From cd17ecfe85367963bd5585f0549f45f1f9aee551 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 5 Jun 2023 17:02:17 -0400 Subject: [PATCH 01/99] Use better IP parsing in x509 programs Remove unnecessary duplicated code. Signed-off-by: Andrzej Kurek --- include/mbedtls/x509.h | 17 ++++++++++++ library/x509_crt.c | 1 - library/x509_invasive.h | 53 -------------------------------------- programs/x509/cert_req.c | 29 +++++++-------------- programs/x509/cert_write.c | 25 +++++++----------- 5 files changed, 37 insertions(+), 88 deletions(-) delete mode 100644 library/x509_invasive.h diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index df6d7623a..d7777c90a 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -500,6 +500,23 @@ int mbedtls_x509_info_cert_type(char **buf, size_t *size, int mbedtls_x509_info_key_usage(char **buf, size_t *size, unsigned int key_usage); +/** + * \brief This function parses a CN string as an IP address. + * + * \param cn The CN string to parse. CN string MUST be NUL-terminated. + * \param dst The target buffer to populate with the binary IP address. + * The buffer MUST be 16 bytes to save IPv6, and should be + * 4-byte aligned if the result will be used as struct in_addr. + * e.g. uint32_t dst[4] + * + * \note \cn is parsed as an IPv6 address if string contains ':', + * else \cn is parsed as an IPv4 address. + * + * \return Length of binary IP address; num bytes written to target. + * \return \c 0 on failure to parse CN string as an IP address. + */ +size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst); + #define MBEDTLS_X509_SAFE_SNPRINTF \ do { \ if (ret < 0 || (size_t) ret >= n) \ diff --git a/library/x509_crt.c b/library/x509_crt.c index 9b3414a49..edd57828a 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2862,7 +2862,6 @@ static int x509_inet_pton_ipv4(const char *src, void *dst) #endif /* !AF_INET6 || MBEDTLS_TEST_SW_INET_PTON */ //no-check-names -MBEDTLS_STATIC_TESTABLE size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst) { return strchr(cn, ':') == NULL diff --git a/library/x509_invasive.h b/library/x509_invasive.h deleted file mode 100644 index d8fd74be4..000000000 --- a/library/x509_invasive.h +++ /dev/null @@ -1,53 +0,0 @@ -/** - * \file x509_invasive.h - * - * \brief x509 module: interfaces for invasive testing only. - * - * The interfaces in this file are intended for testing purposes only. - * They SHOULD NOT be made available in library integrations except when - * building the library for testing. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_X509_INVASIVE_H -#define MBEDTLS_X509_INVASIVE_H - -#include "common.h" - -#if defined(MBEDTLS_TEST_HOOKS) - -/** - * \brief This function parses a CN string as an IP address. - * - * \param cn The CN string to parse. CN string MUST be NUL-terminated. - * \param dst The target buffer to populate with the binary IP address. - * The buffer MUST be 16 bytes to save IPv6, and should be - * 4-byte aligned if the result will be used as struct in_addr. - * e.g. uint32_t dst[4] - * - * \note \cn is parsed as an IPv6 address if string contains ':', - * else \cn is parsed as an IPv4 address. - * - * \return Length of binary IP address; num bytes written to target. - * \return \c 0 on failure to parse CN string as an IP address. - */ -size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst); - -#endif /* MBEDTLS_TEST_HOOKS */ - -#endif /* MBEDTLS_X509_INVASIVE_H */ diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index fe060f3d9..531871bc6 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -116,18 +116,6 @@ struct options { mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */ } opt; -static void ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes) -{ - for (int i = 0; i < maxBytes; i++) { - bytes[i] = (uint8_t) strtoul(str, NULL, 10); - str = strchr(str, '.'); - if (str == NULL || *str == '\0') { - break; - } - str++; - } -} - int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) @@ -165,12 +153,13 @@ int main(int argc, char *argv[]) mbedtls_pk_context key; char buf[1024]; int i; - char *p, *q, *r, *r2; + char *p, *q, *r, *subtype_value; mbedtls_x509write_csr req; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "csr example app"; mbedtls_x509_san_list *cur, *prev; + uint8_t ip[4] = { 0 }; /* * Set to sane values @@ -231,8 +220,6 @@ usage: prev = NULL; while (q != NULL) { - uint8_t ip[4] = { 0 }; - if ((r = strchr(q, ';')) != NULL) { *r++ = '\0'; } @@ -245,8 +232,8 @@ usage: cur->next = NULL; - if ((r2 = strchr(q, ':')) != NULL) { - *r2++ = '\0'; + if ((subtype_value = strchr(q, ':')) != NULL) { + *subtype_value++ = '\0'; } if (strcmp(q, "URI") == 0) { @@ -254,8 +241,12 @@ usage: } else if (strcmp(q, "DNS") == 0) { cur->node.type = MBEDTLS_X509_SAN_DNS_NAME; } else if (strcmp(q, "IP") == 0) { + size_t ip_len = 0; cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS; - ip_string_to_bytes(r2, ip, 4); + ip_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip); + if (ip_len == 0) { + goto exit; + } } else { mbedtls_free(cur); goto usage; @@ -265,7 +256,7 @@ usage: cur->node.san.unstructured_name.p = (unsigned char *) ip; cur->node.san.unstructured_name.len = sizeof(ip); } else { - q = r2; + q = subtype_value; cur->node.san.unstructured_name.p = (unsigned char *) q; cur->node.san.unstructured_name.len = strlen(q); } diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index e4f8886fe..e58f52853 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -216,18 +216,6 @@ struct options { int format; /* format */ } opt; -static void ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes) -{ - for (int i = 0; i < maxBytes; i++) { - bytes[i] = (uint8_t) strtoul(str, NULL, 10); - str = strchr(str, '.'); - if (str == NULL || *str == '\0') { - break; - } - str++; - } -} - int write_certificate(mbedtls_x509write_cert *crt, const char *output_file, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) @@ -601,8 +589,14 @@ usage: } else if (strcmp(q, "DNS") == 0) { cur->node.type = MBEDTLS_X509_SAN_DNS_NAME; } else if (strcmp(q, "IP") == 0) { + size_t ip_len = 0; cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS; - ip_string_to_bytes(subtype_value, ip, 4); + ip_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip); + if (ip_len == 0) { + mbedtls_printf("mbedtls_x509_crt_parse_cn_inet_pton failed to parse %s\n", + subtype_value); + goto exit; + } cur->node.san.unstructured_name.p = (unsigned char *) ip; cur->node.san.unstructured_name.len = sizeof(ip); } else if (strcmp(q, "DN") == 0) { @@ -625,8 +619,9 @@ usage: if (cur->node.type == MBEDTLS_X509_SAN_RFC822_NAME || cur->node.type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER || cur->node.type == MBEDTLS_X509_SAN_DNS_NAME) { - cur->node.san.unstructured_name.p = (unsigned char *) subtype_value; - cur->node.san.unstructured_name.len = strlen(subtype_value); + q = subtype_value; + cur->node.san.unstructured_name.p = (unsigned char *) q; + cur->node.san.unstructured_name.len = strlen(q); } if (prev == NULL) { From c40a1b552c161655d286d41adfc773b5f8205792 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 22 May 2023 14:54:39 -0400 Subject: [PATCH 02/99] Remove references to x509_invasive.h Signed-off-by: Andrzej Kurek --- library/x509_crt.c | 1 - tests/suites/test_suite_x509parse.function | 2 -- 2 files changed, 3 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index edd57828a..380b1fd0d 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -49,7 +49,6 @@ #include "mbedtls/psa_util.h" #include "md_psa.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#include "x509_invasive.h" #include "pk_internal.h" #include "mbedtls/platform.h" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index f215a8069..61e27b00d 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -11,8 +11,6 @@ #include "mbedtls/pk.h" #include "string.h" -#include "x509_invasive.h" - #if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19 #error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \ than the current threshold 19. To test larger values, please \ From 5d9aeba8996f70fbcd652f03b712e6ed2eb61a3b Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 22 May 2023 15:16:05 -0400 Subject: [PATCH 03/99] Fix param documentation for mbedtls_x509_crt_parse_cn_inet_pton Signed-off-by: Andrzej Kurek --- include/mbedtls/x509.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index d7777c90a..6e9ee88ec 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -509,8 +509,8 @@ int mbedtls_x509_info_key_usage(char **buf, size_t *size, * 4-byte aligned if the result will be used as struct in_addr. * e.g. uint32_t dst[4] * - * \note \cn is parsed as an IPv6 address if string contains ':', - * else \cn is parsed as an IPv4 address. + * \note \p cn is parsed as an IPv6 address if string contains ':', + * else \p cn is parsed as an IPv4 address. * * \return Length of binary IP address; num bytes written to target. * \return \c 0 on failure to parse CN string as an IP address. From 0624e460fb8153d4c395ba559d55b7e12d1caade Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 23 May 2023 10:57:14 -0400 Subject: [PATCH 04/99] Add a guard for IP parsing in cert_req app Signed-off-by: Andrzej Kurek --- programs/x509/cert_req.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 531871bc6..23e816b33 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -159,8 +159,9 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "csr example app"; mbedtls_x509_san_list *cur, *prev; +#if defined(MBEDTLS_X509_CRT_PARSE_C) uint8_t ip[4] = { 0 }; - +#endif /* * Set to sane values */ @@ -241,20 +242,29 @@ usage: } else if (strcmp(q, "DNS") == 0) { cur->node.type = MBEDTLS_X509_SAN_DNS_NAME; } else if (strcmp(q, "IP") == 0) { +#if defined(MBEDTLS_X509_CRT_PARSE_C) size_t ip_len = 0; cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS; ip_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip); if (ip_len == 0) { + mbedtls_printf("mbedtls_x509_crt_parse_cn_inet_pton failed to parse %s\n", + subtype_value); goto exit; } +#else + mbedtls_printf("IP SAN parsing requires MBEDTLS_X509_CRT_PARSE_C to be defined"); + goto exit; +#endif } else { mbedtls_free(cur); goto usage; } if (strcmp(q, "IP") == 0) { +#if defined(MBEDTLS_X509_CRT_PARSE_C) cur->node.san.unstructured_name.p = (unsigned char *) ip; cur->node.san.unstructured_name.len = sizeof(ip); +#endif } else { q = subtype_value; cur->node.san.unstructured_name.p = (unsigned char *) q; From 0064484a701bf17cd699019bada172e90ee8793e Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 30 May 2023 05:45:00 -0400 Subject: [PATCH 05/99] Optimize error translation code size Introducing an intermediate function saves code size that's otherwise taken by excessive, repeated arguments in each place that was translating errors. Signed-off-by: Andrzej Kurek --- library/constant_time.c | 12 +++++++++--- library/lmots.c | 12 +++++++++--- library/lms.c | 12 +++++++++--- library/ssl_cookie.c | 12 +++++++++--- library/ssl_msg.c | 12 +++++++++--- library/ssl_ticket.c | 12 +++++++++--- library/ssl_tls.c | 23 +++++++++++++++++------ library/ssl_tls12_client.c | 12 +++++++++--- library/ssl_tls12_server.c | 12 +++++++++--- library/ssl_tls13_client.c | 13 +++++++++---- library/ssl_tls13_generic.c | 12 +++++++++--- library/ssl_tls13_keys.c | 12 +++++++++--- 12 files changed, 116 insertions(+), 40 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index c823b7889..fa0d89895 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -47,9 +47,15 @@ #include #if defined(MBEDTLS_USE_PSA_CRYPTO) -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #endif /* diff --git a/library/lmots.c b/library/lmots.c index 4061edde0..a3bfff89f 100644 --- a/library/lmots.c +++ b/library/lmots.c @@ -45,9 +45,15 @@ #include "psa/crypto.h" -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_lms_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_lms_errors, + sizeof(psa_to_lms_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #define PUBLIC_KEY_TYPE_OFFSET (0) #define PUBLIC_KEY_I_KEY_ID_OFFSET (PUBLIC_KEY_TYPE_OFFSET + \ diff --git a/library/lms.c b/library/lms.c index acc352331..50595703d 100644 --- a/library/lms.c +++ b/library/lms.c @@ -46,9 +46,15 @@ #include "mbedtls/platform.h" -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_lms_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_lms_errors, + sizeof(psa_to_lms_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #define SIG_Q_LEAF_ID_OFFSET (0) #define SIG_OTS_SIG_OFFSET (SIG_Q_LEAF_ID_OFFSET + \ diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index ae7a4204c..371edce3a 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -37,9 +37,15 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "md_psa.h" -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #endif /* diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 18c19f93e..f1906570c 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -49,9 +49,15 @@ #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #endif static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl); diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 7d07d191f..54c00cc0c 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -31,9 +31,15 @@ #include #if defined(MBEDTLS_USE_PSA_CRYPTO) -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #endif /* diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f0067f4b2..7601e5b11 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -51,12 +51,23 @@ #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) -#define PSA_TO_MD_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_md_errors, \ - psa_generic_status_to_mbedtls) +/* Define local translating functions to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) + +static int local_md_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_md_errors, + sizeof(psa_to_md_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MD_ERR(status) local_md_translation(status) #endif #if defined(MBEDTLS_TEST_HOOKS) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index fc96dae1e..75b79bfad 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -33,9 +33,15 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "mbedtls/psa_util.h" #include "psa/crypto.h" -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #endif /* MBEDTLS_USE_PSA_CRYPTO */ #include diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 30c35f3a4..d29aa8d43 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -34,9 +34,15 @@ #include #if defined(MBEDTLS_USE_PSA_CRYPTO) -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #endif #if defined(MBEDTLS_ECP_C) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 3dffc1df4..64d905cbe 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -35,10 +35,15 @@ #include "ssl_debug_helpers.h" #include "md_psa.h" -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) - +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) /* Write extensions */ /* diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index a59f01c3e..48e6f76e9 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -39,9 +39,15 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[ MBEDTLS_SERVER_HELLO_RANDOM_LEN] = diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 540f854a8..08d10a354 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -36,9 +36,15 @@ #include "psa/crypto.h" #include "md_psa.h" -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) +/* Define a local translating function to save code size by not using too many + * arguments in each translating place. */ +static int local_err_translation(psa_status_t status) +{ + return psa_status_to_mbedtls(status, psa_to_ssl_errors, + sizeof(psa_to_ssl_errors), + psa_generic_status_to_mbedtls); +} +#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ .name = string, From 1c7a99856f965f3e2049c924446783f1094c75be Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 30 May 2023 09:21:20 -0400 Subject: [PATCH 06/99] Add missing ifdefs Make sure that the error translating functions are only defined when they're used. Signed-off-by: Andrzej Kurek --- library/constant_time.c | 4 +++- library/ssl_tls12_client.c | 2 ++ library/ssl_tls12_server.c | 3 +++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/library/constant_time.c b/library/constant_time.c index fa0d89895..9b2a47758 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -46,7 +46,9 @@ #endif #include -#if defined(MBEDTLS_USE_PSA_CRYPTO) + +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) +#include "psa/crypto.h" /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 75b79bfad..ade68a927 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "mbedtls/psa_util.h" #include "psa/crypto.h" +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -42,6 +43,7 @@ static int local_err_translation(psa_status_t status) psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) +#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ #include diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index d29aa8d43..03f9eea85 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -36,6 +36,8 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, @@ -44,6 +46,7 @@ static int local_err_translation(psa_status_t status) } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #endif +#endif #if defined(MBEDTLS_ECP_C) #include "mbedtls/ecp.h" From b22b9778c7aeeae70a978819dd401a874c54038c Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 30 May 2023 09:44:20 -0400 Subject: [PATCH 07/99] Move the ARRAY_LENGTH definition to common.h Reuse it in the library and tests. Signed-off-by: Andrzej Kurek --- library/common.h | 38 +++++++++++++++++++++++++++ library/psa_crypto.c | 2 -- library/psa_crypto_slot_management.c | 2 -- library/sha512.c | 2 -- library/ssl_tls.c | 2 -- tests/include/test/macros.h | 39 ---------------------------- tests/src/psa_crypto_helpers.c | 1 + 7 files changed, 39 insertions(+), 47 deletions(-) diff --git a/library/common.h b/library/common.h index eb159a7c4..68af8405e 100644 --- a/library/common.h +++ b/library/common.h @@ -65,6 +65,44 @@ extern void (*mbedtls_test_hook_test_fail)(const char *test, int line, const cha #define MBEDTLS_TEST_HOOK_TEST_ASSERT(TEST) #endif /* defined(MBEDTLS_TEST_HOOKS) */ +/** \def ARRAY_LENGTH + * Return the number of elements of a static or stack array. + * + * \param array A value of array (not pointer) type. + * + * \return The number of elements of the array. + */ +/* A correct implementation of ARRAY_LENGTH, but which silently gives + * a nonsensical result if called with a pointer rather than an array. */ +#define ARRAY_LENGTH_UNSAFE(array) \ + (sizeof(array) / sizeof(*(array))) + +#if defined(__GNUC__) +/* Test if arg and &(arg)[0] have the same type. This is true if arg is + * an array but not if it's a pointer. */ +#define IS_ARRAY_NOT_POINTER(arg) \ + (!__builtin_types_compatible_p(__typeof__(arg), \ + __typeof__(&(arg)[0]))) +/* A compile-time constant with the value 0. If `const_expr` is not a + * compile-time constant with a nonzero value, cause a compile-time error. */ +#define STATIC_ASSERT_EXPR(const_expr) \ + (0 && sizeof(struct { unsigned int STATIC_ASSERT : 1 - 2 * !(const_expr); })) + +/* Return the scalar value `value` (possibly promoted). This is a compile-time + * constant if `value` is. `condition` must be a compile-time constant. + * If `condition` is false, arrange to cause a compile-time error. */ +#define STATIC_ASSERT_THEN_RETURN(condition, value) \ + (STATIC_ASSERT_EXPR(condition) ? 0 : (value)) + +#define ARRAY_LENGTH(array) \ + (STATIC_ASSERT_THEN_RETURN(IS_ARRAY_NOT_POINTER(array), \ + ARRAY_LENGTH_UNSAFE(array))) + +#else +/* If we aren't sure the compiler supports our non-standard tricks, + * fall back to the unsafe implementation. */ +#define ARRAY_LENGTH(array) ARRAY_LENGTH_UNSAFE(array) +#endif /** Allow library to access its structs' private members. * * Although structs defined in header files are publicly available, diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 399e7f387..f735d88aa 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -84,8 +84,6 @@ #include "mbedtls/sha512.h" #include "md_psa.h" -#define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array))) - #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index a7cb9b513..a10cb2b47 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -36,8 +36,6 @@ #include #include "mbedtls/platform.h" -#define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array))) - typedef struct { psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT]; unsigned key_slots_initialized : 1; diff --git a/library/sha512.c b/library/sha512.c index b8b24854d..ff92a1b81 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -1001,8 +1001,6 @@ static sha_test_sum_t sha512_test_sum[] = }; #endif /* MBEDTLS_SHA512_C */ -#define ARRAY_LENGTH(a) (sizeof(a) / sizeof((a)[0])) - static int mbedtls_sha512_common_self_test(int verbose, int is384) { int i, buflen, ret = 0; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7601e5b11..fc44dbe28 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -759,8 +759,6 @@ void mbedtls_ssl_print_extensions(const mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -#define ARRAY_LENGTH(a) (sizeof(a) / sizeof(*(a))) - static const char *ticket_flag_name_table[] = { [0] = "ALLOW_PSK_RESUMPTION", diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index ab8260b75..01eaff5c2 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -196,45 +196,6 @@ mbedtls_exit(1); \ } -/** \def ARRAY_LENGTH - * Return the number of elements of a static or stack array. - * - * \param array A value of array (not pointer) type. - * - * \return The number of elements of the array. - */ -/* A correct implementation of ARRAY_LENGTH, but which silently gives - * a nonsensical result if called with a pointer rather than an array. */ -#define ARRAY_LENGTH_UNSAFE(array) \ - (sizeof(array) / sizeof(*(array))) - -#if defined(__GNUC__) -/* Test if arg and &(arg)[0] have the same type. This is true if arg is - * an array but not if it's a pointer. */ -#define IS_ARRAY_NOT_POINTER(arg) \ - (!__builtin_types_compatible_p(__typeof__(arg), \ - __typeof__(&(arg)[0]))) -/* A compile-time constant with the value 0. If `const_expr` is not a - * compile-time constant with a nonzero value, cause a compile-time error. */ -#define STATIC_ASSERT_EXPR(const_expr) \ - (0 && sizeof(struct { unsigned int STATIC_ASSERT : 1 - 2 * !(const_expr); })) - -/* Return the scalar value `value` (possibly promoted). This is a compile-time - * constant if `value` is. `condition` must be a compile-time constant. - * If `condition` is false, arrange to cause a compile-time error. */ -#define STATIC_ASSERT_THEN_RETURN(condition, value) \ - (STATIC_ASSERT_EXPR(condition) ? 0 : (value)) - -#define ARRAY_LENGTH(array) \ - (STATIC_ASSERT_THEN_RETURN(IS_ARRAY_NOT_POINTER(array), \ - ARRAY_LENGTH_UNSAFE(array))) - -#else -/* If we aren't sure the compiler supports our non-standard tricks, - * fall back to the unsafe implementation. */ -#define ARRAY_LENGTH(array) ARRAY_LENGTH_UNSAFE(array) -#endif - /** Return the smaller of two values. * * \param x An integer-valued expression without side effects. diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index 77c2f8976..8f58d4dc1 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -24,6 +24,7 @@ #include #include #include +#include "common.h" #if defined(MBEDTLS_PSA_CRYPTO_C) From 1e4a030b003ef813f179d66be1fd0cd88cdfe306 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 30 May 2023 09:45:17 -0400 Subject: [PATCH 08/99] Fix wrong array size calculation in error translation code Signed-off-by: Andrzej Kurek --- library/constant_time.c | 2 +- library/lmots.c | 2 +- library/lms.c | 2 +- library/ssl_cookie.c | 2 +- library/ssl_msg.c | 2 +- library/ssl_ticket.c | 2 +- library/ssl_tls.c | 4 ++-- library/ssl_tls12_client.c | 2 +- library/ssl_tls12_server.c | 2 +- library/ssl_tls13_client.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/ssl_tls13_keys.c | 2 +- 12 files changed, 13 insertions(+), 13 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index 9b2a47758..f1dbd04e6 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -54,7 +54,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/lmots.c b/library/lmots.c index a3bfff89f..4ef2c5178 100644 --- a/library/lmots.c +++ b/library/lmots.c @@ -50,7 +50,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_lms_errors, - sizeof(psa_to_lms_errors), + ARRAY_LENGTH(psa_to_lms_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/lms.c b/library/lms.c index 50595703d..823ce09f8 100644 --- a/library/lms.c +++ b/library/lms.c @@ -51,7 +51,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_lms_errors, - sizeof(psa_to_lms_errors), + ARRAY_LENGTH(psa_to_lms_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 371edce3a..098acedd3 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -42,7 +42,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index f1906570c..e9050230b 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -54,7 +54,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 54c00cc0c..1adaa07fe 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -36,7 +36,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index fc44dbe28..9f3b3be3f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -56,7 +56,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) @@ -64,7 +64,7 @@ static int local_err_translation(psa_status_t status) static int local_md_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_md_errors, - sizeof(psa_to_md_errors), + ARRAY_LENGTH(psa_to_md_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MD_ERR(status) local_md_translation(status) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index ade68a927..28f9cdbff 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -39,7 +39,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 03f9eea85..9e122d6b8 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -41,7 +41,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 64d905cbe..eb733b3a9 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -40,7 +40,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 48e6f76e9..e58c3e5b8 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -44,7 +44,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 08d10a354..81daf0a8b 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -41,7 +41,7 @@ static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, - sizeof(psa_to_ssl_errors), + ARRAY_LENGTH(psa_to_ssl_errors), psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) From f1b659ed62e9c9de1796d753d952a180699976a0 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 30 May 2023 09:45:17 -0400 Subject: [PATCH 09/99] Move an include ARRAY_LENGTH macro was previously present in macros.h, so move the include there. Signed-off-by: Andrzej Kurek --- tests/include/test/macros.h | 1 + tests/src/psa_crypto_helpers.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 01eaff5c2..ae84ec236 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -33,6 +33,7 @@ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #include "mbedtls/memory_buffer_alloc.h" #endif +#include "common.h" /** * \brief This macro tests the expression passed to it as a test step or diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index 8f58d4dc1..77c2f8976 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -24,7 +24,6 @@ #include #include #include -#include "common.h" #if defined(MBEDTLS_PSA_CRYPTO_C) From a6033ac431503d7de23c4dfb497051715bcba1fe Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 30 May 2023 15:16:34 -0400 Subject: [PATCH 10/99] Add missing guards in tls 1.3 Error translation is only used with these defines on. Signed-off-by: Andrzej Kurek --- library/ssl_tls13_client.c | 3 +++ library/ssl_tls13_generic.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index eb733b3a9..6ec317007 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -35,6 +35,7 @@ #include "ssl_debug_helpers.h" #include "md_psa.h" +#if defined(PSA_WANT_ALG_ECDH) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -44,6 +45,8 @@ static int local_err_translation(psa_status_t status) psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) +#endif + /* Write extensions */ /* diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index e58c3e5b8..fa193ffb6 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -39,6 +39,8 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ + defined(PSA_WANT_ALG_ECDH) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -48,6 +50,7 @@ static int local_err_translation(psa_status_t status) psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) +#endif const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[ MBEDTLS_SERVER_HELLO_RANDOM_LEN] = From 15ddda9ff8a2f8e92fff104335f9afb58d129d72 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 14 Jun 2023 07:37:46 -0400 Subject: [PATCH 11/99] Remove PSA_TO_MD_ERR from ssl_tls.c Signed-off-by: Andrzej Kurek --- library/ssl_tls.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9f3b3be3f..bc9f4f8ee 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -60,14 +60,6 @@ static int local_err_translation(psa_status_t status) psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) - -static int local_md_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_md_errors, - ARRAY_LENGTH(psa_to_md_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MD_ERR(status) local_md_translation(status) #endif #if defined(MBEDTLS_TEST_HOOKS) From c6beb3a741f8d3327242cd1b62bdab458e34d9c6 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 15 Jun 2023 09:54:37 -0400 Subject: [PATCH 12/99] Rename NUL to null in x509 IP parsing description Signed-off-by: Andrzej Kurek --- include/mbedtls/x509.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 6e9ee88ec..b7da1850f 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -503,7 +503,7 @@ int mbedtls_x509_info_key_usage(char **buf, size_t *size, /** * \brief This function parses a CN string as an IP address. * - * \param cn The CN string to parse. CN string MUST be NUL-terminated. + * \param cn The CN string to parse. CN string MUST be null-terminated. * \param dst The target buffer to populate with the binary IP address. * The buffer MUST be 16 bytes to save IPv6, and should be * 4-byte aligned if the result will be used as struct in_addr. From 0813b6f28dee73e46904e34c60408a1911dcc12d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 16 Jun 2023 12:18:53 +0200 Subject: [PATCH 13/99] tls: optimize code in ssl_get_ecdh_params_from_cert() When MBEDTLS_PK_USE_PSA_EC_DATA is defined, opaque and non-opaque keys are basically stored in the same way (only a diffferent ownership for the key itself), so they should be treated similarly in the code. Signed-off-by: Valerio Setti --- library/ssl_tls12_server.c | 47 ++++++++++++++++++++------------------ 1 file changed, 25 insertions(+), 22 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 30c35f3a4..c990b8ac5 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2589,14 +2589,18 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - unsigned char buf[ - PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; + mbedtls_pk_context *pk; + mbedtls_pk_type_t pk_type; psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) uint16_t tls_id = 0; psa_ecc_family_t ecc_family; size_t key_len; - mbedtls_pk_context *pk; mbedtls_ecp_group_id grp_id; + unsigned char buf[ + PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; + mbedtls_ecp_keypair *key; +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ pk = mbedtls_ssl_own_key(ssl); @@ -2604,20 +2608,25 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) - mbedtls_ecp_keypair *key = mbedtls_pk_ec_rw(*pk); -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ + pk_type = mbedtls_pk_get_type(pk); - switch (mbedtls_pk_get_type(pk)) { + switch (pk_type) { case MBEDTLS_PK_OPAQUE: +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) { return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } ssl->handshake->ecdh_psa_privkey = pk->priv_id; - /* Key should not be destroyed in the TLS library */ - ssl->handshake->ecdh_psa_privkey_is_external = 1; + if (pk_type == MBEDTLS_PK_OPAQUE) { + /* Key should not be destroyed in the TLS library */ + ssl->handshake->ecdh_psa_privkey_is_external = 1; + } status = psa_get_key_attributes(ssl->handshake->ecdh_psa_privkey, &key_attributes); @@ -2633,9 +2642,11 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) ret = 0; break; +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: + key = mbedtls_pk_ec_rw(*pk); grp_id = mbedtls_pk_get_group_id(pk); if (grp_id == MBEDTLS_ECP_DP_NONE) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; @@ -2660,36 +2671,28 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->ecdh_psa_type)); psa_set_key_bits(&key_attributes, ssl->handshake->ecdh_bits); -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - status = psa_export_key(pk->priv_id, buf, sizeof(buf), &key_len); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ key_len = PSA_BITS_TO_BYTES(key->grp.pbits); ret = mbedtls_ecp_write_key(key, buf, key_len); if (ret != 0) { - goto cleanup; + mbedtls_platform_zeroize(buf, sizeof(buf)); + break; } -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ status = psa_import_key(&key_attributes, buf, key_len, &ssl->handshake->ecdh_psa_privkey); if (status != PSA_SUCCESS) { ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; + mbedtls_platform_zeroize(buf, sizeof(buf)); + break; } ret = 0; break; +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ default: ret = MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } -cleanup: - mbedtls_platform_zeroize(buf, sizeof(buf)); - return ret; } #elif defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ From b46217d5c19a1dc4b8467ef4191b01cc8354899c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 16 Jun 2023 13:18:52 +0200 Subject: [PATCH 14/99] tls: never destroy a priavte key that is not owned/created by TLS module Signed-off-by: Valerio Setti --- library/ssl_tls12_server.