psa_sign_hash(psa_key_handle_t handle, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length); /** * \brief Verify the signature a hash or short message using a public key. @@ -2941,12 +2941,12 @@ psa_status_t psa_asymmetric_sign(psa_key_handle_t handle, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_asymmetric_verify(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, - size_t signature_length); +psa_status_t psa_verify_hash(psa_key_handle_t handle, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length); /** * \brief Encrypt a short message with a public key. diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 33322472a7..e7aef5580e 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -411,7 +411,7 @@ #define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \ (PSA_BITS_TO_BYTES(curve_bits) * 2) -/** Sufficient signature buffer size for psa_asymmetric_sign(). +/** Sufficient signature buffer size for psa_sign_hash(). * * This macro returns a sufficient buffer size for a signature using a key * of the specified type and size, with the specified algorithm. @@ -429,7 +429,7 @@ * * \return If the parameters are valid and supported, return * a buffer size in bytes that guarantees that - * psa_asymmetric_sign() will not fail with + * psa_sign_hash() will not fail with * #PSA_ERROR_BUFFER_TOO_SMALL. * If the parameters are a valid combination that is not supported * by the implementation, this macro shall return either a @@ -437,7 +437,7 @@ * If the parameters are not valid, the * return value is unspecified. */ -#define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \ +#define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \ (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \ PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \ ((void)alg, 0)) @@ -445,7 +445,7 @@ #define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \ PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) -/** \def PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE +/** \def PSA_SIGNATURE_MAX_SIZE * * Maximum size of an asymmetric signature. * @@ -453,7 +453,7 @@ * should be the maximum size of a signature supported by the implementation, * in bytes, and must be no smaller than this maximum. */ -#define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \ +#define PSA_SIGNATURE_MAX_SIZE \ (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \ PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) : \ PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE) @@ -682,7 +682,7 @@ * * \return If the parameters are valid and supported, return * a buffer size in bytes that guarantees that - * psa_asymmetric_sign() will not fail with + * psa_sign_hash() will not fail with * #PSA_ERROR_BUFFER_TOO_SMALL. * If the parameters are a valid combination that is not supported * by the implementation, this macro shall return either a diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 1e0c2136a0..a18def58b1 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -766,17 +766,17 @@ * Then you may create and use a key as follows: * - Set the key usage field using #PSA_ALG_ANY_HASH, for example: * ``` - * psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN); // or VERIFY + * psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); // or VERIFY * psa_set_key_algorithm(&attributes, PSA_xxx_SIGNATURE(PSA_ALG_ANY_HASH)); * ``` * - Import or generate key material. - * - Call psa_asymmetric_sign() or psa_asymmetric_verify(), passing + * - Call psa_sign_hash() or psa_verify_hash(), passing * an algorithm built from `PSA_xxx_SIGNATURE` and a specific hash. Each * call to sign or verify a message may use a different hash. * ``` - * psa_asymmetric_sign(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA_256), ...); - * psa_asymmetric_sign(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA_512), ...); - * psa_asymmetric_sign(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA3_256), ...); + * psa_sign_hash(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA_256), ...); + * psa_sign_hash(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA_512), ...); + * psa_sign_hash(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA3_256), ...); * ``` * * This value may not be used to build other algorithms that are @@ -1640,7 +1640,7 @@ * * For a key pair, this concerns the private key. */ -#define PSA_KEY_USAGE_SIGN ((psa_key_usage_t)0x00000400) +#define PSA_KEY_USAGE_SIGN_HASH ((psa_key_usage_t)0x00000400) /** Whether the key may be used to verify a message signature. * @@ -1650,7 +1650,7 @@ * * For a key pair, this concerns the public key. */ -#define PSA_KEY_USAGE_VERIFY ((psa_key_usage_t)0x00000800) +#define PSA_KEY_USAGE_VERIFY_HASH ((psa_key_usage_t)0x00000800) /** Whether the key may be used to derive other keys. */ diff --git a/library/pk.c b/library/pk.c index e93ccfdab9..da92e2a7fb 100644 --- a/library/pk.c +++ b/library/pk.c @@ -621,7 +621,7 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, /* prepare the key attributes */ psa_set_key_type( &attributes, key_type ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(hash_alg) ); /* import private key into PSA */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 702c3bbb41..6fc981c754 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -578,7 +578,7 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, psa_sig_md = PSA_ALG_ECDSA( psa_md ); psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ) ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); psa_set_key_algorithm( &attributes, psa_sig_md ); status = psa_import_key( &attributes, @@ -605,9 +605,9 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, goto cleanup; } - if( psa_asymmetric_verify( key_handle, psa_sig_md, - hash, hash_len, - buf, 2 * signature_part_size ) + if( psa_verify_hash( key_handle, psa_sig_md, + hash, hash_len, + buf, 2 * signature_part_size ) != PSA_SUCCESS ) { ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; @@ -1023,8 +1023,8 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); /* make the signature */ - status = psa_asymmetric_sign( *key, alg, hash, hash_len, - sig, buf_len, sig_len ); + status = psa_sign_hash( *key, alg, hash, hash_len, + sig, buf_len, sig_len ); if( status != PSA_SUCCESS ) return( mbedtls_psa_err_translate_pk( status ) ); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e4d4924a97..25aff019ab 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1462,8 +1462,8 @@ static psa_status_t psa_validate_key_policy( const psa_key_policy_t *policy ) PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | - PSA_KEY_USAGE_SIGN | - PSA_KEY_USAGE_VERIFY | + PSA_KEY_USAGE_SIGN_HASH | + PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE ) ) != 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -2726,7 +2726,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, psa_key_slot_t *slot; size_t key_bits; psa_key_usage_t usage = - is_sign ? PSA_KEY_USAGE_SIGN : PSA_KEY_USAGE_VERIFY; + is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH; uint8_t truncated = PSA_MAC_TRUNCATED_LENGTH( alg ); psa_algorithm_t full_length_alg = PSA_ALG_FULL_LENGTH_MAC( alg ); @@ -3310,13 +3310,13 @@ cleanup: } #endif /* MBEDTLS_ECDSA_C */ -psa_status_t psa_asymmetric_sign( psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length ) +psa_status_t psa_sign_hash( psa_key_handle_t handle, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ) { psa_key_slot_t *slot; psa_status_t status; @@ -3333,7 +3333,7 @@ psa_status_t psa_asymmetric_sign( psa_key_handle_t handle, if( signature_size == 0 ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_SIGN, alg ); + status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_SIGN_HASH, alg ); if( status != PSA_SUCCESS ) goto exit; if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) @@ -3414,12 +3414,12 @@ exit: return( status ); } -psa_status_t psa_asymmetric_verify( psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, - size_t signature_length ) +psa_status_t psa_verify_hash( psa_key_handle_t handle, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length ) { psa_key_slot_t *slot; psa_status_t status; @@ -3428,7 +3428,7 @@ psa_status_t psa_asymmetric_verify( psa_key_handle_t handle, psa_drv_se_context_t *drv_context; #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_VERIFY, alg ); + status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_VERIFY_HASH, alg ); if( status != PSA_SUCCESS ) return( status ); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index ccf173632f..926cec425c 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -106,7 +106,7 @@ psa_key_handle_t pk_psa_genkey( void ) const psa_key_type_t type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve); const size_t bits = 256; - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256) ); psa_set_key_type( &attributes, type ); psa_set_key_bits( &attributes, bits ); diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 3bd3738502..e0bedf762f 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -234,7 +234,7 @@ import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_ PSA import/export HMAC key: policy forbids export depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C -import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_HMAC(PSA_ALG_SHA_256):256:0:PSA_ERROR_NOT_PERMITTED:1 +import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):256:0:PSA_ERROR_NOT_PERMITTED:1 PSA import/export RSA keypair: policy forbids export (crypt) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 @@ -242,7 +242,7 @@ import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa24 PSA import/export RSA keypair: policy forbids export (sign) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_ERROR_NOT_PERMITTED:1 +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_ERROR_NOT_PERMITTED:1 # Test PEM import. Note that this is not a PSA feature, it's an Mbed TLS # extension which we may drop in the future. @@ -350,27 +350,27 @@ key_attributes_init: PSA key policy: MAC, sign | verify depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C -mac_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256) +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256) PSA key policy: MAC, wrong algorithm depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C -mac_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224) +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224) PSA key policy: MAC, alg=0 in policy depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C -mac_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256) +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256) PSA key policy: MAC, ANY_HASH in policy is not meaningful depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C -mac_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_HMAC(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256) +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256) PSA key policy: MAC, sign but not verify depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C -mac_key_policy:PSA_KEY_USAGE_SIGN:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256) +mac_key_policy:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256) PSA key policy: MAC, verify but not sign depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C -mac_key_policy:PSA_KEY_USAGE_VERIFY:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256) +mac_key_policy:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256) PSA key policy: MAC, neither sign nor verify depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C @@ -458,43 +458,43 @@ asymmetric_encryption_key_policy:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_K PSA key policy: asymmetric signature, sign | verify depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1 +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1 PSA key policy: asymmetric signature, wrong algorithm family depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C -asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0 +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0 PSA key policy: asymmetric signature, wildcard in policy, wrong algorithm family depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C -asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0 +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0 PSA key policy: asymmetric signature, wildcard in policy, ECDSA SHA-256 depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32 +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32 PSA key policy: asymmetric signature, wildcard in policy, PKCS#1v1.5 SHA-256 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32 +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32 PSA key policy: asymmetric signature, wildcard in policy, PKCS#1v1.5 raw depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1 +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1 PSA key policy: asymmetric signature, wrong hash algorithm depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C -asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 PSA key policy: asymmetric signature, alg=0 in policy depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 PSA key policy: asymmetric signature, sign but not verify depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1 +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1 PSA key policy: asymmetric signature, verify but not sign depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -asymmetric_signature_key_policy:PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1 +asymmetric_signature_key_policy:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1 PSA key policy: asymmetric signature, neither sign nor verify depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 @@ -566,7 +566,7 @@ key_policy_alg2:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_USAG PSA key policy algorithm2: ECDH, ECDSA depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_ECDSA_C -key_policy_alg2:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDH:PSA_ALG_ECDSA_ANY +key_policy_alg2:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA_ANY Copy key: raw, 1 byte copy_success:PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"2a":1:-1:-1:0:PSA_KEY_USAGE_COPY:0:0 @@ -605,55 +605,55 @@ copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:P Copy key: RSA key pair, same usage flags depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, fewer usage flags depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, more usage flags depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, intersect usage flags #0 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, intersect usage flags #1 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, wildcard algorithm in source depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, wildcard algorithm in target depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, wildcard algorithm in source and target depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0 Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH Copy key: source=ECDSA+ECDH, target=ECDSA+0 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0 Copy key: source=ECDSA+ECDH, target=0+ECDH depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:0:PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:0:PSA_ALG_ECDH +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:0:PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:0:PSA_ALG_ECDH Copy key: source=ECDSA(any)+ECDH, target=ECDSA(SHA256)+ECDH depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH Copy key: source=ECDH+ECDSA(any), target=ECDH+ECDSA(SHA256) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256) +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256) Copy fail: raw data, no COPY flag copy_fail:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_ERROR_NOT_PERMITTED @@ -690,11 +690,11 @@ copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_TYPE_RAW_DATA:"4 Copy fail: source=ECDSA(SHA224)+ECDH, target=ECDSA(SHA256)+ECDH depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_224):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_ERROR_INVALID_ARGUMENT +copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_224):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_ERROR_INVALID_ARGUMENT Copy fail: source=ECDH+ECDSA(SHA224), target=ECDH+ECDSA(SHA256) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_224):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT +copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_224):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT Hash operation object initializers zero properly hash_operation_init: @@ -2217,7 +2217,7 @@ derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0 PSA key derivation: HKDF SHA-256, exercise HMAC-SHA-256 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C -derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN:PSA_ALG_HMAC(PSA_ALG_SHA_256) +derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256) PSA key derivation: TLS 1.2 PRF SHA-256, exercise AES128-CTR depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR @@ -2241,7 +2241,7 @@ derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b PSA key derivation: TLS 1.2 PRF SHA-256, exercise HMAC-SHA-256 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C -derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN:PSA_ALG_HMAC(PSA_ALG_SHA_256) +derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256) PSA key derivation: TLS 1.2 PRF SHA-256, exercise HKDF-SHA-256 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C @@ -2463,15 +2463,15 @@ generate_key:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA generate key: RSA, 512 bits, good, sign (PKCS#1 v1.5) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS PSA generate key: RSA, 1016 bits, good, sign (PKCS#1 v1.5) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C -generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS PSA generate key: RSA, 512 bits, good, encrypt (PKCS#1 v1.5) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 @@ -2500,11 +2500,11 @@ generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+1:PSA_KEY_USA PSA generate key: ECC, SECP256R1, good depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C -generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS PSA generate key: ECC, SECP256R1, incorrect bit size depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C -generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT +generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT PSA generate key: RSA, default e generate_key_rsa:512:"":PSA_SUCCESS @@ -2554,11 +2554,11 @@ persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT PSA generate persistent key: RSA, 1024 bits, exportable depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C -persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY +persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY PSA generate persistent key: ECC, SECP256R1, exportable depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C -persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:GENERATE_KEY +persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:GENERATE_KEY PSA derive persistent key: HKDF SHA-256, exportable depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f3f79abcfe..3ce8df82de 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -222,7 +222,7 @@ int exercise_mac_setup( psa_key_type_t key_type, psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, @@ -291,7 +291,7 @@ static int exercise_mac_key( psa_key_handle_t handle, unsigned char mac[PSA_MAC_MAX_SIZE] = {0}; size_t mac_length = sizeof( mac ); - if( usage & PSA_KEY_USAGE_SIGN ) + if( usage & PSA_KEY_USAGE_SIGN_HASH ) { PSA_ASSERT( psa_mac_sign_setup( &operation, handle, alg ) ); @@ -302,10 +302,10 @@ static int exercise_mac_key( psa_key_handle_t handle, &mac_length ) ); } - if( usage & PSA_KEY_USAGE_VERIFY ) + if( usage & PSA_KEY_USAGE_VERIFY_HASH ) { psa_status_t verify_status = - ( usage & PSA_KEY_USAGE_SIGN ? + ( usage & PSA_KEY_USAGE_SIGN_HASH ? PSA_SUCCESS : PSA_ERROR_INVALID_SIGNATURE ); PSA_ASSERT( psa_mac_verify_setup( &operation, @@ -445,7 +445,7 @@ static int exercise_signature_key( psa_key_handle_t handle, { unsigned char payload[PSA_HASH_MAX_SIZE] = {1}; size_t payload_length = 16; - unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0}; + unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0}; size_t signature_length = sizeof( signature ); psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); @@ -461,28 +461,28 @@ static int exercise_signature_key( psa_key_handle_t handle, #endif } - if( usage & PSA_KEY_USAGE_SIGN ) + if( usage & PSA_KEY_USAGE_SIGN_HASH ) { /* Some algorithms require the payload to have the size of * the hash encoded in the algorithm. Use this input size * even for algorithms that allow other input sizes. */ if( hash_alg != 0 ) payload_length = PSA_HASH_SIZE( hash_alg ); - PSA_ASSERT( psa_asymmetric_sign( handle, alg, - payload, payload_length, - signature, sizeof( signature ), - &signature_length ) ); + PSA_ASSERT( psa_sign_hash( handle, alg, + payload, payload_length, + signature, sizeof( signature ), + &signature_length ) ); } - if( usage & PSA_KEY_USAGE_VERIFY ) + if( usage & PSA_KEY_USAGE_VERIFY_HASH ) { psa_status_t verify_status = - ( usage & PSA_KEY_USAGE_SIGN ? + ( usage & PSA_KEY_USAGE_SIGN_HASH ? PSA_SUCCESS : PSA_ERROR_INVALID_SIGNATURE ); - TEST_EQUAL( psa_asymmetric_verify( handle, alg, - payload, payload_length, - signature, signature_length ), + TEST_EQUAL( psa_verify_hash( handle, alg, + payload, payload_length, + signature, signature_length ), verify_status ); } @@ -1061,8 +1061,8 @@ static psa_key_usage_t usage_to_exercise( psa_key_type_t type, if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) ) { return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? - PSA_KEY_USAGE_VERIFY : - PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY ); + PSA_KEY_USAGE_VERIFY_HASH : + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); } else if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ) @@ -1725,7 +1725,7 @@ void mac_key_policy( int policy_usage, status = psa_mac_sign_setup( &operation, handle, exercise_alg ); if( policy_alg == exercise_alg && - ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 ) + ( policy_usage & PSA_KEY_USAGE_SIGN_HASH ) != 0 ) PSA_ASSERT( status ); else TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); @@ -1734,7 +1734,7 @@ void mac_key_policy( int policy_usage, memset( mac, 0, sizeof( mac ) ); status = psa_mac_verify_setup( &operation, handle, exercise_alg ); if( policy_alg == exercise_alg && - ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 ) + ( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 ) PSA_ASSERT( status ); else TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); @@ -1930,7 +1930,7 @@ void asymmetric_signature_key_policy( int policy_usage, * `exercise_alg` is supposed to be forbidden by the policy. */ int compatible_alg = payload_length_arg > 0; size_t payload_length = compatible_alg ? payload_length_arg : 0; - unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0}; + unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0}; size_t signature_length; PSA_ASSERT( psa_crypto_init( ) ); @@ -1942,20 +1942,20 @@ void asymmetric_signature_key_policy( int policy_usage, PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &handle ) ); - status = psa_asymmetric_sign( handle, exercise_alg, - payload, payload_length, - signature, sizeof( signature ), - &signature_length ); - if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 ) + status = psa_sign_hash( handle, exercise_alg, + payload, payload_length, + signature, sizeof( signature ), + &signature_length ); + if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_SIGN_HASH ) != 0 ) PSA_ASSERT( status ); else TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); memset( signature, 0, sizeof( signature ) ); - status = psa_asymmetric_verify( handle, exercise_alg, - payload, payload_length, - signature, sizeof( signature ) ); - if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 ) + status = psa_verify_hash( handle, exercise_alg, + payload, payload_length, + signature, sizeof( signature ) ); + if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 ) TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE ); else TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); @@ -2640,7 +2640,7 @@ void mac_bad_order( ) 0x2c, 0xf9, 0x18, 0xca, 0x59, 0x7e, 0x5d, 0xf6 }; PSA_ASSERT( psa_crypto_init( ) ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); @@ -2768,7 +2768,7 @@ void mac_sign( int key_type_arg, PSA_ASSERT( psa_crypto_init( ) ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); @@ -2814,7 +2814,7 @@ void mac_verify( int key_type_arg, PSA_ASSERT( psa_crypto_init( ) ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); @@ -3700,7 +3700,7 @@ void signature_size( int type_arg, { psa_key_type_t type = type_arg; psa_algorithm_t alg = alg_arg; - size_t actual_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( type, bits, alg ); + size_t actual_size = PSA_SIGN_OUTPUT_SIZE( type, bits, alg ); TEST_EQUAL( actual_size, (size_t) expected_size_arg ); exit: ; @@ -3723,7 +3723,7 @@ void sign_deterministic( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_crypto_init( ) ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); @@ -3734,17 +3734,17 @@ void sign_deterministic( int key_type_arg, data_t *key_data, /* Allocate a buffer which has the size advertized by the * library. */ - signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type, + signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ); TEST_ASSERT( signature_size != 0 ); - TEST_ASSERT( signature_size <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE ); + TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE ); ASSERT_ALLOC( signature, signature_size ); /* Perform the signature. */ - PSA_ASSERT( psa_asymmetric_sign( handle, alg, - input_data->x, input_data->len, - signature, signature_size, - &signature_length ) ); + PSA_ASSERT( psa_sign_hash( handle, alg, + input_data->x, input_data->len, + signature, signature_size, + &signature_length ) ); /* Verify that the signature is what is expected. */ ASSERT_COMPARE( output_data->x, output_data->len, signature, signature_length ); @@ -3776,17 +3776,17 @@ void sign_fail( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_crypto_init( ) ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &handle ) ); - actual_status = psa_asymmetric_sign( handle, alg, - input_data->x, input_data->len, - signature, signature_size, - &signature_length ); + actual_status = psa_sign_hash( handle, alg, + input_data->x, input_data->len, + signature, signature_size, + &signature_length ); TEST_EQUAL( actual_status, expected_status ); /* The value of *signature_length is unspecified on error, but * whatever it is, it should be less than signature_size, so that @@ -3817,7 +3817,7 @@ void sign_verify( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_crypto_init( ) ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); @@ -3828,26 +3828,25 @@ void sign_verify( int key_type_arg, data_t *key_data, /* Allocate a buffer which has the size advertized by the * library. */ - signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type, + signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ); TEST_ASSERT( signature_size != 0 ); - TEST_ASSERT( signature_size <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE ); + TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE ); ASSERT_ALLOC( signature, signature_size ); /* Perform the signature. */ - PSA_ASSERT( psa_asymmetric_sign( handle, alg, - input_data->x, input_data->len, - signature, signature_size, - &signature_length ) ); + PSA_ASSERT( psa_sign_hash( handle, alg, + input_data->x, input_data->len, + signature, signature_size, + &signature_length ) ); /* Check that the signature length looks sensible. */ TEST_ASSERT( signature_length <= signature_size ); TEST_ASSERT( signature_length > 0 ); /* Use the library to verify that the signature is correct. */ - PSA_ASSERT( psa_asymmetric_verify( - handle, alg, - input_data->x, input_data->len, - signature, signature_length ) ); + PSA_ASSERT( psa_verify_hash( handle, alg, + input_data->x, input_data->len, + signature, signature_length ) ); if( input_data->len != 0 ) { @@ -3855,9 +3854,9 @@ void sign_verify( int key_type_arg, data_t *key_data, * detected as invalid. Flip a bit at the beginning, not at the end, * because ECDSA may ignore the last few bits of the input. */ input_data->x[0] ^= 1; - TEST_EQUAL( psa_asymmetric_verify( handle, alg, - input_data->x, input_data->len, - signature, signature_length ), + TEST_EQUAL( psa_verify_hash( handle, alg, + input_data->x, input_data->len, + signature, signature_length ), PSA_ERROR_INVALID_SIGNATURE ); } @@ -3879,21 +3878,20 @@ void asymmetric_verify( int key_type_arg, data_t *key_data, psa_algorithm_t alg = alg_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - TEST_ASSERT( signature_data->len <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE ); + TEST_ASSERT( signature_data->len <= PSA_SIGNATURE_MAX_SIZE ); PSA_ASSERT( psa_crypto_init( ) ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &handle ) ); - PSA_ASSERT( psa_asymmetric_verify( handle, alg, - hash_data->x, hash_data->len, - signature_data->x, - signature_data->len ) ); + PSA_ASSERT( psa_verify_hash( handle, alg, + hash_data->x, hash_data->len, + signature_data->x, signature_data->len ) ); exit: psa_reset_key_attributes( &attributes ); psa_destroy_key( handle ); @@ -3916,17 +3914,16 @@ void asymmetric_verify_fail( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_crypto_init( ) ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &handle ) ); - actual_status = psa_asymmetric_verify( handle, alg, - hash_data->x, hash_data->len, - signature_data->x, - signature_data->len ); + actual_status = psa_verify_hash( handle, alg, + hash_data->x, hash_data->len, + signature_data->x, signature_data->len ); TEST_EQUAL( actual_status, expected_status ); diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index e06ef1791e..8288234f69 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -421,17 +421,16 @@ static psa_status_t ram_sign( psa_drv_se_context_t *context, DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) ); slot = &ram_slots[slot_number]; - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, slot->type ); DRIVER_ASSERT( psa_import_key( &attributes, slot->content, PSA_BITS_TO_BYTES( slot->bits ), &handle ) == PSA_SUCCESS ); - status = psa_asymmetric_sign( handle, alg, - hash, hash_length, - signature, signature_size, - signature_length ); + status = psa_sign_hash( handle, alg, + hash, hash_length, + signature, signature_size, signature_length ); exit: psa_destroy_key( handle ); @@ -455,7 +454,7 @@ static psa_status_t ram_verify( psa_drv_se_context_t *context, DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) ); slot = &ram_slots[slot_number]; - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, slot->type ); DRIVER_ASSERT( psa_import_key( &attributes, @@ -463,9 +462,9 @@ static psa_status_t ram_verify( psa_drv_se_context_t *context, PSA_BITS_TO_BYTES( slot->bits ), &handle ) == PSA_SUCCESS ); - status = psa_asymmetric_verify( handle, alg, - hash, hash_length, - signature, signature_length ); + status = psa_verify_hash( handle, alg, + hash, hash_length, + signature, signature_length ); exit: psa_destroy_key( handle ); @@ -651,12 +650,12 @@ static int smoke_test_key( psa_key_handle_t handle ) buffer, sizeof( buffer), buffer, sizeof( buffer), &length ) ); - SMOKE_ASSERT( psa_asymmetric_sign( handle, PSA_ALG_ECDSA_ANY, - buffer, 32, - buffer, sizeof( buffer ), &length ) ); - SMOKE_ASSERT( psa_asymmetric_verify( handle, PSA_ALG_ECDSA_ANY, - buffer, 32, - buffer, sizeof( buffer ) ) ); + SMOKE_ASSERT( psa_sign_hash( handle, PSA_ALG_ECDSA_ANY, + buffer, 32, + buffer, sizeof( buffer ), &length ) ); + SMOKE_ASSERT( psa_verify_hash( handle, PSA_ALG_ECDSA_ANY, + buffer, 32, + buffer, sizeof( buffer ) ) ); SMOKE_ASSERT( psa_asymmetric_encrypt( handle, PSA_ALG_RSA_PKCS1V15_CRYPT, buffer, 10, NULL, 0, @@ -998,7 +997,7 @@ void import_key_smoke( int type_arg, int alg_arg, psa_set_key_id( &attributes, id ); psa_set_key_lifetime( &attributes, lifetime ); psa_set_key_usage_flags( &attributes, - PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT ); psa_set_key_algorithm( &attributes, alg ); @@ -1107,7 +1106,7 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) psa_set_key_id( &attributes, id ); psa_set_key_lifetime( &attributes, lifetime ); psa_set_key_usage_flags( &attributes, - PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT ); psa_set_key_algorithm( &attributes, alg ); @@ -1171,7 +1170,7 @@ void sign_verify( int flow, psa_key_handle_t sw_handle = 0; /* transparent key */ psa_key_attributes_t sw_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t drv_attributes; - uint8_t signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE]; + uint8_t signature[PSA_SIGNATURE_MAX_SIZE]; size_t signature_length; memset( &driver, 0, sizeof( driver ) ); @@ -1210,7 +1209,7 @@ void sign_verify( int flow, /* Prepare to create two keys with the same key material: a transparent * key, and one that goes through the driver. */ psa_set_key_usage_flags( &sw_attributes, - PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY ); + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); psa_set_key_algorithm( &sw_attributes, alg ); psa_set_key_type( &sw_attributes, type ); drv_attributes = sw_attributes; @@ -1269,42 +1268,42 @@ void sign_verify( int flow, case SIGN_IN_DRIVER_AND_PARALLEL_CREATION: case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC: PSA_ASSERT_VIA_DRIVER( - psa_asymmetric_sign( drv_handle, - alg, - input->x, input->len, - signature, sizeof( signature ), - &signature_length ), + psa_sign_hash( drv_handle, + alg, + input->x, input->len, + signature, sizeof( signature ), + &signature_length ), PSA_SUCCESS ); break; case SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION: - PSA_ASSERT( psa_asymmetric_sign( sw_handle, - alg, - input->x, input->len, - signature, sizeof( signature ), - &signature_length ) ); + PSA_ASSERT( psa_sign_hash( sw_handle, + alg, + input->x, input->len, + signature, sizeof( signature ), + &signature_length ) ); break; } /* Verify with both keys. */ - PSA_ASSERT( psa_asymmetric_verify( sw_handle, alg, - input->x, input->len, - signature, signature_length ) ); + PSA_ASSERT( psa_verify_hash( sw_handle, alg, + input->x, input->len, + signature, signature_length ) ); PSA_ASSERT_VIA_DRIVER( - psa_asymmetric_verify( drv_handle, alg, - input->x, input->len, - signature, signature_length ), + psa_verify_hash( drv_handle, alg, + input->x, input->len, + signature, signature_length ), PSA_SUCCESS ); /* Change the signature and verify again. */ signature[0] ^= 1; - TEST_EQUAL( psa_asymmetric_verify( sw_handle, alg, - input->x, input->len, - signature, signature_length ), + TEST_EQUAL( psa_verify_hash( sw_handle, alg, + input->x, input->len, + signature, signature_length ), PSA_ERROR_INVALID_SIGNATURE ); PSA_ASSERT_VIA_DRIVER( - psa_asymmetric_verify( drv_handle, alg, - input->x, input->len, - signature, signature_length ), + psa_verify_hash( drv_handle, alg, + input->x, input->len, + signature, signature_length ), PSA_ERROR_INVALID_SIGNATURE ); exit: diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function index 7088a52260..9f17b84f19 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function @@ -564,7 +564,7 @@ void mock_sign( int mock_sign_return_value, int expected_result ) psa_set_key_id( &attributes, id ); psa_set_key_lifetime( &attributes, lifetime ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); psa_set_key_algorithm( &attributes, algorithm ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR ); @@ -572,10 +572,10 @@ void mock_sign( int mock_sign_return_value, int expected_result ) key_material, sizeof( key_material ), &handle ) ); - TEST_ASSERT( psa_asymmetric_sign( handle, algorithm, - hash, sizeof( hash ), - signature, sizeof( signature ), - &signature_length) + TEST_ASSERT( psa_sign_hash( handle, algorithm, + hash, sizeof( hash ), + signature, sizeof( signature ), + &signature_length) == expected_result ); TEST_ASSERT( mock_sign_data.called == 1 ); @@ -623,7 +623,7 @@ void mock_verify( int mock_verify_return_value, int expected_result ) psa_set_key_id( &attributes, id ); psa_set_key_lifetime( &attributes, lifetime ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); psa_set_key_algorithm( &attributes, algorithm ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); @@ -631,9 +631,9 @@ void mock_verify( int mock_verify_return_value, int expected_result ) key_material, sizeof( key_material ), &handle ) ); - TEST_ASSERT( psa_asymmetric_verify( handle, algorithm, - hash, sizeof( hash ), - signature, sizeof( signature ) ) + TEST_ASSERT( psa_verify_hash( handle, algorithm, + hash, sizeof( hash ), + signature, sizeof( signature ) ) == expected_result ); TEST_ASSERT( mock_verify_data.called == 1 ); diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index 803917dbe7..ba69cab1d0 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -39,27 +39,27 @@ persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX:0:0:0: Persistent slot: ECP keypair (ECDSA, exportable), close depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE Persistent slot: ECP keypair (ECDSA, exportable), close+restart depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN Persistent slot: ECP keypair (ECDSA, exportable), restart depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN Persistent slot: ECP keypair (ECDH+ECDSA, exportable), close depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE Persistent slot: ECP keypair (ECDH+ECDSA, exportable), close+restart depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN Persistent slot: ECP keypair (ECDH+ECDSA, exportable), restart depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN Attempt to overwrite: close before create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:CLOSE_BEFORE From 4151094a52090d8d68188582f36b85f533af4cef Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 26 Nov 2019 16:10:58 +0100 Subject: [PATCH 41/65] Add backward compatibility aliases for signature-related identifiers Define deprecated aliases for identifiers that are being renamed. --- include/psa/crypto_compat.h | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index 7eb43cd0f2..6160d8a320 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -40,7 +40,9 @@ extern "C" { #define MBEDTLS_PSA_DEPRECATED #endif +typedef MBEDTLS_PSA_DEPRECATED size_t mbedtls_deprecated_size_t; typedef MBEDTLS_PSA_DEPRECATED psa_status_t mbedtls_deprecated_psa_status_t; +typedef MBEDTLS_PSA_DEPRECATED psa_key_usage_t mbedtls_deprecated_psa_key_usage_t; #define MBEDTLS_DEPRECATED_CONSTANT( type, value ) \ ( (mbedtls_deprecated_##type) ( value ) ) @@ -59,6 +61,38 @@ typedef MBEDTLS_PSA_DEPRECATED psa_status_t mbedtls_deprecated_psa_status_t; #define PSA_ERROR_TAMPERING_DETECTED \ MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_CORRUPTION_DETECTED ) +/* + * Deprecated PSA Crypto numerical encodings + */ +#define PSA_KEY_USAGE_SIGN \ + MBEDTLS_DEPRECATED_CONSTANT( psa_key_usage_t, PSA_KEY_USAGE_SIGN_HASH ) +#define PSA_KEY_USAGE_VERIFY \ + MBEDTLS_DEPRECATED_CONSTANT( psa_key_usage_t, PSA_KEY_USAGE_VERIFY_HASH ) + +/* + * Deprecated PSA Crypto size calculation macros + */ +#define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \ + MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGNATURE_MAX_SIZE ) +#define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ) \ + MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ) ) + +/* + * Deprecated PSA Crypto function names + */ +/* Make these macros and not wrappers so that there is no cost to + * applications that don't use the deprecated names. + * + * Put backslash-newline after "#define" to bypass check-names.sh which + * would otherwise complain about lowercase macro names. + */ +#define \ + psa_asymmetric_sign( key, alg, hash, hash_length, signature, signature_size, signature_length ) \ + ( (mbedtls_deprecated_psa_status_t) psa_sign_hash( key, alg, hash, hash_length, signature, signature_size, signature_length ) ) +#define \ + psa_asymmetric_verify( key, alg, hash, hash_length, signature, signature_length ) \ + ( (mbedtls_deprecated_psa_status_t) psa_verify_hash( key, alg, hash, hash_length, signature, signature_length ) ) + #endif /* MBEDTLS_DEPRECATED_REMOVED */ #ifdef __cplusplus From 1a96049e30fdae3c8f51ca1b1d78f7d2f3e94f1b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 26 Nov 2019 17:12:21 +0100 Subject: [PATCH 42/65] Make the key_policy test function more flexible --- tests/suites/test_suite_psa_crypto.data | 13 +++++++++++-- tests/suites/test_suite_psa_crypto.function | 14 ++++++++------ 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index e0bedf762f..436ed7c315 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -342,8 +342,17 @@ PSA import RSA public key: maximum size exceeded depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:0:PSA_ERROR_NOT_SUPPORTED -PSA key policy set and get -key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_NO_PADDING +PSA key policy: AES +depends_on:MBEDTLS_AES_C +check_key_policy:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_NO_PADDING + +PSA key policy: ECC SECP256R1, sign +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +check_key_policy:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):256:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA_ANY + +PSA key policy: ECC SECP256R1, sign+verify +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +check_key_policy:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY Key attributes initializers zero properly key_attributes_init: diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 3ce8df82de..d62d3c1986 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1635,27 +1635,29 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void key_policy( int usage_arg, int alg_arg ) +void check_key_policy( int type_arg, int bits_arg, + int usage_arg, int alg_arg ) { psa_key_handle_t handle = 0; + psa_key_type_t key_type = type_arg; + size_t bits = bits_arg; psa_algorithm_t alg = alg_arg; psa_key_usage_t usage = usage_arg; - psa_key_type_t key_type = PSA_KEY_TYPE_AES; - unsigned char key[32] = {0}; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - memset( key, 0x2a, sizeof( key ) ); - PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_usage_flags( &attributes, usage ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); + psa_set_key_bits( &attributes, bits ); - PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) ); + PSA_ASSERT( psa_generate_key( &attributes, &handle ) ); + psa_reset_key_attributes( &attributes ); PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); TEST_EQUAL( psa_get_key_type( &attributes ), key_type ); + TEST_EQUAL( psa_get_key_bits( &attributes ), bits ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg ); From 841b14be02dd49915388c64b9987b4f894f075ef Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 26 Nov 2019 17:37:37 +0100 Subject: [PATCH 43/65] Add tests of deprecated PSA macros When MBEDTLS_TEST_DEPRECATED is defined, run some additional tests to validate deprecated PSA macros. We don't need to test deprecated features extensively, but we should at least ensure that they don't break the build. Add some code to component_build_deprecated in all.sh to run these tests with MBEDTLS_DEPRECATED_WARNING enabled. The tests are also executed when MBEDTLS_DEPRECATED_WARNING and MBEDTLS_DEPRECATED_REMOVED are both disabled. --- tests/scripts/all.sh | 4 ++++ tests/suites/main_test.function | 4 ++++ tests/suites/test_suite_psa_crypto.function | 18 ++++++++++++++++++ 3 files changed, 26 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2567cc0dd3..d9e9c82a45 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -715,6 +715,10 @@ component_build_deprecated () { make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests + msg "test: make, full config + DEPRECATED_WARNING, expect warnings" # ~ 30s + make -C tests clean + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -DMBEDTLS_TEST_DEPRECATED' tests + msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s # No cleanup, just tweak the configuration and rebuild make clean diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 5d15f2bbef..6ddfc5927a 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -29,6 +29,10 @@ #include "psa/crypto.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) && !defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_TEST_DEPRECATED +#endif + /*----------------------------------------------------------------------------*/ /* Common helper code */ diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index d62d3c1986..5236b4e2b2 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1164,6 +1164,18 @@ void static_checks( ) * encoding. The shifted mask is the maximum truncated value. The * untruncated algorithm may be one byte larger. */ TEST_ASSERT( PSA_MAC_MAX_SIZE <= 1 + max_truncated_mac_size ); + +#if defined(MBEDTLS_TEST_DEPRECATED) + /* Check deprecated constants. */ + TEST_EQUAL( PSA_ERROR_UNKNOWN_ERROR, PSA_ERROR_GENERIC_ERROR ); + TEST_EQUAL( PSA_ERROR_OCCUPIED_SLOT, PSA_ERROR_ALREADY_EXISTS ); + TEST_EQUAL( PSA_ERROR_EMPTY_SLOT, PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( PSA_ERROR_INSUFFICIENT_CAPACITY, PSA_ERROR_INSUFFICIENT_DATA ); + TEST_EQUAL( PSA_ERROR_TAMPERING_DETECTED, PSA_ERROR_CORRUPTION_DETECTED ); + TEST_EQUAL( PSA_KEY_USAGE_SIGN, PSA_KEY_USAGE_SIGN_HASH ); + TEST_EQUAL( PSA_KEY_USAGE_VERIFY, PSA_KEY_USAGE_VERIFY_HASH ); + TEST_EQUAL( PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE, PSA_SIGNATURE_MAX_SIZE ); +#endif /* MBEDTLS_TEST_DEPRECATED */ } /* END_CASE */ @@ -3703,7 +3715,13 @@ void signature_size( int type_arg, psa_key_type_t type = type_arg; psa_algorithm_t alg = alg_arg; size_t actual_size = PSA_SIGN_OUTPUT_SIZE( type, bits, alg ); + TEST_EQUAL( actual_size, (size_t) expected_size_arg ); +#if defined(MBEDTLS_TEST_DEPRECATED) + TEST_EQUAL( actual_size, + PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( type, bits, alg ) ); +#endif /* MBEDTLS_TEST_DEPRECATED */ + exit: ; } From 0627f98779c2ffe01d4db5eee88055272a8c2474 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 26 Nov 2019 19:12:16 +0100 Subject: [PATCH 44/65] Add tests of deprecated PSA functions Test psa_asymmetric_sign and psa_asymmetric_verify. --- tests/suites/test_suite_psa_crypto.function | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 5236b4e2b2..196cc794bb 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3769,6 +3769,15 @@ void sign_deterministic( int key_type_arg, data_t *key_data, ASSERT_COMPARE( output_data->x, output_data->len, signature, signature_length ); +#if defined(MBEDTLS_TEST_DEPRECATED) + PSA_ASSERT( psa_asymmetric_sign( handle, alg, + input_data->x, input_data->len, + signature, signature_size, + &signature_length ) ); + ASSERT_COMPARE( output_data->x, output_data->len, + signature, signature_length ); +#endif /* MBEDTLS_TEST_DEPRECATED */ + exit: psa_reset_key_attributes( &attributes ); psa_destroy_key( handle ); @@ -3912,6 +3921,15 @@ void asymmetric_verify( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_verify_hash( handle, alg, hash_data->x, hash_data->len, signature_data->x, signature_data->len ) ); + +#if defined(MBEDTLS_TEST_DEPRECATED) + PSA_ASSERT( psa_asymmetric_verify( handle, alg, + hash_data->x, hash_data->len, + signature_data->x, + signature_data->len ) ); + +#endif /* MBEDTLS_TEST_DEPRECATED */ + exit: psa_reset_key_attributes( &attributes ); psa_destroy_key( handle ); From 06c28890c9d27561bb75390d9fc759bc6c7aede1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 26 Nov 2019 18:07:46 +0100 Subject: [PATCH 45/65] Add test function for effective key attributes We're going to create some edge cases where the attributes of a key are not bitwise identical to the attributes passed during creation. Have a test function ready for that. --- tests/suites/test_suite_psa_crypto.function | 28 ++++++++++++++++----- 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 196cc794bb..543fe89e2f 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1647,14 +1647,20 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void check_key_policy( int type_arg, int bits_arg, - int usage_arg, int alg_arg ) +void effective_key_attributes( int type_arg, int expected_type_arg, + int bits_arg, int expected_bits_arg, + int usage_arg, int expected_usage_arg, + int alg_arg, int expected_alg_arg ) { psa_key_handle_t handle = 0; psa_key_type_t key_type = type_arg; + psa_key_type_t expected_key_type = expected_type_arg; size_t bits = bits_arg; + size_t expected_bits = expected_bits_arg; psa_algorithm_t alg = alg_arg; + psa_algorithm_t expected_alg = expected_alg_arg; psa_key_usage_t usage = usage_arg; + psa_key_usage_t expected_usage = expected_usage_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; PSA_ASSERT( psa_crypto_init( ) ); @@ -1668,10 +1674,10 @@ void check_key_policy( int type_arg, int bits_arg, psa_reset_key_attributes( &attributes ); PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); - TEST_EQUAL( psa_get_key_type( &attributes ), key_type ); - TEST_EQUAL( psa_get_key_bits( &attributes ), bits ); - TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage ); - TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg ); + TEST_EQUAL( psa_get_key_type( &attributes ), expected_key_type ); + TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits ); + TEST_EQUAL( psa_get_key_usage_flags( &attributes ), expected_usage ); + TEST_EQUAL( psa_get_key_algorithm( &attributes ), expected_alg ); exit: psa_destroy_key( handle ); @@ -1680,6 +1686,16 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void check_key_policy( int type_arg, int bits_arg, + int usage_arg, int alg_arg ) +{ + test_effective_key_attributes( type_arg, type_arg, bits_arg, bits_arg, + usage_arg, usage_arg, alg_arg, alg_arg ); + goto exit; +} +/* END_CASE */ + /* BEGIN_CASE */ void key_attributes_init( ) { From 972630e2401144d3041999d445b44c0617a5d72f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 29 Nov 2019 11:55:48 +0100 Subject: [PATCH 46/65] Remove dependency of crypto_values.h on crypto_extra.h Define PSA_ALG_ECDSA_DETERMINISTIC_FLAG in crypto_values.h. This is necessary for the current PSA API specification processing scripts. --- include/psa/crypto_extra.h | 2 +- include/psa/crypto_values.h | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index c5313d619e..8bd07261b4 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -384,7 +384,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, #define PSA_ALG_DSA(hash_alg) \ (PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) #define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t)0x10050000) -#define PSA_ALG_DSA_DETERMINISTIC_FLAG ((psa_algorithm_t)0x00010000) +#define PSA_ALG_DSA_DETERMINISTIC_FLAG PSA_ALG_ECDSA_DETERMINISTIC_FLAG /** Deterministic DSA signature with hashing. * * This is the deterministic variant defined by RFC 6979 of diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 1e0c2136a0..b095e1c93c 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1197,11 +1197,12 @@ */ #define PSA_ALG_DETERMINISTIC_ECDSA(hash_alg) \ (PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) +#define PSA_ALG_ECDSA_DETERMINISTIC_FLAG ((psa_algorithm_t)0x00010000) #define PSA_ALG_IS_ECDSA(alg) \ - (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \ + (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_ECDSA_DETERMINISTIC_FLAG) == \ PSA_ALG_ECDSA_BASE) #define PSA_ALG_ECDSA_IS_DETERMINISTIC(alg) \ - (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0) + (((alg) & PSA_ALG_ECDSA_DETERMINISTIC_FLAG) != 0) #define PSA_ALG_IS_DETERMINISTIC_ECDSA(alg) \ (PSA_ALG_IS_ECDSA(alg) && PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)) #define PSA_ALG_IS_RANDOMIZED_ECDSA(alg) \ From 895242be1c3c6f92d695cd7e2964b54ec3b02d26 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 29 Nov 2019 12:15:40 +0100 Subject: [PATCH 47/65] Add negative test cases for deprecated aliases Catch more potential plumbing errors such as not returning the right value or not writing to an output parameter. --- tests/suites/test_suite_psa_crypto.function | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 543fe89e2f..83b0c952d9 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3786,6 +3786,8 @@ void sign_deterministic( int key_type_arg, data_t *key_data, signature, signature_length ); #if defined(MBEDTLS_TEST_DEPRECATED) + memset( signature, 0, signature_size ); + signature_length = INVALID_EXPORT_LENGTH; PSA_ASSERT( psa_asymmetric_sign( handle, alg, input_data->x, input_data->len, signature, signature_size, @@ -3839,6 +3841,16 @@ void sign_fail( int key_type_arg, data_t *key_data, * checking the error code then they don't overflow a buffer. */ TEST_ASSERT( signature_length <= signature_size ); +#if defined(MBEDTLS_TEST_DEPRECATED) + signature_length = INVALID_EXPORT_LENGTH; + TEST_EQUAL( psa_asymmetric_sign( handle, alg, + input_data->x, input_data->len, + signature, signature_size, + &signature_length ), + expected_status ); + TEST_ASSERT( signature_length <= signature_size ); +#endif /* MBEDTLS_TEST_DEPRECATED */ + exit: psa_reset_key_attributes( &attributes ); psa_destroy_key( handle ); @@ -3978,9 +3990,15 @@ void asymmetric_verify_fail( int key_type_arg, data_t *key_data, actual_status = psa_verify_hash( handle, alg, hash_data->x, hash_data->len, signature_data->x, signature_data->len ); - TEST_EQUAL( actual_status, expected_status ); +#if defined(MBEDTLS_TEST_DEPRECATED) + TEST_EQUAL( psa_asymmetric_verify( handle, alg, + hash_data->x, hash_data->len, + signature_data->x, signature_data->len ), + expected_status ); +#endif /* MBEDTLS_TEST_DEPRECATED */ + exit: psa_reset_key_attributes( &attributes ); psa_destroy_key( handle ); From 2ff02c361e65a3fac94f9a5dce1db3f97cf6606f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 29 Nov 2019 12:17:21 +0100 Subject: [PATCH 48/65] Document MBEDTLS_TEST_DEPRECATED --- tests/suites/main_test.function | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 6ddfc5927a..a1ba610585 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -29,6 +29,11 @@ #include "psa/crypto.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ +/* Test code may use deprecated identifiers only if the preprocessor symbol + * MBEDTLS_TEST_DEPRECATED is defined. When building tests, set + * MBEDTLS_TEST_DEPRECATED explicitly if MBEDTLS_DEPRECATED_WARNING is + * enabled but the corresponding warnings are not treated as errors. + */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) && !defined(MBEDTLS_DEPRECATED_WARNING) #define MBEDTLS_TEST_DEPRECATED #endif From 0168f2f2c1dd36e31adc90cd2c694270726cceab Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 29 Nov 2019 12:22:32 +0100 Subject: [PATCH 49/65] Better documentation in crypto_compat.h Note that the identifiers declared in this header are deprecated. Indicate what API version identifiers were from. --- include/psa/crypto_compat.h | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index 6160d8a320..dc11da389f 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -3,6 +3,10 @@ * * \brief PSA cryptography module: Backward compatibility aliases * + * This header declares alternative names for macro and functions. + * New application code should not use these names. + * These names may be removed in a future version of Mbed Crypto. + * * \note This file may not be included directly. Applications must * include psa/crypto.h. */ @@ -34,6 +38,9 @@ extern "C" { #if !defined(MBEDTLS_DEPRECATED_REMOVED) +/* + * Mechanism for declaring deprecated values + */ #if defined(MBEDTLS_DEPRECATED_WARNING) && !defined(MBEDTLS_PSA_DEPRECATED) #define MBEDTLS_PSA_DEPRECATED __attribute__((deprecated)) #else @@ -48,7 +55,7 @@ typedef MBEDTLS_PSA_DEPRECATED psa_key_usage_t mbedtls_deprecated_psa_key_usage_ ( (mbedtls_deprecated_##type) ( value ) ) /* - * Deprecated PSA Crypto error code definitions + * Deprecated PSA Crypto error code definitions (PSA Crypto API <= 1.0 beta2) */ #define PSA_ERROR_UNKNOWN_ERROR \ MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_GENERIC_ERROR ) @@ -62,7 +69,7 @@ typedef MBEDTLS_PSA_DEPRECATED psa_key_usage_t mbedtls_deprecated_psa_key_usage_ MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_CORRUPTION_DETECTED ) /* - * Deprecated PSA Crypto numerical encodings + * Deprecated PSA Crypto numerical encodings (PSA Crypto API <= 1.0 beta3) */ #define PSA_KEY_USAGE_SIGN \ MBEDTLS_DEPRECATED_CONSTANT( psa_key_usage_t, PSA_KEY_USAGE_SIGN_HASH ) @@ -70,7 +77,7 @@ typedef MBEDTLS_PSA_DEPRECATED psa_key_usage_t mbedtls_deprecated_psa_key_usage_ MBEDTLS_DEPRECATED_CONSTANT( psa_key_usage_t, PSA_KEY_USAGE_VERIFY_HASH ) /* - * Deprecated PSA Crypto size calculation macros + * Deprecated PSA Crypto size calculation macros (PSA Crypto API <= 1.0 beta3) */ #define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \ MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGNATURE_MAX_SIZE ) @@ -78,7 +85,7 @@ typedef MBEDTLS_PSA_DEPRECATED psa_key_usage_t mbedtls_deprecated_psa_key_usage_ MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ) ) /* - * Deprecated PSA Crypto function names + * Deprecated PSA Crypto function names (PSA Crypto API <= 1.0 beta3) */ /* Make these macros and not wrappers so that there is no cost to * applications that don't use the deprecated names. From d11550e11d893cd743996d8789c6d82ac3ea190a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 3 Dec 2019 15:52:31 +0000 Subject: [PATCH 50/65] Fix number of allocated errors in Platform --- include/mbedtls/error.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 06bb1c9cac..3fff9a0540 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -86,7 +86,7 @@ * CHACHA20 3 0x0051-0x0055 * POLY1305 3 0x0057-0x005B * CHACHAPOLY 2 0x0054-0x0056 - * PLATFORM 1 0x0070-0x0072 + * PLATFORM 2 0x0070-0x0072 * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors From 60f6b64b8f6545c9fcc699291a19144ddff2cd99 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 3 Dec 2019 15:55:56 +0000 Subject: [PATCH 51/65] Add two error codes to the Error module One of the error codes was already reserved, this commit just makes it explicit. The other one is a new error code for initializing return values in the library: `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` should not be returned by the library. If it is returned, then it is surely a bug in the library or somebody is tampering with the device. --- include/mbedtls/error.h | 4 ++++ library/error.c | 11 +++++++++++ scripts/generate_errors.pl | 2 +- 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 3fff9a0540..7ca54b8c3f 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -55,6 +55,7 @@ * Low-level module errors (0x0002-0x007E, 0x0003-0x007F) * * Module Nr Codes assigned + * ERROR 2 0x006E 0x0001 * MPI 7 0x0002-0x0010 * GCM 3 0x0012-0x0014 0x0013-0x0013 * BLOWFISH 3 0x0016-0x0018 0x0017-0x0017 @@ -112,6 +113,9 @@ extern "C" { #endif +#define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001 /**< Generic error */ +#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E /**< This is a bug in the library */ + /** * \brief Translate a mbed TLS error code into a string representation, * Result is truncated if necessary and always includes a terminating diff --git a/library/error.c b/library/error.c index 649b3baa41..85beaeeacc 100644 --- a/library/error.c +++ b/library/error.c @@ -109,6 +109,10 @@ #include "mbedtls/entropy.h" #endif +#if defined(MBEDTLS_ERROR_C) +#include "mbedtls/error.h" +#endif + #if defined(MBEDTLS_GCM_C) #include "mbedtls/gcm.h" #endif @@ -579,6 +583,13 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "ENTROPY - Read/write error in file" ); #endif /* MBEDTLS_ENTROPY_C */ +#if defined(MBEDTLS_ERROR_C) + if( use_ret == -(MBEDTLS_ERR_ERROR_GENERIC_ERROR) ) + mbedtls_snprintf( buf, buflen, "ERROR - Generic error" ); + if( use_ret == -(MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED) ) + mbedtls_snprintf( buf, buflen, "ERROR - This is a bug in the library" ); +#endif /* MBEDTLS_ERROR_C */ + #if defined(MBEDTLS_GCM_C) if( use_ret == -(MBEDTLS_ERR_GCM_AUTH_FAILED) ) mbedtls_snprintf( buf, buflen, "GCM - Authenticated decryption failed" ); diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index e640f4ccd5..b4c014e3f1 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -31,7 +31,7 @@ my $error_format_file = $data_dir.'