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index c990b8ac5..9078c247b 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2622,11 +2622,8 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) } ssl->handshake->ecdh_psa_privkey = pk->priv_id; - - if (pk_type == MBEDTLS_PK_OPAQUE) { - /* Key should not be destroyed in the TLS library */ - ssl->handshake->ecdh_psa_privkey_is_external = 1; - } + /* Key should not be destroyed in the TLS library */ + ssl->handshake->ecdh_psa_privkey_is_external = 1; status = psa_get_key_attributes(ssl->handshake->ecdh_psa_privkey, &key_attributes); From bbe9db4b291a8cbfed4915f449e4dcdbcd8f8563 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 9 May 2023 10:37:21 +0100 Subject: [PATCH 15/99] binum_mod: Added `mbedtls_mpi_mod_optred_modulus_setup()`. Signed-off-by: Minos Galanakis --- library/bignum_mod.c | 13 +++++++++++++ library/bignum_mod.h | 17 +++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index acf45e9d9..9b0f6ec0e 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -171,6 +171,19 @@ exit: return ret; } +int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, + const mbedtls_mpi_uint *p, + size_t p_limbs, + mbedtls_mpi_opt_red_struct *ored) +{ + N->p = p; + N->limbs = p_limbs; + N->bits = mbedtls_mpi_core_bitlen(p, p_limbs); + N->int_rep = MBEDTLS_MPI_MOD_REP_OPT_RED; + N->rep.ored =ored ; + return 0; +} + int mbedtls_mpi_mod_mul(mbedtls_mpi_mod_residue *X, const mbedtls_mpi_mod_residue *A, const mbedtls_mpi_mod_residue *B, diff --git a/library/bignum_mod.h b/library/bignum_mod.h index db177edfd..6c283b382 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -208,6 +208,23 @@ int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, size_t p_limbs, mbedtls_mpi_mod_rep_selector int_rep); +/** Setup an optimised-reduction compatible modulus structure. + * + * \param[out] N The address of the modulus structure to populate. + * \param[in] p The address of the limb array storing the value of \p N. + * The memory pointed to by \p p will be used by \p N and must + * not be modified in any way until after + * mbedtls_mpi_mod_modulus_free() is called. + * \param p_limbs The number of limbs of \p p. + * \param ored The optimized reduction structure to use. \p p. + * + * \return \c 0 if successful. + */ +int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, + const mbedtls_mpi_uint *p, + size_t p_limbs, + mbedtls_mpi_opt_red_struct *ored); + /** Free elements of a modulus structure. * * This function frees any memory allocated by mbedtls_mpi_mod_modulus_setup(). From 67ebaaf8a0f121d78a85668e98f714d0a3b94242 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 9 May 2023 14:26:26 +0100 Subject: [PATCH 16/99] test_suite_bignum: Removed `test_read_modulus()`. Signed-off-by: Minos Galanakis --- tests/suites/test_suite_bignum_mod.function | 35 +++++++-------------- 1 file changed, 12 insertions(+), 23 deletions(-) diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 233d3a982..98ba4b491 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -10,21 +10,6 @@ ASSERT_COMPARE((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \ (b).p, (b).limbs * sizeof(mbedtls_mpi_uint)) -static int test_read_modulus(mbedtls_mpi_mod_modulus *m, - mbedtls_mpi_mod_rep_selector int_rep, - char *input) -{ - mbedtls_mpi_uint *p = NULL; - size_t limbs; - - int ret = mbedtls_test_read_mpi_core(&p, &limbs, input); - if (ret != 0) { - return ret; - } - - return mbedtls_mpi_mod_modulus_setup(m, p, limbs, int_rep); -} - static int test_read_residue(mbedtls_mpi_mod_residue *r, const mbedtls_mpi_mod_modulus *m, char *input, @@ -112,8 +97,8 @@ void mpi_mod_mul(char *input_A, mbedtls_mpi_mod_modulus m; mbedtls_mpi_mod_modulus_init(&m); - TEST_EQUAL(test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N), - 0); + TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N, + MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); TEST_EQUAL(test_read_residue(&rA, &m, input_A, 0), 0); TEST_EQUAL(test_read_residue(&rB, &m, input_B, 0), 0); @@ -200,8 +185,8 @@ void mpi_mod_mul_neg(char *input_A, mbedtls_mpi_mod_modulus fake_m; mbedtls_mpi_mod_modulus_init(&fake_m); - TEST_EQUAL(test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N), - 0); + TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N, + MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); TEST_EQUAL(test_read_residue(&rA, &m, input_A, 1), 0); TEST_EQUAL(test_read_residue(&rB, &m, input_B, 1), 0); @@ -247,7 +232,8 @@ void mpi_mod_sub(char *input_N, mbedtls_mpi_mod_modulus_init(&m); TEST_EQUAL(0, - test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N)); + mbedtls_test_read_mpi_modulus(&m, input_N, + MBEDTLS_MPI_MOD_REP_MONTGOMERY)); /* test_read_residue() normally checks that inputs have the same number of * limbs as the modulus. For negative testing we can ask it to skip this @@ -348,7 +334,8 @@ void mpi_mod_inv_mont(char *input_N, mbedtls_mpi_mod_modulus_init(&N); TEST_EQUAL(0, - test_read_modulus(&N, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N)); + mbedtls_test_read_mpi_modulus(&N, input_N, + MBEDTLS_MPI_MOD_REP_MONTGOMERY)); /* test_read_residue() normally checks that inputs have the same number of * limbs as the modulus. For negative testing we can ask it to skip this @@ -397,7 +384,8 @@ void mpi_mod_inv_non_mont(char *input_N, mbedtls_mpi_mod_modulus_init(&N); TEST_EQUAL(0, - test_read_modulus(&N, MBEDTLS_MPI_MOD_REP_OPT_RED, input_N)); + mbedtls_test_read_mpi_modulus(&N, input_N, + MBEDTLS_MPI_MOD_REP_OPT_RED)); /* test_read_residue() normally checks that inputs have the same number of * limbs as the modulus. For negative testing we can ask it to skip this @@ -447,7 +435,8 @@ void mpi_mod_add(char *input_N, mbedtls_mpi_mod_modulus_init(&m); TEST_EQUAL(0, - test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N)); + mbedtls_test_read_mpi_modulus(&m, input_N, + MBEDTLS_MPI_MOD_REP_MONTGOMERY)); /* test_read_residue() normally checks that inputs have the same number of * limbs as the modulus. For negative testing we can ask it to skip this From 88e16dfa2a55ad57cf3db7348bc139f87ab197ec Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 9 May 2023 14:11:43 +0100 Subject: [PATCH 17/99] bignum_mod: Refactored `mbedtls_mpi_mod_modulus_setup()` This patch removes the `int_rep` input parameter for modular setup, aiming to align it with the optred variant. Test and test-suite helper functions have been updated accordingly. Signed-off-by: Minos Galanakis --- library/bignum_mod.c | 27 +++------------- library/bignum_mod.h | 6 +--- library/ecp_curves.c | 3 +- tests/src/bignum_helpers.c | 13 +++++++- tests/suites/test_suite_bignum_mod.function | 23 +++++++++----- .../suites/test_suite_bignum_mod_raw.function | 31 ++++++------------- tests/suites/test_suite_ecp.function | 3 +- 7 files changed, 46 insertions(+), 60 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 9b0f6ec0e..ba661e2a0 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -138,31 +138,15 @@ cleanup: int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_mpi_uint *p, - size_t p_limbs, - mbedtls_mpi_mod_rep_selector int_rep) + size_t p_limbs) { int ret = 0; - N->p = p; N->limbs = p_limbs; N->bits = mbedtls_mpi_core_bitlen(p, p_limbs); - - switch (int_rep) { - case MBEDTLS_MPI_MOD_REP_MONTGOMERY: - N->int_rep = int_rep; - N->rep.mont.mm = mbedtls_mpi_core_montmul_init(N->p); - ret = set_mont_const_square(&N->rep.mont.rr, N->p, N->limbs); - break; - case MBEDTLS_MPI_MOD_REP_OPT_RED: - N->int_rep = int_rep; - N->rep.ored = NULL; - break; - default: - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - goto exit; - } - -exit: + N->int_rep = MBEDTLS_MPI_MOD_REP_MONTGOMERY; + N->rep.mont.mm = mbedtls_mpi_core_montmul_init(N->p); + ret = set_mont_const_square(&N->rep.mont.rr, N->p, N->limbs); if (ret != 0) { mbedtls_mpi_mod_modulus_free(N); @@ -248,8 +232,7 @@ static int mbedtls_mpi_mod_inv_non_mont(mbedtls_mpi_mod_residue *X, mbedtls_mpi_mod_modulus Nmont; mbedtls_mpi_mod_modulus_init(&Nmont); - MBEDTLS_MPI_CHK(mbedtls_mpi_mod_modulus_setup(&Nmont, N->p, N->limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_modulus_setup(&Nmont, N->p, N->limbs)); /* We'll use X->p to hold the Montgomery form of the input A->p */ mbedtls_mpi_core_to_mont_rep(X->p, A->p, Nmont.p, Nmont.limbs, diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 6c283b382..ccf86c027 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -197,16 +197,12 @@ void mbedtls_mpi_mod_modulus_init(mbedtls_mpi_mod_modulus *N); * not be modified in any way until after * mbedtls_mpi_mod_modulus_free() is called. * \param p_limbs The number of limbs of \p p. - * \param int_rep The internal representation to be used for residues - * associated with \p N (see #mbedtls_mpi_mod_rep_selector). * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p int_rep is invalid. */ int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_mpi_uint *p, - size_t p_limbs, - mbedtls_mpi_mod_rep_selector int_rep); + size_t p_limbs); /** Setup an optimised-reduction compatible modulus structure. * diff --git a/library/ecp_curves.c b/library/ecp_curves.c index af649a2c8..69091c3aa 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -6003,8 +6003,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)) { + if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs)) { return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } return 0; diff --git a/tests/src/bignum_helpers.c b/tests/src/bignum_helpers.c index 4dd37915e..efb2eca1c 100644 --- a/tests/src/bignum_helpers.c +++ b/tests/src/bignum_helpers.c @@ -99,7 +99,18 @@ int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N, if (ret != 0) { return ret; } - ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs, int_rep); + + switch (int_rep) { + case MBEDTLS_MPI_MOD_REP_MONTGOMERY: + ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs); + break; + case MBEDTLS_MPI_MOD_REP_OPT_RED: + ret = mbedtls_mpi_mod_optred_modulus_setup(N, p, limbs, NULL); + break; + default: + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + break; + } if (ret != 0) { mbedtls_free(p); } diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 98ba4b491..a515633bb 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -50,7 +50,19 @@ void mpi_mod_setup(int int_rep, int iret) memset(mp, 0xFF, sizeof(mp)); mbedtls_mpi_mod_modulus_init(&m); - ret = mbedtls_mpi_mod_modulus_setup(&m, mp, MLIMBS, int_rep); + + switch (int_rep) { + case MBEDTLS_MPI_MOD_REP_MONTGOMERY: + ret = mbedtls_mpi_mod_modulus_setup(&m, mp, MLIMBS); + break; + case MBEDTLS_MPI_MOD_REP_OPT_RED: + ret = mbedtls_mpi_mod_optred_modulus_setup(&m, mp, MLIMBS, NULL); + break; + default: + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + break; + } + TEST_EQUAL(ret, iret); /* Only test if the constants have been set-up */ @@ -539,8 +551,7 @@ void mpi_residue_setup(char *input_N, char *input_R, int ret) TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &n_limbs, input_N)); TEST_EQUAL(0, mbedtls_test_read_mpi_core(&R, &r_limbs, input_R)); - TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs)); TEST_EQUAL(ret, mbedtls_mpi_mod_residue_setup(&r, &m, R, r_limbs)); @@ -581,8 +592,7 @@ void mpi_mod_io_neg(char *input_N, data_t *buf, int ret) mbedtls_mpi_mod_write(&r, &m, buf->x, buf->len, endian)); /* Set up modulus and test with residue->p == NULL */ - TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs)); TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_mod_read(&r, &m, buf->x, buf->len, endian)); @@ -655,8 +665,7 @@ void mpi_mod_io(char *input_N, data_t *input_A, int endian) TEST_LE_U(a_bytes, n_bytes); /* Init Structures */ - TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs)); /* Enforcing p_limbs >= m->limbs */ TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&r, &m, R, n_limbs)); diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function index bd5eea78a..b67ac51df 100644 --- a/tests/suites/test_suite_bignum_mod_raw.function +++ b/tests/suites/test_suite_bignum_mod_raw.function @@ -54,8 +54,7 @@ void mpi_mod_raw_io(data_t *input, int nb_int, int nx_32_int, mbedtls_mpi_uint init[sizeof(X) / sizeof(X[0])]; memset(init, 0xFF, sizeof(init)); - int ret = mbedtls_mpi_mod_modulus_setup(&m, init, nx, - MBEDTLS_MPI_MOD_REP_MONTGOMERY); + int ret = mbedtls_mpi_mod_modulus_setup(&m, init, nx); TEST_EQUAL(ret, 0); if (iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID && iret != 0) { @@ -137,8 +136,7 @@ void mpi_mod_raw_cond_assign(char *input_X, ASSERT_ALLOC(buff_m, copy_limbs); memset(buff_m, 0xFF, copy_limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( - &m, buff_m, copy_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); + &m, buff_m, copy_limbs), 0); /* condition is false */ TEST_CF_SECRET(X, bytes); @@ -208,8 +206,7 @@ void mpi_mod_raw_cond_swap(char *input_X, ASSERT_ALLOC(buff_m, copy_limbs); memset(buff_m, 0xFF, copy_limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( - &m, buff_m, copy_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); + &m, buff_m, copy_limbs), 0); ASSERT_ALLOC(X, limbs); memcpy(X, tmp_X, bytes); @@ -297,8 +294,7 @@ void mpi_mod_raw_sub(char *input_A, ASSERT_ALLOC(X, limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( - &m, N, limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); + &m, N, limbs), 0); mbedtls_mpi_mod_raw_sub(X, A, B, &m); ASSERT_COMPARE(X, bytes, res, bytes); @@ -368,8 +364,7 @@ void mpi_mod_raw_fix_quasi_reduction(char *input_N, TEST_ASSERT(c || mbedtls_mpi_core_lt_ct(tmp, N, limbs)); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( - &m, N, limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); + &m, N, limbs), 0); mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m); ASSERT_COMPARE(X, bytes, res, bytes); @@ -419,8 +414,7 @@ void mpi_mod_raw_mul(char *input_A, ASSERT_ALLOC(X, limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( - &m, N, limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); + &m, N, limbs), 0); const size_t limbs_T = limbs * 2 + 1; ASSERT_ALLOC(T, limbs_T); @@ -580,9 +574,7 @@ void mpi_mod_raw_add(char *input_N, ASSERT_ALLOC(X, limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( - &m, N, limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY - ), 0); + &m, N, limbs), 0); /* A + B => Correct result */ mbedtls_mpi_mod_raw_add(X, A, B, &m); @@ -720,8 +712,7 @@ void mpi_mod_raw_to_mont_rep(char *input_N, char *input_A, char *input_X) size_t limbs = n_limbs; size_t bytes = limbs * sizeof(mbedtls_mpi_uint); - TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs)); /* 1. Test low-level function first */ @@ -785,8 +776,7 @@ void mpi_mod_raw_from_mont_rep(char *input_N, char *input_A, char *input_X) size_t limbs = n_limbs; size_t bytes = limbs * sizeof(mbedtls_mpi_uint); - TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs)); /* 1. Test low-level function first */ @@ -847,8 +837,7 @@ void mpi_mod_raw_neg(char *input_N, char *input_A, char *input_X) ASSERT_ALLOC(R, n_limbs); ASSERT_ALLOC(Z, n_limbs); - TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs)); /* Neg( A == 0 ) => Zero result */ mbedtls_mpi_mod_raw_neg(R, Z, &m); diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 9ef35d8a0..cf316d066 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1373,8 +1373,7 @@ void ecp_mod_p_generic_raw(int curve_id, TEST_EQUAL(limbs_res, limbs_N); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( - &m, N, limbs_N, - MBEDTLS_MPI_MOD_REP_OPT_RED), 0); + &m, N, limbs_N), 0); TEST_EQUAL((*curve_func)(X, limbs_X), 0); From f055ad61dcb7b5f88064eb6bdaa647da6194f6e3 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 9 May 2023 15:44:46 +0100 Subject: [PATCH 18/99] bignum_mod: Added static `standard_modulus_setup()`. Signed-off-by: Minos Galanakis --- library/bignum_mod.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index ba661e2a0..ccc5c3bd7 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -136,15 +136,23 @@ cleanup: return ret; } +static inline void standard_modulus_setup(mbedtls_mpi_mod_modulus *N, + const mbedtls_mpi_uint *p, + size_t p_limbs, + mbedtls_mpi_mod_rep_selector int_rep) +{ + N->p = p; + N->limbs = p_limbs; + N->bits = mbedtls_mpi_core_bitlen(p, p_limbs); + N->int_rep = int_rep; +} + int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_mpi_uint *p, size_t p_limbs) { int ret = 0; - N->p = p; - N->limbs = p_limbs; - N->bits = mbedtls_mpi_core_bitlen(p, p_limbs); - N->int_rep = MBEDTLS_MPI_MOD_REP_MONTGOMERY; + standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_MONTGOMERY); N->rep.mont.mm = mbedtls_mpi_core_montmul_init(N->p); ret = set_mont_const_square(&N->rep.mont.rr, N->p, N->limbs); @@ -160,10 +168,7 @@ int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, size_t p_limbs, mbedtls_mpi_opt_red_struct *ored) { - N->p = p; - N->limbs = p_limbs; - N->bits = mbedtls_mpi_core_bitlen(p, p_limbs); - N->int_rep = MBEDTLS_MPI_MOD_REP_OPT_RED; + standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_OPT_RED); N->rep.ored =ored ; return 0; } From 0f718c9ed003cfb1bf5ec5452f61aec99f9fad11 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 19 May 2023 14:22:06 +0100 Subject: [PATCH 19/99] bignum_mod: Fixed code-style Signed-off-by: Minos Galanakis --- library/bignum_mod.c | 8 ++++---- tests/suites/test_suite_bignum_mod.function | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index ccc5c3bd7..70bb584b0 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -137,9 +137,9 @@ cleanup: } static inline void standard_modulus_setup(mbedtls_mpi_mod_modulus *N, - const mbedtls_mpi_uint *p, - size_t p_limbs, - mbedtls_mpi_mod_rep_selector int_rep) + const mbedtls_mpi_uint *p, + size_t p_limbs, + mbedtls_mpi_mod_rep_selector int_rep) { N->p = p; N->limbs = p_limbs; @@ -169,7 +169,7 @@ int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, mbedtls_mpi_opt_red_struct *ored) { standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_OPT_RED); - N->rep.ored =ored ; + N->rep.ored = ored; return 0; } diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index a515633bb..4edc0b90e 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -110,7 +110,7 @@ void mpi_mod_mul(char *input_A, mbedtls_mpi_mod_modulus_init(&m); TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N, - MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); + MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); TEST_EQUAL(test_read_residue(&rA, &m, input_A, 0), 0); TEST_EQUAL(test_read_residue(&rB, &m, input_B, 0), 0); @@ -198,7 +198,7 @@ void mpi_mod_mul_neg(char *input_A, mbedtls_mpi_mod_modulus_init(&fake_m); TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N, - MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); + MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); TEST_EQUAL(test_read_residue(&rA, &m, input_A, 1), 0); TEST_EQUAL(test_read_residue(&rB, &m, input_B, 1), 0); @@ -245,7 +245,7 @@ void mpi_mod_sub(char *input_N, TEST_EQUAL(0, mbedtls_test_read_mpi_modulus(&m, input_N, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + MBEDTLS_MPI_MOD_REP_MONTGOMERY)); /* test_read_residue() normally checks that inputs have the same number of * limbs as the modulus. For negative testing we can ask it to skip this @@ -347,7 +347,7 @@ void mpi_mod_inv_mont(char *input_N, TEST_EQUAL(0, mbedtls_test_read_mpi_modulus(&N, input_N, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + MBEDTLS_MPI_MOD_REP_MONTGOMERY)); /* test_read_residue() normally checks that inputs have the same number of * limbs as the modulus. For negative testing we can ask it to skip this @@ -397,7 +397,7 @@ void mpi_mod_inv_non_mont(char *input_N, TEST_EQUAL(0, mbedtls_test_read_mpi_modulus(&N, input_N, - MBEDTLS_MPI_MOD_REP_OPT_RED)); + MBEDTLS_MPI_MOD_REP_OPT_RED)); /* test_read_residue() normally checks that inputs have the same number of * limbs as the modulus. For negative testing we can ask it to skip this @@ -448,7 +448,7 @@ void mpi_mod_add(char *input_N, TEST_EQUAL(0, mbedtls_test_read_mpi_modulus(&m, input_N, - MBEDTLS_MPI_MOD_REP_MONTGOMERY)); + MBEDTLS_MPI_MOD_REP_MONTGOMERY)); /* test_read_residue() normally checks that inputs have the same number of * limbs as the modulus. For negative testing we can ask it to skip this From c6e68ed85d1e064d1cbcbc61bf95114c3fd2393c Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 9 Jun 2023 14:43:55 +0100 Subject: [PATCH 20/99] bignum_mod: Added `mbedtls_mpi_opt_red_struct` structure. Signed-off-by: Minos Galanakis --- library/bignum_mod.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/bignum_mod.h b/library/bignum_mod.h index ccf86c027..a3512eb17 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -123,7 +123,9 @@ typedef struct { mbedtls_mpi_uint mm; /* Montgomery const for -N^{-1} mod 2^{ciL} */ } mbedtls_mpi_mont_struct; -typedef void *mbedtls_mpi_opt_red_struct; +typedef struct { + int (*modp)(mbedtls_mpi *); /* The optimised reduction function pointer */ +} mbedtls_mpi_opt_red_struct; typedef struct { const mbedtls_mpi_uint *p; From be1bf15f761f2f5e55d08737b202fcc80f972c7c Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 9 Jun 2023 14:47:55 +0100 Subject: [PATCH 21/99] bignum_mod: Updated `optred_modulus_setup` to use function input. Signed-off-by: Minos Galanakis --- library/bignum_mod.c | 6 +++--- library/bignum_mod.h | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 70bb584b0..54d38bd68 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -88,7 +88,7 @@ void mbedtls_mpi_mod_modulus_free(mbedtls_mpi_mod_modulus *N) N->rep.mont.mm = 0; break; case MBEDTLS_MPI_MOD_REP_OPT_RED: - mbedtls_free(N->rep.ored); + N->rep.ored.modp = NULL; break; case MBEDTLS_MPI_MOD_REP_INVALID: break; @@ -166,10 +166,10 @@ int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_mpi_uint *p, size_t p_limbs, - mbedtls_mpi_opt_red_struct *ored) + int (*modp)(mbedtls_mpi *)) { standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_OPT_RED); - N->rep.ored = ored; + N->rep.ored.modp = modp; return 0; } diff --git a/library/bignum_mod.h b/library/bignum_mod.h index a3512eb17..c4b763f32 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -214,14 +214,14 @@ int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, * not be modified in any way until after * mbedtls_mpi_mod_modulus_free() is called. * \param p_limbs The number of limbs of \p p. - * \param ored The optimized reduction structure to use. \p p. + * \param modp A pointer to the optimised reduction function to use. \p p. * * \return \c 0 if successful. */ int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_mpi_uint *p, size_t p_limbs, - mbedtls_mpi_opt_red_struct *ored); + int (*modp)(mbedtls_mpi *)); /** Free elements of a modulus structure. * From 1d3e3329866a314a9916cafc03e42010cde91153 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 9 Jun 2023 14:53:30 +0100 Subject: [PATCH 22/99] ecp_curves: Updated input argument for `mbedtls_ecp_modulus_setup`. Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 32 ++++++++++++++++---------------- library/ecp_invasive.h | 4 ++-- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 69091c3aa..5ca0bcb2b 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5831,20 +5831,20 @@ int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_ecp_group_id id, - const mbedtls_ecp_curve_type ctype) + const mbedtls_ecp_modulus_type ctype) { mbedtls_mpi_uint *p = NULL; size_t p_limbs; - if (!(ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE || \ - ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_SCALAR)) { + if (!(ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE || \ + ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_SCALAR)) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } switch (id) { #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) case MBEDTLS_ECP_DP_SECP192R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) secp192r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_p)); } else { @@ -5856,7 +5856,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) case MBEDTLS_ECP_DP_SECP224R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) secp224r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_p)); } else { @@ -5868,7 +5868,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) case MBEDTLS_ECP_DP_SECP256R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) secp256r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_p)); } else { @@ -5880,7 +5880,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) case MBEDTLS_ECP_DP_SECP384R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) secp384r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_p)); } else { @@ -5892,7 +5892,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) case MBEDTLS_ECP_DP_SECP521R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) secp521r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_p)); } else { @@ -5904,7 +5904,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) case MBEDTLS_ECP_DP_BP256R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) brainpoolP256r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP256r1_p)); } else { @@ -5916,7 +5916,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) case MBEDTLS_ECP_DP_BP384R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) brainpoolP384r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP384r1_p)); } else { @@ -5928,7 +5928,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) case MBEDTLS_ECP_DP_BP512R1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) brainpoolP512r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP512r1_p)); } else { @@ -5940,7 +5940,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) case MBEDTLS_ECP_DP_CURVE25519: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) curve25519_p; p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_p)); } else { @@ -5952,7 +5952,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) case MBEDTLS_ECP_DP_SECP192K1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) secp192k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_p)); } else { @@ -5964,7 +5964,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) case MBEDTLS_ECP_DP_SECP224K1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) secp224k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_p)); } else { @@ -5976,7 +5976,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) case MBEDTLS_ECP_DP_SECP256K1: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) secp256k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_p)); } else { @@ -5988,7 +5988,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) case MBEDTLS_ECP_DP_CURVE448: - if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { p = (mbedtls_mpi_uint *) curve448_p; p_limbs = CHARS_TO_LIMBS(sizeof(curve448_p)); } else { diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 1dc556781..94867b90e 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -306,7 +306,7 @@ int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *X, size_t X_limbs); * \param[in,out] N The address of the modulus structure to populate. * Must be initialized. * \param[in] id The mbedtls_ecp_group_id for which to initialise the modulus. - * \param[in] ctype The mbedtls_ecp_curve_type identifier for a coordinate modulus (P) + * \param[in] ctype The mbedtls_ecp_modulus_type identifier for a coordinate modulus (P) * or a scalar modulus (N). * * \return \c 0 if successful. @@ -317,7 +317,7 @@ int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *X, size_t X_limbs); MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_ecp_group_id id, - const mbedtls_ecp_curve_type ctype); + const mbedtls_ecp_modulus_type ctype); #endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_ECP_C */ From 65210952ec615eddfa47be943a3c361a818c920e Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 9 Jun 2023 15:01:03 +0100 Subject: [PATCH 23/99] ecp_curves: Updated `mbedtls_ecp_modulus_setup` to use optimised reduction. Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 5ca0bcb2b..569277202 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5833,6 +5833,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_ecp_group_id id, const mbedtls_ecp_modulus_type ctype) { + int (*modp)(mbedtls_mpi *) = NULL; mbedtls_mpi_uint *p = NULL; size_t p_limbs; @@ -5845,6 +5846,9 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) case MBEDTLS_ECP_DP_SECP192R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { +#if defined(MBEDTLS_ECP_NIST_OPTIM) + modp = &ecp_mod_p192; +#endif p = (mbedtls_mpi_uint *) secp192r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_p)); } else { @@ -5857,6 +5861,9 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) case MBEDTLS_ECP_DP_SECP224R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { +#if defined(MBEDTLS_ECP_NIST_OPTIM) + modp = &ecp_mod_p224; +#endif p = (mbedtls_mpi_uint *) secp224r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_p)); } else { @@ -5869,6 +5876,9 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) case MBEDTLS_ECP_DP_SECP256R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { +#if defined(MBEDTLS_ECP_NIST_OPTIM) + modp = &ecp_mod_p256; +#endif p = (mbedtls_mpi_uint *) secp256r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_p)); } else { @@ -5881,6 +5891,9 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) case MBEDTLS_ECP_DP_SECP384R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { +#if defined(MBEDTLS_ECP_NIST_OPTIM) + modp = &ecp_mod_p384; +#endif p = (mbedtls_mpi_uint *) secp384r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_p)); } else { @@ -5893,6 +5906,9 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) case MBEDTLS_ECP_DP_SECP521R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { +#if defined(MBEDTLS_ECP_NIST_OPTIM) + modp = &ecp_mod_p521; +#endif p = (mbedtls_mpi_uint *) secp521r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_p)); } else { @@ -5941,6 +5957,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) case MBEDTLS_ECP_DP_CURVE25519: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { + modp = &ecp_mod_p255; p = (mbedtls_mpi_uint *) curve25519_p; p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_p)); } else { @@ -5953,6 +5970,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) case MBEDTLS_ECP_DP_SECP192K1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { + modp = &ecp_mod_p192; p = (mbedtls_mpi_uint *) secp192k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_p)); } else { @@ -5965,6 +5983,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) case MBEDTLS_ECP_DP_SECP224K1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { + modp = &ecp_mod_p224; p = (mbedtls_mpi_uint *) secp224k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_p)); } else { @@ -5977,6 +5996,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) case MBEDTLS_ECP_DP_SECP256K1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { + modp = &ecp_mod_p256; p = (mbedtls_mpi_uint *) secp256k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_p)); } else { @@ -5989,6 +6009,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) case MBEDTLS_ECP_DP_CURVE448: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { + modp = &ecp_mod_p448; p = (mbedtls_mpi_uint *) curve448_p; p_limbs = CHARS_TO_LIMBS(sizeof(curve448_p)); } else { @@ -6003,8 +6024,14 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs)) { - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + if (modp != NULL) { + if (mbedtls_mpi_mod_optred_modulus_setup(N, p, p_limbs, modp)) { + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } + } else { + if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs)) { + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } } return 0; } From effff764e131e407808d9a975f86fd4aa9039a7a Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 9 Jun 2023 15:11:41 +0100 Subject: [PATCH 24/99] test_suite_ecp: Updated `ecp_mod_p_generic_raw` for optimised reduction. Signed-off-by: Minos Galanakis --- tests/suites/test_suite_ecp.function | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index cf316d066..1df0624f6 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1406,16 +1406,18 @@ void ecp_mod_setup(char *input_A, int id, int ctype, int iret) TEST_EQUAL(ret, iret); if (ret == 0) { - + TEST_ASSERT(m.int_rep != MBEDTLS_MPI_MOD_REP_INVALID); /* Test for limb sizes */ TEST_EQUAL(m.limbs, p_limbs); bytes = p_limbs * sizeof(mbedtls_mpi_uint); - /* Test for validity of moduli by the presence of Montgomery consts */ - - TEST_ASSERT(m.rep.mont.mm != 0); - TEST_ASSERT(m.rep.mont.rr != NULL); - + if (m.int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) { + /* Test for validity of moduli by the presence of Montgomery consts */ + TEST_ASSERT(m.rep.mont.mm != 0); + TEST_ASSERT(m.rep.mont.rr != NULL); + } else { + TEST_ASSERT(m.rep.ored.modp != NULL); + } /* Compare output byte-by-byte */ ASSERT_COMPARE(p, bytes, m.p, bytes); From 450abfd922b9b7235193eaf56cb0405556fbed05 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 9 Jun 2023 14:23:55 +0100 Subject: [PATCH 25/99] test_suite_ecp: Added `MBEDTLS_ECP_NIST_OPTIM` define guards. This patch updates `ecp_mod_p_generic_raw` and corresponding curve test methods, that depend on the NIST optimisation parameter to not run when it is not included. The following curves are affected: * SECP192R1 * SECP224R1 * SECP256R1 * SECP384R1 * SECP521R1 Signed-off-by: Minos Galanakis --- scripts/mbedtls_dev/ecp.py | 15 ++++++++++----- tests/suites/test_suite_ecp.function | 10 +++++----- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index e5dd4d9bd..8a3ab281f 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -34,7 +34,8 @@ class EcpP192R1Raw(bignum_common.ModOperationCommon, test_name = "ecp_mod_p192_raw" input_style = "fixed" arity = 1 - dependencies = ["MBEDTLS_ECP_DP_SECP192R1_ENABLED"] + dependencies = ["MBEDTLS_ECP_DP_SECP192R1_ENABLED", + "MBEDTLS_ECP_NIST_OPTIM"] moduli = ["fffffffffffffffffffffffffffffffeffffffffffffffff"] # type: List[str] @@ -110,7 +111,8 @@ class EcpP224R1Raw(bignum_common.ModOperationCommon, test_name = "ecp_mod_p224_raw" input_style = "arch_split" arity = 1 - dependencies = ["MBEDTLS_ECP_DP_SECP224R1_ENABLED"] + dependencies = ["MBEDTLS_ECP_DP_SECP224R1_ENABLED", + "MBEDTLS_ECP_NIST_OPTIM"] moduli = ["ffffffffffffffffffffffffffffffff000000000000000000000001"] # type: List[str] @@ -187,7 +189,8 @@ class EcpP256R1Raw(bignum_common.ModOperationCommon, test_name = "ecp_mod_p256_raw" input_style = "fixed" arity = 1 - dependencies = ["MBEDTLS_ECP_DP_SECP256R1_ENABLED"] + dependencies = ["MBEDTLS_ECP_DP_SECP256R1_ENABLED", + "MBEDTLS_ECP_NIST_OPTIM"] moduli = ["ffffffff00000001000000000000000000000000ffffffffffffffffffffffff"] # type: List[str] @@ -270,7 +273,8 @@ class EcpP384R1Raw(bignum_common.ModOperationCommon, test_name = "ecp_mod_p384_raw" input_style = "fixed" arity = 1 - dependencies = ["MBEDTLS_ECP_DP_SECP384R1_ENABLED"] + dependencies = ["MBEDTLS_ECP_DP_SECP384R1_ENABLED", + "MBEDTLS_ECP_NIST_OPTIM"] moduli = [("ffffffffffffffffffffffffffffffffffffffffffffffff" "fffffffffffffffeffffffff0000000000000000ffffffff") @@ -392,7 +396,8 @@ class EcpP521R1Raw(bignum_common.ModOperationCommon, test_name = "ecp_mod_p521_raw" input_style = "arch_split" arity = 1 - dependencies = ["MBEDTLS_ECP_DP_SECP521R1_ENABLED"] + dependencies = ["MBEDTLS_ECP_DP_SECP521R1_ENABLED", + "MBEDTLS_ECP_NIST_OPTIM"] moduli = [("01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff") diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 1df0624f6..55ded45b4 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1294,35 +1294,35 @@ void ecp_mod_p_generic_raw(int curve_id, bytes = limbs_N * sizeof(mbedtls_mpi_uint); switch (curve_id) { -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) +#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP192R1: limbs = 2 * limbs_N; curve_bits = 192; curve_func = &mbedtls_ecp_mod_p192_raw; break; #endif -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) +#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP224R1: limbs = 448 / biL; curve_bits = 224; curve_func = &mbedtls_ecp_mod_p224_raw; break; #endif -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) +#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP256R1: limbs = 2 * limbs_N; curve_bits = 256; curve_func = &mbedtls_ecp_mod_p256_raw; break; #endif -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) +#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP384R1: limbs = 2 * limbs_N; curve_bits = 384; curve_func = &mbedtls_ecp_mod_p384_raw; break; #endif -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) +#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP521R1: limbs = 2 * limbs_N; curve_bits = 522; From 5c238d80cd0d13e1ef1a0866c2b35e0f7c764472 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 9 Jun 2023 15:37:53 +0100 Subject: [PATCH 26/99] bignum_mod: Updated documentation. Signed-off-by: Minos Galanakis --- library/bignum_mod.h | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/library/bignum_mod.h b/library/bignum_mod.h index c4b763f32..60966cc88 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -98,10 +98,11 @@ typedef enum { /* Skip 1 as it is slightly easier to accidentally pass to functions. */ /** Montgomery representation. */ MBEDTLS_MPI_MOD_REP_MONTGOMERY = 2, - /** TODO: document this. - * - * Residues are in canonical representation. - */ + /* Optimised reduction available. This indicates a coordinate modulus (P) + * and one of the following available: + * - MBEDTLS_ECP_NIST_OPTIM + * - Kobliz Curve. + * - Fast Reduction Curve CURVE25519 or CURVE448. */ MBEDTLS_MPI_MOD_REP_OPT_RED, } mbedtls_mpi_mod_rep_selector; From de87461c23080763155b98b12c9567b2d2ae8b2e Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 13 Jun 2023 16:59:26 +0100 Subject: [PATCH 27/99] ecp_curves: Updated the optimised reduction function pointer. This patch modifies the `mbedtls_mpi_opt_red_struct` to use an mpi_uint * pointer and size_t limps arguments. The methods interacting with this pointer have been updated accordingly: - mbedtls_mpi_mod_optred_modulus_setup - mbedtls_ecp_modulus_setup Signed-off-by: Minos Galanakis --- library/bignum_mod.c | 3 ++- library/bignum_mod.h | 6 ++++-- library/ecp_curves.c | 22 +++++++++++----------- 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 54d38bd68..60a3c306f 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -166,7 +166,8 @@ int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_mpi_uint *p, size_t p_limbs, - int (*modp)(mbedtls_mpi *)) + int (*modp)(mbedtls_mpi_uint *X, + size_t X_limbs)) { standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_OPT_RED); N->rep.ored.modp = modp; diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 60966cc88..87ee01569 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -125,7 +125,8 @@ typedef struct { } mbedtls_mpi_mont_struct; typedef struct { - int (*modp)(mbedtls_mpi *); /* The optimised reduction function pointer */ + int (*modp)(mbedtls_mpi_uint *X, + size_t X_limbs); /* The optimised reduction function pointer */ } mbedtls_mpi_opt_red_struct; typedef struct { @@ -222,7 +223,8 @@ int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_mpi_uint *p, size_t p_limbs, - int (*modp)(mbedtls_mpi *)); + int (*modp)(mbedtls_mpi_uint *X, + size_t X_limbs)); /** Free elements of a modulus structure. * diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 569277202..cb941966b 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5833,7 +5833,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_ecp_group_id id, const mbedtls_ecp_modulus_type ctype) { - int (*modp)(mbedtls_mpi *) = NULL; + int (*modp)(mbedtls_mpi_uint *X, size_t X_limbs) = NULL; mbedtls_mpi_uint *p = NULL; size_t p_limbs; @@ -5847,7 +5847,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, case MBEDTLS_ECP_DP_SECP192R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { #if defined(MBEDTLS_ECP_NIST_OPTIM) - modp = &ecp_mod_p192; + modp = &mbedtls_ecp_mod_p192_raw; #endif p = (mbedtls_mpi_uint *) secp192r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_p)); @@ -5862,7 +5862,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, case MBEDTLS_ECP_DP_SECP224R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { #if defined(MBEDTLS_ECP_NIST_OPTIM) - modp = &ecp_mod_p224; + modp = &mbedtls_ecp_mod_p224_raw; #endif p = (mbedtls_mpi_uint *) secp224r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_p)); @@ -5877,7 +5877,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, case MBEDTLS_ECP_DP_SECP256R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { #if defined(MBEDTLS_ECP_NIST_OPTIM) - modp = &ecp_mod_p256; + modp = &mbedtls_ecp_mod_p256_raw; #endif p = (mbedtls_mpi_uint *) secp256r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_p)); @@ -5892,7 +5892,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, case MBEDTLS_ECP_DP_SECP384R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { #if defined(MBEDTLS_ECP_NIST_OPTIM) - modp = &ecp_mod_p384; + modp = &mbedtls_ecp_mod_p384_raw; #endif p = (mbedtls_mpi_uint *) secp384r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_p)); @@ -5907,7 +5907,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, case MBEDTLS_ECP_DP_SECP521R1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { #if defined(MBEDTLS_ECP_NIST_OPTIM) - modp = &ecp_mod_p521; + modp = &mbedtls_ecp_mod_p521_raw; #endif p = (mbedtls_mpi_uint *) secp521r1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_p)); @@ -5957,7 +5957,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) case MBEDTLS_ECP_DP_CURVE25519: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - modp = &ecp_mod_p255; + modp = &mbedtls_ecp_mod_p255_raw; p = (mbedtls_mpi_uint *) curve25519_p; p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_p)); } else { @@ -5970,7 +5970,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) case MBEDTLS_ECP_DP_SECP192K1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - modp = &ecp_mod_p192; + modp = &mbedtls_ecp_mod_p192_raw; p = (mbedtls_mpi_uint *) secp192k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_p)); } else { @@ -5983,7 +5983,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) case MBEDTLS_ECP_DP_SECP224K1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - modp = &ecp_mod_p224; + modp = &mbedtls_ecp_mod_p224_raw; p = (mbedtls_mpi_uint *) secp224k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_p)); } else { @@ -5996,7 +5996,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) case MBEDTLS_ECP_DP_SECP256K1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - modp = &ecp_mod_p256; + modp = &mbedtls_ecp_mod_p256_raw; p = (mbedtls_mpi_uint *) secp256k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_p)); } else { @@ -6009,7 +6009,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) case MBEDTLS_ECP_DP_CURVE448: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - modp = &ecp_mod_p448; + modp = &mbedtls_ecp_mod_p448_raw; p = (mbedtls_mpi_uint *) curve448_p; p_limbs = CHARS_TO_LIMBS(sizeof(curve448_p)); } else { From 16442cc929d447299a316e5351f4723f9861023a Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Sat, 26 Nov 2022 22:19:48 -0500 Subject: [PATCH 28/99] x509parse tests: Replace TEST_ASSERT with TEST_EQUAL The latter gives much more informative errors. Signed-off-by: Demi Marie Obenour --- tests/suites/test_suite_x509parse.function | 188 ++++++++++----------- 1 file changed, 94 insertions(+), 94 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index c93644353..4ee9550ca 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -433,7 +433,7 @@ void x509_accessor_ext_types(int ext_type, int has_ext_type) crt.ext_types = ext_type; - TEST_ASSERT(mbedtls_x509_crt_has_ext_type(&crt, has_ext_type) == expected_result); + TEST_EQUAL(mbedtls_x509_crt_has_ext_type(&crt, has_ext_type), expected_result); exit: mbedtls_x509_crt_free(&crt); @@ -491,7 +491,7 @@ void x509_parse_san(char *crt_file, char *result_str, int parse_result) } } - TEST_ASSERT(strcmp(buf, result_str) == 0); + TEST_EQUAL(strcmp(buf, result_str), 0); exit: mbedtls_x509_crt_free(&crt); @@ -510,13 +510,13 @@ void x509_cert_info(char *crt_file, char *result_str) USE_PSA_INIT(); memset(buf, 0, 2000); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); res = mbedtls_x509_crt_info(buf, 2000, "", &crt); TEST_ASSERT(res != -1); TEST_ASSERT(res != -2); - TEST_ASSERT(strcmp(buf, result_str) == 0); + TEST_EQUAL(strcmp(buf, result_str), 0); exit: mbedtls_x509_crt_free(&crt); @@ -535,13 +535,13 @@ void mbedtls_x509_crl_info(char *crl_file, char *result_str) USE_PSA_INIT(); memset(buf, 0, 2000); - TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == 0); + TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0); res = mbedtls_x509_crl_info(buf, 2000, "", &crl); TEST_ASSERT(res != -1); TEST_ASSERT(res != -2); - TEST_ASSERT(strcmp(buf, result_str) == 0); + TEST_EQUAL(strcmp(buf, result_str), 0); exit: mbedtls_x509_crl_free(&crl); @@ -559,7 +559,7 @@ void mbedtls_x509_crl_parse(char *crl_file, int result) USE_PSA_INIT(); memset(buf, 0, 2000); - TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == result); + TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), result); exit: mbedtls_x509_crl_free(&crl); @@ -578,13 +578,13 @@ void mbedtls_x509_csr_info(char *csr_file, char *result_str) USE_PSA_INIT(); memset(buf, 0, 2000); - TEST_ASSERT(mbedtls_x509_csr_parse_file(&csr, csr_file) == 0); + TEST_EQUAL(mbedtls_x509_csr_parse_file(&csr, csr_file), 0); res = mbedtls_x509_csr_info(buf, 2000, "", &csr); TEST_ASSERT(res != -1); TEST_ASSERT(res != -2); - TEST_ASSERT(strcmp(buf, result_str) == 0); + TEST_EQUAL(strcmp(buf, result_str), 0); exit: mbedtls_x509_csr_free(&csr); @@ -605,7 +605,7 @@ void x509_verify_info(int flags, char *prefix, char *result_str) TEST_ASSERT(res >= 0); - TEST_ASSERT(strcmp(buf, result_str) == 0); + TEST_EQUAL(strcmp(buf, result_str), 0); exit: USE_PSA_DONE(); @@ -637,8 +637,8 @@ void x509_verify_restart(char *crt_file, char *ca_file, mbedtls_x509_crt_init(&ca); MD_OR_USE_PSA_INIT(); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); mbedtls_ecp_set_max_ops(max_ops); @@ -649,8 +649,8 @@ void x509_verify_restart(char *crt_file, char *ca_file, NULL, NULL, &rs_ctx); } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); - TEST_ASSERT(ret == result); - TEST_ASSERT(flags == (uint32_t) flags_result); + TEST_EQUAL(ret, result); + TEST_EQUAL(flags, (uint32_t) flags_result); TEST_ASSERT(cnt_restart >= min_restart); TEST_ASSERT(cnt_restart <= max_restart); @@ -717,9 +717,9 @@ void x509_verify(char *crt_file, char *ca_file, char *crl_file, TEST_ASSERT("No known verify callback selected" == 0); } - TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0); - TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == 0); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); + TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0); res = mbedtls_x509_crt_verify_with_profile(&crt, &ca, @@ -748,8 +748,8 @@ void x509_verify(char *crt_file, char *ca_file, char *crl_file, f_vrfy, NULL); - TEST_ASSERT(res == (result)); - TEST_ASSERT(flags == (uint32_t) (flags_result)); + TEST_EQUAL(res, result); + TEST_EQUAL(flags, (uint32_t) (flags_result)); } #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ exit: @@ -773,8 +773,8 @@ void x509_verify_ca_cb_failure(char *crt_file, char *ca_file, char *name, mbedtls_x509_crt_init(&ca); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); if (strcmp(name, "NULL") == 0) { name = NULL; @@ -784,8 +784,8 @@ void x509_verify_ca_cb_failure(char *crt_file, char *ca_file, char *name, &compat_profile, name, &flags, NULL, NULL); - TEST_ASSERT(ret == exp_ret); - TEST_ASSERT(flags == (uint32_t) (-1)); + TEST_EQUAL(ret, exp_ret); + TEST_EQUAL(flags, (uint32_t) (-1)); exit: mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_free(&ca); @@ -809,8 +809,8 @@ void x509_verify_callback(char *crt_file, char *ca_file, char *name, verify_print_init(&vrfy_ctx); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); if (strcmp(name, "NULL") == 0) { name = NULL; @@ -821,8 +821,8 @@ void x509_verify_callback(char *crt_file, char *ca_file, char *name, name, &flags, verify_print, &vrfy_ctx); - TEST_ASSERT(ret == exp_ret); - TEST_ASSERT(strcmp(vrfy_ctx.buf, exp_vrfy_out) == 0); + TEST_EQUAL(ret, exp_ret); + TEST_EQUAL(strcmp(vrfy_ctx.buf, exp_vrfy_out), 0); exit: mbedtls_x509_crt_free(&crt); @@ -846,18 +846,18 @@ void mbedtls_x509_dn_gets_subject_replace(char *crt_file, memset(buf, 0, 2000); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); crt.subject.next->val.p = (unsigned char *) new_subject_ou; crt.subject.next->val.len = strlen(new_subject_ou); res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject); if (ret != 0) { - TEST_ASSERT(res == ret); + TEST_EQUAL(res, ret); } else { TEST_ASSERT(res != -1); TEST_ASSERT(res != -2); - TEST_ASSERT(strcmp(buf, result_str) == 0); + TEST_EQUAL(strcmp(buf, result_str), 0); } exit: mbedtls_x509_crt_free(&crt); @@ -877,7 +877,7 @@ void mbedtls_x509_dn_gets(char *crt_file, char *entity, char *result_str) memset(buf, 0, 2000); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); if (strcmp(entity, "subject") == 0) { res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject); } else if (strcmp(entity, "issuer") == 0) { @@ -889,7 +889,7 @@ void mbedtls_x509_dn_gets(char *crt_file, char *entity, char *result_str) TEST_ASSERT(res != -1); TEST_ASSERT(res != -2); - TEST_ASSERT(strcmp(buf, result_str) == 0); + TEST_EQUAL(strcmp(buf, result_str), 0); exit: mbedtls_x509_crt_free(&crt); @@ -1001,12 +1001,12 @@ void mbedtls_x509_time_is_past(char *crt_file, char *entity, int result) mbedtls_x509_crt_init(&crt); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); if (strcmp(entity, "valid_from") == 0) { - TEST_ASSERT(mbedtls_x509_time_is_past(&crt.valid_from) == result); + TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_from), result); } else if (strcmp(entity, "valid_to") == 0) { - TEST_ASSERT(mbedtls_x509_time_is_past(&crt.valid_to) == result); + TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_to), result); } else { TEST_ASSERT("Unknown entity" == 0); } @@ -1025,12 +1025,12 @@ void mbedtls_x509_time_is_future(char *crt_file, char *entity, int result) mbedtls_x509_crt_init(&crt); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); if (strcmp(entity, "valid_from") == 0) { - TEST_ASSERT(mbedtls_x509_time_is_future(&crt.valid_from) == result); + TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_from), result); } else if (strcmp(entity, "valid_to") == 0) { - TEST_ASSERT(mbedtls_x509_time_is_future(&crt.valid_to) == result); + TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_to), result); } else { TEST_ASSERT("Unknown entity" == 0); } @@ -1049,7 +1049,7 @@ void x509parse_crt_file(char *crt_file, int result) mbedtls_x509_crt_init(&crt); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == result); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), result); exit: mbedtls_x509_crt_free(&crt); @@ -1071,14 +1071,14 @@ void x509parse_crt(data_t *buf, char *result_str, int result) mbedtls_x509_crt_init(&crt); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len) == (result)); + TEST_EQUAL(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len), result); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); TEST_ASSERT(res != -1); TEST_ASSERT(res != -2); - TEST_ASSERT(strcmp((char *) output, result_str) == 0); + TEST_EQUAL(strcmp((char *) output, result_str), 0); } memset(output, 0, 2000); #endif @@ -1086,7 +1086,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result) mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_init(&crt); - TEST_ASSERT(mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len) == (result)); + TEST_EQUAL(mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len), result); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { memset(output, 0, 2000); @@ -1096,7 +1096,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result) TEST_ASSERT(res != -1); TEST_ASSERT(res != -2); - TEST_ASSERT(strcmp((char *) output, result_str) == 0); + TEST_EQUAL(strcmp((char *) output, result_str), 0); } memset(output, 0, 2000); #endif /* !MBEDTLS_X509_REMOVE_INFO */ @@ -1104,8 +1104,8 @@ void x509parse_crt(data_t *buf, char *result_str, int result) mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_init(&crt); - TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, - NULL) == (result)); + TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, NULL), + result); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); @@ -1113,7 +1113,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result) TEST_ASSERT(res != -1); TEST_ASSERT(res != -2); - TEST_ASSERT(strcmp((char *) output, result_str) == 0); + TEST_EQUAL(strcmp((char *) output, result_str), 0); } memset(output, 0, 2000); #endif /* !MBEDTLS_X509_REMOVE_INFO */ @@ -1121,8 +1121,8 @@ void x509parse_crt(data_t *buf, char *result_str, int result) mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_init(&crt); - TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, - NULL) == (result)); + TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, NULL), + result); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); @@ -1130,7 +1130,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result) TEST_ASSERT(res != -1); TEST_ASSERT(res != -2); - TEST_ASSERT(strcmp((char *) output, result_str) == 0); + TEST_EQUAL(strcmp((char *) output, result_str), 0); } #endif /* !MBEDTLS_X509_REMOVE_INFO */ @@ -1160,8 +1160,8 @@ void x509parse_crt_cb(data_t *buf, char *result_str, int result) mbedtls_x509_crt_init(&crt); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, parse_crt_ext_cb, - &oid) == (result)); + TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, parse_crt_ext_cb, + &oid), result); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); @@ -1169,7 +1169,7 @@ void x509parse_crt_cb(data_t *buf, char *result_str, int result) TEST_ASSERT(res != -1); TEST_ASSERT(res != -2); - TEST_ASSERT(strcmp((char *) output, result_str) == 0); + TEST_EQUAL(strcmp((char *) output, result_str), 0); } memset(output, 0, 2000); #endif /* !MBEDTLS_X509_REMOVE_INFO */ @@ -1177,8 +1177,8 @@ void x509parse_crt_cb(data_t *buf, char *result_str, int result) mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_init(&crt); - TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, parse_crt_ext_cb, - &oid) == (result)); + TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, parse_crt_ext_cb, + &oid), (result)); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); @@ -1186,7 +1186,7 @@ void x509parse_crt_cb(data_t *buf, char *result_str, int result) TEST_ASSERT(res != -1); TEST_ASSERT(res != -2); - TEST_ASSERT(strcmp((char *) output, result_str) == 0); + TEST_EQUAL(strcmp((char *) output, result_str), 0); } #endif /* !MBEDTLS_X509_REMOVE_INFO */ @@ -1209,14 +1209,14 @@ void x509parse_crl(data_t *buf, char *result_str, int result) memset(output, 0, 2000); - TEST_ASSERT(mbedtls_x509_crl_parse(&crl, buf->x, buf->len) == (result)); + TEST_EQUAL(mbedtls_x509_crl_parse(&crl, buf->x, buf->len), (result)); if ((result) == 0) { res = mbedtls_x509_crl_info((char *) output, 2000, "", &crl); TEST_ASSERT(res != -1); TEST_ASSERT(res != -2); - TEST_ASSERT(strcmp((char *) output, result_str) == 0); + TEST_EQUAL(strcmp((char *) output, result_str), 0); } exit: @@ -1238,12 +1238,12 @@ void mbedtls_x509_csr_parse(data_t *csr_der, char *ref_out, int ref_ret) memset(my_out, 0, sizeof(my_out)); my_ret = mbedtls_x509_csr_parse_der(&csr, csr_der->x, csr_der->len); - TEST_ASSERT(my_ret == ref_ret); + TEST_EQUAL(my_ret, ref_ret); if (ref_ret == 0) { size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr); - TEST_ASSERT(my_out_len == strlen(ref_out)); - TEST_ASSERT(strcmp(my_out, ref_out) == 0); + TEST_EQUAL(my_out_len, strlen(ref_out)); + TEST_EQUAL(strcmp(my_out, ref_out), 0); } exit: @@ -1265,12 +1265,12 @@ void mbedtls_x509_csr_parse_file(char *csr_file, char *ref_out, int ref_ret) memset(my_out, 0, sizeof(my_out)); my_ret = mbedtls_x509_csr_parse_file(&csr, csr_file); - TEST_ASSERT(my_ret == ref_ret); + TEST_EQUAL(my_ret, ref_ret); if (ref_ret == 0) { size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr); - TEST_ASSERT(my_out_len == strlen(ref_out)); - TEST_ASSERT(strcmp(my_out, ref_out) == 0); + TEST_EQUAL(my_out_len, strlen(ref_out)); + TEST_EQUAL(strcmp(my_out, ref_out), 0); } exit: @@ -1288,7 +1288,7 @@ void mbedtls_x509_crt_parse_path(char *crt_path, int ret, int nb_crt) mbedtls_x509_crt_init(&chain); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_x509_crt_parse_path(&chain, crt_path) == ret); + TEST_EQUAL(mbedtls_x509_crt_parse_path(&chain, crt_path), ret); /* Check how many certs we got */ for (i = 0, cur = &chain; cur != NULL; cur = cur->next) { @@ -1297,7 +1297,7 @@ void mbedtls_x509_crt_parse_path(char *crt_path, int ret, int nb_crt) } } - TEST_ASSERT(i == nb_crt); + TEST_EQUAL(i, nb_crt); exit: mbedtls_x509_crt_free(&chain); @@ -1323,20 +1323,20 @@ void mbedtls_x509_crt_verify_max(char *ca_file, char *chain_dir, int nb_int, MD_OR_USE_PSA_INIT(); /* Load trusted root */ - TEST_ASSERT(mbedtls_x509_crt_parse_file(&trusted, ca_file) == 0); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, ca_file), 0); /* Load a chain with nb_int intermediates (from 01 to nb_int), * plus one "end-entity" cert (nb_int + 1) */ ret = mbedtls_snprintf(file_buf, sizeof(file_buf), "%s/c%02d.pem", chain_dir, nb_int + 1); TEST_ASSERT(ret > 0 && (size_t) ret < sizeof(file_buf)); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&chain, file_buf) == 0); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, file_buf), 0); /* Try to verify that chain */ ret = mbedtls_x509_crt_verify(&chain, &trusted, NULL, NULL, &flags, NULL, NULL); - TEST_ASSERT(ret == ret_chk); - TEST_ASSERT(flags == (uint32_t) flags_chk); + TEST_EQUAL(ret, ret_chk); + TEST_EQUAL(flags, (uint32_t) flags_chk); exit: mbedtls_x509_crt_free(&chain); @@ -1361,9 +1361,9 @@ void mbedtls_x509_crt_verify_chain(char *chain_paths, char *trusted_ca, MD_OR_USE_PSA_INIT(); while ((act = mystrsep(&chain_paths, " ")) != NULL) { - TEST_ASSERT(mbedtls_x509_crt_parse_file(&chain, act) == 0); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, act), 0); } - TEST_ASSERT(mbedtls_x509_crt_parse_file(&trusted, trusted_ca) == 0); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, trusted_ca), 0); if (strcmp(profile_name, "") == 0) { profile = &mbedtls_x509_crt_profile_default; @@ -1380,8 +1380,8 @@ void mbedtls_x509_crt_verify_chain(char *chain_paths, char *trusted_ca, res = mbedtls_x509_crt_verify_with_profile(&chain, &trusted, NULL, profile, NULL, &flags, verify_fatal, &vrfy_fatal_lvls); - TEST_ASSERT(res == (result)); - TEST_ASSERT(flags == (uint32_t) (flags_result)); + TEST_EQUAL(res, (result)); + TEST_EQUAL(flags, (uint32_t) (flags_result)); exit: mbedtls_x509_crt_free(&trusted); @@ -1409,9 +1409,9 @@ void x509_oid_desc(data_t *buf, char *ref_desc) TEST_ASSERT(ret != 0); TEST_ASSERT(desc == NULL); } else { - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); TEST_ASSERT(desc != NULL); - TEST_ASSERT(strcmp(desc, ref_desc) == 0); + TEST_EQUAL(strcmp(desc, ref_desc), 0); } exit: @@ -1435,11 +1435,11 @@ void x509_oid_numstr(data_t *oid_buf, char *numstr, int blen, int ret) TEST_ASSERT((size_t) blen <= sizeof(num_buf)); - TEST_ASSERT(mbedtls_oid_get_numeric_string(num_buf, blen, &oid) == ret); + TEST_EQUAL(mbedtls_oid_get_numeric_string(num_buf, blen, &oid), ret); if (ret >= 0) { - TEST_ASSERT(num_buf[ret] == 0); - TEST_ASSERT(strcmp(num_buf, numstr) == 0); + TEST_EQUAL(num_buf[ret], 0); + TEST_EQUAL(strcmp(num_buf, numstr), 0); } exit: @@ -1455,9 +1455,9 @@ void x509_check_key_usage(char *crt_file, int usage, int ret) mbedtls_x509_crt_init(&crt); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - TEST_ASSERT(mbedtls_x509_crt_check_key_usage(&crt, usage) == ret); + TEST_EQUAL(mbedtls_x509_crt_check_key_usage(&crt, usage), ret); exit: mbedtls_x509_crt_free(&crt); @@ -1474,10 +1474,10 @@ void x509_check_extended_key_usage(char *crt_file, data_t *oid, int ret mbedtls_x509_crt_init(&crt); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); + TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - TEST_ASSERT(mbedtls_x509_crt_check_extended_key_usage(&crt, (const char *) oid->x, - oid->len) == ret); + TEST_EQUAL(mbedtls_x509_crt_check_extended_key_usage(&crt, (const char *) oid->x, oid->len), + ret); exit: mbedtls_x509_crt_free(&crt); @@ -1503,14 +1503,14 @@ void x509_get_time(int tag, char *time_str, int ret, int year, int mon, memcpy(end, time_str, (size_t) *(end - 1)); end += *(end - 1); - TEST_ASSERT(mbedtls_x509_get_time(&start, end, &time) == ret); + TEST_EQUAL(mbedtls_x509_get_time(&start, end, &time), ret); if (ret == 0) { - TEST_ASSERT(year == time.year); - TEST_ASSERT(mon == time.mon); - TEST_ASSERT(day == time.day); - TEST_ASSERT(hour == time.hour); - TEST_ASSERT(min == time.min); - TEST_ASSERT(sec == time.sec); + TEST_EQUAL(year, time.year); + TEST_EQUAL(mon, time.mon); + TEST_EQUAL(day, time.day); + TEST_EQUAL(hour, time.hour); + TEST_EQUAL(min, time.min); + TEST_EQUAL(sec, time.sec); } exit: USE_PSA_DONE(); @@ -1536,12 +1536,12 @@ void x509_parse_rsassa_pss_params(data_t *params, int params_tag, my_ret = mbedtls_x509_get_rsassa_pss_params(&buf, &my_msg_md, &my_mgf_md, &my_salt_len); - TEST_ASSERT(my_ret == ref_ret); + TEST_EQUAL(my_ret, ref_ret); if (ref_ret == 0) { - TEST_ASSERT(my_msg_md == (mbedtls_md_type_t) ref_msg_md); - TEST_ASSERT(my_mgf_md == (mbedtls_md_type_t) ref_mgf_md); - TEST_ASSERT(my_salt_len == ref_salt_len); + TEST_EQUAL(my_msg_md, (mbedtls_md_type_t) ref_msg_md); + TEST_EQUAL(my_mgf_md, (mbedtls_md_type_t) ref_mgf_md); + TEST_EQUAL(my_salt_len, ref_salt_len); } exit: From 1814bb785f8add11bca7c890cb2680bb0f1e27d9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Jun 2023 14:17:48 +0200 Subject: [PATCH 29/99] test: re-enable PK and RSA in component without ECP/ECP_LIGHT Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c1e2b9f80..18c259353 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2433,22 +2433,6 @@ config_psa_crypto_no_ecp_at_all () { scripts/config.py unset MBEDTLS_ECP_C fi - # Disable PK module since it depends on ECP - scripts/config.py unset MBEDTLS_PK_C - scripts/config.py unset MBEDTLS_PK_PARSE_C - scripts/config.py unset MBEDTLS_PK_WRITE_C - # Disable also RSA_C that would re-enable PK - scripts/config.py unset MBEDTLS_RSA_C - scripts/config.py unset MBEDTLS_PKCS1_V15 - scripts/config.py unset MBEDTLS_PKCS1_V21 - scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT - # Disable also key exchanges that depend on RSA for completeness - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED @@ -2458,16 +2442,6 @@ config_psa_crypto_no_ecp_at_all () { # the future, the following line could be removed (see issues # 6061, 6332 and following ones) scripts/config.py unset MBEDTLS_ECP_RESTARTABLE - - # Disable PSA_WANT symbols that would re-enable PK - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY - for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do - scripts/config.py -f include/psa/crypto_config.h unset $ALG - done } # Build and test a configuration where driver accelerates all EC algs while @@ -2507,7 +2481,6 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { not grep mbedtls_ecjpake_ library/ecjpake.o # Also ensure that ECP or RSA modules were not re-enabled not grep mbedtls_ecp_ library/ecp.o - not grep mbedtls_rsa_ library/rsa.o # Run the tests # ------------- @@ -2526,9 +2499,6 @@ component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { make - # Esure that the RSA module was not re-enabled - not grep mbedtls_rsa_ library/rsa.o - msg "test suites: crypto_full + non accelerated EC algs + USE_PSA" make test } From e489e81437e496bd39c50e525028919328a6962a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Jun 2023 14:28:06 +0200 Subject: [PATCH 30/99] pk: add new symbol to state that PK has support for EC keys Note: both MBEDTLS_PK_USE_PSA_EC_DATA and MBEDTLS_PK_HAVE_ECC_KEYS has been move on top of the pk.h file because we need these symbols when crypto.h is evaluated otherwise functions like mbedtls_ecc_group_of_psa() won't be available. Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 50 +++++++++++++++++++++++++------------------- 1 file changed, 29 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index cbeaf51db..ba1544739 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -40,6 +40,35 @@ #include "mbedtls/ecdsa.h" #endif +/* Internal helper to define which fields in the pk_context structure below + * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) + * format. It should be noticed that this only affect how data is stored, not + * which functions are used for various operations. The overall picture looks + * like this: + * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure + * and legacy functions + * - if USE_PSA is defined and + * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly + * format and use PSA functions + * - if !ECP_C then use new raw data and PSA functions directly. + * + * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long + * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the + * ecp_keypair structure inside the pk_context so he/she can modify it using + * ECP functions which are not under PK module's control. + */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ + !defined(MBEDTLS_ECP_C) +#define MBEDTLS_PK_USE_PSA_EC_DATA +#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ + +/* Helper symbol to state that the PK module has support for EC keys. This + * can either be provided through the legacy ECP solution or through the + * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C) +#define MBEDTLS_PK_HAVE_ECC_KEYS +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ + #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_PSA_CRYPTO_C) #include "psa/crypto.h" #endif @@ -202,27 +231,6 @@ typedef struct mbedtls_pk_rsassa_pss_options { #define MBEDTLS_PK_CAN_ECDH #endif -/* Internal helper to define which fields in the pk_context structure below - * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) - * format. It should be noticed that this only affect how data is stored, not - * which functions are used for various operations. The overall picture looks - * like this: - * - if ECP_C is defined then use legacy functions - * - if USE_PSA is defined and - * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly - * format and use PSA functions - * - if !ECP_C then use new raw data and PSA functions directly. - * - * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long - * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the - * ecp_keypair structure inside the pk_context so he/she can modify it using - * ECP functions which are not under PK module's control. - */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_ECP_C) && \ - defined(MBEDTLS_ECP_LIGHT) -#define MBEDTLS_PK_USE_PSA_EC_DATA -#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ - /** * \brief Types for interfacing with the debug module */ From 81d75127ba1fa4663b41c4012ddb9e426ae73116 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Jun 2023 14:49:33 +0200 Subject: [PATCH 31/99] library: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS Signed-off-by: Valerio Setti --- include/mbedtls/oid.h | 4 +-- include/psa/crypto_extra.h | 6 ++-- library/oid.c | 4 +-- library/pk.c | 16 +++++----- library/pk_internal.h | 6 ++-- library/pk_wrap.c | 4 +-- library/pk_wrap.h | 2 +- library/pkparse.c | 52 +++++++++++++------------------ library/pkwrite.c | 63 +++++++++++++++++++------------------- library/pkwrite.h | 6 ++-- library/psa_crypto.c | 4 +-- 11 files changed, 78 insertions(+), 89 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index ec36748ce..e333ba11b 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -545,7 +545,7 @@ int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_al int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg, const char **oid, size_t *olen); -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /** * \brief Translate NamedCurve OID into an EC group identifier * @@ -591,7 +591,7 @@ int mbedtls_oid_get_ec_grp_algid(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_ */ int mbedtls_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id, const char **oid, size_t *olen); -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ /** * \brief Translate SignatureAlgorithm OID into md_type and pk_type diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index cc70e6fe5..fb639fadb 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -572,8 +572,8 @@ psa_status_t psa_get_key_domain_parameters( /** \defgroup psa_tls_helpers TLS helper functions * @{ */ - -#if defined(MBEDTLS_ECP_LIGHT) +#include +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include /** Convert an ECC curve identifier from the Mbed TLS encoding to PSA. @@ -660,7 +660,7 @@ static inline psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grp mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, size_t bits, int bits_is_sloppy); -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ /**@}*/ diff --git a/library/oid.c b/library/oid.c index a580992e0..47a311b94 100644 --- a/library/oid.c +++ b/library/oid.c @@ -543,7 +543,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, mbedtls_pk_type_t, pk_alg) -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* * For elliptic curves that use namedCurve inside ECParams (RFC 5480) */ @@ -674,7 +674,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp_algid, oid_ecp_grp_algid, mbedtls_ecp_group_id, grp_id) -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_CIPHER_C) /* diff --git a/library/pk.c b/library/pk.c index 91796dec9..aa8e997aa 100644 --- a/library/pk.c +++ b/library/pk.c @@ -31,7 +31,7 @@ #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "mbedtls/ecp.h" #endif #if defined(MBEDTLS_ECDSA_C) @@ -125,12 +125,12 @@ const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type) case MBEDTLS_PK_RSA: return &mbedtls_rsa_info; #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) case MBEDTLS_PK_ECKEY: return &mbedtls_eckey_info; case MBEDTLS_PK_ECKEY_DH: return &mbedtls_eckeydh_info; -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) case MBEDTLS_PK_ECDSA: return &mbedtls_ecdsa_info; @@ -903,14 +903,14 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_key_usage_t usage, psa_algorithm_t alg2) { -#if !defined(MBEDTLS_ECP_LIGHT) && !defined(MBEDTLS_RSA_C) +#if !defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_RSA_C) ((void) pk); ((void) key); ((void) alg); ((void) usage); ((void) alg2); -#else /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#else /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */ +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY) { size_t d_len; psa_ecc_family_t curve_id; @@ -965,7 +965,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, return mbedtls_pk_setup_opaque(pk, *key); } else -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_RSA_C) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) { unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES]; @@ -1006,7 +1006,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, return mbedtls_pk_setup_opaque(pk, *key); } else #endif /* MBEDTLS_RSA_C */ -#endif /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */ +#endif /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */ return MBEDTLS_ERR_PK_TYPE_MISMATCH; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/library/pk_internal.h b/library/pk_internal.h index 388f94ac8..263a1c777 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -25,7 +25,7 @@ #include "mbedtls/pk.h" -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "mbedtls/ecp.h" #endif @@ -44,7 +44,7 @@ psa_pk_status_to_mbedtls) #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /** * Public function mbedtls_pk_ec() can be used to get direct access to the * wrapped ecp_keypair structure pointed to the pk_ctx. However this is not @@ -115,7 +115,7 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_cont #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) #define MBEDTLS_PK_HAVE_RFC8410_CURVES #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED || MBEDTLS_ECP_DP_CURVE448_ENABLED */ -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) /** diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 0cadab280..54a4d5d5f 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -634,7 +634,7 @@ const mbedtls_pk_info_t mbedtls_rsa_info = { }; #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* * Generic EC key */ @@ -1335,7 +1335,7 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = { #endif eckey_debug, /* Same underlying key structure */ }; -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) static int ecdsa_can_do(mbedtls_pk_type_t type) diff --git a/library/pk_wrap.h b/library/pk_wrap.h index b4b974fc9..1436d7812 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -120,7 +120,7 @@ typedef struct { extern const mbedtls_pk_info_t mbedtls_rsa_info; #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) extern const mbedtls_pk_info_t mbedtls_eckey_info; extern const mbedtls_pk_info_t mbedtls_eckeydh_info; #endif diff --git a/library/pkparse.c b/library/pkparse.c index 4c55d341b..483176abc 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -37,7 +37,7 @@ #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C) #include "pkwrite.h" #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "pk_internal.h" #endif #if defined(MBEDTLS_ECDSA_C) @@ -64,10 +64,10 @@ #include "mbedtls/platform.h" /* Helper for Montgomery curves */ -#if defined(MBEDTLS_ECP_LIGHT) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) #define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \ ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448)) -#endif /* MBEDTLS_ECP_LIGHT && MBEDTLS_PK_HAVE_RFC8410_CURVES */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && MBEDTLS_PK_HAVE_RFC8410_CURVES */ #if defined(MBEDTLS_FS_IO) /* @@ -174,7 +174,7 @@ int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path) } #endif /* MBEDTLS_FS_IO */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf * * ECParameters ::= CHOICE { @@ -655,7 +655,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); if ((ret = mbedtls_mpi_read_binary_le(&eck->d, key, len)) != 0) { - mbedtls_ecp_keypair_free(eck); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ @@ -664,9 +663,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, * which never contain a public key. As such, derive the public key * unconditionally. */ if ((ret = pk_derive_public_key(pk, key, len, f_rng, p_rng)) != 0) { -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) - mbedtls_ecp_keypair_free(eck); -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ return ret; } @@ -674,7 +670,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, * into PSA. */ #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) { - mbedtls_ecp_keypair_free(eck); return ret; } #endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ @@ -793,7 +788,7 @@ static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end, return ret; } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_RSA_C) /* @@ -878,7 +873,7 @@ static int pk_get_pk_alg(unsigned char **p, } ret = mbedtls_oid_get_pk_alg(&alg_oid, pk_alg); -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (ret == MBEDTLS_ERR_OID_NOT_FOUND) { ret = mbedtls_oid_get_ec_grp_algid(&alg_oid, ec_grp_id); if (ret == 0) { @@ -952,7 +947,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, ret = pk_get_rsapubkey(p, end, mbedtls_pk_rsa(*pk)); } else #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { @@ -966,7 +961,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, ret = pk_get_ecpubkey(p, end, pk); } } else -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; if (ret == 0 && *p != end) { @@ -1170,7 +1165,7 @@ cleanup: } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* * Parse a SEC1 encoded private EC key */ @@ -1186,10 +1181,11 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, unsigned char *d; unsigned char *end = p + keylen; unsigned char *end2; - mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* @@ -1226,7 +1222,6 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) if ((ret = mbedtls_mpi_read_binary(&eck->d, p, len)) != 0) { - mbedtls_ecp_keypair_free(eck); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } #endif @@ -1243,11 +1238,9 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, 0)) == 0) { if ((ret = pk_get_ecparams(&p, p + len, ¶ms)) != 0 || (ret = pk_use_ecparams(¶ms, pk)) != 0) { - mbedtls_ecp_keypair_free(eck); return ret; } } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - mbedtls_ecp_keypair_free(eck); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } } @@ -1283,7 +1276,6 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, } } } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - mbedtls_ecp_keypair_free(eck); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } } @@ -1311,21 +1303,19 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, if (!pubkey_done) { if ((ret = pk_derive_public_key(pk, d, d_len, f_rng, p_rng)) != 0) { - mbedtls_ecp_keypair_free(eck); return ret; } } #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) { - mbedtls_ecp_keypair_free(eck); return ret; } #endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ return 0; } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ /* * Parse an unencrypted PKCS#8 encoded private key @@ -1354,7 +1344,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE; const mbedtls_pk_info_t *pk_info; -#if !defined(MBEDTLS_ECP_LIGHT) +#if !defined(MBEDTLS_PK_HAVE_ECC_KEYS) (void) f_rng; (void) p_rng; #endif @@ -1419,7 +1409,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( } } else #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { @@ -1441,7 +1431,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( } } } else -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; return 0; @@ -1608,7 +1598,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ if (key[keylen - 1] != '\0') { ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; @@ -1637,7 +1627,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { return ret; } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ if (key[keylen - 1] != '\0') { @@ -1743,7 +1733,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, mbedtls_pk_init(pk); #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY); if (mbedtls_pk_setup(pk, pk_info) == 0 && pk_parse_key_sec1_der(pk, @@ -1751,13 +1741,13 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, return 0; } mbedtls_pk_free(pk); -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ - /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_LIGHT isn't, + /* If MBEDTLS_RSA_C is defined but MBEDTLS_PK_HAVE_ECC_KEYS isn't, * it is ok to leave the PK context initialized but not * freed: It is the caller's responsibility to call pk_init() * before calling this function, and to call pk_free() - * when it fails. If MBEDTLS_ECP_LIGHT is defined but MBEDTLS_RSA_C + * when it fails. If MBEDTLS_PK_HAVE_ECC_KEYS is defined but MBEDTLS_RSA_C * isn't, this leads to mbedtls_pk_free() being called * twice, once here and once by the caller, but this is * also ok and in line with the mbedtls_pk_free() calls diff --git a/library/pkwrite.c b/library/pkwrite.c index 218d0c1ab..e6f1aefaf 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -38,10 +38,10 @@ #include "mbedtls/ecp.h" #include "mbedtls/platform_util.h" #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "pk_internal.h" #endif -#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "pkwrite.h" #endif #if defined(MBEDTLS_ECDSA_C) @@ -58,7 +58,7 @@ #include "mbedtls/platform.h" /* Helper for Montgomery curves */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) { @@ -76,6 +76,8 @@ static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) #endif return 0; } +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ + #if defined(MBEDTLS_USE_PSA_CRYPTO) /* It is assumed that the input key is opaque */ static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) @@ -91,11 +93,7 @@ static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) return ec_family; } -#endif /* MBETLS_USE_PSA_CRYPTO */ -#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#endif /* MBEDTLS_ECP_LIGHT */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) /* It is assumed that the input key is opaque */ static psa_key_type_t pk_get_opaque_key_type(const mbedtls_pk_context *pk) { @@ -111,6 +109,7 @@ static psa_key_type_t pk_get_opaque_key_type(const mbedtls_pk_context *pk) return opaque_key_type; } #endif /* MBETLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_RSA_C) /* @@ -158,7 +157,7 @@ end_of_export: } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, const mbedtls_pk_context *pk) @@ -316,7 +315,7 @@ exit: return ret; } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_USE_PSA_CRYPTO) static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start, @@ -353,7 +352,7 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, key)); } else #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key)); } else @@ -375,7 +374,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu int has_par = 1; size_t len = 0, par_len = 0, oid_len = 0; mbedtls_pk_type_t pk_type; -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE; #endif const char *oid; @@ -404,20 +403,20 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING)); pk_type = mbedtls_pk_get_type(key); -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (pk_type == MBEDTLS_PK_ECKEY) { ec_grp_id = mbedtls_pk_get_group_id(key); } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_USE_PSA_CRYPTO) if (pk_type == MBEDTLS_PK_OPAQUE) { psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key); -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) { pk_type = MBEDTLS_PK_ECKEY; ec_grp_id = mbedtls_pk_get_group_id(key); } else -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ if (PSA_KEY_TYPE_IS_RSA(opaque_key_type)) { /* The rest of the function works as for legacy RSA contexts. */ pk_type = MBEDTLS_PK_RSA; @@ -429,7 +428,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu } #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (pk_type == MBEDTLS_PK_ECKEY) { /* Some groups have their own AlgorithmIdentifier OID, others are handled * by mbedtls_oid_get_oid_by_pk_alg() below */ @@ -445,7 +444,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu return ret; } } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ if (oid_len == 0) { if ((ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid, @@ -464,7 +463,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu return (int) len; } -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) /* * RFC8410 section 7 @@ -572,7 +571,7 @@ static int pk_write_ec_der(unsigned char **p, unsigned char *buf, return (int) len; } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_RSA_C) static int pk_write_rsa_der(unsigned char **p, unsigned char *buf, @@ -691,9 +690,9 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, #if defined(MBEDTLS_RSA_C) int is_rsa_opaque = 0; #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) int is_ec_opaque = 0; -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_type_t opaque_key_type; #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -710,9 +709,9 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, #if defined(MBEDTLS_RSA_C) is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type); #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type); -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -721,7 +720,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, return pk_write_rsa_der(&c, buf, key); } else #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (mbedtls_pk_is_rfc8410(key)) { @@ -730,7 +729,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ return pk_write_ec_der(&c, buf, key); } else -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; return (int) len; @@ -781,12 +780,12 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, unsigned char output_buf[PRV_DER_MAX_BYTES]; const char *begin, *end; size_t olen = 0; -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) int is_ec_opaque = 0; #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) int is_montgomery_opaque = 0; #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_RSA_C) int is_rsa_opaque = 0; #endif @@ -802,14 +801,14 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, #if defined(MBEDTLS_RSA_C) is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type); #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type); #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (pk_get_opaque_ec_family(key) == PSA_ECC_FAMILY_MONTGOMERY) { is_montgomery_opaque = 1; } #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -819,7 +818,7 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, end = PEM_END_PRIVATE_KEY_RSA; } else #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (is_montgomery_opaque || @@ -828,13 +827,13 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, begin = PEM_BEGIN_PRIVATE_KEY_PKCS8; end = PEM_END_PRIVATE_KEY_PKCS8; } else -#endif +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ { begin = PEM_BEGIN_PRIVATE_KEY_EC; end = PEM_END_PRIVATE_KEY_EC; } } else -#endif +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; if ((ret = mbedtls_pem_write_buffer(begin, end, diff --git a/library/pkwrite.h b/library/pkwrite.h index 8db233373..aa2f17b02 100644 --- a/library/pkwrite.h +++ b/library/pkwrite.h @@ -73,7 +73,7 @@ #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* * EC public keys: * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 2 @@ -98,10 +98,10 @@ */ #define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES (29 + 3 * MBEDTLS_ECP_MAX_BYTES) -#else /* MBEDTLS_ECP_LIGHT */ +#else /* MBEDTLS_PK_HAVE_ECC_KEYS */ #define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES 0 #define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES 0 -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #endif /* MBEDTLS_PK_WRITE_H */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5e38c3ad6..9fdb366ca 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -390,7 +390,7 @@ static void psa_wipe_tag_output_buffer(uint8_t *output_buffer, psa_status_t stat /* Key management */ /****************************************************************/ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, size_t bits, int bits_is_sloppy) @@ -482,7 +482,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, (void) bits_is_sloppy; return MBEDTLS_ECP_DP_NONE; } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ psa_status_t psa_validate_unstructured_key_bit_size(psa_key_type_t type, size_t bits) From 545a0d643f04f4515d475077fe943fe8f0176dc1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Jun 2023 14:56:48 +0200 Subject: [PATCH 32/99] test: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.data | 24 +++---- tests/suites/test_suite_pk.function | 15 +---- tests/suites/test_suite_pkparse.data | 82 ++++++++++++------------ tests/suites/test_suite_pkparse.function | 4 +- tests/suites/test_suite_pkwrite.data | 58 ++++++++--------- 5 files changed, 87 insertions(+), 96 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 8c3c5e71b..e84c28851 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -13,19 +13,19 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_utils:MBEDTLS_PK_RSA:512:512:64:"RSA" PK utils: ECKEY SECP192R1 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_utils:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC" PK utils: ECKEY_DH SECP192R1 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC_DH" PK utils: ECKEY_DH Curve25519 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE25519:255:32:"EC_DH" PK utils: ECKEY_DH Curve448 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE448:448:56:"EC_DH" PK utils: ECDSA SECP192R1 @@ -289,11 +289,11 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: MBEDTLS_PK_ECKEY, check ECDSA(SHA256) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: MBEDTLS_PK_ECKEY, check ECDH -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1 PK can do ext: MBEDTLS_PK_RSA, check RSA_PKCS1V15_SIGN(SHA256) @@ -397,7 +397,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_ pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0 EC_DH (no) sign-verify: SECP192R1 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH RSA sign-verify @@ -425,11 +425,11 @@ depends_on:MBEDTLS_PKCS1_V15 pk_wrap_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404feb284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING EC nocrypt -depends_on:MBEDTLS_ECP_LIGHT +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_ec_nocrypt:MBEDTLS_PK_ECKEY EC-DH nocrypt -depends_on:MBEDTLS_ECP_LIGHT +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_ec_nocrypt:MBEDTLS_PK_ECKEY_DH ECDSA nocrypt @@ -525,11 +525,11 @@ depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 pk_rsa_verify_ext_test_vec:"ae6e43dd387c25741e42fc3570cdfc52e4f51a2343294f3b677dfe01cd5339f6":MBEDTLS_MD_SHA256:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:129:MBEDTLS_ERR_RSA_VERIFY_FAILED Check pair #1 (EC, OK) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0 Check pair #2 (EC, bad) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA Check pair #3 (RSA, OK) @@ -541,7 +541,7 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PEM_PARSE_C mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED Check pair #5 (RSA vs EC) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":MBEDTLS_ERR_PK_TYPE_MISMATCH RSA hash_len overflow (size_t vs unsigned int) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 78711404a..150296e6c 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -94,7 +94,7 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter) parameter, 3); } #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY || mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH || mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { @@ -112,25 +112,16 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter) #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - mbedtls_ecp_group grp; - /* Duplicating the mbedtls_ecp_group_load call to make this part - * more future future proof for when ECP_C will not be defined. */ - mbedtls_ecp_group_init(&grp); - ret = mbedtls_ecp_group_load(&grp, parameter); + ret = pk_genkey_ec(pk, parameter); if (ret != 0) { return ret; } - ret = pk_genkey_ec(pk, grp.id); - if (ret != 0) { - return ret; - } - mbedtls_ecp_group_free(&grp); return 0; #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ return -1; } diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 9a5b55c81..144646cc8 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -905,11 +905,11 @@ Parse Public RSA Key #4 (PKCS#1 wrapped, DER) pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.der":0 Parse Public EC Key #1 (RFC 5480, DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_pub.der":0 Parse Public EC Key #2 (RFC 5480, PEM) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_pub.pem":0 Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed) @@ -917,7 +917,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_pub.comp.pem":0 Parse Public EC Key #3 (RFC 5480, secp224r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP224R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP224R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_224_pub.pem":0 # Compressed points parsing does not support MBEDTLS_ECP_DP_SECP224R1 and @@ -927,7 +927,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_224_pub.comp.pem":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE Parse Public EC Key #4 (RFC 5480, secp256r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0 Parse Public EC Key #4a (RFC 5480, secp256r1, compressed) @@ -935,7 +935,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_256_pub.comp.pem":0 Parse Public EC Key #5 (RFC 5480, secp384r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_384_pub.pem":0 Parse Public EC Key #5a (RFC 5480, secp384r1, compressed) @@ -943,7 +943,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_384_pub.comp.pem":0 Parse Public EC Key #6 (RFC 5480, secp521r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_521_pub.pem":0 Parse Public EC Key #6a (RFC 5480, secp521r1, compressed) @@ -951,7 +951,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_521_pub.comp.pem":0 Parse Public EC Key #7 (RFC 5480, brainpoolP256r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP256R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.pem":0 Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed) @@ -959,7 +959,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP2 pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.comp.pem":0 Parse Public EC Key #8 (RFC 5480, brainpoolP384r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP384R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.pem":0 Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed) @@ -967,7 +967,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP3 pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.comp.pem":0 Parse Public EC Key #9 (RFC 5480, brainpoolP512r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0 Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed) @@ -975,27 +975,27 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP5 pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.comp.pem":0 Parse Public EC Key #10 (RFC 8410, DER, X25519) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.der":0 Parse Public EC Key #11 (RFC 8410, DER, X448) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.der":0 Parse Public EC Key #12 (RFC 8410, PEM, X25519) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.pem":0 Parse Public EC Key #13 (RFC 8410, PEM, X448) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.pem":0 Parse EC Key #1 (SEC1 DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0 Parse EC Key #2 (SEC1 PEM) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0 Parse EC Key #2a (SEC1 PEM, secp192r1, compressed) @@ -1003,43 +1003,43 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_prv.sec1.comp.pem":"NULL":0 Parse EC Key #3 (SEC1 PEM encrypted) -depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA +depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0 Parse EC Key #4 (PKCS8 DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0 Parse EC Key #4a (PKCS8 DER, no public key) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0 Parse EC Key #4b (PKCS8 DER, no public key, with parameters) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0 Parse EC Key #4c (PKCS8 DER, with parameters) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0 Parse EC Key #5 (PKCS8 PEM) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pem":"NULL":0 Parse EC Key #5a (PKCS8 PEM, no public key) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0 Parse EC Key #5b (PKCS8 PEM, no public key, with parameters) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0 Parse EC Key #5c (PKCS8 PEM, with parameters) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0 Parse EC Key #8 (SEC1 PEM, secp224r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP224R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP224R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0 Parse EC Key #8a (SEC1 PEM, secp224r1, compressed) @@ -1047,7 +1047,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_224_prv.comp.pem":"NULL":0 Parse EC Key #9 (SEC1 PEM, secp256r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0 Parse EC Key #9a (SEC1 PEM, secp256r1, compressed) @@ -1055,7 +1055,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_256_prv.comp.pem":"NULL":0 Parse EC Key #10 (SEC1 PEM, secp384r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0 Parse EC Key #10a (SEC1 PEM, secp384r1, compressed) @@ -1063,7 +1063,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_384_prv.comp.pem":"NULL":0 Parse EC Key #11 (SEC1 PEM, secp521r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0 Parse EC Key #11a (SEC1 PEM, secp521r1, compressed) @@ -1071,7 +1071,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_521_prv.comp.pem":"NULL":0 Parse EC Key #12 (SEC1 PEM, bp256r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp256_prv.pem":"NULL":0 Parse EC Key #12a (SEC1 PEM, bp256r1, compressed) @@ -1079,7 +1079,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP2 pk_parse_keyfile_ec:"data_files/ec_bp256_prv.comp.pem":"NULL":0 Parse EC Key #13 (SEC1 PEM, bp384r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP384R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp384_prv.pem":"NULL":0 Parse EC Key #13a (SEC1 PEM, bp384r1, compressed) @@ -1087,7 +1087,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP3 pk_parse_keyfile_ec:"data_files/ec_bp384_prv.comp.pem":"NULL":0 Parse EC Key #14 (SEC1 PEM, bp512r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0 Parse EC Key #14a (SEC1 PEM, bp512r1, compressed) @@ -1099,19 +1099,19 @@ depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0 Parse EC Key #16 (RFC 8410, DER, X25519) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_parse_keyfile_ec:"data_files/ec_x25519_prv.der":"NULL":0 Parse EC Key #17 (RFC 8410, DER, X448) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_parse_keyfile_ec:"data_files/ec_x448_prv.der":"NULL":0 Parse EC Key #18 (RFC 8410, PEM, X25519) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_parse_keyfile_ec:"data_files/ec_x25519_prv.pem":"NULL":0 Parse EC Key #19 (RFC 8410, PEM, X448) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_parse_keyfile_ec:"data_files/ec_x448_prv.pem":"NULL":0 Key ASN1 (No data) @@ -1193,7 +1193,7 @@ depends_on:MBEDTLS_RSA_C pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b7221FF08052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (ECPrivateKey, empty parameters) -depends_on:MBEDTLS_ECP_LIGHT +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, doesn't match masking requirements, from RFC8410 Appendix A but made into version 0) @@ -1201,24 +1201,24 @@ depends_on:MBEDTLS_ECP_C pk_parse_key:"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, with invalid optional AlgorithIdentifier parameters) -depends_on:MBEDTLS_ECP_LIGHT +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_parse_key:"3030020100300706032b656e050004220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, with NULL private key) -depends_on:MBEDTLS_ECP_LIGHT +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_parse_key:"300e020100300506032b656e04020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey with invalid AlgorithIdentifier) pk_parse_key:"3013020100300a06082b0601040181fd5904020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, with unsupported attributes) -depends_on:MBEDTLS_ECP_LIGHT +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_parse_key:"304f020100300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c6520436861697273":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key) -depends_on:MBEDTLS_ECP_LIGHT +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_parse_key:"3051020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a598121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key and unsupported attributes) -depends_on:MBEDTLS_ECP_LIGHT +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_parse_key:"3072020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c65204368616972738121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 6fa78c149..fd098b043 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -70,7 +70,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_LIGHT */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */ void pk_parse_public_keyfile_ec(char *key_file, int result) { mbedtls_pk_context ctx; @@ -102,7 +102,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_LIGHT */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */ void pk_parse_keyfile_ec(char *key_file, char *password, int result) { mbedtls_pk_context ctx; diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data index 4199ff264..4256a88a6 100644 --- a/tests/suites/test_suite_pkwrite.data +++ b/tests/suites/test_suite_pkwrite.data @@ -15,43 +15,43 @@ depends_on:MBEDTLS_RSA_C pk_write_pubkey_check:"data_files/rsa4096_pub.der":TEST_DER Public key write check EC 192 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_write_pubkey_check:"data_files/ec_pub.pem":TEST_PEM Public key write check EC 192 bits (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_write_pubkey_check:"data_files/ec_pub.der":TEST_DER Public key write check EC 521 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_pubkey_check:"data_files/ec_521_pub.pem":TEST_PEM Public key write check EC 521 bits (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_pubkey_check:"data_files/ec_521_pub.der":TEST_DER Public key write check EC Brainpool 512 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_write_pubkey_check:"data_files/ec_bp512_pub.pem":TEST_PEM Public key write check EC Brainpool 512 bits (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_write_pubkey_check:"data_files/ec_bp512_pub.der":TEST_DER Public key write check EC X25519 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_write_pubkey_check:"data_files/ec_x25519_pub.pem":TEST_PEM Public key write check EC X25519 (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_write_pubkey_check:"data_files/ec_x25519_pub.der":TEST_DER Public key write check EC X448 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_write_pubkey_check:"data_files/ec_x448_pub.pem":TEST_PEM Public key write check EC X448 (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_write_pubkey_check:"data_files/ec_x448_pub.der":TEST_DER Private key write check RSA @@ -71,59 +71,59 @@ depends_on:MBEDTLS_RSA_C pk_write_key_check:"data_files/rsa4096_prv.der":TEST_DER Private key write check EC 192 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_write_key_check:"data_files/ec_prv.sec1.pem":TEST_PEM Private key write check EC 192 bits (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_write_key_check:"data_files/ec_prv.sec1.der":TEST_DER Private key write check EC 256 bits (top bit set) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_write_key_check:"data_files/ec_256_long_prv.pem":TEST_PEM Private key write check EC 256 bits (top bit set) (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_write_key_check:"data_files/ec_256_long_prv.der":TEST_DER Private key write check EC 521 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_key_check:"data_files/ec_521_prv.pem":TEST_PEM Private key write check EC 521 bits (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_key_check:"data_files/ec_521_prv.der":TEST_DER Private key write check EC 521 bits (top byte is 0) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_key_check:"data_files/ec_521_short_prv.pem":TEST_PEM Private key write check EC 521 bits (top byte is 0) (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_key_check:"data_files/ec_521_short_prv.der":TEST_DER Private key write check EC Brainpool 512 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_write_key_check:"data_files/ec_bp512_prv.pem":TEST_PEM Private key write check EC Brainpool 512 bits (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_write_key_check:"data_files/ec_bp512_prv.der":TEST_DER Private key write check EC X25519 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_write_key_check:"data_files/ec_x25519_prv.pem":TEST_PEM Private key write check EC X25519 (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_write_key_check:"data_files/ec_x25519_prv.der":TEST_DER Private key write check EC X448 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_write_key_check:"data_files/ec_x448_prv.pem":TEST_PEM Private key write check EC X448 (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_write_key_check:"data_files/ec_x448_prv.der":TEST_DER Derive public key RSA @@ -135,21 +135,21 @@ depends_on:MBEDTLS_RSA_C pk_write_public_from_private:"data_files/rsa4096_prv.der":"data_files/rsa4096_pub.der" Derive public key EC 192 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_write_public_from_private:"data_files/ec_prv.sec1.der":"data_files/ec_pub.der" Derive public key EC 521 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_public_from_private:"data_files/ec_521_prv.der":"data_files/ec_521_pub.der" Derive public key EC Brainpool 512 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_write_public_from_private:"data_files/ec_bp512_prv.der":"data_files/ec_bp512_pub.der" Derive public key EC X25519 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_write_public_from_private:"data_files/ec_x25519_prv.der":"data_files/ec_x25519_pub.der" Derive public key EC X448 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_write_public_from_private:"data_files/ec_x448_prv.der":"data_files/ec_x448_pub.der" From 30fdc03819fe4d4eecfd6511408e35b842fdc0f2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Jun 2023 14:57:46 +0200 Subject: [PATCH 33/99] pk: remove useless internal function Signed-off-by: Valerio Setti --- library/pk.c | 36 ----------------------------- library/pk_internal.h | 14 ----------- tests/suites/test_suite_pk.function | 13 ++++------- 3 files changed, 4 insertions(+), 59 deletions(-) diff --git a/library/pk.c b/library/pk.c index aa8e997aa..52eb0d550 100644 --- a/library/pk.c +++ b/library/pk.c @@ -196,42 +196,6 @@ int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, } #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) -int mbedtls_pk_update_public_key_from_keypair(mbedtls_pk_context *pk, - mbedtls_ecp_keypair *ecp_keypair) -{ - int ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - - if (pk == NULL) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } - /* The raw public key storing mechanism is only supported for EC keys so - * we fail silently for other ones. */ - if ((pk->pk_info->type != MBEDTLS_PK_ECKEY) && - (pk->pk_info->type != MBEDTLS_PK_ECKEY_DH) && - (pk->pk_info->type != MBEDTLS_PK_ECDSA)) { - return 0; - } - - ret = mbedtls_ecp_point_write_binary(&ecp_keypair->grp, &ecp_keypair->Q, - MBEDTLS_ECP_PF_UNCOMPRESSED, - &pk->pub_raw_len, - pk->pub_raw, - MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN); - if (ret != 0) { - return ret; - } - - pk->ec_family = mbedtls_ecc_group_to_psa(ecp_keypair->grp.id, - &pk->ec_bits); - if (pk->ec_family == 0) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } - - return 0; -} -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) /* * Initialize an RSA-alt context diff --git a/library/pk_internal.h b/library/pk_internal.h index 263a1c777..3d05f57b9 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -117,19 +117,5 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_cont #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED || MBEDTLS_ECP_DP_CURVE448_ENABLED */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) -/** - * \brief Copy the public key content in raw format from "ctx->pk_ctx" - * (which is an ecp_keypair) into the internal "ctx->pub_raw" buffer. - * - * \note This is a temporary function that can be removed as soon as the pk - * module is free from ECP_C - * - * \param pk It is the pk_context which is going to be updated. It acts both - * as input and output. - */ -int mbedtls_pk_update_public_key_from_keypair(mbedtls_pk_context *pk, - mbedtls_ecp_keypair *ecp_keypair); -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #endif /* MBEDTLS_PK_INTERNAL_H */ diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 150296e6c..4074e13f8 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -728,15 +728,10 @@ void pk_ec_test_vec(int type, int id, data_t *key, data_t *hash, TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA)); #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - mbedtls_ecp_keypair ecp; - mbedtls_ecp_keypair_init(&ecp); - - TEST_ASSERT(mbedtls_ecp_group_load(&ecp.grp, id) == 0); - TEST_ASSERT(mbedtls_ecp_point_read_binary(&ecp.grp, &ecp.Q, - key->x, key->len) == 0); - TEST_ASSERT(mbedtls_pk_update_public_key_from_keypair(&pk, &ecp) == 0); - - mbedtls_ecp_keypair_free(&ecp); + TEST_ASSERT(key->len <= MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN); + memcpy(pk.pub_raw, key->x, key->len); + pk.ec_family = mbedtls_ecc_group_to_psa(id, &(pk.ec_bits)); + pk.pub_raw_len = key->len; #else mbedtls_ecp_keypair *eckey = (mbedtls_ecp_keypair *) mbedtls_pk_ec(pk); From f54ca35b8a76a332b717fb81a52cafff6e813d15 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 15 Jun 2023 12:09:30 +0200 Subject: [PATCH 34/99] build_info: do not enable ECP_LIGHT when PSA_WANT_ALG_ECDSA Signed-off-by: Valerio Setti --- include/mbedtls/build_info.