/error.fmt'; my @low_level_modules = qw( AES ARC4 ARIA ASN1 BASE64 BIGNUM BLOWFISH CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES - ENTROPY GCM HKDF HMAC_DRBG MD2 MD4 MD5 + ENTROPY ERROR GCM HKDF HMAC_DRBG MD2 MD4 MD5 OID PADLOCK PBKDF2 PLATFORM POLY1305 RIPEMD160 SHA1 SHA256 SHA512 THREADING XTEA ); my @high_level_modules = qw( CIPHER DHM ECP MD From a13b905d8dde4d851f1730e62643d1fb775649ca Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 22 Nov 2019 12:48:59 +0000 Subject: [PATCH 52/65] Map the new Mbed TLS error value in PSA --- library/psa_crypto.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e4d4924a97..b98a4629d8 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -351,6 +351,8 @@ static psa_status_t mbedtls_to_psa_error( int ret ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); case MBEDTLS_ERR_ECP_HW_ACCEL_FAILED: return( PSA_ERROR_HARDWARE_FAILURE ); + case MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED: + return( PSA_ERROR_CORRUPTION_DETECTED ); default: return( PSA_ERROR_GENERIC_ERROR ); From 24eed8d2d2df4423a63c8761edd0d65a43ff03a3 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 22 Nov 2019 13:21:35 +0000 Subject: [PATCH 53/65] Initialise return values to an error Initialising the return values to and error is best practice and makes the library more robust. --- library/aes.c | 7 +++-- library/asn1parse.c | 17 ++++++----- library/asn1write.c | 19 ++++++------ library/bignum.c | 35 +++++++++++----------- library/ccm.c | 9 +++--- library/chacha20.c | 5 ++-- library/chachapoly.c | 15 +++++----- library/cipher.c | 13 ++++---- library/cipher_wrap.c | 3 +- library/cmac.c | 13 ++++---- library/ctr_drbg.c | 9 +++--- library/dhm.c | 15 +++++----- library/ecdh.c | 21 ++++++------- library/ecdsa.c | 15 +++++----- library/ecjpake.c | 33 +++++++++++---------- library/ecp.c | 67 +++++++++++++++++++++--------------------- library/ecp_curves.c | 19 ++++++------ library/entropy.c | 5 ++-- library/entropy_poll.c | 3 +- library/gcm.c | 11 +++---- library/hkdf.c | 3 +- library/hmac_drbg.c | 13 ++++---- library/md.c | 11 +++---- library/md2.c | 7 +++-- library/md4.c | 7 +++-- library/md5.c | 7 +++-- library/nist_kw.c | 3 +- library/oid.c | 3 +- library/pem.c | 11 +++---- library/pk.c | 9 +++--- library/pk_wrap.c | 27 +++++++++-------- library/pkcs12.c | 7 +++-- library/pkcs5.c | 3 +- library/pkparse.c | 27 +++++++++-------- library/pkwrite.c | 19 ++++++------ library/platform.c | 5 ++-- library/poly1305.c | 5 ++-- library/psa_crypto.c | 43 ++++++++++++++------------- library/ripemd160.c | 7 +++-- library/rsa.c | 29 +++++++++--------- library/sha1.c | 7 +++-- library/sha256.c | 7 +++-- library/sha512.c | 7 +++-- 43 files changed, 322 insertions(+), 279 deletions(-) diff --git a/library/aes.c b/library/aes.c index aff0a9939a..6e8699022b 100644 --- a/library/aes.c +++ b/library/aes.c @@ -38,6 +38,7 @@ #include "mbedtls/aes.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #if defined(MBEDTLS_PADLOCK_C) #include "mbedtls/padlock.h" #endif @@ -766,7 +767,7 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, const unsigned char *key, unsigned int keybits) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *key1, *key2; unsigned int key1bits, key2bits; @@ -791,7 +792,7 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, const unsigned char *key, unsigned int keybits) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *key1, *key2; unsigned int key1bits, key2bits; @@ -1175,7 +1176,7 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, const unsigned char *input, unsigned char *output ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t blocks = length / 16; size_t leftover = length % 16; unsigned char tweak[16]; diff --git a/library/asn1parse.c b/library/asn1parse.c index 412259e358..5075dfd53e 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -29,6 +29,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -124,7 +125,7 @@ int mbedtls_asn1_get_bool( unsigned char **p, const unsigned char *end, int *val ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_BOOLEAN ) ) != 0 ) @@ -143,7 +144,7 @@ int mbedtls_asn1_get_int( unsigned char **p, const unsigned char *end, int *val ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) @@ -185,7 +186,7 @@ int mbedtls_asn1_get_mpi( unsigned char **p, const unsigned char *end, mbedtls_mpi *X ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) @@ -202,7 +203,7 @@ int mbedtls_asn1_get_mpi( unsigned char **p, int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end, mbedtls_asn1_bitstring *bs) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Certificate type is a single byte bitstring */ if( ( ret = mbedtls_asn1_get_tag( p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 ) @@ -235,7 +236,7 @@ int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end, int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end, size_t *len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 ) return( ret ); @@ -261,7 +262,7 @@ int mbedtls_asn1_get_sequence_of( unsigned char **p, mbedtls_asn1_sequence *cur, int tag) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; mbedtls_asn1_buf *buf; @@ -310,7 +311,7 @@ int mbedtls_asn1_get_alg( unsigned char **p, const unsigned char *end, mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; if( ( ret = mbedtls_asn1_get_tag( p, end, &len, @@ -354,7 +355,7 @@ int mbedtls_asn1_get_alg_null( unsigned char **p, const unsigned char *end, mbedtls_asn1_buf *alg ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_asn1_buf params; memset( ¶ms, 0, sizeof(mbedtls_asn1_buf) ); diff --git a/library/asn1write.c b/library/asn1write.c index a138d0b75c..262d0bf561 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -28,6 +28,7 @@ #if defined(MBEDTLS_ASN1_WRITE_C) #include "mbedtls/asn1write.h" +#include "mbedtls/error.h" #include @@ -131,7 +132,7 @@ int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start, #if defined(MBEDTLS_BIGNUM_C) int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; // Write the MPI @@ -168,7 +169,7 @@ cleanup: int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; // Write NULL @@ -182,7 +183,7 @@ int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start ) int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start, const char *oid, size_t oid_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, @@ -197,7 +198,7 @@ int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *s const char *oid, size_t oid_len, size_t par_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; if( par_len == 0 ) @@ -216,7 +217,7 @@ int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *s int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; if( *p - start < 1 ) @@ -233,7 +234,7 @@ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolea int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; do @@ -263,7 +264,7 @@ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ) int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, int tag, const char *text, size_t text_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, @@ -339,7 +340,7 @@ int mbedtls_asn1_write_named_bitstring( unsigned char **p, int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start, const unsigned char *buf, size_t bits ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; size_t unused_bits, byte_len; @@ -372,7 +373,7 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start, int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start, const unsigned char *buf, size_t size ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, buf, size ) ); diff --git a/library/bignum.c b/library/bignum.c index a2f2a9f998..1d258db0e9 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -46,6 +46,7 @@ #include "mbedtls/bignum.h" #include "mbedtls/bn_mul.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -314,7 +315,7 @@ cleanup: */ int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; MPI_VALIDATE_RET( X != NULL ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) ); @@ -457,7 +458,7 @@ static int mpi_get_digit( mbedtls_mpi_uint *d, int radix, char c ) */ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, j, slen, n; mbedtls_mpi_uint d; mbedtls_mpi T; @@ -532,7 +533,7 @@ cleanup: static int mpi_write_hlp( mbedtls_mpi *X, int radix, char **p, const size_t buflen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi_uint r; size_t length = 0; char *p_end = *p + buflen; @@ -697,7 +698,7 @@ int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin ) */ int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n, slen, plen; /* * Buffer should have space for (short) label and decimal formatted MPI, @@ -832,7 +833,7 @@ static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs ) int mbedtls_mpi_read_binary_le( mbedtls_mpi *X, const unsigned char *buf, size_t buflen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; size_t const limbs = CHARS_TO_LIMBS( buflen ); @@ -864,7 +865,7 @@ cleanup: */ int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t const limbs = CHARS_TO_LIMBS( buflen ); size_t const overhead = ( limbs * ciL ) - buflen; unsigned char *Xp; @@ -991,7 +992,7 @@ int mbedtls_mpi_write_binary( const mbedtls_mpi *X, */ int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, v0, t1; mbedtls_mpi_uint r0 = 0, r1; MPI_VALIDATE_RET( X != NULL ); @@ -1170,7 +1171,7 @@ int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z ) */ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, j; mbedtls_mpi_uint *o, *p, c, tmp; MPI_VALIDATE_RET( X != NULL ); @@ -1251,7 +1252,7 @@ static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d ) int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) { mbedtls_mpi TB; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( A != NULL ); @@ -1474,7 +1475,7 @@ void mpi_mul_hlp( size_t i, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d, mbedtls_mp */ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, j; mbedtls_mpi TA, TB; MPI_VALIDATE_RET( X != NULL ); @@ -1629,7 +1630,7 @@ static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1, int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, n, t, k; mbedtls_mpi X, Y, Z, T1, T2; mbedtls_mpi_uint TP2[3]; @@ -1775,7 +1776,7 @@ int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, */ int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; MPI_VALIDATE_RET( R != NULL ); MPI_VALIDATE_RET( A != NULL ); MPI_VALIDATE_RET( B != NULL ); @@ -1937,7 +1938,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t wbits, wsize, one = 1; size_t i, j, nblimbs; size_t bufsize, nbits; @@ -2152,7 +2153,7 @@ cleanup: */ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t lz, lzt; mbedtls_mpi TA, TB; @@ -2214,7 +2215,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t const limbs = CHARS_TO_LIMBS( size ); size_t const overhead = ( limbs * ciL ) - size; unsigned char *Xp; @@ -2245,7 +2246,7 @@ cleanup: */ int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2; MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( A != NULL ); @@ -2498,7 +2499,7 @@ int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi XX; MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( f_rng != NULL ); diff --git a/library/ccm.c b/library/ccm.c index a7e360ecf4..eaef106a11 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -38,6 +38,7 @@ #include "mbedtls/ccm.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -74,7 +75,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, const unsigned char *key, unsigned int keybits ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info; CCM_VALIDATE_RET( ctx != NULL ); @@ -156,7 +157,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char i; unsigned char q; size_t len_left, olen; @@ -366,7 +367,7 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char check_tag[16]; unsigned char i; int diff; @@ -479,7 +480,7 @@ int mbedtls_ccm_self_test( int verbose ) unsigned char plaintext[CCM_SELFTEST_PT_MAX_LEN]; unsigned char ciphertext[CCM_SELFTEST_CT_MAX_LEN]; size_t i; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ccm_init( &ctx ); diff --git a/library/chacha20.c b/library/chacha20.c index 8a3610f0e0..343b2167cd 100644 --- a/library/chacha20.c +++ b/library/chacha20.c @@ -33,6 +33,7 @@ #include "mbedtls/chacha20.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include #include @@ -325,7 +326,7 @@ int mbedtls_chacha20_crypt( const unsigned char key[32], unsigned char* output ) { mbedtls_chacha20_context ctx; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; CHACHA20_VALIDATE_RET( key != NULL ); CHACHA20_VALIDATE_RET( nonce != NULL ); @@ -536,7 +537,7 @@ int mbedtls_chacha20_self_test( int verbose ) { unsigned char output[381]; unsigned i; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; for( i = 0U; i < 2U; i++ ) { diff --git a/library/chachapoly.c b/library/chachapoly.c index dc643dd618..f0af5ded26 100644 --- a/library/chachapoly.c +++ b/library/chachapoly.c @@ -30,6 +30,7 @@ #include "mbedtls/chachapoly.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -122,7 +123,7 @@ void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx ) int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx, const unsigned char key[32] ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; CHACHAPOLY_VALIDATE_RET( ctx != NULL ); CHACHAPOLY_VALIDATE_RET( key != NULL ); @@ -135,7 +136,7 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, const unsigned char nonce[12], mbedtls_chachapoly_mode_t mode ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char poly1305_key[64]; CHACHAPOLY_VALIDATE_RET( ctx != NULL ); CHACHAPOLY_VALIDATE_RET( nonce != NULL ); @@ -191,7 +192,7 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx, const unsigned char *input, unsigned char *output ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; CHACHAPOLY_VALIDATE_RET( ctx != NULL ); CHACHAPOLY_VALIDATE_RET( len == 0 || input != NULL ); CHACHAPOLY_VALIDATE_RET( len == 0 || output != NULL ); @@ -240,7 +241,7 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx, int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, unsigned char mac[16] ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char len_block[16]; CHACHAPOLY_VALIDATE_RET( ctx != NULL ); CHACHAPOLY_VALIDATE_RET( mac != NULL ); @@ -304,7 +305,7 @@ static int chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx, unsigned char *output, unsigned char tag[16] ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ret = mbedtls_chachapoly_starts( ctx, nonce, mode ); if( ret != 0 ) @@ -354,7 +355,7 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx, const unsigned char *input, unsigned char *output ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char check_tag[16]; size_t i; int diff; @@ -492,7 +493,7 @@ int mbedtls_chachapoly_self_test( int verbose ) { mbedtls_chachapoly_context ctx; unsigned i; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char output[200]; unsigned char mac[16]; diff --git a/library/cipher.c b/library/cipher.c index 69079aae7a..b62f1d5939 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -34,6 +34,7 @@ #include "mbedtls/cipher.h" #include "mbedtls/cipher_internal.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include #include @@ -504,7 +505,7 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t block_size; CIPHER_VALIDATE_RET( ctx != NULL ); @@ -1134,7 +1135,7 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, const unsigned char *tag, size_t tag_len ) { unsigned char check_tag[16]; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; CIPHER_VALIDATE_RET( ctx != NULL ); CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); @@ -1211,7 +1212,7 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t finish_olen; CIPHER_VALIDATE_RET( ctx != NULL ); @@ -1455,7 +1456,7 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, #if defined(MBEDTLS_GCM_C) if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; *olen = ilen; ret = mbedtls_gcm_auth_decrypt( ctx->cipher_ctx, ilen, @@ -1471,7 +1472,7 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, #if defined(MBEDTLS_CCM_C) if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; *olen = ilen; ret = mbedtls_ccm_auth_decrypt( ctx->cipher_ctx, ilen, @@ -1487,7 +1488,7 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, #if defined(MBEDTLS_CHACHAPOLY_C) if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* ChachaPoly has fixed length nonce and MAC (tag) */ if ( ( iv_len != ctx->cipher_info->iv_size ) || diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 7fc40b5f0c..a813426be2 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -32,6 +32,7 @@ #if defined(MBEDTLS_CIPHER_C) #include "mbedtls/cipher_internal.h" +#include "mbedtls/error.h" #if defined(MBEDTLS_CHACHAPOLY_C) #include "mbedtls/chachapoly.h" @@ -1916,7 +1917,7 @@ static int chacha20_stream_wrap( void *ctx, size_t length, const unsigned char *input, unsigned char *output ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ret = mbedtls_chacha20_update( ctx, length, input, output ); if( ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ) diff --git a/library/cmac.c b/library/cmac.c index 5d101e1c7d..642680d556 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -50,6 +50,7 @@ #include "mbedtls/cmac.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -136,7 +137,7 @@ static int cmac_multiply_by_u( unsigned char *output, static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx, unsigned char* K1, unsigned char* K2 ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX]; size_t olen, block_size; @@ -315,7 +316,7 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX]; unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX]; unsigned char M_last[MBEDTLS_CIPHER_BLKSIZE_MAX]; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen, block_size; if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL || @@ -393,7 +394,7 @@ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, unsigned char *output ) { mbedtls_cipher_context_t ctx; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( cipher_info == NULL || key == NULL || input == NULL || output == NULL ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); @@ -427,7 +428,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, const unsigned char *input, size_t in_len, unsigned char *output ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info; unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE]; unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE]; @@ -894,7 +895,7 @@ exit: static int test_aes128_cmac_prf( int verbose ) { int i; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char output[MBEDTLS_AES_BLOCK_SIZE]; for( i = 0; i < NB_PRF_TESTS; i++ ) @@ -921,7 +922,7 @@ static int test_aes128_cmac_prf( int verbose ) int mbedtls_cmac_self_test( int verbose ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_AES_C) /* AES-128 */ diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 047bb2a3e1..281dc4fe1d 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -34,6 +34,7 @@ #include "mbedtls/ctr_drbg.