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index e01f57152..24c394112 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -148,8 +148,7 @@ #if defined(MBEDTLS_ECP_C) || \ defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \ defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE) || \ - (defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDSA)) + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE) #define MBEDTLS_ECP_LIGHT #endif From bc2b1d32888e7a4996ff4cf6c5e2a07f8433a49c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 19 Jun 2023 12:15:13 +0200 Subject: [PATCH 35/99] psa: move mbedtls_ecc_group_to_psa() from inline function to standard one Signed-off-by: Valerio Setti --- include/psa/crypto_extra.h | 50 ++------------------------------------ library/psa_crypto.c | 49 +++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 48 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index fb639fadb..cfa7a67be 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -589,54 +589,8 @@ psa_status_t psa_get_key_domain_parameters( * (`PSA_ECC_FAMILY_xxx`). * \return \c 0 on failure (\p grpid is not recognized). */ -static inline psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, - size_t *bits) -{ - switch (grpid) { - case MBEDTLS_ECP_DP_SECP192R1: - *bits = 192; - return PSA_ECC_FAMILY_SECP_R1; - case MBEDTLS_ECP_DP_SECP224R1: - *bits = 224; - return PSA_ECC_FAMILY_SECP_R1; - case MBEDTLS_ECP_DP_SECP256R1: - *bits = 256; - return PSA_ECC_FAMILY_SECP_R1; - case MBEDTLS_ECP_DP_SECP384R1: - *bits = 384; - return PSA_ECC_FAMILY_SECP_R1; - case MBEDTLS_ECP_DP_SECP521R1: - *bits = 521; - return PSA_ECC_FAMILY_SECP_R1; - case MBEDTLS_ECP_DP_BP256R1: - *bits = 256; - return PSA_ECC_FAMILY_BRAINPOOL_P_R1; - case MBEDTLS_ECP_DP_BP384R1: - *bits = 384; - return PSA_ECC_FAMILY_BRAINPOOL_P_R1; - case MBEDTLS_ECP_DP_BP512R1: - *bits = 512; - return PSA_ECC_FAMILY_BRAINPOOL_P_R1; - case MBEDTLS_ECP_DP_CURVE25519: - *bits = 255; - return PSA_ECC_FAMILY_MONTGOMERY; - case MBEDTLS_ECP_DP_SECP192K1: - *bits = 192; - return PSA_ECC_FAMILY_SECP_K1; - case MBEDTLS_ECP_DP_SECP224K1: - *bits = 224; - return PSA_ECC_FAMILY_SECP_K1; - case MBEDTLS_ECP_DP_SECP256K1: - *bits = 256; - return PSA_ECC_FAMILY_SECP_K1; - case MBEDTLS_ECP_DP_CURVE448: - *bits = 448; - return PSA_ECC_FAMILY_MONTGOMERY; - default: - *bits = 0; - return 0; - } -} +psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, + size_t *bits); /** Convert an ECC curve identifier from the PSA encoding to Mbed TLS. * diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9fdb366ca..d6723b27e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -391,6 +391,55 @@ static void psa_wipe_tag_output_buffer(uint8_t *output_buffer, psa_status_t stat /****************************************************************/ #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, + size_t *bits) +{ + switch (grpid) { + case MBEDTLS_ECP_DP_SECP192R1: + *bits = 192; + return PSA_ECC_FAMILY_SECP_R1; + case MBEDTLS_ECP_DP_SECP224R1: + *bits = 224; + return PSA_ECC_FAMILY_SECP_R1; + case MBEDTLS_ECP_DP_SECP256R1: + *bits = 256; + return PSA_ECC_FAMILY_SECP_R1; + case MBEDTLS_ECP_DP_SECP384R1: + *bits = 384; + return PSA_ECC_FAMILY_SECP_R1; + case MBEDTLS_ECP_DP_SECP521R1: + *bits = 521; + return PSA_ECC_FAMILY_SECP_R1; + case MBEDTLS_ECP_DP_BP256R1: + *bits = 256; + return PSA_ECC_FAMILY_BRAINPOOL_P_R1; + case MBEDTLS_ECP_DP_BP384R1: + *bits = 384; + return PSA_ECC_FAMILY_BRAINPOOL_P_R1; + case MBEDTLS_ECP_DP_BP512R1: + *bits = 512; + return PSA_ECC_FAMILY_BRAINPOOL_P_R1; + case MBEDTLS_ECP_DP_CURVE25519: + *bits = 255; + return PSA_ECC_FAMILY_MONTGOMERY; + case MBEDTLS_ECP_DP_SECP192K1: + *bits = 192; + return PSA_ECC_FAMILY_SECP_K1; + case MBEDTLS_ECP_DP_SECP224K1: + *bits = 224; + return PSA_ECC_FAMILY_SECP_K1; + case MBEDTLS_ECP_DP_SECP256K1: + *bits = 256; + return PSA_ECC_FAMILY_SECP_K1; + case MBEDTLS_ECP_DP_CURVE448: + *bits = 448; + return PSA_ECC_FAMILY_MONTGOMERY; + default: + *bits = 0; + return 0; + } +} + mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, size_t bits, int bits_is_sloppy) From a9aab1a85bd3d2639af4485a77c577a3d78e5858 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 19 Jun 2023 13:39:54 +0200 Subject: [PATCH 36/99] pk/psa: use PSA guard for mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_of_psa() This allows also to: - removing the dependency on ECP_C for these functions and only rely on PSA symbols - removing extra header inclusing from crypto_extra.h - return MBEDTLS_PK_USE_PSA_EC_DATA and MBEDTLS_PK_HAVE_ECC_KEYS to their original position in pk.h Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 58 +++++++++++++++++++------------------- include/psa/crypto_extra.h | 5 ++-- library/psa_crypto.c | 4 +-- 3 files changed, 33 insertions(+), 34 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index ba1544739..089333d7e 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -40,35 +40,6 @@ #include "mbedtls/ecdsa.h" #endif -/* Internal helper to define which fields in the pk_context structure below - * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) - * format. It should be noticed that this only affect how data is stored, not - * which functions are used for various operations. The overall picture looks - * like this: - * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure - * and legacy functions - * - if USE_PSA is defined and - * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly - * format and use PSA functions - * - if !ECP_C then use new raw data and PSA functions directly. - * - * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long - * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the - * ecp_keypair structure inside the pk_context so he/she can modify it using - * ECP functions which are not under PK module's control. - */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ - !defined(MBEDTLS_ECP_C) -#define MBEDTLS_PK_USE_PSA_EC_DATA -#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ - -/* Helper symbol to state that the PK module has support for EC keys. This - * can either be provided through the legacy ECP solution or through the - * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C) -#define MBEDTLS_PK_HAVE_ECC_KEYS -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ - #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_PSA_CRYPTO_C) #include "psa/crypto.h" #endif @@ -231,6 +202,35 @@ typedef struct mbedtls_pk_rsassa_pss_options { #define MBEDTLS_PK_CAN_ECDH #endif +/* Internal helper to define which fields in the pk_context structure below + * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) + * format. It should be noticed that this only affect how data is stored, not + * which functions are used for various operations. The overall picture looks + * like this: + * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure + * and legacy functions + * - if USE_PSA is defined and + * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly + * format and use PSA functions + * - if !ECP_C then use new raw data and PSA functions directly. + * + * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long + * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the + * ecp_keypair structure inside the pk_context so he/she can modify it using + * ECP functions which are not under PK module's control. + */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ + !defined(MBEDTLS_ECP_C) +#define MBEDTLS_PK_USE_PSA_EC_DATA +#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ + +/* Helper symbol to state that the PK module has support for EC keys. This + * can either be provided through the legacy ECP solution or through the + * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C) +#define MBEDTLS_PK_HAVE_ECC_KEYS +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ + /** * \brief Types for interfacing with the debug module */ diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index cfa7a67be..5529dd1c8 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -572,8 +572,7 @@ psa_status_t psa_get_key_domain_parameters( /** \defgroup psa_tls_helpers TLS helper functions * @{ */ -#include -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) #include /** Convert an ECC curve identifier from the Mbed TLS encoding to PSA. @@ -614,7 +613,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, size_t bits, int bits_is_sloppy); -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ /**@}*/ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d6723b27e..217348323 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -390,7 +390,7 @@ static void psa_wipe_tag_output_buffer(uint8_t *output_buffer, psa_status_t stat /* Key management */ /****************************************************************/ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, size_t *bits) { @@ -531,7 +531,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, (void) bits_is_sloppy; return MBEDTLS_ECP_DP_NONE; } -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ psa_status_t psa_validate_unstructured_key_bit_size(psa_key_type_t type, size_t bits) From e1651360c02eae921e8484813712c80268b011bf Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 19 Jun 2023 14:19:44 +0200 Subject: [PATCH 37/99] pkwrite: fix wrong guard position for pk_get_opaque_ec_family() Signed-off-by: Valerio Setti --- library/pkwrite.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index e6f1aefaf..5f801e27d 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -76,7 +76,6 @@ static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) #endif return 0; } -#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ #if defined(MBEDTLS_USE_PSA_CRYPTO) /* It is assumed that the input key is opaque */ @@ -93,7 +92,11 @@ static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) return ec_family; } +#endif /* MBETLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) /* It is assumed that the input key is opaque */ static psa_key_type_t pk_get_opaque_key_type(const mbedtls_pk_context *pk) { @@ -109,7 +112,6 @@ static psa_key_type_t pk_get_opaque_key_type(const mbedtls_pk_context *pk) return opaque_key_type; } #endif /* MBETLS_USE_PSA_CRYPTO */ -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_RSA_C) /* From 5bd2523178be84f6eba42e720bd3e74d242667ee Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 19 Jun 2023 19:32:14 +0200 Subject: [PATCH 38/99] test: ignore compressed points' tests when checking coverage without ECP at all Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 2d054d7b3..46c21f73a 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -302,6 +302,28 @@ TASKS = { # case above. ('Key ASN1 (OneAsymmetricKey X25519, doesn\'t match masking ' 'requirements, from RFC8410 Appendix A but made into version 0)'), + # When PK_PARSE_C and ECP_C are defined then PK_PARSE_EC_COMPRESSED + # is automatically enabled in build_info.h (backward compatibility) + # even if it is disabled in config_psa_crypto_no_ecp_at_all(). As a + # consequence compressed points are supported in the reference + # component but not in the accelerated one, so they should be skipped + # while checking driver's coverage. + 'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)', + 'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)', + 'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)', + 'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)', + 'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)', + 'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)', + 'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)', + 'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)', + 'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)', + 'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)', + 'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)', + 'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)', + 'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)', + 'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)', + 'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)', + 'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)', ], } } From 24f4b73ee5d996ec3cfaf98545dc1a1e668f2838 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 20 Jun 2023 15:51:46 +0100 Subject: [PATCH 39/99] Pacify clang15 warnings about empty /retval Signed-off-by: Paul Elliott --- library/psa_crypto_ffdh.h | 14 +++++++------- library/psa_crypto_pake.h | 30 +++++++++++++++--------------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/library/psa_crypto_ffdh.h b/library/psa_crypto_ffdh.h index 5d7d951c7..5298f5abd 100644 --- a/library/psa_crypto_ffdh.h +++ b/library/psa_crypto_ffdh.h @@ -47,8 +47,8 @@ * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key_buffer_size, \p peer_key_length, \p shared_secret_size * do not match - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_key_agreement_ffdh( const psa_key_attributes_t *attributes, @@ -73,9 +73,9 @@ psa_status_t mbedtls_psa_key_agreement_ffdh( * \retval #PSA_SUCCESS The public key was exported successfully. * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of \p key_buffer is too small. - * \retval #PSA_ERROR_NOT_PERMITTED - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_export_ffdh_public_key( const psa_key_attributes_t *attributes, @@ -103,8 +103,8 @@ psa_status_t mbedtls_psa_export_ffdh_public_key( * Key size in bits is invalid. * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of \p key_buffer is too small. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_ffdh_generate_key( const psa_key_attributes_t *attributes, diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h index 001c987a4..f21b0e672 100644 --- a/library/psa_crypto_pake.h +++ b/library/psa_crypto_pake.h @@ -43,8 +43,8 @@ * compatible with the PAKE algorithm, or the hash algorithm in * \p cipher_suite is not supported or not compatible with the PAKE * algorithm and primitive. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, const psa_crypto_driver_pake_inputs_t *inputs); @@ -78,10 +78,10 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, * Success. * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. - * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription */ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, psa_crypto_driver_pake_step_t step, @@ -116,10 +116,10 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, * \retval #PSA_ERROR_NOT_SUPPORTED * the \p input is not supported for the \p operation's algorithm, cipher * suite or \p step. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription */ psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, psa_crypto_driver_pake_step_t step, @@ -143,10 +143,10 @@ psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, * \retval #PSA_ERROR_NOT_SUPPORTED * Input from a PAKE is not supported by the algorithm in the \p output * key derivation operation. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription */ psa_status_t mbedtls_psa_pake_get_implicit_key( mbedtls_psa_pake_operation_t *operation, @@ -164,7 +164,7 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation); From 690b8c9ca7ab7aa7c7e63597e7111bcb8b5372d1 Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Sun, 4 Dec 2022 04:24:22 -0500 Subject: [PATCH 40/99] Add a do-while loop around macros This is good practice in C. Signed-off-by: Demi Marie Obenour --- library/x509.c | 46 ++++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 18 deletions(-) diff --git a/library/x509.c b/library/x509.c index 6e16c4c27..b600f456e 100644 --- a/library/x509.c +++ b/library/x509.c @@ -53,13 +53,17 @@ #include #endif -#define CHECK(code) if ((ret = (code)) != 0) { return ret; } +#define CHECK(code) \ + do { \ + if ((ret = (code)) != 0) { \ + return ret; \ + } \ + } while (0) + #define CHECK_RANGE(min, max, val) \ - do \ - { \ - if ((val) < (min) || (val) > (max)) \ - { \ - return ret; \ + do { \ + if ((val) < (min) || (val) > (max)) { \ + return ret; \ } \ } while (0) @@ -1700,16 +1704,19 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, return 0; } -#define PRINT_ITEM(i) \ - { \ - ret = mbedtls_snprintf(p, n, "%s" i, sep); \ - MBEDTLS_X509_SAFE_SNPRINTF; \ - sep = ", "; \ - } +#define PRINT_ITEM(i) \ + do { \ + ret = mbedtls_snprintf(p, n, "%s" i, sep); \ + MBEDTLS_X509_SAFE_SNPRINTF; \ + sep = ", "; \ + } while (0) -#define CERT_TYPE(type, name) \ - if (ns_cert_type & (type)) \ - PRINT_ITEM(name); +#define CERT_TYPE(type, name) \ + do { \ + if (ns_cert_type & (type)) { \ + PRINT_ITEM(name); \ + } \ + } while (0) int mbedtls_x509_info_cert_type(char **buf, size_t *size, unsigned char ns_cert_type) @@ -1734,9 +1741,12 @@ int mbedtls_x509_info_cert_type(char **buf, size_t *size, return 0; } -#define KEY_USAGE(code, name) \ - if (key_usage & (code)) \ - PRINT_ITEM(name); +#define KEY_USAGE(code, name) \ + do { \ + if ((key_usage) & (code)) { \ + PRINT_ITEM(name); \ + } \ + } while (0) int mbedtls_x509_info_key_usage(char **buf, size_t *size, unsigned int key_usage) From fd235bc9dff0af38ab6bc5c20a1e9f54bba19d55 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 20 Jun 2023 17:48:18 +0200 Subject: [PATCH 41/99] Fix very high stack usage in SSL debug code Use a switch instead of an array. The array was very hollow for some enum types such as mbedtls_ssl_protocol_version (which formerly used small values, but switched to using the protocol encoding as enum values in Mbed TLS 3.2.0). Optimizing compilers know how to compile a switch into a lookup table when the range warrants it. Signed-off-by: Gilles Peskine --- ChangeLog.d/ssl_debug_helpers-stack_usage.txt | 3 +++ scripts/generate_ssl_debug_helpers.py | 16 +++++----------- 2 files changed, 8 insertions(+), 11 deletions(-) create mode 100644 ChangeLog.d/ssl_debug_helpers-stack_usage.txt diff --git a/ChangeLog.d/ssl_debug_helpers-stack_usage.txt b/ChangeLog.d/ssl_debug_helpers-stack_usage.txt new file mode 100644 index 000000000..e2c24759f --- /dev/null +++ b/ChangeLog.d/ssl_debug_helpers-stack_usage.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix very high stack usage in SSL debug code. Reported by Maximilian + Gerhardt in #7804. diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py index 3127afcee..0af7b8f39 100755 --- a/scripts/generate_ssl_debug_helpers.py +++ b/scripts/generate_ssl_debug_helpers.py @@ -209,24 +209,18 @@ class EnumDefinition: continue member = field.strip().split()[0] translation_table.append( - '{space}[{member}] = "{member}",'.format(member=member, - space=' '*8) + '{space}case {member}:\n{space} return "{member};";' + .format(member=member, space=' '*8) ) body = textwrap.dedent('''\ const char *{name}_str( {prototype} in ) {{ - const char * in_to_str[]= - {{ + switch (in) {{ {translation_table} - }}; - - if( in > ( sizeof( in_to_str )/sizeof( in_to_str[0]) - 1 ) || - in_to_str[ in ] == NULL ) - {{ - return "UNKNOWN_VALUE"; + default: + return "UNKNOWN_VALUE"; }} - return in_to_str[ in ]; }} ''') body = body.format(translation_table='\n'.join(translation_table), From 215ed131cf5cc4f3804f5017c098be70644774c1 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 20 Jun 2023 15:57:58 +0100 Subject: [PATCH 42/99] Fix 32 bit unreachable code build failure Given the size of ciL is set dependant on MBEDTLS_HAVE_INT32 / MBEDTLS_HAVE_INT64, clang rightfully reports this as unreachable code in 32 bit builds. Fix this by using #define guards instead. Signed-off-by: Paul Elliott --- library/ecp_curves.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index af649a2c8..96013b3fa 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5577,9 +5577,9 @@ int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *X, size_t X_limbs) (void) mbedtls_mpi_core_add(X, X, Q, Q_limbs); /* M = B0 */ - if (ciL > 4) { - M[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS); - } +#ifdef MBEDTLS_HAVE_INT64 + M[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS); + #endif memset(M + P224_WIDTH_MAX, 0, ((M_limbs - P224_WIDTH_MAX) * ciL)); /* M = M + Q = B0 + B1 */ From b19f584f2c1001ac9e4af3750fdc84d5bd53f6ca Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 20 Jun 2023 23:01:43 +0100 Subject: [PATCH 43/99] Fix for arm64_32 (aka ILP32) on Clang Signed-off-by: Dave Rodgman --- library/constant_time.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/constant_time.c b/library/constant_time.c index c823b7889..6e02f3438 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -78,8 +78,10 @@ static inline uint32_t mbedtls_get_unaligned_volatile_uint32(volatile const unsi uint32_t r; #if defined(__arm__) || defined(__thumb__) || defined(__thumb2__) asm volatile ("ldr %0, [%1]" : "=r" (r) : "r" (p) :); -#elif defined(__aarch64__) +#elif defined(__aarch64__) && (SIZE_MAX == 0xffffffffffffffff) asm volatile ("ldr %w0, [%1]" : "=r" (r) : "r" (p) :); +#elif defined(__aarch64__) && (SIZE_MAX == 0xffffffff) + asm volatile ("ldr %w0, [%w1]" : "=r" (r) : "r" (p) :); #endif return r; } From 04cb9ac59ea0943b298ccb1f3db3e4d97da40dff Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 21 Jun 2023 07:32:22 +0100 Subject: [PATCH 44/99] Fix for arm64_32 (aka ILP32) on Clang (attempt 2) Signed-off-by: Dave Rodgman --- library/constant_time.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index 6e02f3438..b24ebb478 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -78,10 +78,8 @@ static inline uint32_t mbedtls_get_unaligned_volatile_uint32(volatile const unsi uint32_t r; #if defined(__arm__) || defined(__thumb__) || defined(__thumb2__) asm volatile ("ldr %0, [%1]" : "=r" (r) : "r" (p) :); -#elif defined(__aarch64__) && (SIZE_MAX == 0xffffffffffffffff) - asm volatile ("ldr %w0, [%1]" : "=r" (r) : "r" (p) :); -#elif defined(__aarch64__) && (SIZE_MAX == 0xffffffff) - asm volatile ("ldr %w0, [%w1]" : "=r" (r) : "r" (p) :); +#elif defined(__aarch64__) + asm volatile ("ldr %w0, [%1]" : "=r" (r) : "p" (p) :); #endif return r; } From b67db9140ede4bf7b5f1a2bab8a31f119941f360 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 21 Jun 2023 09:15:27 +0100 Subject: [PATCH 45/99] Separate ILP32 and normal-aarch64 code paths Signed-off-by: Dave Rodgman --- library/constant_time.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/constant_time.c b/library/constant_time.c index b24ebb478..89d7b4f23 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -79,7 +79,12 @@ static inline uint32_t mbedtls_get_unaligned_volatile_uint32(volatile const unsi #if defined(__arm__) || defined(__thumb__) || defined(__thumb2__) asm volatile ("ldr %0, [%1]" : "=r" (r) : "r" (p) :); #elif defined(__aarch64__) +#if (SIZE_MAX == 0xffffffff) + /* ILP32: Specify the pointer operand slightly differently, as per #7787. */ asm volatile ("ldr %w0, [%1]" : "=r" (r) : "p" (p) :); +#else + asm volatile ("ldr %w0, [%1]" : "=r" (r) : "r" (p) :); +#endif #endif return r; } From 4b3c02b626d25ba2f67bf3aec8c590c7b4324546 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 21 Jun 2023 11:23:06 +0200 Subject: [PATCH 46/99] test: remove duplicate PK_HAVE_ECC_KEYS dependency in pkparse suite Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkparse.data | 68 ++++++++++++++-------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 144646cc8..ed5a57655 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -905,11 +905,11 @@ Parse Public RSA Key #4 (PKCS#1 wrapped, DER) pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.der":0 Parse Public EC Key #1 (RFC 5480, DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_pub.der":0 Parse Public EC Key #2 (RFC 5480, PEM) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_pub.pem":0 Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed) @@ -917,7 +917,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_pub.comp.pem":0 Parse Public EC Key #3 (RFC 5480, secp224r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP224R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_224_pub.pem":0 # Compressed points parsing does not support MBEDTLS_ECP_DP_SECP224R1 and @@ -927,7 +927,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_224_pub.comp.pem":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE Parse Public EC Key #4 (RFC 5480, secp256r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0 Parse Public EC Key #4a (RFC 5480, secp256r1, compressed) @@ -935,7 +935,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_256_pub.comp.pem":0 Parse Public EC Key #5 (RFC 5480, secp384r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_384_pub.pem":0 Parse Public EC Key #5a (RFC 5480, secp384r1, compressed) @@ -943,7 +943,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_384_pub.comp.pem":0 Parse Public EC Key #6 (RFC 5480, secp521r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_521_pub.pem":0 Parse Public EC Key #6a (RFC 5480, secp521r1, compressed) @@ -951,7 +951,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_521_pub.comp.pem":0 Parse Public EC Key #7 (RFC 5480, brainpoolP256r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP256R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.pem":0 Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed) @@ -959,7 +959,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP2 pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.comp.pem":0 Parse Public EC Key #8 (RFC 5480, brainpoolP384r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP384R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.pem":0 Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed) @@ -967,7 +967,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP3 pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.comp.pem":0 Parse Public EC Key #9 (RFC 5480, brainpoolP512r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0 Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed) @@ -975,19 +975,19 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP5 pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.comp.pem":0 Parse Public EC Key #10 (RFC 8410, DER, X25519) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.der":0 Parse Public EC Key #11 (RFC 8410, DER, X448) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.der":0 Parse Public EC Key #12 (RFC 8410, PEM, X25519) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.pem":0 Parse Public EC Key #13 (RFC 8410, PEM, X448) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.pem":0 Parse EC Key #1 (SEC1 DER) @@ -995,7 +995,7 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0 Parse EC Key #2 (SEC1 PEM) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0 Parse EC Key #2a (SEC1 PEM, secp192r1, compressed) @@ -1003,43 +1003,43 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_prv.sec1.comp.pem":"NULL":0 Parse EC Key #3 (SEC1 PEM encrypted) -depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA +depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0 Parse EC Key #4 (PKCS8 DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0 Parse EC Key #4a (PKCS8 DER, no public key) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0 Parse EC Key #4b (PKCS8 DER, no public key, with parameters) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0 Parse EC Key #4c (PKCS8 DER, with parameters) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0 Parse EC Key #5 (PKCS8 PEM) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pem":"NULL":0 Parse EC Key #5a (PKCS8 PEM, no public key) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0 Parse EC Key #5b (PKCS8 PEM, no public key, with parameters) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0 Parse EC Key #5c (PKCS8 PEM, with parameters) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0 Parse EC Key #8 (SEC1 PEM, secp224r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP224R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0 Parse EC Key #8a (SEC1 PEM, secp224r1, compressed) @@ -1047,7 +1047,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_224_prv.comp.pem":"NULL":0 Parse EC Key #9 (SEC1 PEM, secp256r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0 Parse EC Key #9a (SEC1 PEM, secp256r1, compressed) @@ -1055,7 +1055,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_256_prv.comp.pem":"NULL":0 Parse EC Key #10 (SEC1 PEM, secp384r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0 Parse EC Key #10a (SEC1 PEM, secp384r1, compressed) @@ -1063,7 +1063,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_384_prv.comp.pem":"NULL":0 Parse EC Key #11 (SEC1 PEM, secp521r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0 Parse EC Key #11a (SEC1 PEM, secp521r1, compressed) @@ -1071,7 +1071,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_521_prv.comp.pem":"NULL":0 Parse EC Key #12 (SEC1 PEM, bp256r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp256_prv.pem":"NULL":0 Parse EC Key #12a (SEC1 PEM, bp256r1, compressed) @@ -1079,7 +1079,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP2 pk_parse_keyfile_ec:"data_files/ec_bp256_prv.comp.pem":"NULL":0 Parse EC Key #13 (SEC1 PEM, bp384r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP384R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp384_prv.pem":"NULL":0 Parse EC Key #13a (SEC1 PEM, bp384r1, compressed) @@ -1087,7 +1087,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP3 pk_parse_keyfile_ec:"data_files/ec_bp384_prv.comp.pem":"NULL":0 Parse EC Key #14 (SEC1 PEM, bp512r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0 Parse EC Key #14a (SEC1 PEM, bp512r1, compressed) @@ -1099,19 +1099,19 @@ depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0 Parse EC Key #16 (RFC 8410, DER, X25519) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_parse_keyfile_ec:"data_files/ec_x25519_prv.der":"NULL":0 Parse EC Key #17 (RFC 8410, DER, X448) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_parse_keyfile_ec:"data_files/ec_x448_prv.der":"NULL":0 Parse EC Key #18 (RFC 8410, PEM, X25519) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_parse_keyfile_ec:"data_files/ec_x25519_prv.pem":"NULL":0 Parse EC Key #19 (RFC 8410, PEM, X448) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_parse_keyfile_ec:"data_files/ec_x448_prv.pem":"NULL":0 Key ASN1 (No data) From 517e891e5550cb889c5374bd8dad7e26e9f3245e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 21 Jun 2023 11:16:31 +0100 Subject: [PATCH 47/99] Changelog Signed-off-by: Dave Rodgman --- ChangeLog.d/fix-ilp32.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/fix-ilp32.txt diff --git a/ChangeLog.d/fix-ilp32.txt b/ChangeLog.d/fix-ilp32.txt new file mode 100644 index 000000000..7c28d68f4 --- /dev/null +++ b/ChangeLog.d/fix-ilp32.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix a compile failure in the constant_time module when building + for watchos (i.e. for Aarch64 ILP32). Reported by Paulo Coutinho + in #7787. From 85842b8edb1f3cf18cb525f068d9c105b09563fe Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 21 Jun 2023 11:22:09 +0100 Subject: [PATCH 48/99] Be strict about pointer size in mbedtls_get_unaligned_volatile_uint32 Signed-off-by: Dave Rodgman --- library/constant_time.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/constant_time.c b/library/constant_time.c index 89d7b4f23..fb14c9cf3 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -63,7 +63,8 @@ * only used here. */ #if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) && defined(MBEDTLS_HAVE_ASM) -#if defined(__arm__) || defined(__thumb__) || defined(__thumb2__) || defined(__aarch64__) +#if ((defined(__arm__) || defined(__thumb__) || defined(__thumb2__)) && (SIZE_MAX == 0xffffffff)) || \ + (defined(__aarch64__) && ((SIZE_MAX == 0xffffffff) || (SIZE_MAX == 0xffffffffffffffff))) #define MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS #endif #endif From 63e89b46f8b6cd603bb2b73e58545f940aae9a85 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 21 Jun 2023 11:55:17 +0100 Subject: [PATCH 49/99] Use UINTPTR_MAX not SIZE_MAX Signed-off-by: Dave Rodgman --- library/constant_time.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index fb14c9cf3..f7da39f8e 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -63,8 +63,9 @@ * only used here. */ #if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) && defined(MBEDTLS_HAVE_ASM) -#if ((defined(__arm__) || defined(__thumb__) || defined(__thumb2__)) && (SIZE_MAX == 0xffffffff)) || \ - (defined(__aarch64__) && ((SIZE_MAX == 0xffffffff) || (SIZE_MAX == 0xffffffffffffffff))) +#if ((defined(__arm__) || defined(__thumb__) || defined(__thumb2__)) && (UINTPTR_MAX == 0xfffffffful)) || \ + (defined(__aarch64__) && ((UINTPTR_MAX == 0xffffffffull) || (UINTPTR_MAX == 0xffffffffffffffffull))) +/* We check pointer sizes to avoid issues with them not matching register size requirements */ #define MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS #endif #endif @@ -80,10 +81,11 @@ static inline uint32_t mbedtls_get_unaligned_volatile_uint32(volatile const unsi #if defined(__arm__) || defined(__thumb__) || defined(__thumb2__) asm volatile ("ldr %0, [%1]" : "=r" (r) : "r" (p) :); #elif defined(__aarch64__) -#if (SIZE_MAX == 0xffffffff) +#if (UINTPTR_MAX == 0xfffffffful) /* ILP32: Specify the pointer operand slightly differently, as per #7787. */ asm volatile ("ldr %w0, [%1]" : "=r" (r) : "p" (p) :); -#else +#elif (UINTPTR_MAX == 0xffffffffffffffffull) + /* aarch64 with 64-bit pointers */ asm volatile ("ldr %w0, [%1]" : "=r" (r) : "r" (p) :); #endif #endif From 140fa15a7f8f56a05fda6d9c8ed6286b5bdaba27 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 21 Jun 2023 12:36:52 +0100 Subject: [PATCH 50/99] Improve changelog Signed-off-by: Dave Rodgman --- ChangeLog.d/fix-ilp32.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/fix-ilp32.txt b/ChangeLog.d/fix-ilp32.txt index 7c28d68f4..3f18ac5c5 100644 --- a/ChangeLog.d/fix-ilp32.txt +++ b/ChangeLog.d/fix-ilp32.txt @@ -1,4 +1,4 @@ Bugfix - * Fix a compile failure in the constant_time module when building - for watchos (i.e. for Aarch64 ILP32). Reported by Paulo Coutinho - in #7787. + * Fix a compilation failure in the constant_time module when + building for arm64_32 (e.g., for watchos). Reported by Paulo + Coutinho in #7787. From c54f25e26cf1a2a44f78fd1bac08a1c35c691fd0 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 21 Jun 2023 13:39:30 +0100 Subject: [PATCH 51/99] code style Signed-off-by: Dave Rodgman --- library/constant_time.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index f7da39f8e..5ed087c07 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -63,8 +63,10 @@ * only used here. */ #if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) && defined(MBEDTLS_HAVE_ASM) -#if ((defined(__arm__) || defined(__thumb__) || defined(__thumb2__)) && (UINTPTR_MAX == 0xfffffffful)) || \ - (defined(__aarch64__) && ((UINTPTR_MAX == 0xffffffffull) || (UINTPTR_MAX == 0xffffffffffffffffull))) +#if ((defined(__arm__) || defined(__thumb__) || defined(__thumb2__)) && \ + (UINTPTR_MAX == 0xfffffffful)) || \ + (defined(__aarch64__) && ((UINTPTR_MAX == 0xffffffffull) || \ + (UINTPTR_MAX == 0xffffffffffffffffull))) /* We check pointer sizes to avoid issues with them not matching register size requirements */ #define MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS #endif From 0400ae2f9b2a146acf77436daf7aee0e14101b84 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 21 Jun 2023 16:14:46 +0100 Subject: [PATCH 52/99] Fix pointer constraint in bn_mul.h Signed-off-by: Dave Rodgman --- library/bn_mul.h | 5 ++++- library/common.h | 18 ++++++++++++++++++ library/constant_time.c | 8 +------- 3 files changed, 23 insertions(+), 8 deletions(-) diff --git a/library/bn_mul.h b/library/bn_mul.h index c5994f704..0af7ecdde 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -265,7 +265,10 @@ "str x5, [%1], #8 \n\t" #define MULADDC_X1_STOP \ - : "+r" (c), "+r" (d), "+r" (s), "+m" (*(uint64_t (*)[16]) d) \ + : "+r" (c), \ + "+" MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT (d), \ + "+" MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT (s), \ + "+m" (*(uint64_t (*)[16]) d) \ : "r" (b), "m" (*(const uint64_t (*)[16]) s) \ : "x4", "x5", "x6", "x7", "cc" \ ); diff --git a/library/common.h b/library/common.h index b48a1fc66..4ee183a3f 100644 --- a/library/common.h +++ b/library/common.h @@ -169,6 +169,24 @@ inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned #endif /* *INDENT-ON* */ +/* + * Define the constraint used for pointer operands to asm. + * + * This is normally the usual "r", but for aarch64_32 (aka ILP32, + * as found in watchos), "p" is required to avoid warnings from clang. + */ +#if defined(__aarch64__) && defined(MBEDTLS_HAVE_ASM) +#if UINTPTR_MAX == 0xfffffffful +/* ILP32: Specify the pointer operand slightly differently, as per #7787. */ +#define MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT "p" +#elif UINTPTR_MAX == 0xfffffffffffffffful +/* Normal case (64-bit pointers): use "r" as the constraint for pointer operands to asm */ +#define MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT "r" +#else +#error Unrecognised pointer size for aarch64 +#endif +#endif + /* Always provide a static assert macro, so it can be used unconditionally. * It will expand to nothing on some systems. * Can be used outside functions (but don't add a trailing ';' in that case: diff --git a/library/constant_time.c b/library/constant_time.c index 5ed087c07..c62ec1381 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -83,13 +83,7 @@ static inline uint32_t mbedtls_get_unaligned_volatile_uint32(volatile const unsi #if defined(__arm__) || defined(__thumb__) || defined(__thumb2__) asm volatile ("ldr %0, [%1]" : "=r" (r) : "r" (p) :); #elif defined(__aarch64__) -#if (UINTPTR_MAX == 0xfffffffful) - /* ILP32: Specify the pointer operand slightly differently, as per #7787. */ - asm volatile ("ldr %w0, [%1]" : "=r" (r) : "p" (p) :); -#elif (UINTPTR_MAX == 0xffffffffffffffffull) - /* aarch64 with 64-bit pointers */ - asm volatile ("ldr %w0, [%1]" : "=r" (r) : "r" (p) :); -#endif + asm volatile ("ldr %w0, [%1]" : "=r" (r) : MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT (p) :); #endif return r; } From b5b6939fc29187aa6d87395bf4b898f9bf0105b1 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 21 Jun 2023 16:36:42 +0100 Subject: [PATCH 53/99] Remove redundant checks in constant_time.c Signed-off-by: Dave Rodgman --- library/constant_time.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index c62ec1381..5e1a5773e 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -64,9 +64,7 @@ */ #if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) && defined(MBEDTLS_HAVE_ASM) #if ((defined(__arm__) || defined(__thumb__) || defined(__thumb2__)) && \ - (UINTPTR_MAX == 0xfffffffful)) || \ - (defined(__aarch64__) && ((UINTPTR_MAX == 0xffffffffull) || \ - (UINTPTR_MAX == 0xffffffffffffffffull))) + (UINTPTR_MAX == 0xfffffffful)) || defined(__aarch64__) /* We check pointer sizes to avoid issues with them not matching register size requirements */ #define MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS #endif From 5b5dd011d109bb4c1d5cc1edae119ea3889ce412 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 21 Jun 2023 16:36:47 +0100 Subject: [PATCH 54/99] code style Signed-off-by: Dave Rodgman --- library/constant_time.