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -319,7 +320,7 @@ int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx, size_t add_len ) { unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN]; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( add_len == 0 ) return( 0 ); @@ -367,7 +368,7 @@ static int mbedtls_ctr_drbg_reseed_internal( mbedtls_ctr_drbg_context *ctx, { unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); @@ -452,7 +453,7 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx, const unsigned char *custom, size_t len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE]; size_t nonce_len; @@ -590,7 +591,7 @@ exit: int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, size_t output_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng; #if defined(MBEDTLS_THREADING_C) diff --git a/library/dhm.c b/library/dhm.c index 8255632a99..392ed0c150 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -37,6 +37,7 @@ #include "mbedtls/dhm.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -137,7 +138,7 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, unsigned char **p, const unsigned char *end ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; DHM_VALIDATE_RET( ctx != NULL ); DHM_VALIDATE_RET( p != NULL && *p != NULL ); DHM_VALIDATE_RET( end != NULL ); @@ -239,7 +240,7 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, const mbedtls_mpi *P, const mbedtls_mpi *G ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; DHM_VALIDATE_RET( ctx != NULL ); DHM_VALIDATE_RET( P != NULL ); DHM_VALIDATE_RET( G != NULL ); @@ -260,7 +261,7 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, const unsigned char *input, size_t ilen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; DHM_VALIDATE_RET( ctx != NULL ); DHM_VALIDATE_RET( input != NULL ); @@ -396,7 +397,7 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi GYb; DHM_VALIDATE_RET( ctx != NULL ); DHM_VALIDATE_RET( output != NULL ); @@ -473,7 +474,7 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ) int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; unsigned char *p, *end; #if defined(MBEDTLS_PEM_PARSE_C) @@ -627,7 +628,7 @@ static int load_file( const char *path, unsigned char **buf, size_t *n ) */ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; unsigned char *buf; DHM_VALIDATE_RET( dhm != NULL ); @@ -679,7 +680,7 @@ static const size_t mbedtls_test_dhm_params_len = sizeof( mbedtls_test_dhm_param */ int mbedtls_dhm_self_test( int verbose ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_dhm_context dhm; mbedtls_dhm_init( &dhm ); diff --git a/library/ecdh.c b/library/ecdh.c index 914eb5055d..3cf5333712 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -36,6 +36,7 @@ #include "mbedtls/ecdh.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -80,7 +81,7 @@ static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp, void *p_rng, mbedtls_ecp_restart_ctx *rs_ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* If multiplication is in progress, we already generated a privkey */ #if defined(MBEDTLS_ECP_RESTARTABLE) @@ -121,7 +122,7 @@ static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp, void *p_rng, mbedtls_ecp_restart_ctx *rs_ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point P; mbedtls_ecp_point_init( &P ); @@ -199,7 +200,7 @@ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ) static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx, mbedtls_ecp_group_id grp_id ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ret = mbedtls_ecp_group_load( &ctx->grp, grp_id ); if( ret != 0 ) @@ -307,7 +308,7 @@ static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx, void *p_rng, int restart_enabled ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t grp_len, pt_len; #if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx *rs_ctx = NULL; @@ -414,7 +415,7 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, const unsigned char **buf, const unsigned char *end ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group_id grp_id; ECDH_VALIDATE_RET( ctx != NULL ); ECDH_VALIDATE_RET( buf != NULL ); @@ -451,7 +452,7 @@ static int ecdh_get_params_internal( mbedtls_ecdh_context_mbed *ctx, const mbedtls_ecp_keypair *key, mbedtls_ecdh_side side ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* If it's not our key, just import the public part as Qp */ if( side == MBEDTLS_ECDH_THEIRS ) @@ -475,7 +476,7 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, mbedtls_ecdh_side side ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ECDH_VALIDATE_RET( ctx != NULL ); ECDH_VALIDATE_RET( key != NULL ); ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS || @@ -530,7 +531,7 @@ static int ecdh_make_public_internal( mbedtls_ecdh_context_mbed *ctx, void *p_rng, int restart_enabled ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif @@ -602,7 +603,7 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx, const unsigned char *buf, size_t blen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *p = buf; if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p, @@ -652,7 +653,7 @@ static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx, void *p_rng, int restart_enabled ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif diff --git a/library/ecdsa.c b/library/ecdsa.c index bda9262c9e..a6ba75d1ce 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -51,6 +51,7 @@ #endif #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" /* Parameter validation macros based on platform_util.h */ #define ECDSA_VALIDATE_RET( cond ) \ @@ -229,7 +230,7 @@ static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx ) static int derive_mpi( const mbedtls_ecp_group *grp, mbedtls_mpi *x, const unsigned char *buf, size_t blen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n_size = ( grp->nbits + 7 ) / 8; size_t use_size = blen > n_size ? n_size : blen; @@ -429,7 +430,7 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp, void *p_rng_blind, mbedtls_ecdsa_restart_ctx *rs_ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_hmac_drbg_context rng_ctx; mbedtls_hmac_drbg_context *p_rng = &rng_ctx; unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES]; @@ -599,7 +600,7 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, const mbedtls_mpi *r, const mbedtls_mpi *s, mbedtls_ecdsa_restart_ctx *rs_ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi e, s_inv, u1, u2; mbedtls_ecp_point R; mbedtls_mpi *pu1 = &u1, *pu2 = &u2; @@ -723,7 +724,7 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s, unsigned char *sig, size_t *slen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char buf[MBEDTLS_ECDSA_MAX_LEN]; unsigned char *p = buf + sizeof( buf ); size_t len = 0; @@ -752,7 +753,7 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, void *p_rng, mbedtls_ecdsa_restart_ctx *rs_ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi r, s; ECDSA_VALIDATE_RET( ctx != NULL ); ECDSA_VALIDATE_RET( hash != NULL ); @@ -845,7 +846,7 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx, const unsigned char *sig, size_t slen, mbedtls_ecdsa_restart_ctx *rs_ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = (unsigned char *) sig; const unsigned char *end = sig + slen; size_t len; @@ -925,7 +926,7 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, */ int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ECDSA_VALIDATE_RET( ctx != NULL ); ECDSA_VALIDATE_RET( key != NULL ); diff --git a/library/ecjpake.c b/library/ecjpake.c index 1845c936ab..79ea3cbec4 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -34,6 +34,7 @@ #include "mbedtls/ecjpake.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -110,7 +111,7 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, const unsigned char *secret, size_t len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ECJPAKE_VALIDATE_RET( ctx != NULL ); ECJPAKE_VALIDATE_RET( role == MBEDTLS_ECJPAKE_CLIENT || @@ -159,7 +160,7 @@ static int ecjpake_write_len_point( unsigned char **p, const int pf, const mbedtls_ecp_point *P ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; /* Need at least 4 for length plus 1 for point */ @@ -199,7 +200,7 @@ static int ecjpake_hash( const mbedtls_md_info_t *md_info, const char *id, mbedtls_mpi *h ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char buf[ECJPAKE_HASH_BUF_LEN]; unsigned char *p = buf; const unsigned char *end = buf + sizeof( buf ); @@ -249,7 +250,7 @@ static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info, const unsigned char **p, const unsigned char *end ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point V, VV; mbedtls_mpi r, h; size_t r_len; @@ -324,7 +325,7 @@ static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point V; mbedtls_mpi v; mbedtls_mpi h; /* later recycled to hold r */ @@ -382,7 +383,7 @@ static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info, const unsigned char **p, const unsigned char *end ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( end < *p ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); @@ -422,7 +423,7 @@ static int ecjpake_kkp_write( const mbedtls_md_info_t *md_info, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; if( end < *p ) @@ -457,7 +458,7 @@ static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info, const unsigned char *buf, size_t len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *p = buf; const unsigned char *end = buf + len; @@ -495,7 +496,7 @@ static int ecjpake_kkpp_write( const mbedtls_md_info_t *md_info, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = buf; const unsigned char *end = buf + len; @@ -553,7 +554,7 @@ static int ecjpake_ecp_add3( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_ecp_point *B, const mbedtls_ecp_point *C ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi one; mbedtls_mpi_init( &one ); @@ -575,7 +576,7 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, const unsigned char *buf, size_t len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *p = buf; const unsigned char *end = buf + len; mbedtls_ecp_group grp; @@ -639,7 +640,7 @@ static int ecjpake_mul_secret( mbedtls_mpi *R, int sign, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi b; /* Blinding value, then s + N * blinding */ mbedtls_mpi_init( &b ); @@ -668,7 +669,7 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point G; /* C: GA, S: GB */ mbedtls_ecp_point Xm; /* C: Xc, S: Xs */ mbedtls_mpi xm; /* C: xc, S: xs */ @@ -750,7 +751,7 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point K; mbedtls_mpi m_xm2_s, one; unsigned char kx[MBEDTLS_ECP_MAX_BYTES]; @@ -956,7 +957,7 @@ static int ecjpake_test_load( mbedtls_ecjpake_context *ctx, const unsigned char *xm1, size_t len1, const unsigned char *xm2, size_t len2 ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm1, xm1, len1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm2, xm2, len2 ) ); @@ -1004,7 +1005,7 @@ static int ecjpake_lgc( void *p, unsigned char *out, size_t len ) */ int mbedtls_ecjpake_self_test( int verbose ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecjpake_context cli; mbedtls_ecjpake_context srv; unsigned char buf[512], pms[32]; diff --git a/library/ecp.c b/library/ecp.c index c281d84195..1ad169742a 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -81,6 +81,7 @@ #include "mbedtls/ecp.h" #include "mbedtls/threading.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -634,7 +635,7 @@ void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ) */ int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ECP_VALIDATE_RET( P != NULL ); ECP_VALIDATE_RET( Q != NULL ); @@ -662,7 +663,7 @@ int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src */ int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ECP_VALIDATE_RET( pt != NULL ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->X , 1 ) ); @@ -708,7 +709,7 @@ int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix, const char *x, const char *y ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ECP_VALIDATE_RET( P != NULL ); ECP_VALIDATE_RET( x != NULL ); ECP_VALIDATE_RET( y != NULL ); @@ -903,7 +904,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp int format, size_t *olen, unsigned char *buf, size_t blen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ECP_VALIDATE_RET( grp != NULL ); ECP_VALIDATE_RET( pt != NULL ); ECP_VALIDATE_RET( olen != NULL ); @@ -936,7 +937,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group_id grp_id; ECP_VALIDATE_RET( grp != NULL ); ECP_VALIDATE_RET( buf != NULL ); @@ -1031,7 +1032,7 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, */ static int ecp_modp( mbedtls_mpi *N, const mbedtls_ecp_group *grp ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( grp->modp == NULL ) return( mbedtls_mpi_mod_mpi( N, N, &grp->P ) ); @@ -1088,7 +1089,7 @@ static inline int mbedtls_mpi_mul_mod( const mbedtls_ecp_group *grp, const mbedtls_mpi *A, const mbedtls_mpi *B ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( X, A, B ) ); MOD_MUL( *X ); cleanup: @@ -1108,7 +1109,7 @@ static inline int mbedtls_mpi_sub_mod( const mbedtls_ecp_group *grp, const mbedtls_mpi *A, const mbedtls_mpi *B ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( X, A, B ) ); MOD_SUB( *X ); cleanup: @@ -1129,7 +1130,7 @@ static inline int mbedtls_mpi_add_mod( const mbedtls_ecp_group *grp, const mbedtls_mpi *A, const mbedtls_mpi *B ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, A, B ) ); MOD_ADD( *X ); cleanup: @@ -1140,7 +1141,7 @@ static inline int mbedtls_mpi_shift_l_mod( const mbedtls_ecp_group *grp, mbedtls_mpi *X, size_t count ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( X, count ) ); MOD_ADD( *X ); cleanup: @@ -1162,7 +1163,7 @@ cleanup: */ static int ecp_normalize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi Zi, ZZi; if( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 ) @@ -1214,7 +1215,7 @@ cleanup: static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, mbedtls_ecp_point *T[], size_t T_size ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; mbedtls_mpi *c, u, Zi, ZZi; @@ -1303,7 +1304,7 @@ static int ecp_safe_invert_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *Q, unsigned char inv ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char nonzero; mbedtls_mpi mQY; @@ -1337,7 +1338,7 @@ cleanup: static int ecp_double_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_ecp_point *P ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi M, S, T, U; #if defined(MBEDTLS_SELF_TEST) @@ -1433,7 +1434,7 @@ cleanup: static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi T1, T2, T3, T4, X, Y, Z; #if defined(MBEDTLS_SELF_TEST) @@ -1521,7 +1522,7 @@ cleanup: static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi l, ll; size_t p_size; int count = 0; @@ -1693,7 +1694,7 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, unsigned char w, size_t d, mbedtls_ecp_restart_ctx *rs_ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char i; size_t j = 0; const unsigned char T_size = 1U << ( w - 1 ); @@ -1829,7 +1830,7 @@ static int ecp_select_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_ecp_point T[], unsigned char T_size, unsigned char i ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char ii, j; /* Ignore the "sign" bit and scale down */ @@ -1862,7 +1863,7 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R void *p_rng, mbedtls_ecp_restart_ctx *rs_ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point Txi; size_t i; @@ -1942,7 +1943,7 @@ static int ecp_comb_recode_scalar( const mbedtls_ecp_group *grp, unsigned char w, unsigned char *parity_trick ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi M, mm; mbedtls_mpi_init( &M ); @@ -1988,7 +1989,7 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, void *p_rng, mbedtls_ecp_restart_ctx *rs_ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char parity_trick; unsigned char k[COMB_MAX_D + 1]; mbedtls_ecp_point *RR = R; @@ -2083,7 +2084,7 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, void *p_rng, mbedtls_ecp_restart_ctx *rs_ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char w, p_eq_g, i; size_t d; unsigned char T_size, T_ok; @@ -2215,7 +2216,7 @@ cleanup: */ static int ecp_normalize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) if( mbedtls_internal_ecp_grp_capable( grp ) ) @@ -2241,7 +2242,7 @@ cleanup: static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi l; size_t p_size; int count = 0; @@ -2296,7 +2297,7 @@ static int ecp_double_add_mxz( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q, const mbedtls_mpi *d ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi A, AA, B, BB, E, C, D, DA, CB; #if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) @@ -2344,7 +2345,7 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; unsigned char b; mbedtls_ecp_point RP; @@ -2484,7 +2485,7 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, */ static int ecp_check_pubkey_sw( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi YY, RHS; /* pt coordinates must be normalized for our checks */ @@ -2537,7 +2538,7 @@ static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp, const mbedtls_ecp_point *P, mbedtls_ecp_restart_ctx *rs_ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( mbedtls_mpi_cmp_int( m, 1 ) == 0 ) { @@ -2569,7 +2570,7 @@ int mbedtls_ecp_muladd_restartable( const mbedtls_mpi *n, const mbedtls_ecp_point *Q, mbedtls_ecp_restart_ctx *rs_ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point mP; mbedtls_ecp_point *pmP = &mP; mbedtls_ecp_point *pR = R; @@ -2846,7 +2847,7 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ECP_VALIDATE_RET( grp != NULL ); ECP_VALIDATE_RET( d != NULL ); ECP_VALIDATE_RET( G != NULL ); @@ -2882,7 +2883,7 @@ int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ECP_VALIDATE_RET( key != NULL ); ECP_VALIDATE_RET( f_rng != NULL ); @@ -2966,7 +2967,7 @@ cleanup: */ int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point Q; mbedtls_ecp_group grp; ECP_VALIDATE_RET( pub != NULL ); @@ -3012,7 +3013,7 @@ cleanup: */ int mbedtls_ecp_self_test( int verbose ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; mbedtls_ecp_group grp; mbedtls_ecp_point R, P; diff --git a/library/ecp_curves.c b/library/ecp_curves.c index dcc70739d0..a24a50c031 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -29,6 +29,7 @@ #include "mbedtls/ecp.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -669,7 +670,7 @@ static int ecp_mod_p256k1( mbedtls_mpi * ); */ static int ecp_use_curve25519( mbedtls_ecp_group *grp ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Actually ( A + 2 ) / 4 */ MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->A, 16, "01DB42" ) ); @@ -709,7 +710,7 @@ cleanup: static int ecp_use_curve448( mbedtls_ecp_group *grp ) { mbedtls_mpi Ns; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi_init( &Ns ); @@ -900,7 +901,7 @@ static inline void carry64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry ) */ static int ecp_mod_p192( mbedtls_mpi *N ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi_uint c = 0; mbedtls_mpi_uint *p, *end; @@ -991,7 +992,7 @@ static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry ) * (see fix_negative for the motivation of C) */ #define INIT( b ) \ - int ret; \ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; \ signed char c = 0, cc; \ uint32_t cur; \ size_t i = 0, bits = (b); \ @@ -1027,7 +1028,7 @@ static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry ) */ static inline int fix_negative( mbedtls_mpi *N, signed char c, mbedtls_mpi *C, size_t bits ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* C = - c * 2^(bits + 32) */ #if !defined(MBEDTLS_HAVE_INT64) @@ -1185,7 +1186,7 @@ cleanup: */ static int ecp_mod_p521( mbedtls_mpi *N ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; mbedtls_mpi M; mbedtls_mpi_uint Mp[P521_WIDTH + 1]; @@ -1234,7 +1235,7 @@ cleanup: */ static int ecp_mod_p255( mbedtls_mpi *N ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; mbedtls_mpi M; mbedtls_mpi_uint Mp[P255_WIDTH + 2]; @@ -1291,7 +1292,7 @@ cleanup: */ static int ecp_mod_p448( mbedtls_mpi *N ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; mbedtls_mpi M, Q; mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH]; @@ -1353,7 +1354,7 @@ cleanup: static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs, size_t adjust, size_t shift, mbedtls_mpi_uint mask ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; mbedtls_mpi M, R; mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1]; diff --git a/library/entropy.c b/library/entropy.c index d7091cbf78..ad6de2307f 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -36,6 +36,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/entropy_poll.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -236,7 +237,7 @@ cleanup: int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx, const unsigned char *data, size_t len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) @@ -308,7 +309,7 @@ cleanup: */ int mbedtls_entropy_gather( mbedtls_entropy_context *ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 4556f88a55..c9b2c95c60 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -36,6 +36,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/entropy_poll.h" +#include "mbedtls/error.h" #if defined(MBEDTLS_TIMING_C) #include "mbedtls/timing.h" @@ -121,7 +122,7 @@ int mbedtls_platform_entropy_poll( void *data, { FILE *file; size_t read_len; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ((void) data); #if defined(HAVE_GETRANDOM) diff --git a/library/gcm.c b/library/gcm.c index 5121a7ac7e..26f6010a01 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -39,6 +39,7 @@ #include "mbedtls/gcm.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -168,7 +169,7 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, const unsigned char *key, unsigned int keybits ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info; GCM_VALIDATE_RET( ctx != NULL ); @@ -280,7 +281,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, const unsigned char *add, size_t add_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char work_buf[16]; size_t i; const unsigned char *p; @@ -365,7 +366,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, const unsigned char *input, unsigned char *output ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char ectr[16]; size_t i; const unsigned char *p; @@ -476,7 +477,7 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, size_t tag_len, unsigned char *tag ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; GCM_VALIDATE_RET( ctx != NULL ); GCM_VALIDATE_RET( iv != NULL ); @@ -508,7 +509,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, const unsigned char *input, unsigned char *output ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char check_tag[16]; size_t i; int diff; diff --git a/library/hkdf.c b/library/hkdf.c index 82d8a429f4..379035ddbb 100644 --- a/library/hkdf.c +++ b/library/hkdf.c @@ -29,13 +29,14 @@ #include #include "mbedtls/hkdf.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char prk[MBEDTLS_MD_MAX_SIZE]; ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, prk ); diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index f71c95c448..f811885c9f 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -35,6 +35,7 @@ #include "mbedtls/hmac_drbg.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -127,7 +128,7 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, const mbedtls_md_info_t * md_info, const unsigned char *data, size_t data_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 ) return( ret ); @@ -159,7 +160,7 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx, { unsigned char seed[MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; { size_t total_entropy_len; @@ -251,7 +252,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, const unsigned char *custom, size_t len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t md_size; if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 ) @@ -329,7 +330,7 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng, unsigned char *output, size_t out_len, const unsigned char *additional, size_t add_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng; size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info ); size_t left = out_len; @@ -398,7 +399,7 @@ exit: */ int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng; #if defined(MBEDTLS_THREADING_C) @@ -434,7 +435,7 @@ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx ) #if defined(MBEDTLS_FS_IO) int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; FILE *f; unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ]; diff --git a/library/md.c b/library/md.c index e1b5183b6a..b2352034b8 100644 --- a/library/md.c +++ b/library/md.c @@ -34,6 +34,7 @@ #include "mbedtls/md.h" #include "mbedtls/md_internal.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include "mbedtls/md2.h" #include "mbedtls/md4.h" @@ -643,7 +644,7 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si #if defined(MBEDTLS_FS_IO) int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; FILE *f; size_t n; mbedtls_md_context_t ctx; @@ -683,7 +684,7 @@ cleanup: int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char sum[MBEDTLS_MD_MAX_SIZE]; unsigned char *ipad, *opad; size_t i; @@ -738,7 +739,7 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char tmp[MBEDTLS_MD_MAX_SIZE]; unsigned char *opad; @@ -762,7 +763,7 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *ipad; if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) @@ -781,7 +782,7 @@ int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, unsigned char *output ) { mbedtls_md_context_t ctx; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( md_info == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); diff --git a/library/md2.c b/library/md2.c index 1c0b3df52d..82aed8e73c 100644 --- a/library/md2.c +++ b/library/md2.c @@ -35,6 +35,7 @@ #include "mbedtls/md2.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -170,7 +171,7 @@ int mbedtls_md2_update_ret( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; while( ilen > 0 ) @@ -212,7 +213,7 @@ void mbedtls_md2_update( mbedtls_md2_context *ctx, int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx, unsigned char output[16] ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; unsigned char x; @@ -250,7 +251,7 @@ int mbedtls_md2_ret( const unsigned char *input, size_t ilen, unsigned char output[16] ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md2_context ctx; mbedtls_md2_init( &ctx ); diff --git a/library/md4.c b/library/md4.c index 828fd42999..6a658e31d4 100644 --- a/library/md4.c +++ b/library/md4.c @@ -35,6 +35,7 @@ #include "mbedtls/md4.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -253,7 +254,7 @@ int mbedtls_md4_update_ret( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; uint32_t left; @@ -323,7 +324,7 @@ static const unsigned char md4_padding[64] = int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx, unsigned char output[16] ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t last, padn; uint32_t high, low; unsigned char msglen[8]; @@ -371,7 +372,7 @@ int mbedtls_md4_ret( const unsigned char *input, size_t ilen, unsigned char output[16] ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md4_context ctx; mbedtls_md4_init( &ctx ); diff --git a/library/md5.c b/library/md5.c index a93da8a061..2306855f46 100644 --- a/library/md5.c +++ b/library/md5.c @@ -34,6 +34,7 @@ #include "mbedtls/md5.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -259,7 +260,7 @@ int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; uint32_t left; @@ -318,7 +319,7 @@ void mbedtls_md5_update( mbedtls_md5_context *ctx, int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t used; uint32_t high, low; @@ -386,7 +387,7 @@ int mbedtls_md5_ret( const unsigned char *input, size_t ilen, unsigned char output[16] ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md5_context ctx; mbedtls_md5_init( &ctx ); diff --git a/library/nist_kw.c b/library/nist_kw.c index 317a2426ae..03e807202d 100644 --- a/library/nist_kw.c +++ b/library/nist_kw.c @@ -39,6 +39,7 @@ #include "mbedtls/nist_kw.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include #include @@ -116,7 +117,7 @@ int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx, unsigned int keybits, const int is_wrap ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info; cipher_info = mbedtls_cipher_info_from_values( cipher, diff --git a/library/oid.c b/library/oid.c index 27c455e877..891d3cdea9 100644 --- a/library/oid.c +++ b/library/oid.c @@ -31,6 +31,7 @@ #include "mbedtls/oid.h" #include "mbedtls/rsa.h" +#include "mbedtls/error.h" #include #include @@ -732,7 +733,7 @@ FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pb int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, n; unsigned int value; char *p; diff --git a/library/pem.c b/library/pem.c index 897c8a0d6f..31f4a9a25e 100644 --- a/library/pem.c +++ b/library/pem.c @@ -34,6 +34,7 @@ #include "mbedtls/md5.h" #include "mbedtls/cipher.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -85,7 +86,7 @@ static int pem_pbkdf1( unsigned char *key, size_t keylen, mbedtls_md5_context md5_ctx; unsigned char md5sum[16]; size_t use_len; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md5_init( &md5_ctx ); @@ -146,7 +147,7 @@ static int pem_des_decrypt( unsigned char des_iv[8], { mbedtls_des_context des_ctx; unsigned char des_key[8]; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_des_init( &des_ctx ); @@ -174,7 +175,7 @@ static int pem_des3_decrypt( unsigned char des3_iv[8], { mbedtls_des3_context des3_ctx; unsigned char des3_key[24]; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_des3_init( &des3_ctx ); @@ -204,7 +205,7 @@ static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, { mbedtls_aes_context aes_ctx; unsigned char aes_key[32]; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_aes_init( &aes_ctx ); @@ -439,7 +440,7 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer, const unsigned char *der_data, size_t der_len, unsigned char *buf, size_t buf_len, size_t *olen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *encode_buf = NULL, *c, *p = buf; size_t len = 0, use_len, add_len = 0; diff --git a/library/pk.c b/library/pk.c index e93ccfdab9..fc166728b5 100644 --- a/library/pk.c +++ b/library/pk.c @@ -30,6 +30,7 @@ #include "mbedtls/pk_internal.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" @@ -297,7 +298,7 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, mbedtls_ecp_restart_is_enabled() && ctx->pk_info->verify_rs_func != NULL ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 ) return( ret ); @@ -354,7 +355,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, if( type == MBEDTLS_PK_RSASSA_PSS ) { #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_pk_rsassa_pss_options *pss_opts; #if SIZE_MAX > UINT_MAX @@ -420,7 +421,7 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, mbedtls_ecp_restart_is_enabled() && ctx->pk_info->sign_rs_func != NULL ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 ) return( ret ); @@ -604,7 +605,7 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, psa_ecc_curve_t curve_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* export the private key material in the format PSA wants */ if( mbedtls_pk_get_type( pk ) != MBEDTLS_PK_ECKEY ) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 702c3bbb41..266ee7fa4d 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -27,6 +27,7 @@ #if defined(MBEDTLS_PK_C) #include "mbedtls/pk_internal.h" +#include "mbedtls/error.h" /* Even if RSA not activated, for the sake of RSA-alt */ #include "mbedtls/rsa.h" @@ -83,7 +84,7 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; size_t rsa_len = mbedtls_rsa_get_len( rsa ); @@ -248,7 +249,7 @@ static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecdsa_context ecdsa; mbedtls_ecdsa_init( &ecdsa ); @@ -266,7 +267,7 @@ static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecdsa_context ecdsa; mbedtls_ecdsa_init( &ecdsa ); @@ -340,7 +341,7 @@ static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *sig, size_t sig_len, void *rs_ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; eckey_restart_ctx *rs = rs_ctx; /* Should never happen */ @@ -365,7 +366,7 @@ static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, void *rs_ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; eckey_restart_ctx *rs = rs_ctx; /* Should never happen */ @@ -490,7 +491,7 @@ static int ecdsa_can_do( mbedtls_pk_type_t type ) static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end, unsigned char *to, size_t to_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t unpadded_len, padding_len; if( ( ret = mbedtls_asn1_get_tag( from, end, &unpadded_len, @@ -524,7 +525,7 @@ static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end static int extract_ecdsa_sig( unsigned char **p, const unsigned char *end, unsigned char *sig, size_t int_size ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t tmp_size; if( ( ret = mbedtls_asn1_get_tag( p, end, &tmp_size, @@ -545,7 +546,7 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_handle_t key_handle = 0; psa_status_t status; @@ -630,7 +631,7 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ((void) md_alg); ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx, @@ -658,7 +659,7 @@ static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *sig, size_t sig_len, void *rs_ctx ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ((void) md_alg); ret = mbedtls_ecdsa_read_signature_restartable( @@ -804,7 +805,7 @@ static int rsa_alt_check_pair( const void *pub, const void *prv ) unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; unsigned char hash[32]; size_t sig_len = 0; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); @@ -925,7 +926,7 @@ static int pk_opaque_can_do( mbedtls_pk_type_t type ) static int asn1_write_mpibuf( unsigned char **p, unsigned char *start, size_t n_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; if( (size_t)( *p - start ) < n_len ) @@ -977,7 +978,7 @@ static int asn1_write_mpibuf( unsigned char **p, unsigned char *start, static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len, size_t buf_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; const size_t rs_len = *sig_len / 2; unsigned char *p = sig + buf_len; diff --git a/library/pkcs12.c b/library/pkcs12.c index 7edf064c13..96c64ad63c 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -37,6 +37,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/cipher.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -53,7 +54,7 @@ static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params, mbedtls_asn1_buf *salt, int *iterations ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char **p = ¶ms->p; const unsigned char *end = params->p + params->len; @@ -145,7 +146,7 @@ int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, ((void) output); return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE ); #else - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char key[16]; mbedtls_arc4_context ctx; ((void) mode); @@ -250,7 +251,7 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, const unsigned char *salt, size_t saltlen, mbedtls_md_type_t md_type, int id, int iterations ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned int j; unsigned char diversifier[128]; diff --git a/library/pkcs5.c b/library/pkcs5.c index 3d29fd7e59..8832322257 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -38,6 +38,7 @@ #if defined(MBEDTLS_PKCS5_C) #include "mbedtls/pkcs5.h" +#include "mbedtls/error.h" #if defined(MBEDTLS_ASN1_PARSE_C) #include "mbedtls/asn1.h" @@ -59,7 +60,7 @@ static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params, mbedtls_asn1_buf *salt, int *iterations, int *keylen, mbedtls_md_type_t *md_type ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_asn1_buf prf_alg_oid; unsigned char *p = params->p; const unsigned char *end = params->p + params->len; diff --git a/library/pkparse.c b/library/pkparse.c index ae210bca6a..596dae919f 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -31,6 +31,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -130,7 +131,7 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ) int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, const char *path, const char *pwd ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; unsigned char *buf; @@ -157,7 +158,7 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, */ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; unsigned char *buf; @@ -188,7 +189,7 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) static int pk_get_ecparams( unsigned char **p, const unsigned char *end, mbedtls_asn1_buf *params ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if ( end - *p < 1 ) return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + @@ -243,7 +244,7 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end, */ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = params->p; const unsigned char * const end = params->p + params->len; const unsigned char *end_field, *end_curve; @@ -433,7 +434,7 @@ cleanup: static int pk_group_id_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group_id *grp_id ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group grp; mbedtls_ecp_group_init( &grp ); @@ -460,7 +461,7 @@ cleanup: */ static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group_id grp_id; if( params->tag == MBEDTLS_ASN1_OID ) @@ -500,7 +501,7 @@ static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *g static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end, mbedtls_ecp_keypair *key ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q, (const unsigned char *) *p, end - *p ) ) == 0 ) @@ -528,7 +529,7 @@ static int pk_get_rsapubkey( unsigned char **p, const unsigned char *end, mbedtls_rsa_context *rsa ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; if( ( ret = mbedtls_asn1_get_tag( p, end, &len, @@ -583,7 +584,7 @@ static int pk_get_pk_alg( unsigned char **p, const unsigned char *end, mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_asn1_buf alg_oid; memset( params, 0, sizeof(mbedtls_asn1_buf) ); @@ -615,7 +616,7 @@ static int pk_get_pk_alg( unsigned char **p, int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, mbedtls_pk_context *pk ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; mbedtls_asn1_buf alg_params; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; @@ -811,7 +812,7 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, const unsigned char *key, size_t keylen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int version, pubkey_done; size_t len; mbedtls_asn1_buf params; @@ -1164,7 +1165,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_pk_info_t *pk_info; #if defined(MBEDTLS_PEM_PARSE_C) size_t len; @@ -1376,7 +1377,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, const unsigned char *key, size_t keylen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p; #if defined(MBEDTLS_RSA_C) const mbedtls_pk_info_t *pk_info; diff --git a/library/pkwrite.c b/library/pkwrite.c index c2c5623484..49a21bf08b 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -31,6 +31,7 @@ #include "mbedtls/asn1write.h" #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -77,7 +78,7 @@ static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start, mbedtls_rsa_context *rsa ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; mbedtls_mpi T; @@ -116,7 +117,7 @@ end_of_export: static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start, mbedtls_ecp_keypair *ec ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN]; @@ -144,7 +145,7 @@ static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start, static int pk_write_ec_param( unsigned char **p, unsigned char *start, mbedtls_ecp_keypair *ec ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; const char *oid; size_t oid_len; @@ -163,7 +164,7 @@ static int pk_write_ec_param( unsigned char **p, unsigned char *start, static int pk_write_ec_private( unsigned char **p, unsigned char *start, mbedtls_ecp_keypair *ec ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t byte_length = ( ec->grp.pbits + 7 ) / 8; unsigned char tmp[MBEDTLS_ECP_MAX_BYTES]; @@ -181,7 +182,7 @@ exit: int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, const mbedtls_pk_context *key ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; PK_VALIDATE_RET( p != NULL ); @@ -229,7 +230,7 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, size_t size ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *c; size_t len = 0, par_len = 0, oid_len; mbedtls_pk_type_t pk_type; @@ -315,7 +316,7 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *c; size_t len = 0; @@ -558,7 +559,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_ int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char output_buf[PUB_DER_MAX_BYTES]; size_t olen = 0; @@ -583,7 +584,7 @@ int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, si int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char output_buf[PRV_DER_MAX_BYTES]; const char *begin, *end; size_t olen = 0; diff --git a/library/platform.c b/library/platform.c index 5756159543..420d09ea1e 100644 --- a/library/platform.c +++ b/library/platform.c @@ -29,6 +29,7 @@ #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" /* The compile time configuration of memory allocation via the macros * MBEDTLS_PLATFORM_{FREE/CALLOC}_MACRO takes precedence over the runtime @@ -86,7 +87,7 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ), #include int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; va_list argp; va_start( argp, fmt ); @@ -131,7 +132,7 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, #include int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Avoid calling the invalid parameter handler by checking ourselves */ if( s == NULL || n == 0 || fmt == NULL ) diff --git a/library/poly1305.c b/library/poly1305.c index 2b56c5f7ef..bc1e8a6496 100644 --- a/library/poly1305.c +++ b/library/poly1305.c @@ -30,6 +30,7 @@ #include "mbedtls/poly1305.