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/constant_time.c b/library/constant_time.c index 5e1a5773e..2faba69e4 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -81,7 +81,7 @@ static inline uint32_t mbedtls_get_unaligned_volatile_uint32(volatile const unsi #if defined(__arm__) || defined(__thumb__) || defined(__thumb2__) asm volatile ("ldr %0, [%1]" : "=r" (r) : "r" (p) :); #elif defined(__aarch64__) - asm volatile ("ldr %w0, [%1]" : "=r" (r) : MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT (p) :); + asm volatile ("ldr %w0, [%1]" : "=r" (r) : MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT(p) :); #endif return r; } From e6c9996d04b8b52ca4d33fbfc221024673252968 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 21 Jun 2023 21:16:23 +0100 Subject: [PATCH 55/99] Work around updating pointers from ILP32 Signed-off-by: Dave Rodgman --- library/bn_mul.h | 10 +++++----- library/common.h | 3 +++ 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/library/bn_mul.h b/library/bn_mul.h index 0af7ecdde..93dd4b6bb 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -248,10 +248,10 @@ #endif /* AMD64 */ -#if defined(__aarch64__) +#if defined(__aarch64__) && (UINTPTR_MAX == 0xfffffffful || UINTPTR_MAX == 0xfffffffffffffffful) #define MULADDC_X1_INIT \ - asm( + do { uintptr_t muladdc_d = (uintptr_t) d, muladdc_s = (uintptr_t) s; asm( #define MULADDC_X1_CORE \ "ldr x4, [%2], #8 \n\t" \ @@ -266,12 +266,12 @@ #define MULADDC_X1_STOP \ : "+r" (c), \ - "+" MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT (d), \ - "+" MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT (s), \ + "+r" (muladdc_d), \ + "+r" (muladdc_s), \ "+m" (*(uint64_t (*)[16]) d) \ : "r" (b), "m" (*(const uint64_t (*)[16]) s) \ : "x4", "x5", "x6", "x7", "cc" \ - ); + ); d = (mbedtls_mpi_uint *)muladdc_d; s = (mbedtls_mpi_uint *)muladdc_s; } while (0); #endif /* Aarch64 */ diff --git a/library/common.h b/library/common.h index 4ee183a3f..ba9cb75c0 100644 --- a/library/common.h +++ b/library/common.h @@ -174,6 +174,9 @@ inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned * * This is normally the usual "r", but for aarch64_32 (aka ILP32, * as found in watchos), "p" is required to avoid warnings from clang. + * + * Note that clang does not recognise '+p' or '=p', and armclang + * does not recognise 'p' at all. */ #if defined(__aarch64__) && defined(MBEDTLS_HAVE_ASM) #if UINTPTR_MAX == 0xfffffffful From 3589a4c6440ce46fe5b779205dad6d3a9b1156d7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 22 Jun 2023 09:02:44 +0200 Subject: [PATCH 56/99] tls: keep buffer declaration in a single line Signed-off-by: Valerio Setti --- library/ssl_tls12_server.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 9078c247b..c791f81ba 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2597,8 +2597,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) psa_ecc_family_t ecc_family; size_t key_len; mbedtls_ecp_group_id grp_id; - unsigned char buf[ - PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; + unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; mbedtls_ecp_keypair *key; #endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ From 6835b4a6ed0df878a89ea3ac9d5b0aeae9db6343 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 22 Jun 2023 09:06:31 +0200 Subject: [PATCH 57/99] tls: always zeroize buffer on exit Signed-off-by: Valerio Setti --- library/ssl_tls12_server.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index c791f81ba..26d570a2e 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2682,6 +2682,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) break; } + mbedtls_platform_zeroize(buf, sizeof(buf)); ret = 0; break; #endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ From 2a03fd3b7b56f738ad426b1570c28b6ba25b6d05 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 21 Jun 2023 15:23:29 +0100 Subject: [PATCH 58/99] bignum_mod: Added a typedef for OPT_RED function pointer. Signed-off-by: Minos Galanakis --- library/bignum_mod.c | 3 +-- library/bignum_mod.h | 16 ++++++++-------- library/ecp_curves.c | 2 +- 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 60a3c306f..84f3896d4 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -166,8 +166,7 @@ int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_mpi_uint *p, size_t p_limbs, - int (*modp)(mbedtls_mpi_uint *X, - size_t X_limbs)) + mbedtls_mpi_modp_fn modp) { standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_OPT_RED); N->rep.ored.modp = modp; diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 87ee01569..39e8fd218 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -99,10 +99,10 @@ typedef enum { /** Montgomery representation. */ MBEDTLS_MPI_MOD_REP_MONTGOMERY = 2, /* Optimised reduction available. This indicates a coordinate modulus (P) - * and one of the following available: - * - MBEDTLS_ECP_NIST_OPTIM - * - Kobliz Curve. - * - Fast Reduction Curve CURVE25519 or CURVE448. */ + * and one or more of the following have been configured: + * - A nist curve (MBEDTLS_ECP_DP_SECPXXXR1_ENABLED) & MBEDTLS_ECP_NIST_OPTIM. + * - A Kobliz Curve. + * - A Fast Reduction Curve CURVE25519 or CURVE448. */ MBEDTLS_MPI_MOD_REP_OPT_RED, } mbedtls_mpi_mod_rep_selector; @@ -124,9 +124,10 @@ typedef struct { mbedtls_mpi_uint mm; /* Montgomery const for -N^{-1} mod 2^{ciL} */ } mbedtls_mpi_mont_struct; +typedef int (*mbedtls_mpi_modp_fn)(mbedtls_mpi_uint *X, size_t X_limbs); + typedef struct { - int (*modp)(mbedtls_mpi_uint *X, - size_t X_limbs); /* The optimised reduction function pointer */ + mbedtls_mpi_modp_fn modp; /* The optimised reduction function pointer */ } mbedtls_mpi_opt_red_struct; typedef struct { @@ -223,8 +224,7 @@ int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_mpi_uint *p, size_t p_limbs, - int (*modp)(mbedtls_mpi_uint *X, - size_t X_limbs)); + mbedtls_mpi_modp_fn modp); /** Free elements of a modulus structure. * diff --git a/library/ecp_curves.c b/library/ecp_curves.c index cb941966b..e161fd4e8 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5833,7 +5833,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_ecp_group_id id, const mbedtls_ecp_modulus_type ctype) { - int (*modp)(mbedtls_mpi_uint *X, size_t X_limbs) = NULL; + mbedtls_mpi_modp_fn modp = NULL; mbedtls_mpi_uint *p = NULL; size_t p_limbs; From e7f21e65b6193b5fd75ec1daf0cac8691e99d272 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 12 May 2023 18:17:21 +0100 Subject: [PATCH 59/99] Change J-PAKE internal state machine Keep track of the J-PAKE internal state in a more intuitive way. Specifically, replace the current state with a struct of 5 fields: * The round of J-PAKE we are currently in, FIRST or SECOND * The 'mode' we are currently working in, INPUT or OUTPUT * The number of inputs so far this round * The number of outputs so far this round * The PAKE step we are expecting, KEY_SHARE, ZK_PUBLIC or ZK_PROOF This should improve the readability of the state-transformation code. Signed-off-by: David Horstmann --- include/psa/crypto_extra.h | 27 +- library/psa_crypto.c | 300 +++++++----------- ..._suite_psa_crypto_driver_wrappers.function | 6 +- 3 files changed, 133 insertions(+), 200 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 5529dd1c8..a3351a6d0 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -2028,14 +2028,33 @@ typedef enum psa_crypto_driver_pake_step { PSA_JPAKE_X4S_STEP_ZK_PROOF = 12 /* Round 2: input Schnorr NIZKP proof for the X4S key (from peer) */ } psa_crypto_driver_pake_step_t; +typedef enum psa_jpake_round { + FIRST = 0, + SECOND = 1, + FINISHED = 2 +} psa_jpake_round_t; + +typedef enum psa_jpake_io_mode { + INPUT = 0, + OUTPUT = 1 +} psa_jpake_io_mode_t; struct psa_jpake_computation_stage_s { - psa_jpake_state_t MBEDTLS_PRIVATE(state); - psa_jpake_sequence_t MBEDTLS_PRIVATE(sequence); - psa_jpake_step_t MBEDTLS_PRIVATE(input_step); - psa_jpake_step_t MBEDTLS_PRIVATE(output_step); + /* The J-PAKE round we are currently on */ + psa_jpake_round_t MBEDTLS_PRIVATE(round); + /* The 'mode' we are currently in (inputting or outputting) */ + psa_jpake_io_mode_t MBEDTLS_PRIVATE(mode); + /* The number of inputs so far this round */ + uint8_t MBEDTLS_PRIVATE(inputs); + /* The number of outputs so far this round */ + uint8_t MBEDTLS_PRIVATE(outputs); + /* The next expected step (KEY_SHARE, ZK_PUBLIC or ZK_PROOF) */ + psa_pake_step_t MBEDTLS_PRIVATE(step); }; +#define PSA_JPAKE_EXPECTED_INPUTS(round) (((round) == FIRST) ? 2 : 1) +#define PSA_JPAKE_EXPECTED_OUTPUTS(round) (((round) == FIRST) ? 2 : 1) + struct psa_pake_operation_s { /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 217348323..f86ea3e6a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7767,10 +7767,11 @@ psa_status_t psa_pake_setup( psa_jpake_computation_stage_t *computation_stage = &operation->computation_stage.jpake; - computation_stage->state = PSA_PAKE_STATE_SETUP; - computation_stage->sequence = PSA_PAKE_SEQ_INVALID; - computation_stage->input_step = PSA_PAKE_STEP_X1_X2; - computation_stage->output_step = PSA_PAKE_STEP_X1_X2; + computation_stage->round = FIRST; + computation_stage->mode = INPUT; + computation_stage->inputs = 0; + computation_stage->outputs = 0; + computation_stage->step = PSA_PAKE_STEP_KEY_SHARE; } else #endif /* PSA_WANT_ALG_JPAKE */ { @@ -7939,57 +7940,66 @@ exit: return status; } -/* Auxiliary function to convert core computation stage(step, sequence, state) to single driver step. */ +/* Auxiliary function to convert core computation stage to single driver step. */ #if defined(PSA_WANT_ALG_JPAKE) static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_step( psa_jpake_computation_stage_t *stage) { - switch (stage->state) { - case PSA_PAKE_OUTPUT_X1_X2: - case PSA_PAKE_INPUT_X1_X2: - switch (stage->sequence) { - case PSA_PAKE_X1_STEP_KEY_SHARE: + if (stage->round == FIRST) { + int is_x1; + if (stage->mode == OUTPUT) { + is_x1 = (stage->outputs < 1); + } else { + is_x1 = (stage->inputs < 1); + } + + if (is_x1) { + switch (stage->step) { + case PSA_PAKE_STEP_KEY_SHARE: return PSA_JPAKE_X1_STEP_KEY_SHARE; - case PSA_PAKE_X1_STEP_ZK_PUBLIC: + case PSA_PAKE_STEP_ZK_PUBLIC: return PSA_JPAKE_X1_STEP_ZK_PUBLIC; - case PSA_PAKE_X1_STEP_ZK_PROOF: + case PSA_PAKE_STEP_ZK_PROOF: return PSA_JPAKE_X1_STEP_ZK_PROOF; - case PSA_PAKE_X2_STEP_KEY_SHARE: + default: + return PSA_JPAKE_STEP_INVALID; + } + } else { + switch (stage->step) { + case PSA_PAKE_STEP_KEY_SHARE: return PSA_JPAKE_X2_STEP_KEY_SHARE; - case PSA_PAKE_X2_STEP_ZK_PUBLIC: + case PSA_PAKE_STEP_ZK_PUBLIC: return PSA_JPAKE_X2_STEP_ZK_PUBLIC; - case PSA_PAKE_X2_STEP_ZK_PROOF: + case PSA_PAKE_STEP_ZK_PROOF: return PSA_JPAKE_X2_STEP_ZK_PROOF; default: return PSA_JPAKE_STEP_INVALID; } - break; - case PSA_PAKE_OUTPUT_X2S: - switch (stage->sequence) { - case PSA_PAKE_X1_STEP_KEY_SHARE: + } + } else if (stage->round == SECOND) { + if (stage->mode == OUTPUT) { + switch (stage->step) { + case PSA_PAKE_STEP_KEY_SHARE: return PSA_JPAKE_X2S_STEP_KEY_SHARE; - case PSA_PAKE_X1_STEP_ZK_PUBLIC: + case PSA_PAKE_STEP_ZK_PUBLIC: return PSA_JPAKE_X2S_STEP_ZK_PUBLIC; - case PSA_PAKE_X1_STEP_ZK_PROOF: + case PSA_PAKE_STEP_ZK_PROOF: return PSA_JPAKE_X2S_STEP_ZK_PROOF; default: return PSA_JPAKE_STEP_INVALID; } - break; - case PSA_PAKE_INPUT_X4S: - switch (stage->sequence) { - case PSA_PAKE_X1_STEP_KEY_SHARE: + } else { + switch (stage->step) { + case PSA_PAKE_STEP_KEY_SHARE: return PSA_JPAKE_X4S_STEP_KEY_SHARE; - case PSA_PAKE_X1_STEP_ZK_PUBLIC: + case PSA_PAKE_STEP_ZK_PUBLIC: return PSA_JPAKE_X4S_STEP_ZK_PUBLIC; - case PSA_PAKE_X1_STEP_ZK_PROOF: + case PSA_PAKE_STEP_ZK_PROOF: return PSA_JPAKE_X4S_STEP_ZK_PROOF; default: return PSA_JPAKE_STEP_INVALID; } - break; - default: - return PSA_JPAKE_STEP_INVALID; + } } return PSA_JPAKE_STEP_INVALID; } @@ -8032,10 +8042,11 @@ static psa_status_t psa_pake_complete_inputs( operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; psa_jpake_computation_stage_t *computation_stage = &operation->computation_stage.jpake; - computation_stage->state = PSA_PAKE_STATE_READY; - computation_stage->sequence = PSA_PAKE_SEQ_INVALID; - computation_stage->input_step = PSA_PAKE_STEP_X1_X2; - computation_stage->output_step = PSA_PAKE_STEP_X1_X2; + computation_stage->round = FIRST; + computation_stage->mode = INPUT; + computation_stage->inputs = 0; + computation_stage->outputs = 0; + computation_stage->step = PSA_PAKE_STEP_KEY_SHARE; } else #endif /* PSA_WANT_ALG_JPAKE */ { @@ -8046,9 +8057,10 @@ static psa_status_t psa_pake_complete_inputs( } #if defined(PSA_WANT_ALG_JPAKE) -static psa_status_t psa_jpake_output_prologue( +static psa_status_t psa_jpake_prologue( psa_pake_operation_t *operation, - psa_pake_step_t step) + psa_pake_step_t step, + psa_jpake_io_mode_t function_mode) { if (step != PSA_PAKE_STEP_KEY_SHARE && step != PSA_PAKE_STEP_ZK_PUBLIC && @@ -8059,84 +8071,79 @@ static psa_status_t psa_jpake_output_prologue( psa_jpake_computation_stage_t *computation_stage = &operation->computation_stage.jpake; - if (computation_stage->state == PSA_PAKE_STATE_INVALID) { + if (computation_stage->round != FIRST && + computation_stage->round != SECOND) { return PSA_ERROR_BAD_STATE; } - if (computation_stage->state != PSA_PAKE_STATE_READY && - computation_stage->state != PSA_PAKE_OUTPUT_X1_X2 && - computation_stage->state != PSA_PAKE_OUTPUT_X2S) { + /* Check that the step we are given is the one we were expecting */ + if (step != computation_stage->step) { return PSA_ERROR_BAD_STATE; } - if (computation_stage->state == PSA_PAKE_STATE_READY) { - if (step != PSA_PAKE_STEP_KEY_SHARE) { - return PSA_ERROR_BAD_STATE; - } - - switch (computation_stage->output_step) { - case PSA_PAKE_STEP_X1_X2: - computation_stage->state = PSA_PAKE_OUTPUT_X1_X2; - break; - case PSA_PAKE_STEP_X2S: - computation_stage->state = PSA_PAKE_OUTPUT_X2S; - break; - default: - return PSA_ERROR_BAD_STATE; - } - - computation_stage->sequence = PSA_PAKE_X1_STEP_KEY_SHARE; + if (step == PSA_PAKE_STEP_KEY_SHARE && + computation_stage->inputs == 0 && + computation_stage->outputs == 0) { + /* Start of the round, so function decides whether we are inputting + * or outputting */ + computation_stage->mode = function_mode; + } else if (computation_stage->mode != function_mode) { + /* Middle of the round so the mode we are in must match the function + * called by the user */ + return PSA_ERROR_BAD_STATE; } - /* Check if step matches current sequence */ - switch (computation_stage->sequence) { - case PSA_PAKE_X1_STEP_KEY_SHARE: - case PSA_PAKE_X2_STEP_KEY_SHARE: - if (step != PSA_PAKE_STEP_KEY_SHARE) { - return PSA_ERROR_BAD_STATE; - } - break; - - case PSA_PAKE_X1_STEP_ZK_PUBLIC: - case PSA_PAKE_X2_STEP_ZK_PUBLIC: - if (step != PSA_PAKE_STEP_ZK_PUBLIC) { - return PSA_ERROR_BAD_STATE; - } - break; - - case PSA_PAKE_X1_STEP_ZK_PROOF: - case PSA_PAKE_X2_STEP_ZK_PROOF: - if (step != PSA_PAKE_STEP_ZK_PROOF) { - return PSA_ERROR_BAD_STATE; - } - break; - - default: + /* Check that we do not already have enough inputs/outputs + * this round */ + if (function_mode == INPUT) { + if (computation_stage->inputs >= + PSA_JPAKE_EXPECTED_INPUTS(computation_stage->round)) { return PSA_ERROR_BAD_STATE; + } + } else { + if (computation_stage->outputs >= + PSA_JPAKE_EXPECTED_OUTPUTS(computation_stage->round)) { + return PSA_ERROR_BAD_STATE; + } } - return PSA_SUCCESS; } -static psa_status_t psa_jpake_output_epilogue( - psa_pake_operation_t *operation) +static psa_status_t psa_jpake_epilogue( + psa_pake_operation_t *operation, + psa_jpake_io_mode_t function_mode) { - psa_jpake_computation_stage_t *computation_stage = + psa_jpake_computation_stage_t *stage = &operation->computation_stage.jpake; - if ((computation_stage->state == PSA_PAKE_OUTPUT_X1_X2 && - computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || - (computation_stage->state == PSA_PAKE_OUTPUT_X2S && - computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { - computation_stage->state = PSA_PAKE_STATE_READY; - computation_stage->output_step++; - computation_stage->sequence = PSA_PAKE_SEQ_INVALID; + if (stage->step == PSA_PAKE_STEP_ZK_PROOF) { + /* End of an input/output */ + if (function_mode == INPUT) { + stage->inputs++; + if (stage->inputs >= PSA_JPAKE_EXPECTED_INPUTS(stage->round)) { + stage->mode = OUTPUT; + } + } + if (function_mode == OUTPUT) { + stage->outputs++; + if (stage->outputs >= PSA_JPAKE_EXPECTED_OUTPUTS(stage->round)) { + stage->mode = INPUT; + } + } + if (stage->inputs >= PSA_JPAKE_EXPECTED_INPUTS(stage->round) && + stage->outputs >= PSA_JPAKE_EXPECTED_OUTPUTS(stage->round)) { + /* End of a round, move to the next round */ + stage->inputs = 0; + stage->outputs = 0; + stage->round++; + } + stage->step = PSA_PAKE_STEP_KEY_SHARE; } else { - computation_stage->sequence++; + stage->step++; } - return PSA_SUCCESS; } + #endif /* PSA_WANT_ALG_JPAKE */ psa_status_t psa_pake_output( @@ -8170,7 +8177,7 @@ psa_status_t psa_pake_output( switch (operation->alg) { #if defined(PSA_WANT_ALG_JPAKE) case PSA_ALG_JPAKE: - status = psa_jpake_output_prologue(operation, step); + status = psa_jpake_prologue(operation, step, OUTPUT); if (status != PSA_SUCCESS) { goto exit; } @@ -8194,7 +8201,7 @@ psa_status_t psa_pake_output( switch (operation->alg) { #if defined(PSA_WANT_ALG_JPAKE) case PSA_ALG_JPAKE: - status = psa_jpake_output_epilogue(operation); + status = psa_jpake_epilogue(operation, OUTPUT); if (status != PSA_SUCCESS) { goto exit; } @@ -8211,100 +8218,6 @@ exit: return status; } -#if defined(PSA_WANT_ALG_JPAKE) -static psa_status_t psa_jpake_input_prologue( - psa_pake_operation_t *operation, - psa_pake_step_t step) -{ - if (step != PSA_PAKE_STEP_KEY_SHARE && - step != PSA_PAKE_STEP_ZK_PUBLIC && - step != PSA_PAKE_STEP_ZK_PROOF) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.jpake; - - if (computation_stage->state == PSA_PAKE_STATE_INVALID) { - return PSA_ERROR_BAD_STATE; - } - - if (computation_stage->state != PSA_PAKE_STATE_READY && - computation_stage->state != PSA_PAKE_INPUT_X1_X2 && - computation_stage->state != PSA_PAKE_INPUT_X4S) { - return PSA_ERROR_BAD_STATE; - } - - if (computation_stage->state == PSA_PAKE_STATE_READY) { - if (step != PSA_PAKE_STEP_KEY_SHARE) { - return PSA_ERROR_BAD_STATE; - } - - switch (computation_stage->input_step) { - case PSA_PAKE_STEP_X1_X2: - computation_stage->state = PSA_PAKE_INPUT_X1_X2; - break; - case PSA_PAKE_STEP_X2S: - computation_stage->state = PSA_PAKE_INPUT_X4S; - break; - default: - return PSA_ERROR_BAD_STATE; - } - - computation_stage->sequence = PSA_PAKE_X1_STEP_KEY_SHARE; - } - - /* Check if step matches current sequence */ - switch (computation_stage->sequence) { - case PSA_PAKE_X1_STEP_KEY_SHARE: - case PSA_PAKE_X2_STEP_KEY_SHARE: - if (step != PSA_PAKE_STEP_KEY_SHARE) { - return PSA_ERROR_BAD_STATE; - } - break; - - case PSA_PAKE_X1_STEP_ZK_PUBLIC: - case PSA_PAKE_X2_STEP_ZK_PUBLIC: - if (step != PSA_PAKE_STEP_ZK_PUBLIC) { - return PSA_ERROR_BAD_STATE; - } - break; - - case PSA_PAKE_X1_STEP_ZK_PROOF: - case PSA_PAKE_X2_STEP_ZK_PROOF: - if (step != PSA_PAKE_STEP_ZK_PROOF) { - return PSA_ERROR_BAD_STATE; - } - break; - - default: - return PSA_ERROR_BAD_STATE; - } - - return PSA_SUCCESS; -} - -static psa_status_t psa_jpake_input_epilogue( - psa_pake_operation_t *operation) -{ - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.jpake; - - if ((computation_stage->state == PSA_PAKE_INPUT_X1_X2 && - computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || - (computation_stage->state == PSA_PAKE_INPUT_X4S && - computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { - computation_stage->state = PSA_PAKE_STATE_READY; - computation_stage->input_step++; - computation_stage->sequence = PSA_PAKE_SEQ_INVALID; - } else { - computation_stage->sequence++; - } - - return PSA_SUCCESS; -} -#endif /* PSA_WANT_ALG_JPAKE */ - psa_status_t psa_pake_input( psa_pake_operation_t *operation, psa_pake_step_t step, @@ -8337,7 +8250,7 @@ psa_status_t psa_pake_input( switch (operation->alg) { #if defined(PSA_WANT_ALG_JPAKE) case PSA_ALG_JPAKE: - status = psa_jpake_input_prologue(operation, step); + status = psa_jpake_prologue(operation, step, INPUT); if (status != PSA_SUCCESS) { goto exit; } @@ -8361,7 +8274,7 @@ psa_status_t psa_pake_input( switch (operation->alg) { #if defined(PSA_WANT_ALG_JPAKE) case PSA_ALG_JPAKE: - status = psa_jpake_input_epilogue(operation); + status = psa_jpake_epilogue(operation, INPUT); if (status != PSA_SUCCESS) { goto exit; } @@ -8396,8 +8309,7 @@ psa_status_t psa_pake_get_implicit_key( if (operation->alg == PSA_ALG_JPAKE) { psa_jpake_computation_stage_t *computation_stage = &operation->computation_stage.jpake; - if (computation_stage->input_step != PSA_PAKE_STEP_DERIVE || - computation_stage->output_step != PSA_PAKE_STEP_DERIVE) { + if (computation_stage->round != FINISHED) { status = PSA_ERROR_BAD_STATE; goto exit; } diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index b971f8166..87f7b37d7 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -3127,8 +3127,10 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st PSA_SUCCESS); /* Simulate that we are ready to get implicit key. */ - operation.computation_stage.jpake.input_step = PSA_PAKE_STEP_DERIVE; - operation.computation_stage.jpake.output_step = PSA_PAKE_STEP_DERIVE; + operation.computation_stage.jpake.round = PSA_JPAKE_FINISHED; + operation.computation_stage.jpake.inputs = 0; + operation.computation_stage.jpake.outputs = 0; + operation.computation_stage.jpake.step = PSA_PAKE_STEP_KEY_SHARE; /* --- psa_pake_get_implicit_key --- */ mbedtls_test_driver_pake_hooks.forced_status = forced_status; From 5da9560178ee66835b9c9c572dba1d31489cefb6 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 8 Jun 2023 15:37:12 +0100 Subject: [PATCH 60/99] Properly namespace enum values within PSA_JPAKE_ Signed-off-by: David Horstmann --- include/psa/crypto_extra.h | 14 ++++++------- library/psa_crypto.c | 40 +++++++++++++++++++------------------- 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index a3351a6d0..eea9ef853 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -2029,14 +2029,14 @@ typedef enum psa_crypto_driver_pake_step { } psa_crypto_driver_pake_step_t; typedef enum psa_jpake_round { - FIRST = 0, - SECOND = 1, - FINISHED = 2 + PSA_JPAKE_FIRST = 0, + PSA_JPAKE_SECOND = 1, + PSA_JPAKE_FINISHED = 2 } psa_jpake_round_t; typedef enum psa_jpake_io_mode { - INPUT = 0, - OUTPUT = 1 + PSA_JPAKE_INPUT = 0, + PSA_JPAKE_OUTPUT = 1 } psa_jpake_io_mode_t; struct psa_jpake_computation_stage_s { @@ -2052,8 +2052,8 @@ struct psa_jpake_computation_stage_s { psa_pake_step_t MBEDTLS_PRIVATE(step); }; -#define PSA_JPAKE_EXPECTED_INPUTS(round) (((round) == FIRST) ? 2 : 1) -#define PSA_JPAKE_EXPECTED_OUTPUTS(round) (((round) == FIRST) ? 2 : 1) +#define PSA_JPAKE_EXPECTED_INPUTS(round) (((round) == PSA_JPAKE_FIRST) ? 2 : 1) +#define PSA_JPAKE_EXPECTED_OUTPUTS(round) (((round) == PSA_JPAKE_FIRST) ? 2 : 1) struct psa_pake_operation_s { /** Unique ID indicating which driver got assigned to do the diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f86ea3e6a..2039c1d2a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7767,8 +7767,8 @@ psa_status_t psa_pake_setup( psa_jpake_computation_stage_t *computation_stage = &operation->computation_stage.jpake; - computation_stage->round = FIRST; - computation_stage->mode = INPUT; + computation_stage->round = PSA_JPAKE_FIRST; + computation_stage->mode = PSA_JPAKE_INPUT; computation_stage->inputs = 0; computation_stage->outputs = 0; computation_stage->step = PSA_PAKE_STEP_KEY_SHARE; @@ -7945,9 +7945,9 @@ exit: static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_step( psa_jpake_computation_stage_t *stage) { - if (stage->round == FIRST) { + if (stage->round == PSA_JPAKE_FIRST) { int is_x1; - if (stage->mode == OUTPUT) { + if (stage->mode == PSA_JPAKE_OUTPUT) { is_x1 = (stage->outputs < 1); } else { is_x1 = (stage->inputs < 1); @@ -7976,8 +7976,8 @@ static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_s return PSA_JPAKE_STEP_INVALID; } } - } else if (stage->round == SECOND) { - if (stage->mode == OUTPUT) { + } else if (stage->round == PSA_JPAKE_SECOND) { + if (stage->mode == PSA_JPAKE_OUTPUT) { switch (stage->step) { case PSA_PAKE_STEP_KEY_SHARE: return PSA_JPAKE_X2S_STEP_KEY_SHARE; @@ -8042,8 +8042,8 @@ static psa_status_t psa_pake_complete_inputs( operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; psa_jpake_computation_stage_t *computation_stage = &operation->computation_stage.jpake; - computation_stage->round = FIRST; - computation_stage->mode = INPUT; + computation_stage->round = PSA_JPAKE_FIRST; + computation_stage->mode = PSA_JPAKE_INPUT; computation_stage->inputs = 0; computation_stage->outputs = 0; computation_stage->step = PSA_PAKE_STEP_KEY_SHARE; @@ -8071,8 +8071,8 @@ static psa_status_t psa_jpake_prologue( psa_jpake_computation_stage_t *computation_stage = &operation->computation_stage.jpake; - if (computation_stage->round != FIRST && - computation_stage->round != SECOND) { + if (computation_stage->round != PSA_JPAKE_FIRST && + computation_stage->round != PSA_JPAKE_SECOND) { return PSA_ERROR_BAD_STATE; } @@ -8095,7 +8095,7 @@ static psa_status_t psa_jpake_prologue( /* Check that we do not already have enough inputs/outputs * this round */ - if (function_mode == INPUT) { + if (function_mode == PSA_JPAKE_INPUT) { if (computation_stage->inputs >= PSA_JPAKE_EXPECTED_INPUTS(computation_stage->round)) { return PSA_ERROR_BAD_STATE; @@ -8118,16 +8118,16 @@ static psa_status_t psa_jpake_epilogue( if (stage->step == PSA_PAKE_STEP_ZK_PROOF) { /* End of an input/output */ - if (function_mode == INPUT) { + if (function_mode == PSA_JPAKE_INPUT) { stage->inputs++; if (stage->inputs >= PSA_JPAKE_EXPECTED_INPUTS(stage->round)) { - stage->mode = OUTPUT; + stage->mode = PSA_JPAKE_OUTPUT; } } - if (function_mode == OUTPUT) { + if (function_mode == PSA_JPAKE_OUTPUT) { stage->outputs++; if (stage->outputs >= PSA_JPAKE_EXPECTED_OUTPUTS(stage->round)) { - stage->mode = INPUT; + stage->mode = PSA_JPAKE_INPUT; } } if (stage->inputs >= PSA_JPAKE_EXPECTED_INPUTS(stage->round) && @@ -8177,7 +8177,7 @@ psa_status_t psa_pake_output( switch (operation->alg) { #if defined(PSA_WANT_ALG_JPAKE) case PSA_ALG_JPAKE: - status = psa_jpake_prologue(operation, step, OUTPUT); + status = psa_jpake_prologue(operation, step, PSA_JPAKE_OUTPUT); if (status != PSA_SUCCESS) { goto exit; } @@ -8201,7 +8201,7 @@ psa_status_t psa_pake_output( switch (operation->alg) { #if defined(PSA_WANT_ALG_JPAKE) case PSA_ALG_JPAKE: - status = psa_jpake_epilogue(operation, OUTPUT); + status = psa_jpake_epilogue(operation, PSA_JPAKE_OUTPUT); if (status != PSA_SUCCESS) { goto exit; } @@ -8250,7 +8250,7 @@ psa_status_t psa_pake_input( switch (operation->alg) { #if defined(PSA_WANT_ALG_JPAKE) case PSA_ALG_JPAKE: - status = psa_jpake_prologue(operation, step, INPUT); + status = psa_jpake_prologue(operation, step, PSA_JPAKE_INPUT); if (status != PSA_SUCCESS) { goto exit; } @@ -8274,7 +8274,7 @@ psa_status_t psa_pake_input( switch (operation->alg) { #if defined(PSA_WANT_ALG_JPAKE) case PSA_ALG_JPAKE: - status = psa_jpake_epilogue(operation, INPUT); + status = psa_jpake_epilogue(operation, PSA_JPAKE_INPUT); if (status != PSA_SUCCESS) { goto exit; } @@ -8309,7 +8309,7 @@ psa_status_t psa_pake_get_implicit_key( if (operation->alg == PSA_ALG_JPAKE) { psa_jpake_computation_stage_t *computation_stage = &operation->computation_stage.jpake; - if (computation_stage->round != FINISHED) { + if (computation_stage->round != PSA_JPAKE_FINISHED) { status = PSA_ERROR_BAD_STATE; goto exit; } From 00ad6bfabed77c139504c9bbc4c99a89cc4ce660 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 14 Jun 2023 15:44:24 +0100 Subject: [PATCH 61/99] Rename function_mode to io_mode Signed-off-by: David Horstmann --- library/psa_crypto.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2039c1d2a..801d35ff9 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -8060,7 +8060,7 @@ static psa_status_t psa_pake_complete_inputs( static psa_status_t psa_jpake_prologue( psa_pake_operation_t *operation, psa_pake_step_t step, - psa_jpake_io_mode_t function_mode) + psa_jpake_io_mode_t io_mode) { if (step != PSA_PAKE_STEP_KEY_SHARE && step != PSA_PAKE_STEP_ZK_PUBLIC && @@ -8086,8 +8086,8 @@ static psa_status_t psa_jpake_prologue( computation_stage->outputs == 0) { /* Start of the round, so function decides whether we are inputting * or outputting */ - computation_stage->mode = function_mode; - } else if (computation_stage->mode != function_mode) { + computation_stage->mode = io_mode; + } else if (computation_stage->mode != io_mode) { /* Middle of the round so the mode we are in must match the function * called by the user */ return PSA_ERROR_BAD_STATE; @@ -8095,7 +8095,7 @@ static psa_status_t psa_jpake_prologue( /* Check that we do not already have enough inputs/outputs * this round */ - if (function_mode == PSA_JPAKE_INPUT) { + if (io_mode == PSA_JPAKE_INPUT) { if (computation_stage->inputs >= PSA_JPAKE_EXPECTED_INPUTS(computation_stage->round)) { return PSA_ERROR_BAD_STATE; @@ -8111,20 +8111,20 @@ static psa_status_t psa_jpake_prologue( static psa_status_t psa_jpake_epilogue( psa_pake_operation_t *operation, - psa_jpake_io_mode_t function_mode) + psa_jpake_io_mode_t io_mode) { psa_jpake_computation_stage_t *stage = &operation->computation_stage.jpake; if (stage->step == PSA_PAKE_STEP_ZK_PROOF) { /* End of an input/output */ - if (function_mode == PSA_JPAKE_INPUT) { + if (io_mode == PSA_JPAKE_INPUT) { stage->inputs++; if (stage->inputs >= PSA_JPAKE_EXPECTED_INPUTS(stage->round)) { stage->mode = PSA_JPAKE_OUTPUT; } } - if (function_mode == PSA_JPAKE_OUTPUT) { + if (io_mode == PSA_JPAKE_OUTPUT) { stage->outputs++; if (stage->outputs >= PSA_JPAKE_EXPECTED_OUTPUTS(stage->round)) { stage->mode = PSA_JPAKE_INPUT; From 024e5c5f2e7978aafd959e4d4a199ff46f6ed88f Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 14 Jun 2023 15:48:21 +0100 Subject: [PATCH 62/99] Rename struct member mode to io_mode Signed-off-by: David Horstmann --- include/psa/crypto_extra.h | 2 +- library/psa_crypto.c | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index eea9ef853..87ab4d6b0 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -2043,7 +2043,7 @@ struct psa_jpake_computation_stage_s { /* The J-PAKE round we are currently on */ psa_jpake_round_t MBEDTLS_PRIVATE(round); /* The 'mode' we are currently in (inputting or outputting) */ - psa_jpake_io_mode_t MBEDTLS_PRIVATE(mode); + psa_jpake_io_mode_t MBEDTLS_PRIVATE(io_mode); /* The number of inputs so far this round */ uint8_t MBEDTLS_PRIVATE(inputs); /* The number of outputs so far this round */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 801d35ff9..9deddde18 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7768,7 +7768,7 @@ psa_status_t psa_pake_setup( &operation->computation_stage.jpake; computation_stage->round = PSA_JPAKE_FIRST; - computation_stage->mode = PSA_JPAKE_INPUT; + computation_stage->io_mode = PSA_JPAKE_INPUT; computation_stage->inputs = 0; computation_stage->outputs = 0; computation_stage->step = PSA_PAKE_STEP_KEY_SHARE; @@ -7947,7 +7947,7 @@ static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_s { if (stage->round == PSA_JPAKE_FIRST) { int is_x1; - if (stage->mode == PSA_JPAKE_OUTPUT) { + if (stage->io_mode == PSA_JPAKE_OUTPUT) { is_x1 = (stage->outputs < 1); } else { is_x1 = (stage->inputs < 1); @@ -7977,7 +7977,7 @@ static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_s } } } else if (stage->round == PSA_JPAKE_SECOND) { - if (stage->mode == PSA_JPAKE_OUTPUT) { + if (stage->io_mode == PSA_JPAKE_OUTPUT) { switch (stage->step) { case PSA_PAKE_STEP_KEY_SHARE: return PSA_JPAKE_X2S_STEP_KEY_SHARE; @@ -8043,7 +8043,7 @@ static psa_status_t psa_pake_complete_inputs( psa_jpake_computation_stage_t *computation_stage = &operation->computation_stage.jpake; computation_stage->round = PSA_JPAKE_FIRST; - computation_stage->mode = PSA_JPAKE_INPUT; + computation_stage->io_mode = PSA_JPAKE_INPUT; computation_stage->inputs = 0; computation_stage->outputs = 0; computation_stage->step = PSA_PAKE_STEP_KEY_SHARE; @@ -8086,8 +8086,8 @@ static psa_status_t psa_jpake_prologue( computation_stage->outputs == 0) { /* Start of the round, so function decides whether we are inputting * or outputting */ - computation_stage->mode = io_mode; - } else if (computation_stage->mode != io_mode) { + computation_stage->io_mode = io_mode; + } else if (computation_stage->io_mode != io_mode) { /* Middle of the round so the mode we are in must match the function * called by the user */ return PSA_ERROR_BAD_STATE; @@ -8121,13 +8121,13 @@ static psa_status_t psa_jpake_epilogue( if (io_mode == PSA_JPAKE_INPUT) { stage->inputs++; if (stage->inputs >= PSA_JPAKE_EXPECTED_INPUTS(stage->round)) { - stage->mode = PSA_JPAKE_OUTPUT; + stage->io_mode = PSA_JPAKE_OUTPUT; } } if (io_mode == PSA_JPAKE_OUTPUT) { stage->outputs++; if (stage->outputs >= PSA_JPAKE_EXPECTED_OUTPUTS(stage->round)) { - stage->mode = PSA_JPAKE_INPUT; + stage->io_mode = PSA_JPAKE_INPUT; } } if (stage->inputs >= PSA_JPAKE_EXPECTED_INPUTS(stage->round) && From 096093bac5ff65ae9f474da647fa9d6c0d24bd1f Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 14 Jun 2023 17:06:07 +0100 Subject: [PATCH 63/99] Remove redundant structures from previous design Signed-off-by: David Horstmann --- include/psa/crypto_extra.h | 28 ---------------------------- 1 file changed, 28 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 87ab4d6b0..1d91da01a 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1984,34 +1984,6 @@ struct psa_crypto_driver_pake_inputs_s { psa_pake_cipher_suite_t MBEDTLS_PRIVATE(cipher_suite); }; -typedef enum psa_jpake_step { - PSA_PAKE_STEP_INVALID = 0, - PSA_PAKE_STEP_X1_X2 = 1, - PSA_PAKE_STEP_X2S = 2, - PSA_PAKE_STEP_DERIVE = 3, -} psa_jpake_step_t; - -typedef enum psa_jpake_state { - PSA_PAKE_STATE_INVALID = 0, - PSA_PAKE_STATE_SETUP = 1, - PSA_PAKE_STATE_READY = 2, - PSA_PAKE_OUTPUT_X1_X2 = 3, - PSA_PAKE_OUTPUT_X2S = 4, - PSA_PAKE_INPUT_X1_X2 = 5, - PSA_PAKE_INPUT_X4S = 6, -} psa_jpake_state_t; - -typedef enum psa_jpake_sequence { - PSA_PAKE_SEQ_INVALID = 0, - PSA_PAKE_X1_STEP_KEY_SHARE = 1, /* also X2S & X4S KEY_SHARE */ - PSA_PAKE_X1_STEP_ZK_PUBLIC = 2, /* also X2S & X4S ZK_PUBLIC */ - PSA_PAKE_X1_STEP_ZK_PROOF = 3, /* also X2S & X4S ZK_PROOF */ - PSA_PAKE_X2_STEP_KEY_SHARE = 4, - PSA_PAKE_X2_STEP_ZK_PUBLIC = 5, - PSA_PAKE_X2_STEP_ZK_PROOF = 6, - PSA_PAKE_SEQ_END = 7, -} psa_jpake_sequence_t; - typedef enum psa_crypto_driver_pake_step { PSA_JPAKE_STEP_INVALID = 0, /* Invalid step */ PSA_JPAKE_X1_STEP_KEY_SHARE = 1, /* Round 1: input/output key share (for ephemeral private key X1).*/ From 279d2279714d2fc167ee7f92c203b40c15044b77 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 14 Jun 2023 17:13:56 +0100 Subject: [PATCH 64/99] Add "completed" clarification to struct comments Signed-off-by: David Horstmann --- include/psa/crypto_extra.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 1d91da01a..a7d98a084 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -2016,9 +2016,9 @@ struct psa_jpake_computation_stage_s { psa_jpake_round_t MBEDTLS_PRIVATE(round); /* The 'mode' we are currently in (inputting or outputting) */ psa_jpake_io_mode_t MBEDTLS_PRIVATE(io_mode); - /* The number of inputs so far this round */ + /* The number of completed inputs so far this round */ uint8_t MBEDTLS_PRIVATE(inputs); - /* The number of outputs so far this round */ + /* The number of completed outputs so far this round */ uint8_t MBEDTLS_PRIVATE(outputs); /* The next expected step (KEY_SHARE, ZK_PUBLIC or ZK_PROOF) */ psa_pake_step_t MBEDTLS_PRIVATE(step); From 16f0151887c034619d754241f8b4d87b99fbfac5 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 14 Jun 2023 17:21:07 +0100 Subject: [PATCH 65/99] Use memset for initialization Signed-off-by: David Horstmann --- library/psa_crypto.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9deddde18..a36bc7f05 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7767,10 +7767,7 @@ psa_status_t psa_pake_setup( psa_jpake_computation_stage_t *computation_stage = &operation->computation_stage.jpake; - computation_stage->round = PSA_JPAKE_FIRST; - computation_stage->io_mode = PSA_JPAKE_INPUT; - computation_stage->inputs = 0; - computation_stage->outputs = 0; + memset(computation_stage, 0, sizeof(*computation_stage)); computation_stage->step = PSA_PAKE_STEP_KEY_SHARE; } else #endif /* PSA_WANT_ALG_JPAKE */ From 1b54faed67ccb1ec3981edb5c334119d8baa696d Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 14 Jun 2023 18:05:52 +0100 Subject: [PATCH 66/99] Remove unnecessary initialization of state The psa_jpake_computation_stage_t is already initialized in psa_pake_setup(), so does not need initializing again in psa_pake_complete_inputs(). Signed-off-by: David Horstmann --- library/psa_crypto.