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -423,7 +424,7 @@ int mbedtls_poly1305_mac( const unsigned char key[32], unsigned char mac[16] ) { mbedtls_poly1305_context ctx; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; POLY1305_VALIDATE_RET( key != NULL ); POLY1305_VALIDATE_RET( mac != NULL ); POLY1305_VALIDATE_RET( ilen == 0 || input != NULL ); @@ -529,7 +530,7 @@ int mbedtls_poly1305_self_test( int verbose ) { unsigned char mac[16]; unsigned i; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; for( i = 0U; i < 2U; i++ ) { diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b98a4629d8..c82cae9fe4 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -75,6 +75,7 @@ #include "mbedtls/pk.h" #include "mbedtls/pk_internal.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include "mbedtls/ripemd160.h" #include "mbedtls/rsa.h" #include "mbedtls/sha1.h" @@ -1147,7 +1148,7 @@ static psa_status_t psa_get_rsa_public_exponent( psa_key_attributes_t *attributes ) { mbedtls_mpi mpi; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint8_t *buffer = NULL; size_t buflen; mbedtls_mpi_init( &mpi ); @@ -1251,7 +1252,7 @@ psa_status_t psa_get_key_slot_number( static int pk_write_pubkey_simple( mbedtls_pk_context *key, unsigned char *buf, size_t size ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *c; size_t len = 0; @@ -1336,7 +1337,7 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { mbedtls_pk_context pk; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { #if defined(MBEDTLS_RSA_C) @@ -1784,7 +1785,7 @@ static psa_status_t psa_validate_optional_attributes( if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { mbedtls_mpi actual, required; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi_init( &actual ); mbedtls_mpi_init( &required ); ret = mbedtls_rsa_export( slot->data.rsa, @@ -2107,7 +2108,7 @@ psa_status_t psa_hash_abort( psa_hash_operation_t *operation ) psa_status_t psa_hash_setup( psa_hash_operation_t *operation, psa_algorithm_t alg ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* A context must be freshly initialized before it can be set up. */ if( operation->alg != 0 ) @@ -2183,7 +2184,7 @@ psa_status_t psa_hash_update( psa_hash_operation_t *operation, const uint8_t *input, size_t input_length ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Don't require hash implementations to behave correctly on a * zero-length input, which may have an invalid pointer. */ @@ -2251,7 +2252,7 @@ psa_status_t psa_hash_finish( psa_hash_operation_t *operation, size_t *hash_length ) { psa_status_t status; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t actual_hash_length = PSA_HASH_SIZE( operation->alg ); /* Fill the output buffer with something that isn't a valid hash @@ -2634,7 +2635,7 @@ static int psa_cmac_setup( psa_mac_operation_t *operation, psa_key_slot_t *slot, const mbedtls_cipher_info_t *cipher_info ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; operation->mac_size = cipher_info->block_size; @@ -2755,7 +2756,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, const mbedtls_cipher_info_t *cipher_info = mbedtls_cipher_info_from_psa( full_length_alg, slot->attr.type, key_bits, NULL ); - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( cipher_info == NULL ) { status = PSA_ERROR_NOT_SUPPORTED; @@ -3107,7 +3108,7 @@ static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa, size_t *signature_length ) { psa_status_t status; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_alg; status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); @@ -3165,7 +3166,7 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, size_t signature_length ) { psa_status_t status; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_alg; status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); @@ -3231,7 +3232,7 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp, size_t signature_size, size_t *signature_length ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi r, s; size_t curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); mbedtls_mpi_init( &r ); @@ -3286,7 +3287,7 @@ static psa_status_t psa_ecdsa_verify( mbedtls_ecp_keypair *ecp, const uint8_t *signature, size_t signature_length ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi r, s; size_t curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); mbedtls_mpi_init( &r ); @@ -3525,7 +3526,7 @@ psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle, if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { mbedtls_rsa_context *rsa = slot->data.rsa; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( output_size < mbedtls_rsa_get_len( rsa ) ) return( PSA_ERROR_BUFFER_TOO_SMALL ); #if defined(MBEDTLS_PKCS1_V15) @@ -3604,7 +3605,7 @@ psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle, if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { mbedtls_rsa_context *rsa = slot->data.rsa; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( input_length != mbedtls_rsa_get_len( rsa ) ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -3801,7 +3802,7 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, size_t *iv_length ) { psa_status_t status; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( operation->iv_set || ! operation->iv_required ) { return( PSA_ERROR_BAD_STATE ); @@ -3833,7 +3834,7 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation, size_t iv_length ) { psa_status_t status; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( operation->iv_set || ! operation->iv_required ) { return( PSA_ERROR_BAD_STATE ); @@ -3861,7 +3862,7 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, size_t *output_length ) { psa_status_t status; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t expected_output_size; if( operation->alg == 0 ) @@ -5371,7 +5372,7 @@ exit: psa_status_t psa_generate_random( uint8_t *output, size_t output_size ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; GUARD_MODULE_INITIALIZED; while( output_size > MBEDTLS_CTR_DRBG_MAX_REQUEST ) @@ -5466,7 +5467,7 @@ static psa_status_t psa_generate_key_internal( if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { mbedtls_rsa_context *rsa; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int exponent; psa_status_t status; if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS ) @@ -5508,7 +5509,7 @@ static psa_status_t psa_generate_key_internal( const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id ); mbedtls_ecp_keypair *ecp; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( domain_parameters_size != 0 ) return( PSA_ERROR_NOT_SUPPORTED ); if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL ) diff --git a/library/ripemd160.c b/library/ripemd160.c index 0791ae4cc9..a62f4b824e 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -35,6 +35,7 @@ #include "mbedtls/ripemd160.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -322,7 +323,7 @@ int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx, const unsigned char *input, size_t ilen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; uint32_t left; @@ -390,7 +391,7 @@ static const unsigned char ripemd160_padding[64] = int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx, unsigned char output[20] ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t last, padn; uint32_t high, low; unsigned char msglen[8]; @@ -439,7 +440,7 @@ int mbedtls_ripemd160_ret( const unsigned char *input, size_t ilen, unsigned char output[20] ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ripemd160_context ctx; mbedtls_ripemd160_init( &ctx ); diff --git a/library/rsa.c b/library/rsa.c index a35af44746..3c2f31438c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -49,6 +49,7 @@ #include "mbedtls/rsa_internal.h" #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -98,7 +99,7 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, const mbedtls_mpi *E ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; RSA_VALIDATE_RET( ctx != NULL ); if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) || @@ -392,7 +393,7 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, mbedtls_mpi *D, mbedtls_mpi *E ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int is_priv; RSA_VALIDATE_RET( ctx != NULL ); @@ -436,7 +437,7 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int is_priv; RSA_VALIDATE_RET( ctx != NULL ); @@ -527,7 +528,7 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, void *p_rng, unsigned int nbits, int exponent ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi H, G, L; int prime_quality = 0; RSA_VALIDATE_RET( ctx != NULL ); @@ -719,7 +720,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, const unsigned char *input, unsigned char *output ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; mbedtls_mpi T; RSA_VALIDATE_RET( ctx != NULL ); @@ -832,7 +833,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, const unsigned char *input, unsigned char *output ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; /* Temporary holding the result */ @@ -1125,7 +1126,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, unsigned char *output ) { size_t olen; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = output; unsigned int hlen; const mbedtls_md_info_t *md_info; @@ -1212,7 +1213,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, unsigned char *output ) { size_t nb_pad, olen; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = output; RSA_VALIDATE_RET( ctx != NULL ); @@ -1322,7 +1323,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, unsigned char *output, size_t output_max_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t ilen, i, pad_len; unsigned char *p, bad, pad_done; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; @@ -1558,7 +1559,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, unsigned char *output, size_t output_max_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t ilen, i, plaintext_max_size; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; /* The following variables take sensitive values: their value must @@ -1774,7 +1775,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, unsigned char *p = sig; unsigned char salt[MBEDTLS_MD_MAX_SIZE]; size_t slen, min_slen, hlen, offset = 0; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t msb; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; @@ -2029,7 +2030,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, const unsigned char *hash, unsigned char *sig ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *sig_try = NULL, *verif = NULL; RSA_VALIDATE_RET( ctx != NULL ); @@ -2151,7 +2152,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, int expected_salt_len, const unsigned char *sig ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t siglen; unsigned char *p; unsigned char *hash_start; @@ -2448,7 +2449,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, */ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; RSA_VALIDATE_RET( dst != NULL ); RSA_VALIDATE_RET( src != NULL ); diff --git a/library/sha1.c b/library/sha1.c index 355c83d2f7..9233943415 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -34,6 +34,7 @@ #include "mbedtls/sha1.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -307,7 +308,7 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; uint32_t left; @@ -368,7 +369,7 @@ void mbedtls_sha1_update( mbedtls_sha1_context *ctx, int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t used; uint32_t high, low; @@ -440,7 +441,7 @@ int mbedtls_sha1_ret( const unsigned char *input, size_t ilen, unsigned char output[20] ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_sha1_context ctx; SHA1_VALIDATE_RET( ilen == 0 || input != NULL ); diff --git a/library/sha256.c b/library/sha256.c index 2dc0e1a2c9..087a8e349c 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -34,6 +34,7 @@ #include "mbedtls/sha256.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #include @@ -275,7 +276,7 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; uint32_t left; @@ -336,7 +337,7 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx, int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t used; uint32_t high, low; @@ -414,7 +415,7 @@ int mbedtls_sha256_ret( const unsigned char *input, unsigned char output[32], int is224 ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_sha256_context ctx; SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); diff --git a/library/sha512.c b/library/sha512.c index 2e2b797872..fa4025653d 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -34,6 +34,7 @@ #include "mbedtls/sha512.h" #include "mbedtls/platform_util.h" +#include "mbedtls/error.h" #if defined(_MSC_VER) || defined(__WATCOMC__) #define UL64(x) x##ui64 @@ -323,7 +324,7 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char *input, size_t ilen ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; unsigned int left; @@ -383,7 +384,7 @@ void mbedtls_sha512_update( mbedtls_sha512_context *ctx, int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output[64] ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned used; uint64_t high, low; @@ -463,7 +464,7 @@ int mbedtls_sha512_ret( const unsigned char *input, unsigned char output[64], int is384 ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_sha512_context ctx; SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 ); From 49af2d3a4f1f51ec0c842df41b293b348574ec3f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 6 Dec 2019 19:20:13 +0100 Subject: [PATCH 54/65] Support non-ASCII characters in headers Filter out non-ASCII characters in automatically processed headers. Do this in a way that minimizes the code change: keep manipulating strings, but strip off non-ASCII characters when reading lines, which should only remove characters in comments that we don't parse anyway. --- scripts/generate_psa_constants.py | 11 ++++++++--- tests/scripts/test_psa_constant_names.py | 12 ++++++++---- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index c2d2558094..a9de148d76 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -270,11 +270,16 @@ class MacroCollector: # Other macro without parameter return + _nonascii_re = re.compile(rb'[^\x00-\x7f]+') + _continued_line_re = re.compile(rb'\\\r?\n\Z') def read_file(self, header_file): for line in header_file: - while line.endswith('\\\n'): + m = re.search(self._continued_line_re, line) + while m: cont = next(header_file) - line = line[:-2] + cont + line = line[:m.start(0)] + cont + m = re.search(self._continued_line_re, line) + line = re.sub(self._nonascii_re, rb'', line).decode('ascii') self.read_line(line) @staticmethod @@ -380,7 +385,7 @@ class MacroCollector: def generate_psa_constants(header_file_names, output_file_name): collector = MacroCollector() for header_file_name in header_file_names: - with open(header_file_name) as header_file: + with open(header_file_name, 'rb') as header_file: collector.read_file(header_file) temp_file_name = output_file_name + '.tmp' with open(temp_file_name, 'w') as output_file: diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 7553394f90..4829321374 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -43,12 +43,14 @@ class read_file_lines: except that if process(line) raises an exception, then the read_file_lines snippet annotates the exception with the file name and line number. """ - def __init__(self, filename): + def __init__(self, filename, binary=False): self.filename = filename self.line_number = 'entry' self.generator = None + self.binary = binary def __enter__(self): - self.generator = enumerate(open(self.filename, 'r')) + self.generator = enumerate(open(self.filename, + 'rb' if self.binary else 'r')) return self def __iter__(self): for line_number, content in self.generator: @@ -224,13 +226,15 @@ class Inputs: if m.group(3): self.argspecs[name] = self._argument_split(m.group(3)) + _nonascii_re = re.compile(rb'[^\x00-\x7f]+') def parse_header(self, filename): """Parse a C header file, looking for "#define PSA_xxx".""" - with read_file_lines(filename) as lines: + with read_file_lines(filename, binary=True) as lines: for line in lines: + line = re.sub(self._nonascii_re, rb'', line).decode('ascii') self.parse_header_line(line) - _macro_identifier_re = r'[A-Z]\w+' + _macro_identifier_re = re.compile(r'[A-Z]\w+') def generate_undeclared_names(self, expr): for name in re.findall(self._macro_identifier_re, expr): if name not in self.all_declared: From 325584889d9e8c2ac78f2bdbe212d43781b262d9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 3 Dec 2019 19:03:35 +0100 Subject: [PATCH 55/65] Add option to show what values are tested This is useful to inspect what the script does manually, in particular to check that expected values do get tested. --keep-c provides the same information but in a way that's harder to access. --- tests/scripts/test_psa_constant_names.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 4829321374..585f9decca 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -389,6 +389,8 @@ class Tests: outputs = output.decode('ascii').strip().split('\n') self.count += len(expressions) for expr, value, output in zip(expressions, values, outputs): + if self.options.show: + sys.stdout.write('{} {}\t{}\n'.format(type_word, value, output)) if normalize(expr) != normalize(output): self.errors.append(self.Error(type=type_word, expression=expr, @@ -434,6 +436,12 @@ def main(): parser.add_argument('--program', default='programs/psa/psa_constant_names', help='Program to test') + parser.add_argument('--show', + action='store_true', + help='Keep the intermediate C file') + parser.add_argument('--no-show', + action='store_false', dest='show', + help='Don\'t show tested values (default)') options = parser.parse_args() headers = [os.path.join(options.include[0], h) for h in HEADERS] inputs = gather_inputs(headers, TEST_SUITES) From 667c11141675361b9b7dd025622ffafa48c3cf0b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 3 Dec 2019 19:03:20 +0100 Subject: [PATCH 56/65] Sanity checks for key attributes in exercise_key --- tests/suites/test_suite_psa_crypto.function | 83 +++++++++++++++++++++ 1 file changed, 83 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 83b0c952d9..ba7c192b8b 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -106,6 +106,22 @@ static const size_t INVALID_EXPORT_LENGTH = ~0U; #undef KNOWN_SUPPORTED_CIPHER_KEY_TYPE #endif +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) +int lifetime_is_secure_element( psa_key_lifetime_t lifetime ) +{ + /* At the moment, anything that isn't a built-in lifetime is either + * a secure element or unassigned. */ + return( lifetime != PSA_KEY_LIFETIME_VOLATILE && + lifetime != PSA_KEY_LIFETIME_PERSISTENT ); +} +#else +int lifetime_is_secure_element( psa_key_lifetime_t lifetime ) +{ + (void) lifetime; + return( 0 ); +} +#endif + /** Test if a buffer contains a constant byte value. * * `mem_is_char(buffer, c, size)` is true after `memset(buffer, c, size)`. @@ -212,6 +228,69 @@ static int construct_fake_rsa_key( unsigned char *buffer, return( len ); } +int check_key_attributes_sanity( psa_key_handle_t key ) +{ + int ok = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_lifetime_t lifetime; + psa_key_id_t id; + psa_key_type_t type; + psa_key_type_t bits; + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + lifetime = psa_get_key_lifetime( &attributes ); + id = psa_get_key_id( &attributes ); + type = psa_get_key_type( &attributes ); + bits = psa_get_key_bits( &attributes ); + + /* Persistence */ + if( lifetime == PSA_KEY_LIFETIME_VOLATILE ) + TEST_ASSERT( id == 0 ); + else + { + TEST_ASSERT( + ( PSA_KEY_ID_USER_MIN <= id && id <= PSA_KEY_ID_USER_MAX ) || + ( PSA_KEY_ID_USER_MIN <= id && id <= PSA_KEY_ID_USER_MAX ) ); + } +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + /* randomly-generated 64-bit constant, should never appear in test data */ + psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21; + psa_status_t status = psa_get_key_slot_number( &attributes, &slot_number ); + if( lifetime_is_secure_element( lifetime ) ) + { + /* Mbed Crypto currently always exposes the slot number to + * applications. This is not mandated by the PSA specification + * and may change in future versions. */ + TEST_EQUAL( status, 0 ); + TEST_ASSERT( slot_number != 0xec94d4a5058a1a21 ); + } + else + { + TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT ); + } +#endif + + /* Type and size */ + TEST_ASSERT( type != 0 ); + TEST_ASSERT( bits != 0 ); + TEST_ASSERT( bits <= PSA_MAX_KEY_BITS ); + if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) + TEST_ASSERT( bits % 8 == 0 ); + + /* MAX macros concerning specific key types */ + if( PSA_KEY_TYPE_IS_ECC( type ) ) + TEST_ASSERT( bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS ); + else if( PSA_KEY_TYPE_IS_RSA( type ) ) + TEST_ASSERT( bits <= PSA_VENDOR_RSA_MAX_KEY_BITS ); + TEST_ASSERT( PSA_BLOCK_CIPHER_BLOCK_SIZE( type ) <= PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE ); + + ok = 1; + +exit: + psa_reset_key_attributes( &attributes ); + return( ok ); +} + int exercise_mac_setup( psa_key_type_t key_type, const unsigned char *key_bytes, size_t key_length, @@ -1021,6 +1100,10 @@ static int exercise_key( psa_key_handle_t handle, psa_algorithm_t alg ) { int ok; + + if( ! check_key_attributes_sanity( handle ) ) + return( 0 ); + if( alg == 0 ) ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */ else if( PSA_ALG_IS_MAC( alg ) ) From fb745bf6180b5da37bd78f9528196d8386687c04 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 2 Dec 2019 20:50:16 +0100 Subject: [PATCH 57/65] Fix memory failure handling in test_format_storage_data_check Fail the test instead of crashing if a memory allocation fails. Free memory even if the test fails. --- .../test_suite_psa_crypto_persistent_key.function | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index 115bfea5d3..d4163cdf79 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -32,8 +32,9 @@ void format_storage_data_check( data_t *key_data, int key_lifetime, int key_type, int key_usage, int key_alg, int key_alg2 ) { - uint8_t *file_data; - size_t file_data_length; + uint8_t *file_data = NULL; + size_t file_data_length = + key_data->len + sizeof( psa_persistent_key_storage_format ); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_lifetime( &attributes, key_lifetime ); @@ -42,14 +43,15 @@ void format_storage_data_check( data_t *key_data, psa_set_key_algorithm( &attributes, key_alg ); psa_set_key_enrollment_algorithm( &attributes, key_alg2 ); - file_data_length = key_data->len + sizeof( psa_persistent_key_storage_format ); - file_data = mbedtls_calloc( 1, file_data_length ); + ASSERT_ALLOC( file_data, file_data_length ); psa_format_key_data_for_storage( key_data->x, key_data->len, &attributes.core, file_data ); ASSERT_COMPARE( expected_file_data->x, expected_file_data->len, file_data, file_data_length ); + +exit: mbedtls_free( file_data ); } /* END_CASE */ From 92f2da9d676103d825a0e98859821baa847be5ad Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 6 Dec 2019 21:23:12 +0100 Subject: [PATCH 58/65] More precise descriptions for format and parse tests --- .../test_suite_psa_crypto_persistent_key.data | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data index 8765dfc408..9e5d45a0f0 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.data +++ b/tests/suites/test_suite_psa_crypto_persistent_key.data @@ -1,27 +1,27 @@ -PSA Storage format data for storage +Format for storage: RSA private key format_storage_data_check:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b455900000000000100000000000170010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN -PSA Storage parse stored data +Parse storage: RSA private key parse_storage_data_check:"505341004b455900000000000100000000000170010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_SUCCESS -PSA Storage parse stored data wrong version, should fail +Parse storage: wrong version parse_storage_data_check:"505341004b455900ffffffff0100000000000170010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE -PSA Storage parse too big data, should fail +Parse storage: data too big parse_storage_data_check:"505341004b455900000000000100000000000170010000000000001200000010ffffffff3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE -PSA Storage parse bad magic, should fail +Parse storage: bad magic parse_storage_data_check:"645341004b455900000000000100000000000170010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE -PSA Storage parse not enough magic, should fail +Parse storage: truncated magic parse_storage_data_check:"505341004b4559":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE # Not specific to files, but only run this test in an environment where the maximum size could be reached. -Save maximum size persistent raw key +Save maximum-size persistent raw key depends_on:MBEDTLS_PSA_ITS_FILE_C save_large_persistent_key:PSA_CRYPTO_MAX_STORAGE_SIZE:PSA_SUCCESS -Save larger than maximum size persistent raw key, should fail +Save larger than maximum-size persistent raw key save_large_persistent_key:PSA_CRYPTO_MAX_STORAGE_SIZE + 1:PSA_ERROR_NOT_SUPPORTED Persistent key destroy @@ -66,7 +66,7 @@ import/export persistent key RSA keypair file not exist: 1024-bit depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:0:1 -PSA import/export-persistent symmetric key: 16 bytes [#1] +import/export-persistent symmetric key: 16 bytes depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:0:0 @@ -92,6 +92,6 @@ import/export persistent key RSA keypair file not exist with restart: 1024-bit depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:1:1 -PSA import/export-persistent symmetric key: 16 bytes [#2] +import/export-persistent symmetric key with restart: 16 bytes depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:1:0 From f8210f2bd533e8935819ec5fd12680dfdc81f73f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 2 Dec 2019 17:26:44 +0100 Subject: [PATCH 59/65] Test the block size for symmetric keys Also insist on their category. Fix a missing implementation of PSA_BLOCK_CIPHER_BLOCK_SIZE for ChaCha20. --- include/psa/crypto_values.h | 1 + tests/scripts/test_psa_constant_names.py | 2 ++ .../test_suite_psa_crypto_metadata.data | 20 +++++++------- .../test_suite_psa_crypto_metadata.function | 27 +++++++++++++++++++ 4 files changed, 40 insertions(+), 10 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index d0008a9f67..dbe75ad85e 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -604,6 +604,7 @@ (type) == PSA_KEY_TYPE_DES ? 8 : \ (type) == PSA_KEY_TYPE_CAMELLIA ? 16 : \ (type) == PSA_KEY_TYPE_ARC4 ? 1 : \ + (type) == PSA_KEY_TYPE_CHACHA20 ? 1 : \ 0) /** Vendor-defined algorithm flag. diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 585f9decca..717d0dbfad 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -102,6 +102,8 @@ class Inputs: # Any function ending in _algorithm also gets added to # self.algorithms. 'key_type': [self.key_types], + 'block_cipher_key_type': [self.key_types], + 'stream_cipher_key_type': [self.key_types], 'ecc_key_types': [self.ecc_curves], 'dh_key_types': [self.dh_groups], 'hash_algorithm': [self.hash_algorithms], diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index 9cdee03530..d0cc799042 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -315,25 +315,25 @@ key_type:PSA_KEY_TYPE_HMAC:KEY_TYPE_IS_UNSTRUCTURED Key type: secret for key derivation key_type:PSA_KEY_TYPE_DERIVE:KEY_TYPE_IS_UNSTRUCTURED -Key type: AES +Block cipher key type: AES depends_on:MBEDTLS_AES_C -key_type:PSA_KEY_TYPE_AES:KEY_TYPE_IS_UNSTRUCTURED +block_cipher_key_type:PSA_KEY_TYPE_AES:16 -Key type: DES +Block cipher key type: DES depends_on:MBEDTLS_DES_C -key_type:PSA_KEY_TYPE_DES:KEY_TYPE_IS_UNSTRUCTURED +block_cipher_key_type:PSA_KEY_TYPE_DES:8 -Key type: Camellia +Block cipher key type: Camellia depends_on:MBEDTLS_CAMELLIA_C -key_type:PSA_KEY_TYPE_CAMELLIA:KEY_TYPE_IS_UNSTRUCTURED +block_cipher_key_type:PSA_KEY_TYPE_CAMELLIA:16 -Key type: ARC4 +Stream cipher key type: ARC4 depends_on:MBEDTLS_ARC4_C -key_type:PSA_KEY_TYPE_ARC4:KEY_TYPE_IS_UNSTRUCTURED +stream_cipher_key_type:PSA_KEY_TYPE_ARC4 -Key type: ChaCha20 +Stream cipher key type: ChaCha20 depends_on:MBEDTLS_CHACHA20_C -key_type:PSA_KEY_TYPE_CHACHA20:KEY_TYPE_IS_UNSTRUCTURED +stream_cipher_key_type:PSA_KEY_TYPE_CHACHA20 Key type: RSA public key depends_on:MBEDTLS_RSA_C diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index 3a9347e2fd..9282641e4e 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -449,6 +449,33 @@ void key_type( int type_arg, int classification_flags ) } /* END_CASE */ +/* BEGIN_CASE */ +void block_cipher_key_type( int type_arg, int block_size_arg ) +{ + psa_key_type_t type = type_arg; + size_t block_size = block_size_arg; + + test_key_type( type_arg, KEY_TYPE_IS_UNSTRUCTURED ); + + TEST_EQUAL( type & PSA_KEY_TYPE_CATEGORY_MASK, + PSA_KEY_TYPE_CATEGORY_SYMMETRIC ); + TEST_EQUAL( PSA_BLOCK_CIPHER_BLOCK_SIZE( type ), block_size ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void stream_cipher_key_type( int type_arg ) +{ + psa_key_type_t type = type_arg; + + test_key_type( type_arg, KEY_TYPE_IS_UNSTRUCTURED ); + + TEST_EQUAL( type & PSA_KEY_TYPE_CATEGORY_MASK, + PSA_KEY_TYPE_CATEGORY_SYMMETRIC ); + TEST_EQUAL( PSA_BLOCK_CIPHER_BLOCK_SIZE( type ), 1 ); +} +/* END_CASE */ + /* BEGIN_CASE */ void ecc_key_types( int curve_arg, int curve_bits_arg ) { From 7a1925c453b11851b521455eb8bd9fe0e8a07d35 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 2 Dec 2019 18:01:24 +0100 Subject: [PATCH 60/65] Add a few EC public key import/export test cases Test a Brainpool curve and a curve whose bit size is not a multiple of 8. --- tests/suites/test_suite_psa_crypto.data | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 436ed7c315..fa2f6ec2fc 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -228,6 +228,14 @@ PSA import/export EC secp256r1 public key: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED import_export:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1 +PSA import/export EC secp521r1 public key: good +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +import_export:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP521R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:521:0:PSA_SUCCESS:1 + +PSA import/export EC brainpoolP256r1 public key: good +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED +import_export:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_BRAINPOOL_P256R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1 + PSA import/export AES key: policy forbids export depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:128:0:PSA_ERROR_NOT_PERMITTED:1 From 46c33801f3fb956966b03e556b8cdebc24fd492a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 3 Dec 2019 21:20:16 +0100 Subject: [PATCH 61/65] Remove unused macros --- include/mbedtls/psa_util.h | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index a87ca815b0..2e7393b3ce 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -378,24 +378,6 @@ static inline psa_ecc_curve_t mbedtls_psa_translate_ecc_group( mbedtls_ecp_group } } - -#define MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( curve ) \ - ( curve == PSA_ECC_CURVE_SECP192R1 ? 192 : \ - curve == PSA_ECC_CURVE_SECP224R1 ? 224 : \ - curve == PSA_ECC_CURVE_SECP256R1 ? 256 : \ - curve == PSA_ECC_CURVE_SECP384R1 ? 384 : \ - curve == PSA_ECC_CURVE_SECP521R1 ? 521 : \ - curve == PSA_ECC_CURVE_SECP192K1 ? 192 : \ - curve == PSA_ECC_CURVE_SECP224K1 ? 224 : \ - curve == PSA_ECC_CURVE_SECP256K1 ? 256 : \ - curve == PSA_ECC_CURVE_BRAINPOOL_P256R1 ? 256 : \ - curve == PSA_ECC_CURVE_BRAINPOOL_P384R1 ? 384 : \ - curve == PSA_ECC_CURVE_BRAINPOOL_P512R1 ? 512 : \ - 0 ) - -#define MBEDTLS_PSA_ECC_KEY_BYTES_OF_CURVE( curve ) \ - ( ( MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( curve ) + 7 ) / 8 ) - /* Translations for PK layer */ static inline int mbedtls_psa_err_translate_pk( psa_status_t status ) From 4cd3277656a6f6676d2091053f8ce6dd6554b001 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 2 Dec 2019 20:49:42 +0100 Subject: [PATCH 62/65] Factor common code of psa_import_ec_{public,private}_key --- library/psa_crypto.c | 40 ++++++++++++++++++---------------------- 1 file changed, 18 insertions(+), 22 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 25aff019ab..59edae1cd1 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -584,6 +584,20 @@ exit: #endif /* defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) */ #if defined(MBEDTLS_ECP_C) +static psa_status_t psa_prepare_import_ec_key( psa_ecc_curve_t curve, + mbedtls_ecp_keypair **p_ecp ) +{ + mbedtls_ecp_group_id grp_id = MBEDTLS_ECP_DP_NONE; + *p_ecp = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) ); + if( *p_ecp == NULL ) + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + mbedtls_ecp_keypair_init( *p_ecp ); + + /* Load the group. */ + grp_id = mbedtls_ecc_group_of_psa( curve ); + return( mbedtls_to_psa_error( + mbedtls_ecp_group_load( &( *p_ecp )->grp, grp_id ) ) ); +} /* Import a public key given as the uncompressed representation defined by SEC1 * 2.3.3 as the content of an ECPoint. */ @@ -594,19 +608,11 @@ static psa_status_t psa_import_ec_public_key( psa_ecc_curve_t curve, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_keypair *ecp = NULL; - mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve ); - *p_ecp = NULL; - ecp = mbedtls_calloc( 1, sizeof( *ecp ) ); - if( ecp == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - mbedtls_ecp_keypair_init( ecp ); - - /* Load the group. */ - status = mbedtls_to_psa_error( - mbedtls_ecp_group_load( &ecp->grp, grp_id ) ); + status = psa_prepare_import_ec_key( curve, &ecp ); if( status != PSA_SUCCESS ) goto exit; + /* Load the public value. */ status = mbedtls_to_psa_error( mbedtls_ecp_point_read_binary( &ecp->grp, &ecp->Q, @@ -631,9 +637,7 @@ exit: } return( status ); } -#endif /* defined(MBEDTLS_ECP_C) */ -#if defined(MBEDTLS_ECP_C) /* Import a private key given as a byte string which is the private value * in big-endian order. */ static psa_status_t psa_import_ec_private_key( psa_ecc_curve_t curve, @@ -643,22 +647,14 @@ static psa_status_t psa_import_ec_private_key( psa_ecc_curve_t curve, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_keypair *ecp = NULL; - mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve ); if( PSA_BITS_TO_BYTES( PSA_ECC_CURVE_BITS( curve ) ) != data_length ) return( PSA_ERROR_INVALID_ARGUMENT ); - *p_ecp = NULL; - ecp = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) ); - if( ecp == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - mbedtls_ecp_keypair_init( ecp ); - - /* Load the group. */ - status = mbedtls_to_psa_error( - mbedtls_ecp_group_load( &ecp->grp, grp_id ) ); + status = psa_prepare_import_ec_key( curve, &ecp ); if( status != PSA_SUCCESS ) goto exit; + /* Load the secret value. */ status = mbedtls_to_psa_error( mbedtls_mpi_read_binary( &ecp->d, data, data_length ) ); From 9c2ccd2e7afbb964be15fa4de53a2cd2682c5276 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 9 Dec 2019 15:00:41 +0000 Subject: [PATCH 63/65] Fix error code range in documentation --- include/mbedtls/error.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 7ca54b8c3f..5ccebebde6 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -52,7 +52,7 @@ * For historical reasons, low-level error codes are divided in even and odd, * even codes were assigned first, and -1 is reserved for other errors. * - * Low-level module errors (0x0002-0x007E, 0x0003-0x007F) + * Low-level module errors (0x0002-0x007E, 0x0001-0x007F) * * Module Nr Codes assigned * ERROR 2 0x006E 0x0001 From 18220610937ca099c0761a6fff0b84c0ff2f2d44 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Tue, 17 Dec 2019 15:03:59 +0000 Subject: [PATCH 64/65] Fix some pylint warnings Add docstrings where they were missing and fix a too-long line --- tests/scripts/check-test-cases.py | 3 +++ tests/scripts/mbedtls_test.py | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/scripts/check-test-cases.py b/tests/scripts/check-test-cases.py index 87a35e47ed..939ca2314d 100755 --- a/tests/scripts/check-test-cases.py +++ b/tests/scripts/check-test-cases.py @@ -26,6 +26,7 @@ import re import sys class Results: + """Store file and line information about errors or warnings in test suites.""" def __init__(self): self.errors = 0 self.warnings = 0 @@ -41,6 +42,7 @@ class Results: self.warnings += 1 def collect_test_directories(): + """Get the relative path for the TLS and Crypto test directories.""" if os.path.isdir('tests'): tests_dir = 'tests' elif os.path.isdir('suites'): @@ -55,6 +57,7 @@ def collect_test_directories(): return directories def check_description(results, seen, file_name, line_number, description): + """Check test case descriptions for errors.""" if description in seen: results.error(file_name, line_number, 'Duplicate description (also line {})', diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py index 6ac68a4fb3..8f24435bfe 100755 --- a/tests/scripts/mbedtls_test.py +++ b/tests/scripts/mbedtls_test.py @@ -310,7 +310,10 @@ class MbedTlsTest(BaseHostTest): param_bytes, length = self.test_vector_to_bytes(function_id, dependencies, args) - self.send_kv(''.join('{:02x}'.format(x) for x in length), ''.join('{:02x}'.format(x) for x in param_bytes)) + self.send_kv( + ''.join('{:02x}'.format(x) for x in length), + ''.join('{:02x}'.format(x) for x in param_bytes) + ) @staticmethod def get_result(value): From a15c71374b36b4ddac2b6c00d18f6ab6ac87813b Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Thu, 9 Jan 2020 13:02:16 +0000 Subject: [PATCH 65/65] ctr_drbg: Clarify reseed_counter values before seeding Before the initial seeding, reseed_counter used to always be 0. Now, the value depends on whether or not the user has explicitly set the amount of data to get from the nonce (via e.g. mbedtls_ctr_drbg_set_nonce_len()). Add comments to clarify the possible values reseed_counter can have before the initial seeding. --- include/mbedtls/ctr_drbg.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 091f15ac26..234e6a0364 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -177,7 +177,9 @@ typedef struct mbedtls_ctr_drbg_context * minus one. * Before the initial seeding, this field * contains the amount of entropy in bytes - * to use as a nonce for the initial seeding. + * to use as a nonce for the initial seeding, + * or -1 if no nonce length has been explicitly + * set (see mbedtls_ctr_drbg_set_nonce_len()). */ int prediction_resistance; /*!< This determines whether prediction resistance is enabled, that is