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a36bc7f05..46b9129d7 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -8037,13 +8037,6 @@ static psa_status_t psa_pake_complete_inputs( #if defined(PSA_WANT_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.jpake; - computation_stage->round = PSA_JPAKE_FIRST; - computation_stage->io_mode = PSA_JPAKE_INPUT; - computation_stage->inputs = 0; - computation_stage->outputs = 0; - computation_stage->step = PSA_PAKE_STEP_KEY_SHARE; } else #endif /* PSA_WANT_ALG_JPAKE */ { From 5d878f6c5f7b9fe843f734d645855b505c86f6b8 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 14 Jun 2023 18:09:43 +0100 Subject: [PATCH 67/99] Tweak wording for clarity "inputs this round" -> "inputs for this round" Signed-off-by: David Horstmann --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 46b9129d7..1238680f9 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -8083,7 +8083,7 @@ static psa_status_t psa_jpake_prologue( return PSA_ERROR_BAD_STATE; } - /* Check that we do not already have enough inputs/outputs + /* Check that we do not already have enough inputs/outputs for * this round */ if (io_mode == PSA_JPAKE_INPUT) { if (computation_stage->inputs >= From 74a3d8c99cfec89cd41404ea86675389b556fd34 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 14 Jun 2023 18:28:19 +0100 Subject: [PATCH 68/99] Simplify logic of driver step conversion Take advantage of the contiguous nature of XYZ_KEY_SHARE, XYZ_ZK_PUBLIC and XYZ_ZK_PROOF to simplify the conversion code. Signed-off-by: David Horstmann --- library/psa_crypto.c | 58 +++++++++----------------------------------- 1 file changed, 11 insertions(+), 47 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1238680f9..6303abbe6 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7942,63 +7942,27 @@ exit: static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_step( psa_jpake_computation_stage_t *stage) { + psa_crypto_driver_pake_step_t key_share_step; if (stage->round == PSA_JPAKE_FIRST) { int is_x1; + if (stage->io_mode == PSA_JPAKE_OUTPUT) { is_x1 = (stage->outputs < 1); } else { is_x1 = (stage->inputs < 1); } - if (is_x1) { - switch (stage->step) { - case PSA_PAKE_STEP_KEY_SHARE: - return PSA_JPAKE_X1_STEP_KEY_SHARE; - case PSA_PAKE_STEP_ZK_PUBLIC: - return PSA_JPAKE_X1_STEP_ZK_PUBLIC; - case PSA_PAKE_STEP_ZK_PROOF: - return PSA_JPAKE_X1_STEP_ZK_PROOF; - default: - return PSA_JPAKE_STEP_INVALID; - } - } else { - switch (stage->step) { - case PSA_PAKE_STEP_KEY_SHARE: - return PSA_JPAKE_X2_STEP_KEY_SHARE; - case PSA_PAKE_STEP_ZK_PUBLIC: - return PSA_JPAKE_X2_STEP_ZK_PUBLIC; - case PSA_PAKE_STEP_ZK_PROOF: - return PSA_JPAKE_X2_STEP_ZK_PROOF; - default: - return PSA_JPAKE_STEP_INVALID; - } - } + key_share_step = is_x1 ? + PSA_JPAKE_X1_STEP_KEY_SHARE : + PSA_JPAKE_X2_STEP_KEY_SHARE; } else if (stage->round == PSA_JPAKE_SECOND) { - if (stage->io_mode == PSA_JPAKE_OUTPUT) { - switch (stage->step) { - case PSA_PAKE_STEP_KEY_SHARE: - return PSA_JPAKE_X2S_STEP_KEY_SHARE; - case PSA_PAKE_STEP_ZK_PUBLIC: - return PSA_JPAKE_X2S_STEP_ZK_PUBLIC; - case PSA_PAKE_STEP_ZK_PROOF: - return PSA_JPAKE_X2S_STEP_ZK_PROOF; - default: - return PSA_JPAKE_STEP_INVALID; - } - } else { - switch (stage->step) { - case PSA_PAKE_STEP_KEY_SHARE: - return PSA_JPAKE_X4S_STEP_KEY_SHARE; - case PSA_PAKE_STEP_ZK_PUBLIC: - return PSA_JPAKE_X4S_STEP_ZK_PUBLIC; - case PSA_PAKE_STEP_ZK_PROOF: - return PSA_JPAKE_X4S_STEP_ZK_PROOF; - default: - return PSA_JPAKE_STEP_INVALID; - } - } + key_share_step = (stage->io_mode == PSA_JPAKE_OUTPUT) ? + PSA_JPAKE_X2S_STEP_KEY_SHARE : + PSA_JPAKE_X4S_STEP_KEY_SHARE; + } else { + return PSA_JPAKE_STEP_INVALID; } - return PSA_JPAKE_STEP_INVALID; + return key_share_step + stage->step - PSA_PAKE_STEP_KEY_SHARE; } #endif /* PSA_WANT_ALG_JPAKE */ From e5b374adaf88ece0c2876f12bd3bbd3be8c17026 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 14 Jun 2023 19:02:00 +0100 Subject: [PATCH 69/99] Remove comment explaining the state machine The explanation of the dispatch layer's state machine should not be in the file containing the software implementation and a better understanding can be had by reading the dispatch layer's code. Signed-off-by: David Horstmann --- library/psa_crypto_pake.c | 62 --------------------------------------- 1 file changed, 62 deletions(-) diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 4136614f3..7140faf83 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -79,68 +79,6 @@ * psa_pake_abort() */ -/* - * The first PAKE step shares the same sequences of the second PAKE step - * but with a second set of KEY_SHARE/ZK_PUBLIC/ZK_PROOF outputs/inputs. - * It's simpler to share the same sequences numbers of the first - * set of KEY_SHARE/ZK_PUBLIC/ZK_PROOF outputs/inputs in both PAKE steps. - * - * State sequence with step, state & sequence enums: - * => Input & Output Step = PSA_PAKE_STEP_INVALID - * => state = PSA_PAKE_STATE_INVALID - * psa_pake_setup() - * => Input & Output Step = PSA_PAKE_STEP_X1_X2 - * => state = PSA_PAKE_STATE_SETUP - * => sequence = PSA_PAKE_SEQ_INVALID - * | - * |--- In any order: (First round input before or after first round output) - * | | First call of psa_pake_output() or psa_pake_input() sets - * | | state = PSA_PAKE_STATE_READY - * | | - * | |------ In Order: => state = PSA_PAKE_OUTPUT_X1_X2 - * | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_KEY_SHARE - * | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_ZK_PUBLIC - * | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_ZK_PROOF - * | | | psa_pake_output() => sequence = PSA_PAKE_X2_STEP_KEY_SHARE - * | | | psa_pake_output() => sequence = PSA_PAKE_X2_STEP_ZK_PUBLIC - * | | | psa_pake_output() => sequence = PSA_PAKE_X2_STEP_ZK_PROOF - * | | | => state = PSA_PAKE_STATE_READY - * | | | => sequence = PSA_PAKE_SEQ_INVALID - * | | | => Output Step = PSA_PAKE_STEP_X2S - * | | - * | |------ In Order: => state = PSA_PAKE_INPUT_X1_X2 - * | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_KEY_SHARE - * | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_ZK_PUBLIC - * | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_ZK_PROOF - * | | | psa_pake_input() => sequence = PSA_PAKE_X2_STEP_KEY_SHARE - * | | | psa_pake_input() => sequence = PSA_PAKE_X2_STEP_ZK_PUBLIC - * | | | psa_pake_input() => sequence = PSA_PAKE_X2_STEP_ZK_PROOF - * | | | => state = PSA_PAKE_STATE_READY - * | | | => sequence = PSA_PAKE_SEQ_INVALID - * | | | => Output Step = PSA_PAKE_INPUT_X4S - * | - * |--- In any order: (Second round input before or after second round output) - * | | - * | |------ In Order: => state = PSA_PAKE_OUTPUT_X2S - * | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_KEY_SHARE - * | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_ZK_PUBLIC - * | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_ZK_PROOF - * | | | => state = PSA_PAKE_STATE_READY - * | | | => sequence = PSA_PAKE_SEQ_INVALID - * | | | => Output Step = PSA_PAKE_STEP_DERIVE - * | | - * | |------ In Order: => state = PSA_PAKE_INPUT_X4S - * | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_KEY_SHARE - * | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_ZK_PUBLIC - * | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_ZK_PROOF - * | | | => state = PSA_PAKE_STATE_READY - * | | | => sequence = PSA_PAKE_SEQ_INVALID - * | | | => Output Step = PSA_PAKE_STEP_DERIVE - * | - * psa_pake_get_implicit_key() - * => Input & Output Step = PSA_PAKE_STEP_INVALID - */ - #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) static psa_status_t mbedtls_ecjpake_to_psa_error(int ret) { From 88d25f00758ea6aaac124ea5cfa0f8ab1cf68dfe Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 20 Jun 2023 18:21:44 +0100 Subject: [PATCH 70/99] Remove unnecessary checks in psa_jpake_prologue() These checks are not needed as long as the state is intact. Signed-off-by: David Horstmann --- library/psa_crypto.c | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6303abbe6..0a549ef49 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -8047,19 +8047,6 @@ static psa_status_t psa_jpake_prologue( return PSA_ERROR_BAD_STATE; } - /* Check that we do not already have enough inputs/outputs for - * this round */ - if (io_mode == PSA_JPAKE_INPUT) { - if (computation_stage->inputs >= - PSA_JPAKE_EXPECTED_INPUTS(computation_stage->round)) { - return PSA_ERROR_BAD_STATE; - } - } else { - if (computation_stage->outputs >= - PSA_JPAKE_EXPECTED_OUTPUTS(computation_stage->round)) { - return PSA_ERROR_BAD_STATE; - } - } return PSA_SUCCESS; } From a62d712cf8575cb3a5106bd79fb8cd544f945cb1 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 15 Jun 2023 17:46:56 +0100 Subject: [PATCH 71/99] Add testing for extra calls during a round Test that extra calls to psa_pake_input() and psa_pake_output() during a round return the correct error. Signed-off-by: David Horstmann --- tests/suites/test_suite_psa_crypto_pake.data | 8 +++++++ .../test_suite_psa_crypto_pake.function | 22 +++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index 9e1cc6327..89f15623c 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -210,6 +210,14 @@ PSA PAKE: inject ERR_INJECT_ROUND2_SERVER_ZK_PROOF depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_ZK_PROOF:PSA_ERROR_DATA_INVALID +PSA PAKE: inject ERR_INJECT_EXTRA_OUTPUT +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_EXTRA_OUTPUT:PSA_ERROR_BAD_STATE + +PSA PAKE: inject ERR_INJECT_EXTRA_INPUT +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_INJECT_EXTRA_INPUT:PSA_ERROR_BAD_STATE + PSA PAKE: ecjpake size macros depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256 ecjpake_size_macros: diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 52380de17..87c40f5e4 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -2,6 +2,7 @@ #include #include "psa/crypto.h" +#include "psa/crypto_extra.h" typedef enum { ERR_NONE = 0, @@ -39,6 +40,8 @@ typedef enum { ERR_INJECT_ROUND2_SERVER_KEY_SHARE, ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC, ERR_INJECT_ROUND2_SERVER_ZK_PROOF, + ERR_INJECT_EXTRA_OUTPUT, + ERR_INJECT_EXTRA_INPUT, /* erros issued from the .data file */ ERR_IN_SETUP, ERR_IN_SET_USER, @@ -69,6 +72,13 @@ static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; *(buf + 7) ^= 1; \ } +#define DO_ROUND_CONDITIONAL_CHECK_FAILURE(this_stage, function) \ + if (this_stage == err_stage) \ + { \ + TEST_EQUAL(function, expected_error_arg); \ + break; \ + } + #define DO_ROUND_UPDATE_OFFSETS(main_buf_offset, step_offset, step_size) \ { \ step_offset = main_buf_offset; \ @@ -185,6 +195,12 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, buffer0 + buffer0_off); DO_ROUND_UPDATE_OFFSETS(buffer0_off, s_x2_pr_off, s_x2_pr_len); + size_t extra_output_len; + DO_ROUND_CONDITIONAL_CHECK_FAILURE( + ERR_INJECT_EXTRA_OUTPUT, + psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_g2_off, 512 - s_g2_off, &extra_output_len)); + (void) extra_output_len; /* * When injecting errors in inputs, the implementation is * free to detect it right away of with a delay. @@ -223,6 +239,12 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, s_x2_pr_len); DO_ROUND_CHECK_FAILURE(); + /* Note: Must have client_input_first == 1 to inject extra input */ + DO_ROUND_CONDITIONAL_CHECK_FAILURE( + ERR_INJECT_EXTRA_INPUT, + psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_g2_off, s_g2_len)); + /* Error didn't trigger, make test fail */ if ((err_stage >= ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1) && (err_stage <= ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2)) { From 25c907071fbaf923651acafe98cca6221dce6209 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 20 Jun 2023 19:10:25 +0100 Subject: [PATCH 72/99] Test extra inputs and outputs at the end of J-PAKE Add tests for supplying inputs or requesting outputs when a J-PAKE computation has already completed Signed-off-by: David Horstmann --- tests/suites/test_suite_psa_crypto_pake.data | 8 ++ .../test_suite_psa_crypto_pake.function | 75 +++++++++++++++++++ 2 files changed, 83 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index 89f15623c..da54ad116 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -218,6 +218,14 @@ PSA PAKE: inject ERR_INJECT_EXTRA_INPUT depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_INJECT_EXTRA_INPUT:PSA_ERROR_BAD_STATE +PSA PAKE: inject ERR_INJECT_EXTRA_OUTPUT_AT_END +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject_second:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_INJECT_EXTRA_OUTPUT_AT_END:PSA_ERROR_BAD_STATE + +PSA PAKE: inject ERR_INJECT_EXTRA_INPUT_AT_END +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject_second:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_EXTRA_INPUT_AT_END:PSA_ERROR_BAD_STATE + PSA PAKE: ecjpake size macros depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256 ecjpake_size_macros: diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 87c40f5e4..49ca36190 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -42,6 +42,8 @@ typedef enum { ERR_INJECT_ROUND2_SERVER_ZK_PROOF, ERR_INJECT_EXTRA_OUTPUT, ERR_INJECT_EXTRA_INPUT, + ERR_INJECT_EXTRA_OUTPUT_AT_END, + ERR_INJECT_EXTRA_INPUT_AT_END, /* erros issued from the .data file */ ERR_IN_SETUP, ERR_IN_SET_USER, @@ -466,6 +468,16 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, buffer1 + buffer1_off); DO_ROUND_UPDATE_OFFSETS(buffer1_off, c_x2s_pr_off, c_x2s_pr_len); + if (client_input_first == 1) { + size_t extra_output_at_end_len; + DO_ROUND_CONDITIONAL_CHECK_FAILURE( + ERR_INJECT_EXTRA_OUTPUT_AT_END, + psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + c_a_off, 512 - c_a_off, + &extra_output_at_end_len)); + (void) extra_output_at_end_len; + } + if (client_input_first == 0) { /* Client second round Input */ status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, @@ -503,6 +515,12 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, buffer1 + c_x2s_pr_off, c_x2s_pr_len); DO_ROUND_CHECK_FAILURE(); + DO_ROUND_CONDITIONAL_CHECK_FAILURE( + ERR_INJECT_EXTRA_INPUT_AT_END, + psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + c_a_off, c_a_len)); + + /* Error didn't trigger, make test fail */ if ((err_stage >= ERR_INJECT_ROUND2_CLIENT_KEY_SHARE) && (err_stage <= ERR_INJECT_ROUND2_CLIENT_ZK_PROOF)) { @@ -810,6 +828,63 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ +/* Inject errors during the second round of J-PAKE */ +void ecjpake_rounds_inject_second(int alg_arg, int primitive_arg, int hash_arg, + int client_input_first, + data_t *pw_data, + int err_stage_arg, + int expected_error_arg) +{ + psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); + psa_pake_operation_t server = psa_pake_operation_init(); + psa_pake_operation_t client = psa_pake_operation_init(); + psa_algorithm_t alg = alg_arg; + psa_algorithm_t hash_alg = hash_arg; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + ecjpake_error_stage_t err_stage = err_stage_arg; + + PSA_INIT(); + + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); + + PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, + &key)); + + psa_pake_cs_set_algorithm(&cipher_suite, alg); + psa_pake_cs_set_primitive(&cipher_suite, primitive_arg); + psa_pake_cs_set_hash(&cipher_suite, hash_alg); + + PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); + PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); + + PSA_ASSERT(psa_pake_set_user(&server, jpake_server_id, sizeof(jpake_server_id))); + PSA_ASSERT(psa_pake_set_peer(&server, jpake_client_id, sizeof(jpake_client_id))); + PSA_ASSERT(psa_pake_set_user(&client, jpake_client_id, sizeof(jpake_client_id))); + PSA_ASSERT(psa_pake_set_peer(&client, jpake_server_id, sizeof(jpake_server_id))); + + PSA_ASSERT(psa_pake_set_password_key(&server, key)); + PSA_ASSERT(psa_pake_set_password_key(&client, key)); + + ecjpake_do_round(alg, primitive_arg, &server, &client, + client_input_first, PAKE_ROUND_ONE, + ERR_NONE, expected_error_arg); + + ecjpake_do_round(alg, primitive_arg, &server, &client, + client_input_first, PAKE_ROUND_TWO, + err_stage, expected_error_arg); + +exit: + psa_destroy_key(key); + psa_pake_abort(&server); + psa_pake_abort(&client); + PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, int derive_alg_arg, data_t *pw_data, From 57727cd3fc728a47eaee0ac8291826859b435cd1 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 20 Jun 2023 19:40:57 +0100 Subject: [PATCH 73/99] Explain the sequence of mbedtls_psa_pake_ calls Add a comment showing the order in which the mbedtls_psa_pake_xyz() functions may be called. Signed-off-by: David Horstmann --- library/psa_crypto_pake.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 7140faf83..e22bcf825 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -79,6 +79,40 @@ * psa_pake_abort() */ +/* + * Possible sequence of calls to implementation: + * + * |--- In any order: + * | | + * | |------ In Order + * | | | mbedtls_psa_pake_output(PSA_JPAKE_X1_STEP_KEY_SHARE) + * | | | mbedtls_psa_pake_output(PSA_JPAKE_X1_STEP_ZK_PUBLIC) + * | | | mbedtls_psa_pake_output(PSA_JPAKE_X1_STEP_ZK_PROOF) + * | | | mbedtls_psa_pake_output(PSA_JPAKE_X2_STEP_KEY_SHARE) + * | | | mbedtls_psa_pake_output(PSA_JPAKE_X2_STEP_ZK_PUBLIC) + * | | | mbedtls_psa_pake_output(PSA_JPAKE_X2_STEP_ZK_PROOF) + * | | + * | |------ In Order: + * | | mbedtls_psa_pake_input(PSA_JPAKE_X1_STEP_KEY_SHARE) + * | | mbedtls_psa_pake_input(PSA_JPAKE_X1_STEP_ZK_PUBLIC) + * | | mbedtls_psa_pake_input(PSA_JPAKE_X1_STEP_ZK_PROOF) + * | | mbedtls_psa_pake_input(PSA_JPAKE_X2_STEP_KEY_SHARE) + * | | mbedtls_psa_pake_input(PSA_JPAKE_X2_STEP_ZK_PUBLIC) + * | | mbedtls_psa_pake_input(PSA_JPAKE_X2_STEP_ZK_PROOF) + * | + * |--- In any order: + * | | + * | |------ In Order + * | | | mbedtls_psa_pake_output(PSA_JPAKE_X2S_STEP_KEY_SHARE) + * | | | mbedtls_psa_pake_output(PSA_JPAKE_X2S_STEP_ZK_PUBLIC) + * | | | mbedtls_psa_pake_output(PSA_JPAKE_X2S_STEP_ZK_PROOF) + * | | + * | |------ In Order: + * | | mbedtls_psa_pake_input(PSA_JPAKE_X4S_STEP_KEY_SHARE) + * | | mbedtls_psa_pake_input(PSA_JPAKE_X4S_STEP_ZK_PUBLIC) + * | | mbedtls_psa_pake_input(PSA_JPAKE_X4S_STEP_ZK_PROOF) + */ + #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) static psa_status_t mbedtls_ecjpake_to_psa_error(int ret) { From a5f7de1df2cb7cc3aa776e6053d4658c1c9eb946 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 21 Jun 2023 15:58:05 +0100 Subject: [PATCH 74/99] Refactor injecting errors in the second round Use a single function rather than 2 similar ones and pass the round that is desired. Signed-off-by: David Horstmann --- tests/suites/test_suite_psa_crypto_pake.data | 56 ++++++++-------- .../test_suite_psa_crypto_pake.function | 65 ++----------------- 2 files changed, 33 insertions(+), 88 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index da54ad116..ea39ea45f 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -132,99 +132,99 @@ ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA PSA PAKE: no injected errors depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_NONE:PSA_SUCCESS +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_NONE:PSA_SUCCESS:0 PSA PAKE: no injected errors, client input first depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_NONE:PSA_SUCCESS +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_NONE:PSA_SUCCESS:0 PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1:PSA_ERROR_DATA_INVALID:0 PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART1 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART1:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART1:PSA_ERROR_DATA_INVALID:0 PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART1 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART1:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART1:PSA_ERROR_DATA_INVALID:0 PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART2 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART2:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART2:PSA_ERROR_DATA_INVALID:0 PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART2 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART2:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART2:PSA_ERROR_DATA_INVALID:0 PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2:PSA_ERROR_DATA_INVALID:0 PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1:PSA_ERROR_DATA_INVALID:0 PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART1 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART1:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART1:PSA_ERROR_DATA_INVALID:0 PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART1 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART1:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART1:PSA_ERROR_DATA_INVALID:0 PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART2 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART2:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART2:PSA_ERROR_DATA_INVALID:0 PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART2 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART2:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART2:PSA_ERROR_DATA_INVALID:0 PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2:PSA_ERROR_DATA_INVALID:0 PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_KEY_SHARE depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_KEY_SHARE:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_KEY_SHARE:PSA_ERROR_DATA_INVALID:1 PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC:PSA_ERROR_DATA_INVALID:1 PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_ZK_PROOF depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_ZK_PROOF:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_ZK_PROOF:PSA_ERROR_DATA_INVALID:1 PSA PAKE: inject ERR_INJECT_ROUND2_SERVER_KEY_SHARE depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_KEY_SHARE:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_KEY_SHARE:PSA_ERROR_DATA_INVALID:1 PSA PAKE: inject ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC:PSA_ERROR_DATA_INVALID:1 PSA PAKE: inject ERR_INJECT_ROUND2_SERVER_ZK_PROOF depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_ZK_PROOF:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_ZK_PROOF:PSA_ERROR_DATA_INVALID:1 PSA PAKE: inject ERR_INJECT_EXTRA_OUTPUT -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_EXTRA_OUTPUT:PSA_ERROR_BAD_STATE +depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_EXTRA_OUTPUT:PSA_ERROR_BAD_STATE:0 PSA PAKE: inject ERR_INJECT_EXTRA_INPUT -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_INJECT_EXTRA_INPUT:PSA_ERROR_BAD_STATE +depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_INJECT_EXTRA_INPUT:PSA_ERROR_BAD_STATE:0 PSA PAKE: inject ERR_INJECT_EXTRA_OUTPUT_AT_END -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject_second:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_INJECT_EXTRA_OUTPUT_AT_END:PSA_ERROR_BAD_STATE +depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_INJECT_EXTRA_OUTPUT_AT_END:PSA_ERROR_BAD_STATE:1 PSA PAKE: inject ERR_INJECT_EXTRA_INPUT_AT_END -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject_second:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_EXTRA_INPUT_AT_END:PSA_ERROR_BAD_STATE +depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_EXTRA_INPUT_AT_END:PSA_ERROR_BAD_STATE:1 PSA PAKE: ecjpake size macros depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256 diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 49ca36190..f04d56fdb 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -773,7 +773,8 @@ void ecjpake_rounds_inject(int alg_arg, int primitive_arg, int hash_arg, int client_input_first, data_t *pw_data, int err_stage_arg, - int expected_error_arg) + int expected_error_arg, + int inject_in_second_round) { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_operation_t server = psa_pake_operation_init(); @@ -810,9 +811,10 @@ void ecjpake_rounds_inject(int alg_arg, int primitive_arg, int hash_arg, ecjpake_do_round(alg, primitive_arg, &server, &client, client_input_first, PAKE_ROUND_ONE, - err_stage, expected_error_arg); + inject_in_second_round ? ERR_NONE : err_stage, + expected_error_arg); - if (err_stage != ERR_NONE) { + if (!inject_in_second_round && err_stage != ERR_NONE) { goto exit; } @@ -828,63 +830,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ -/* Inject errors during the second round of J-PAKE */ -void ecjpake_rounds_inject_second(int alg_arg, int primitive_arg, int hash_arg, - int client_input_first, - data_t *pw_data, - int err_stage_arg, - int expected_error_arg) -{ - psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); - psa_pake_operation_t server = psa_pake_operation_init(); - psa_pake_operation_t client = psa_pake_operation_init(); - psa_algorithm_t alg = alg_arg; - psa_algorithm_t hash_alg = hash_arg; - mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - ecjpake_error_stage_t err_stage = err_stage_arg; - - PSA_INIT(); - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); - - PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, - &key)); - - psa_pake_cs_set_algorithm(&cipher_suite, alg); - psa_pake_cs_set_primitive(&cipher_suite, primitive_arg); - psa_pake_cs_set_hash(&cipher_suite, hash_alg); - - PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); - PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); - - PSA_ASSERT(psa_pake_set_user(&server, jpake_server_id, sizeof(jpake_server_id))); - PSA_ASSERT(psa_pake_set_peer(&server, jpake_client_id, sizeof(jpake_client_id))); - PSA_ASSERT(psa_pake_set_user(&client, jpake_client_id, sizeof(jpake_client_id))); - PSA_ASSERT(psa_pake_set_peer(&client, jpake_server_id, sizeof(jpake_server_id))); - - PSA_ASSERT(psa_pake_set_password_key(&server, key)); - PSA_ASSERT(psa_pake_set_password_key(&client, key)); - - ecjpake_do_round(alg, primitive_arg, &server, &client, - client_input_first, PAKE_ROUND_ONE, - ERR_NONE, expected_error_arg); - - ecjpake_do_round(alg, primitive_arg, &server, &client, - client_input_first, PAKE_ROUND_TWO, - err_stage, expected_error_arg); - -exit: - psa_destroy_key(key); - psa_pake_abort(&server); - psa_pake_abort(&client); - PSA_DONE(); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, int derive_alg_arg, data_t *pw_data, From 2ed8fb7e4fd94fc8d3a048fe073e6724cabea4d6 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 14 Jun 2023 16:01:47 +0100 Subject: [PATCH 75/99] ecp_mod_raw: Enabled fast reduction. This patch modifies `mbedtls_mpi_mod_raw_mul` to utilise fast-reduction when available. Signed-off-by: Minos Galanakis --- library/bignum_mod_raw.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 791921151..11419f1e7 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -114,8 +114,6 @@ void mbedtls_mpi_mod_raw_sub(mbedtls_mpi_uint *X, (void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) c); } -#if defined(MBEDTLS_TEST_HOOKS) - MBEDTLS_STATIC_TESTABLE void mbedtls_mpi_mod_raw_fix_quasi_reduction(mbedtls_mpi_uint *X, const mbedtls_mpi_mod_modulus *N) @@ -125,7 +123,6 @@ void mbedtls_mpi_mod_raw_fix_quasi_reduction(mbedtls_mpi_uint *X, (void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) c); } -#endif /* MBEDTLS_TEST_HOOKS */ void mbedtls_mpi_mod_raw_mul(mbedtls_mpi_uint *X, const mbedtls_mpi_uint *A, @@ -133,8 +130,22 @@ void mbedtls_mpi_mod_raw_mul(mbedtls_mpi_uint *X, const mbedtls_mpi_mod_modulus *N, mbedtls_mpi_uint *T) { - mbedtls_mpi_core_montmul(X, A, B, N->limbs, N->p, N->limbs, - N->rep.mont.mm, T); + const size_t T_limbs = (N->limbs * 2); + switch (N->int_rep) { + case MBEDTLS_MPI_MOD_REP_MONTGOMERY: + mbedtls_mpi_core_montmul(X, A, B, N->limbs, N->p, N->limbs, + N->rep.mont.mm, T); + break; + case MBEDTLS_MPI_MOD_REP_OPT_RED: + mbedtls_mpi_core_mul(T, A, N->limbs, B, N->limbs); + (*N->rep.ored.modp)(T, T_limbs); + mbedtls_mpi_mod_raw_fix_quasi_reduction(T, N); + memcpy(X, T, N->limbs * sizeof(mbedtls_mpi_uint)); + break; + default: + break; + } + } size_t mbedtls_mpi_mod_raw_inv_prime_working_limbs(size_t AN_limbs) From fee70a5342f3449f264af309f048599254a85118 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 16 Jun 2023 11:31:57 +0100 Subject: [PATCH 76/99] test_suite_ecp: Extended `ecp_mul_inv` tests for optimised reduction. Signed-off-by: Minos Galanakis --- tests/suites/test_suite_ecp.data | 132 +++++++++++++++++++++++++++++++ 1 file changed, 132 insertions(+) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 030cd464c..c51587792 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1235,6 +1235,138 @@ ecp_mul_inv #48 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff01243a939d867d7e0a75a8568d4d66de88f3ecc1ad37f91a8f9d7d70":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR +ecp_mul_inv #49 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_mul_inv:"0000000000000000000000000000152d02c7e14af67fe0bf":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #50 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_mul_inv:"4acca2d7100bad687080217babfb490d23dd6460a0007f24":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #51 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_mul_inv:"c4fd9a06df9b4efa94531578af8b5886ec0ada82884199f7":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #52 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_mul_inv:"f9c4728bef9fba3e7d856a8e2ff62f20c2a57bf64f6d707f0829a8ff":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #53 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_mul_inv:"cee8071ade3e016fd47627782f6543814dd6ab7e6f432679ddacf9ed":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #54 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_mul_inv:"326258467dcbf4d1ab1665a4c5036cb35f4c9231199b58166b3966c6":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #55 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_mul_inv:"c36eadeab80f149cd51a1ed6311270ae2e4acc6734e787135f499c3a97f1edc3":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #56 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_mul_inv:"e384042f3130be8a796b221724cf1127a44290804cfbeb7fb6f57142a2a5cddd":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #57 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_mul_inv:"f1d356376f03b5dbf0fd08bde5c4293115f7c7911f7a3ec3f90557602eb20147":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #58 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_mul_inv:"a3137cd9b0c9e75a871f92e3ab6b284069ee06cd9c0afb2368fd8d381afcfecc553cb6b3f29216038d268a8d8fcd00f7":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #59 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_mul_inv:"a340ca2e1f39f89261f20a23881cde271e36b32add90cbc1801d2375d6db664df297df2364aaafbb9ba3d4672e4fd022":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #60 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_mul_inv:"491b1d169c9262fd737847c13bb7370d91825fe985cfa000d4b9bd3c22e7b63016122c53156fae4757943a819a1ced6d":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #61 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_mul_inv:"1477156c589f498b61beb35f57662410d8821f3a1ee4a5968a8009618dbe4afda408809822eb0e994fbf9da1659c1ea21b151db97cd1f1567fa4b9327967e0aa591":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #62 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_mul_inv:"158dd0fdd801513590d221009f2b6c212f2b30214cc3b1f80aaf9142dc9f328c8e2b0af83e1acdb102d85f287d77188c2b8e7911cf9452f5014966f28da330e1fa6":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #63 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_mul_inv:"1e53d580521a1cff4cd72576c13fecb2cbcf39453f2b437f0c8dc78d7982a37749f099942ce693751ec43407c3acf46315132ea2a9ae5fa9253408da2375d2b58fc":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #64 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_mul_inv:"1000000000000000000000000000000014def9dea2079cd65812631a5cf5d3ed":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #65 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_mul_inv:"1000000000000000000000000000000010caf49570936f75d70f03efac6c1c19":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #66 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_mul_inv:"468de1bfdbb20b67371bc5ad0f2bc3e70705b6d85c14ad75daafdbd1502cfd1":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #67 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_mul_inv:"2228b202d612f2e66d8ca00b7e1c19a737ee7db2708d91cd":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #68 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_mul_inv:"40c0451d06b0d622c65b8336c4c9abe8828f6fd5d5c1abde":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #69 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_mul_inv:"d2a10413f48d7bcc18a9b7c53c7914c5302c9c9e48b2eb62":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #70 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_mul_inv:"0cc154fe846d6b9f51d6166a8d1bb969ff634ab9af95cc89d01669c86":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #71 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_mul_inv:"1000000000000000000000000000075ea446a83291f5136799781cfbd":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #72 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_mul_inv:"0614cf6b720cc9dcc6d3bb36bb46cf285e23a083b067be8c93b51cbb4":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #73 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_mul_inv:"1000000000000000000000000000059232050dc913da533ec71073ce3":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #74 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_mul_inv:"071b3a40f3e2b8984e8cc238b7725870da10cb2de37f430da2da68645":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #75 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_mul_inv:"10000000000000000000000000000aca628de662cdbd5cb4dc69efbb8":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #76 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_mul_inv:"9fd95fed98cc1c2ef91b5dc02fa84f63597e15a3326c07f2918afb3ffd093343":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #77 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_mul_inv:"5ddbd441c7037e11caaa9878216c5cfeae67864260429eab4529b56c2661f3de":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #78 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_mul_inv:"f8d3f3c02fd712f711d8e30d0d4c142eb106e5f75c25f55b3f983bc5c83c568a":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #79 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff11ca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #80 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff0169d3f35081924aeaf1beac2f2720557c9bdf6b42cdceb54c6160ba":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE + +ecp_mul_inv #81 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff01243a939d867d7e0a75a8568d4d66de88f3ecc1ad37f91a8f9d7d70":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE + # The following data was generated using python's standard random library, # initialised with seed(2,2) and random.getrandbits(curve bits). Curve bits are 192,256,384,520. # They must be less than the named curves' modulus. mbedtls_mpi_mod_residue_setup() From 7b1093240c7d0d937ab8fb5933c55ee8366d678e Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 16 Jun 2023 14:28:36 +0100 Subject: [PATCH 77/99] bignum_mod_raw: Updated documentation for mbedtls_mpi_mod_raw_mul Signed-off-by: Minos Galanakis --- library/bignum_mod_raw.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 11419f1e7..5c855d0e8 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -137,8 +137,17 @@ void mbedtls_mpi_mod_raw_mul(mbedtls_mpi_uint *X, N->rep.mont.mm, T); break; case MBEDTLS_MPI_MOD_REP_OPT_RED: + /* Standard (A * B) multiplication stored into pre-allocated T + * buffer of fixed size of ((2N + 1) * ciL) bytes. + + * The space is not fully filled by MBEDTLS_MPI_MOD_REP_OPT_RED + * which requires at max (2N * ciL) bytes. */ mbedtls_mpi_core_mul(T, A, N->limbs, B, N->limbs); + + /* Optimised Reduction */ (*N->rep.ored.modp)(T, T_limbs); + + /* Convert back to cannonical representation */ mbedtls_mpi_mod_raw_fix_quasi_reduction(T, N); memcpy(X, T, N->limbs * sizeof(mbedtls_mpi_uint)); break; From 4e5c63d65248f06b704a51fe794b473f41ba247d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 23 Jun 2023 15:17:37 +0100 Subject: [PATCH 78/99] Improve documentation in bn_mul.h Co-authored-by: Tom Cosgrove Signed-off-by: Dave Rodgman --- library/bn_mul.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/bn_mul.h b/library/bn_mul.h index 93dd4b6bb..4ccd7b4b1 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -248,6 +248,8 @@ #endif /* AMD64 */ +// The following assembly code assumes that a pointer will fit in a 64-bit register +// (including ILP32 __aarch64__ ABIs such as on watchOS, hence the 2^32 - 1) #if defined(__aarch64__) && (UINTPTR_MAX == 0xfffffffful || UINTPTR_MAX == 0xfffffffffffffffful) #define MULADDC_X1_INIT \ From 9d7b24fb26a2d1f30c7479fbbbb2fa63a6edf3d5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 23 Jun 2023 21:11:46 +0200 Subject: [PATCH 79/99] Fix extra character in debug string Signed-off-by: Gilles Peskine --- scripts/generate_ssl_debug_helpers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py index 0af7b8f39..19be41521 100755 --- a/scripts/generate_ssl_debug_helpers.py +++ b/scripts/generate_ssl_debug_helpers.py @@ -209,7 +209,7 @@ class EnumDefinition: continue member = field.strip().split()[0] translation_table.append( - '{space}case {member}:\n{space} return "{member};";' + '{space}case {member}:\n{space} return "{member}";' .format(member=member, space=' '*8) ) From 25d998b3b9961f436d5d6283008ad1ce11256acc Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 23 Jun 2023 14:26:00 +0100 Subject: [PATCH 80/99] ecp_curves: Fixed modp pointers on `mbedtls_ecp_modulus_setup`. Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 4a8f89110..e3bcc8715 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5970,7 +5970,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) case MBEDTLS_ECP_DP_SECP192K1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - modp = &mbedtls_ecp_mod_p192_raw; + modp = &mbedtls_ecp_mod_p192k1_raw; p = (mbedtls_mpi_uint *) secp192k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_p)); } else { @@ -5983,7 +5983,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) case MBEDTLS_ECP_DP_SECP224K1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - modp = &mbedtls_ecp_mod_p224_raw; + modp = &mbedtls_ecp_mod_p224k1_raw; p = (mbedtls_mpi_uint *) secp224k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_p)); } else { @@ -5996,7 +5996,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) case MBEDTLS_ECP_DP_SECP256K1: if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) { - modp = &mbedtls_ecp_mod_p256_raw; + modp = &mbedtls_ecp_mod_p256k1_raw; p = (mbedtls_mpi_uint *) secp256k1_p; p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_p)); } else { From a984d77f3aeef1901a78ab919519c63f292cc9e8 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 23 Jun 2023 20:37:07 +0100 Subject: [PATCH 81/99] ecp_curves: Added dataset for SECP224K1 Coordinate Modulus. Signed-off-by: Minos Galanakis --- tests/suites/test_suite_ecp.data | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index c51587792..1d8891600 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1319,29 +1319,32 @@ ecp_mul_inv #69 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1) depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED ecp_mod_mul_inv:"d2a10413f48d7bcc18a9b7c53c7914c5302c9c9e48b2eb62":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE +# For coordinate moduli of secp224K1 the values are selected as one for +# modulus - 1, and four random values, generated with +# random.getrandbits(224) % modulus with a seed(2, 2). ecp_mul_inv #70 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"0cc154fe846d6b9f51d6166a8d1bb969ff634ab9af95cc89d01669c86":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mod_mul_inv:"fffffffffffffffffffffffffffffffffffffffffffffffeffffe56c":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE ecp_mul_inv #71 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"1000000000000000000000000000075ea446a83291f5136799781cfbd":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mod_mul_inv:"15ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE ecp_mul_inv #72 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"0614cf6b720cc9dcc6d3bb36bb46cf285e23a083b067be8c93b51cbb4":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mod_mul_inv:"da94e3e8ab73738fcf1822ffbc6887782b491044d5e341245c6e4337":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE ecp_mul_inv #73 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"1000000000000000000000000000059232050dc913da533ec71073ce3":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mod_mul_inv:"94c9c9500925e4749b575bd13653f8dd9b1f282e4067c3584ee207f8":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE ecp_mul_inv #74 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"071b3a40f3e2b8984e8cc238b7725870da10cb2de37f430da2da68645":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mod_mul_inv:"cdbd47d364be8049a372db8f6e405d93ffed9235288bc781ae662675":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE ecp_mul_inv #75 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"10000000000000000000000000000aca628de662cdbd5cb4dc69efbb8":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mod_mul_inv:"8b4f2fc15f3f57ebf30b94fa82523e86feac7eb7dc38f519b91751da":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE ecp_mul_inv #76 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED From c7408a432e5a6ba3f251fc20ef9ee6438e304f39 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sun, 25 Jun 2023 20:56:59 +0100 Subject: [PATCH 82/99] bignum_mod_raw: Adjusted OPT_RED limb size requirements for mod_raw_mul(). Signed-off-by: Minos Galanakis --- library/bignum_mod_raw.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 5c855d0e8..3de5940af 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -130,18 +130,25 @@ void mbedtls_mpi_mod_raw_mul(mbedtls_mpi_uint *X, const mbedtls_mpi_mod_modulus *N, mbedtls_mpi_uint *T) { - const size_t T_limbs = (N->limbs * 2); + /* Standard (A * B) multiplication stored into pre-allocated T + * buffer of fixed limb size of (2N + 1). + + * The space may not not fully filled by when + * MBEDTLS_MPI_MOD_REP_OPT_RED is used, with most + * curves using (2N) limbs. + * + * The 521-bit Weierstrass curve is the only + * that which requires a limb size of (2N + 1). */ + const size_t T_limbs = (N->bits == 521) ? + BITS_TO_LIMBS(N->bits * 2) + 1 : + BITS_TO_LIMBS(N->bits * 2); + switch (N->int_rep) { case MBEDTLS_MPI_MOD_REP_MONTGOMERY: mbedtls_mpi_core_montmul(X, A, B, N->limbs, N->p, N->limbs, N->rep.mont.mm, T); break; case MBEDTLS_MPI_MOD_REP_OPT_RED: - /* Standard (A * B) multiplication stored into pre-allocated T - * buffer of fixed size of ((2N + 1) * ciL) bytes. - - * The space is not fully filled by MBEDTLS_MPI_MOD_REP_OPT_RED - * which requires at max (2N * ciL) bytes. */ mbedtls_mpi_core_mul(T, A, N->limbs, B, N->limbs); /* Optimised Reduction */ From e0c329b0cf0f61155d2bbe4ab1de9a77f6941ba0 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sun, 25 Jun 2023 23:33:28 +0100 Subject: [PATCH 83/99] test_suite_ecp.data: Limb aligned inputs Signed-off-by: Minos Galanakis --- tests/suites/test_suite_ecp.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 1d8891600..44eb9ba39 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1249,15 +1249,15 @@ ecp_mod_mul_inv:"c4fd9a06df9b4efa94531578af8b5886ec0ada82884199f7":MBEDTLS_ECP_D ecp_mul_inv #52 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1) depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED -ecp_mod_mul_inv:"f9c4728bef9fba3e7d856a8e2ff62f20c2a57bf64f6d707f0829a8ff":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mod_mul_inv:"0f9c4728bef9fba3e7d856a8e2ff62f20c2a57bf64f6d707f0829a8ff":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE ecp_mul_inv #53 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1) depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED -ecp_mod_mul_inv:"cee8071ade3e016fd47627782f6543814dd6ab7e6f432679ddacf9ed":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mod_mul_inv:"0cee8071ade3e016fd47627782f6543814dd6ab7e6f432679ddacf9ed":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE ecp_mul_inv #54 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1) depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED -ecp_mod_mul_inv:"326258467dcbf4d1ab1665a4c5036cb35f4c9231199b58166b3966c6":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mod_mul_inv:"00326258467dcbf4d1ab1665a4c5036cb35f4c9231199b58166b3966c6":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE ecp_mul_inv #55 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED From 8eb6104256890906f938391ba9263cfe6664dd8e Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 26 Jun 2023 10:03:19 +0100 Subject: [PATCH 84/99] bignum_mod_raw: Fixed a documentation typo. Signed-off-by: Minos Galanakis --- library/bignum_mod_raw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 3de5940af..d29896c41 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -154,7 +154,7 @@ void mbedtls_mpi_mod_raw_mul(mbedtls_mpi_uint *X, /* Optimised Reduction */ (*N->rep.ored.modp)(T, T_limbs); - /* Convert back to cannonical representation */ + /* Convert back to canonical representation */ mbedtls_mpi_mod_raw_fix_quasi_reduction(T, N); memcpy(X, T, N->limbs * sizeof(mbedtls_mpi_uint)); break; From aafe90033cffd420a5c6e77f8a147cc45514b9d9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 26 Jun 2023 15:23:44 +0200 Subject: [PATCH 85/99] test: enable X509 testing in no_ecp_at_all() components Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 18c259353..45f7e982f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2418,9 +2418,17 @@ component_test_psa_crypto_config_reference_ecc_ecp_light_only () { # on the ECP module. config_psa_crypto_no_ecp_at_all () { DRIVER_ONLY="$1" - # start with crypto_full config for maximum coverage (also enables USE_PSA), - # but excluding X509, TLS and key exchanges - helper_libtestdriver1_adjust_config "crypto_full" + # start with full config for maximum coverage (also enables USE_PSA) + helper_libtestdriver1_adjust_config "full" + + # keep excluding TLS and key exchanges (this will be removed in #7749) + # Note: key exchanges are not explicitly disabled here because they are + # auto-disabled in build_info.h as long as the following symbols + # are not enabled. + scripts/config.py unset MBEDTLS_SSL_TLS_C + scripts/config.py unset MBEDTLS_SSL_PROTO_DTLS + scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_2 + scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # enable support for drivers and configuring PSA-only algorithms scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -2450,7 +2458,7 @@ config_psa_crypto_no_ecp_at_all () { # # Keep in sync with component_test_psa_crypto_config_reference_ecc_no_ecp_at_all() component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { - msg "build: crypto_full + accelerated EC algs + USE_PSA - ECP" + msg "build: full + accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE - ECP" # Algorithms and key types to accelerate loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ @@ -2485,7 +2493,7 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { # Run the tests # ------------- - msg "test suites: crypto_full + accelerated EC algs + USE_PSA - ECP" + msg "test: full + accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE - ECP" make test } @@ -2493,13 +2501,13 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { # in conjunction with component_test_psa_crypto_config_accel_ecc_no_ecp_at_all(). # Keep in sync with its accelerated counterpart. component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { - msg "build: crypto_full + non accelerated EC algs + USE_PSA" + msg "build: full + non accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE" config_psa_crypto_no_ecp_at_all 0 make - msg "test suites: crypto_full + non accelerated EC algs + USE_PSA" + msg "test: crypto_full + non accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE" make test } From 8c3404f3e09a0ed277e9362fc5f45e14f884d4aa Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 26 Jun 2023 15:49:48 +0200 Subject: [PATCH 86/99] x509: update ECP_LIGHT dependencies to PK_HAVE_ECC_KEYS Signed-off-by: Valerio Setti --- library/x509_crt.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 380b1fd0d..4508e50f5 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -106,7 +106,7 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), 0xFFFFFFF, /* Any PK alg */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* Curves at or above 128-bit security level. Note that this selection * should be aligned with ssl_preset_default_curves in ssl_tls.c. */ MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | @@ -116,9 +116,9 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) | 0, -#else /* MBEDTLS_ECP_LIGHT */ +#else /* MBEDTLS_PK_HAVE_ECC_KEYS */ 0, -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 2048, }; @@ -157,13 +157,13 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = /* Only ECDSA */ MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECDSA) | MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECKEY), -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* Only NIST P-256 and P-384 */ MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1), -#else /* MBEDTLS_ECP_LIGHT */ +#else /* MBEDTLS_PK_HAVE_ECC_KEYS */ 0, -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 0, }; @@ -233,7 +233,7 @@ static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile, } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (pk_alg == MBEDTLS_PK_ECDSA || pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) { @@ -249,7 +249,7 @@ static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile, return -1; } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ return -1; } From 603271ce3dfe0b97053fa673efeff3a1c822c078 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 26 Jun 2023 16:02:47 +0200 Subject: [PATCH 87/99] test: solve disparities in driver coverage analysis for no_ecp_at_all() Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509parse.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index edb782470..1d6bc285f 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -996,7 +996,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256 x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all" X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1 x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL" X509 CRT verification #94 (Suite B invalid, RSA cert, EC CA) From 53a16b3fb510d4f7675c0a90197c952cb4c55e9a Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 26 Jun 2023 17:05:53 +0100 Subject: [PATCH 88/99] bignum_mod_raw: Updated documentation for mpi_mod_raw_mul Signed-off-by: Minos Galanakis --- library/bignum_mod_raw.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index d29896c41..8f7270a60 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -132,13 +132,13 @@ void mbedtls_mpi_mod_raw_mul(mbedtls_mpi_uint *X, { /* Standard (A * B) multiplication stored into pre-allocated T * buffer of fixed limb size of (2N + 1). - + * * The space may not not fully filled by when - * MBEDTLS_MPI_MOD_REP_OPT_RED is used, with most - * curves using (2N) limbs. + * MBEDTLS_MPI_MOD_REP_OPT_RED is used, where we only need + * (2N) or (2N-1) limbs (depending on limb size and curve). * * The 521-bit Weierstrass curve is the only - * that which requires a limb size of (2N + 1). */ + * that which requires a limb size of (2N). */ const size_t T_limbs = (N->bits == 521) ? BITS_TO_LIMBS(N->bits * 2) + 1 : BITS_TO_LIMBS(N->bits * 2); From 93baf390959d129f1a69561d37152d3298288235 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 26 Jun 2023 20:02:48 +0100 Subject: [PATCH 89/99] test_suite_ecp.data: Added test cases for modulo-1 in coordinate representation. Signed-off-by: Minos Galanakis --- tests/suites/test_suite_ecp.data | 48 ++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 44eb9ba39..1560c5494 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1101,6 +1101,10 @@ ecp_mul_inv #18 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED ecp_mod_mul_inv:"8d9454c7494b6e08d068391c811cb23cbe9318246a6c021b0018745eb6918751":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mul_inv #18.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_mul_inv:"a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5376":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE + ecp_mul_inv #19 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED ecp_mod_mul_inv:"3aff86b1ee706d38e4995b76f6433d9173c5d3ec19b43ff0a3d53ac20965c911":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR @@ -1125,6 +1129,10 @@ ecp_mul_inv #24 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED ecp_mod_mul_inv:"80acca473c3fcee61d13a0a766ed0dcd5f50277f576ff6f3461664d436e2054ad7ecc8b7c0a9424fbda1d431c540c05a":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mul_inv #24.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_mul_inv:"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec52":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE + ecp_mul_inv #25 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED ecp_mod_mul_inv:"371851bd69a5a1734b195c6ad6b041f51d94718cb437ab4a0a14ee5fa5fccd29328f3e77bfa2e4c58195ccb55cdc6a4":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR @@ -1149,6 +1157,10 @@ ecp_mul_inv #30 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED ecp_mod_mul_inv:"8be202ecb80ae3f6fe07a17b03c14997668b37d029d38943245c8a6cd1cbce3d57cfc673886a22db7ab8686570881a5dc1d9855aa6618c52df55a04510e00bba":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mul_inv #30.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_mul_inv:"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f2":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE + ecp_mul_inv #31 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED ecp_mod_mul_inv:"572a5522bc45566df4c7575b91fdbc74975fd59380339b5aa23cbce2204744793ca3255705f5d9ba48335f36baf462010680f1e35cca26468d7d8f4223988189":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR @@ -1247,6 +1259,10 @@ ecp_mul_inv #51 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192R1) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED ecp_mod_mul_inv:"c4fd9a06df9b4efa94531578af8b5886ec0ada82884199f7":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mul_inv #51.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_mul_inv:"fffffffffffffffffffffffffffffffefffffffffffffffe":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_COORDINATE + ecp_mul_inv #52 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1) depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED ecp_mod_mul_inv:"0f9c4728bef9fba3e7d856a8e2ff62f20c2a57bf64f6d707f0829a8ff":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE @@ -1259,6 +1275,10 @@ ecp_mul_inv #54 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1) depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED ecp_mod_mul_inv:"00326258467dcbf4d1ab1665a4c5036cb35f4c9231199b58166b3966c6":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mul_inv #54.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_mul_inv:"00ffffffffffffffffffffffffffffffff000000000000000000000000":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE + ecp_mul_inv #55 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_mod_mul_inv:"c36eadeab80f149cd51a1ed6311270ae2e4acc6734e787135f499c3a97f1edc3":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_COORDINATE @@ -1271,6 +1291,10 @@ ecp_mul_inv #57 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_mod_mul_inv:"f1d356376f03b5dbf0fd08bde5c4293115f7c7911f7a3ec3f90557602eb20147":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mul_inv #57.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_mul_inv:"ffffffff00000001000000000000000000000000fffffffffffffffffffffffe":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_COORDINATE + ecp_mul_inv #58 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP384R1) depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED ecp_mod_mul_inv:"a3137cd9b0c9e75a871f92e3ab6b284069ee06cd9c0afb2368fd8d381afcfecc553cb6b3f29216038d268a8d8fcd00f7":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_COORDINATE @@ -1283,6 +1307,10 @@ ecp_mul_inv #60 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP384R1) depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED ecp_mod_mul_inv:"491b1d169c9262fd737847c13bb7370d91825fe985cfa000d4b9bd3c22e7b63016122c53156fae4757943a819a1ced6d":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mul_inv #60.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_mul_inv:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffe":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_COORDINATE + ecp_mul_inv #61 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP521R1) depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED ecp_mod_mul_inv:"1477156c589f498b61beb35f57662410d8821f3a1ee4a5968a8009618dbe4afda408809822eb0e994fbf9da1659c1ea21b151db97cd1f1567fa4b9327967e0aa591":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_COORDINATE @@ -1295,6 +1323,10 @@ ecp_mul_inv #63 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP521R1) depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED ecp_mod_mul_inv:"1e53d580521a1cff4cd72576c13fecb2cbcf39453f2b437f0c8dc78d7982a37749f099942ce693751ec43407c3acf46315132ea2a9ae5fa9253408da2375d2b58fc":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mul_inv #63.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_mul_inv:"1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_COORDINATE + ecp_mul_inv #64 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE25519) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED ecp_mod_mul_inv:"1000000000000000000000000000000014def9dea2079cd65812631a5cf5d3ed":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_COORDINATE @@ -1307,6 +1339,10 @@ ecp_mul_inv #66 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE25519) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED ecp_mod_mul_inv:"468de1bfdbb20b67371bc5ad0f2bc3e70705b6d85c14ad75daafdbd1502cfd1":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_COORDINATE +ecp_mul_inv #66.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_mul_inv:"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_COORDINATE + ecp_mul_inv #67 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1) depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED ecp_mod_mul_inv:"2228b202d612f2e66d8ca00b7e1c19a737ee7db2708d91cd":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE @@ -1319,6 +1355,10 @@ ecp_mul_inv #69 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1) depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED ecp_mod_mul_inv:"d2a10413f48d7bcc18a9b7c53c7914c5302c9c9e48b2eb62":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mul_inv #69.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_mul_inv:"fffffffffffffffffffffffffffffffffffffffeffffee36":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE + # For coordinate moduli of secp224K1 the values are selected as one for # modulus - 1, and four random values, generated with # random.getrandbits(224) % modulus with a seed(2, 2). @@ -1358,6 +1398,10 @@ ecp_mul_inv #78 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED ecp_mod_mul_inv:"f8d3f3c02fd712f711d8e30d0d4c142eb106e5f75c25f55b3f983bc5c83c568a":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mul_inv #78.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_mul_inv:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_COORDINATE + ecp_mul_inv #79 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff11ca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE @@ -1370,6 +1414,10 @@ ecp_mul_inv #81 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff01243a939d867d7e0a75a8568d4d66de88f3ecc1ad37f91a8f9d7d70":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE +ecp_mul_inv #81.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_mul_inv:"000000000000000fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffffffffffffffffffffffffffffffffffffffffffffffffffffe":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE + # The following data was generated using python's standard random library, # initialised with seed(2,2) and random.getrandbits(curve bits). Curve bits are 192,256,384,520. # They must be less than the named curves' modulus. mbedtls_mpi_mod_residue_setup() From 9e868be13a04887b02c2b13fcaeb8d97a28abbd6 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 27 Jun 2023 09:27:27 +0100 Subject: [PATCH 90/99] Fix clang warning from -Wasm-operand-widths Signed-off-by: Dave Rodgman --- library/bn_mul.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/bn_mul.h b/library/bn_mul.h index 4ccd7b4b1..95265a4d0 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -256,15 +256,15 @@ do { uintptr_t muladdc_d = (uintptr_t) d, muladdc_s = (uintptr_t) s; asm( #define MULADDC_X1_CORE \ - "ldr x4, [%2], #8 \n\t" \ - "ldr x5, [%1] \n\t" \ + "ldr x4, [%x2], #8 \n\t" \ + "ldr x5, [%x1] \n\t" \ "mul x6, x4, %4 \n\t" \ "umulh x7, x4, %4 \n\t" \ "adds x5, x5, x6 \n\t" \ "adc x7, x7, xzr \n\t" \ "adds x5, x5, %0 \n\t" \ "adc %0, x7, xzr \n\t" \ - "str x5, [%1], #8 \n\t" + "str x5, [%x1], #8 \n\t" #define MULADDC_X1_STOP \ : "+r" (c), \ From 8c5fae2610fe10d687b6453de036478e906fefa4 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 27 Jun 2023 09:43:55 +0100 Subject: [PATCH 91/99] Add explanatory comment Signed-off-by: Dave Rodgman --- library/bn_mul.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/bn_mul.h b/library/bn_mul.h index 95265a4d0..43dd5c298 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -252,6 +252,13 @@ // (including ILP32 __aarch64__ ABIs such as on watchOS, hence the 2^32 - 1) #if defined(__aarch64__) && (UINTPTR_MAX == 0xfffffffful || UINTPTR_MAX == 0xfffffffffffffffful) +/* + * There are some issues around different compilers requiring different constraint + * syntax for updating pointers from assembly code (see notes for + * MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT in common.h), especially on aarch64_32 (aka ILP32). + * + * For this reason we cast the pointers to/from uintptr_t here. + */ #define MULADDC_X1_INIT \ do { uintptr_t muladdc_d = (uintptr_t) d, muladdc_s = (uintptr_t) s; asm( From 5dbe17de36aea3646f9c0e5ce56aac3aa92dc41b Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 27 Jun 2023 10:30:28 +0100 Subject: [PATCH 92/99] Add PSA_JPAKE_FINISHED to EXPECTED_{IN,OUT}PUTS() Signed-off-by: David Horstmann --- include/psa/crypto_extra.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index a7d98a084..94def5c45 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -2024,8 +2024,10 @@ struct psa_jpake_computation_stage_s { psa_pake_step_t MBEDTLS_PRIVATE(step); }; -#define PSA_JPAKE_EXPECTED_INPUTS(round) (((round) == PSA_JPAKE_FIRST) ? 2 : 1) -#define PSA_JPAKE_EXPECTED_OUTPUTS(round) (((round) == PSA_JPAKE_FIRST) ? 2 : 1) +#define PSA_JPAKE_EXPECTED_INPUTS(round) ((round) == PSA_JPAKE_FINISHED ? 0 : \ + ((round) == PSA_JPAKE_FIRST ? 2 : 1)) +#define PSA_JPAKE_EXPECTED_OUTPUTS(round) ((round) == PSA_JPAKE_FINISHED ? 0 : \ + ((round) == PSA_JPAKE_FIRST ? 2 : 1)) struct psa_pake_operation_s { /** Unique ID indicating which driver got assigned to do the From 246ec5a35efcf42d8fec7861844d1c40d6c594f0 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 27 Jun 2023 10:33:06 +0100 Subject: [PATCH 93/99] Replace unnecessary '>=' with '==' Signed-off-by: David Horstmann --- library/psa_crypto.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0a549ef49..fb20d0946 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -8061,18 +8061,18 @@ static psa_status_t psa_jpake_epilogue( /* End of an input/output */ if (io_mode == PSA_JPAKE_INPUT) { stage->inputs++; - if (stage->inputs >= PSA_JPAKE_EXPECTED_INPUTS(stage->round)) { + if (stage->inputs == PSA_JPAKE_EXPECTED_INPUTS(stage->round)) { stage->io_mode = PSA_JPAKE_OUTPUT; } } if (io_mode == PSA_JPAKE_OUTPUT) { stage->outputs++; - if (stage->outputs >= PSA_JPAKE_EXPECTED_OUTPUTS(stage->round)) { + if (stage->outputs == PSA_JPAKE_EXPECTED_OUTPUTS(stage->round)) { stage->io_mode = PSA_JPAKE_INPUT; } } - if (stage->inputs >= PSA_JPAKE_EXPECTED_INPUTS(stage->round) && - stage->outputs >= PSA_JPAKE_EXPECTED_OUTPUTS(stage->round)) { + if (stage->inputs == PSA_JPAKE_EXPECTED_INPUTS(stage->round) && + stage->outputs == PSA_JPAKE_EXPECTED_OUTPUTS(stage->round)) { /* End of a round, move to the next round */ stage->inputs = 0; stage->outputs = 0; From c4e4958326b23f7603688a58719c87c6c8b3ea45 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 27 Jun 2023 14:03:35 +0100 Subject: [PATCH 94/99] ecp_curves: Adjusted expected_width inputs to use `BITS_TO_LIMBS` macro. Signed-off-by: Minos Galanakis --- library/bignum_mod_raw.c | 15 ++++----------- library/ecp_curves.c | 40 ++++++++++++++++++++-------------------- 2 files changed, 24 insertions(+), 31 deletions(-) diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 8f7270a60..bf72c1825 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -131,18 +131,11 @@ void mbedtls_mpi_mod_raw_mul(mbedtls_mpi_uint *X, mbedtls_mpi_uint *T) { /* Standard (A * B) multiplication stored into pre-allocated T - * buffer of fixed limb size of (2N + 1). + * buffer of fixed limb size of (2N + 1). * - * The space may not not fully filled by when - * MBEDTLS_MPI_MOD_REP_OPT_RED is used, where we only need - * (2N) or (2N-1) limbs (depending on limb size and curve). - * - * The 521-bit Weierstrass curve is the only - * that which requires a limb size of (2N). */ - const size_t T_limbs = (N->bits == 521) ? - BITS_TO_LIMBS(N->bits * 2) + 1 : - BITS_TO_LIMBS(N->bits * 2); - + * The space may not not fully filled by when + * MBEDTLS_MPI_MOD_REP_OPT_RED is used. */ + const size_t T_limbs = BITS_TO_LIMBS(N->bits) * 2; switch (N->int_rep) { case MBEDTLS_MPI_MOD_REP_MONTGOMERY: mbedtls_mpi_core_montmul(X, A, B, N->limbs, N->p, N->limbs, diff --git a/library/ecp_curves.c b/library/ecp_curves.c index e3bcc8715..a4fa663a5 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -4922,7 +4922,7 @@ static inline void carry64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry) static int ecp_mod_p192(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * ((192 + biL - 1) / biL); + size_t expected_width = BITS_TO_LIMBS(192) * 2; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p192_raw(N->p, expected_width); @@ -4936,7 +4936,7 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn) mbedtls_mpi_uint c = 0, last_carry[WIDTH] = { 0 }; mbedtls_mpi_uint *p, *end; - if (Nn != 2*((192 + biL - 1)/biL)) { + if (Nn != BITS_TO_LIMBS(192) * 2) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } @@ -5082,7 +5082,7 @@ static inline int8_t extract_carry(int64_t cur) static int ecp_mod_p224(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * 224 / biL; + size_t expected_width = BITS_TO_LIMBS(224) * 2; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p224_raw(N->p, expected_width); cleanup: @@ -5092,7 +5092,7 @@ cleanup: MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs) { - if (X_limbs != 2 * 224 / biL) { + if (X_limbs != BITS_TO_LIMBS(224) * 2) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } @@ -5135,7 +5135,7 @@ int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs) static int ecp_mod_p256(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * 256 / biL; + size_t expected_width = BITS_TO_LIMBS(256) * 2; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p256_raw(N->p, expected_width); cleanup: @@ -5145,7 +5145,7 @@ cleanup: MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p256_raw(mbedtls_mpi_uint *X, size_t X_limbs) { - if (X_limbs != 2 * 256 / biL) { + if (X_limbs != BITS_TO_LIMBS(256) * 2) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } @@ -5215,7 +5215,7 @@ int mbedtls_ecp_mod_p256_raw(mbedtls_mpi_uint *X, size_t X_limbs) static int ecp_mod_p384(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * ((384 + biL - 1) / biL); + size_t expected_width = BITS_TO_LIMBS(384) * 2; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p384_raw(N->p, expected_width); cleanup: @@ -5225,7 +5225,7 @@ cleanup: MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs) { - if (X_limbs != 2*((384 + biL - 1)/biL)) { + if (X_limbs != BITS_TO_LIMBS(384) * 2) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } @@ -5337,7 +5337,7 @@ int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs) static int ecp_mod_p521(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * P521_WIDTH; + size_t expected_width = BITS_TO_LIMBS(521) * 2; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p521_raw(N->p, expected_width); cleanup: @@ -5349,7 +5349,7 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) { mbedtls_mpi_uint carry = 0; - if (X_limbs != 2 * P521_WIDTH || X[2 * P521_WIDTH - 1] != 0) { + if (X_limbs != BITS_TO_LIMBS(521) * 2) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } @@ -5423,7 +5423,7 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) static int ecp_mod_p255(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * P255_WIDTH; + size_t expected_width = BITS_TO_LIMBS(255) * 2; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p255_raw(N->p, expected_width); cleanup: @@ -5434,7 +5434,7 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) { - if (X_Limbs != 2 * P255_WIDTH) { + if (X_Limbs != BITS_TO_LIMBS(255) * 2) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } @@ -5492,7 +5492,7 @@ int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) static int ecp_mod_p448(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * ((448 + biL - 1) / biL); + size_t expected_width = BITS_TO_LIMBS(448) * 2; /* This is required as some tests and use cases do not pass in a Bignum of * the correct size, and expect the growth to be done automatically, which @@ -5522,7 +5522,7 @@ int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *X, size_t X_limbs) size_t round; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if (X_limbs <= P448_WIDTH) { + if (X_limbs != BITS_TO_LIMBS(448) * 2) { return 0; } @@ -5734,7 +5734,7 @@ cleanup: static int ecp_mod_p192k1(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * ((192 + biL - 1) / biL); + size_t expected_width = BITS_TO_LIMBS(192) * 2; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p192k1_raw(N->p, expected_width); @@ -5750,7 +5750,7 @@ int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) 0x01, 0x00, 0x00, 0x00) }; - if (X_limbs != 2 * ((192 + biL - 1) / biL)) { + if (X_limbs != BITS_TO_LIMBS(192) * 2) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } @@ -5768,7 +5768,7 @@ int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) static int ecp_mod_p224k1(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * 224 / biL; + size_t expected_width = BITS_TO_LIMBS(224) * 2; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p224k1_raw(N->p, expected_width); @@ -5784,7 +5784,7 @@ int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) 0x01, 0x00, 0x00, 0x00) }; - if (X_limbs != 2 * 224 / biL) { + if (X_limbs != BITS_TO_LIMBS(224) * 2) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } @@ -5802,7 +5802,7 @@ int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) static int ecp_mod_p256k1(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * ((256 + biL - 1) / biL); + size_t expected_width = BITS_TO_LIMBS(256) * 2; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p256k1_raw(N->p, expected_width); @@ -5818,7 +5818,7 @@ int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) 0x01, 0x00, 0x00, 0x00) }; - if (X_limbs != 2 * ((256 + biL - 1) / biL)) { + if (X_limbs != BITS_TO_LIMBS(256) * 2) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } From 28e2ca51a98fff27d33f76a7ca6bc2c3a10ee2bb Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 27 Jun 2023 15:25:38 +0100 Subject: [PATCH 95/99] Docs improvement Signed-off-by: Dave Rodgman --- library/common.h | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/library/common.h b/library/common.h index ba9cb75c0..ce81a1473 100644 --- a/library/common.h +++ b/library/common.h @@ -170,13 +170,20 @@ inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned /* *INDENT-ON* */ /* - * Define the constraint used for pointer operands to asm. + * Define the constraint used for read-only pointer operands to aarch64 asm. * * This is normally the usual "r", but for aarch64_32 (aka ILP32, * as found in watchos), "p" is required to avoid warnings from clang. * * Note that clang does not recognise '+p' or '=p', and armclang - * does not recognise 'p' at all. + * does not recognise 'p' at all. Therefore, to update a pointer from + * aarch64 assembly, it is necessary to use something like: + * + * uintptr_t uptr = (uintptr_t) ptr; + * asm( "ldr x4, [%x0], #8" ... : "+r" (uptr) : : ) + * ptr = (void*) uptr; + * + * Note that the "x" in "%x0" is neccessary; writing "%0" will cause warnings. */ #if defined(__aarch64__) && defined(MBEDTLS_HAVE_ASM) #if UINTPTR_MAX == 0xfffffffful From 23394b17bc750d64687e8e96960c802e759d428a Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 27 Jun 2023 16:31:59 +0100 Subject: [PATCH 96/99] test_suite_ecp: Updated ecp_mod_p_generic_raw to use the `BITS_TO_LIMBS` macro. Signed-off-by: Minos Galanakis --- tests/suites/test_suite_ecp.function | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 55ded45b4..09349f44c 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1296,70 +1296,70 @@ void ecp_mod_p_generic_raw(int curve_id, switch (curve_id) { #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP192R1: - limbs = 2 * limbs_N; + limbs = 2 * BITS_TO_LIMBS(192); curve_bits = 192; curve_func = &mbedtls_ecp_mod_p192_raw; break; #endif #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP224R1: - limbs = 448 / biL; + limbs = 2 * BITS_TO_LIMBS(224); curve_bits = 224; curve_func = &mbedtls_ecp_mod_p224_raw; break; #endif #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP256R1: - limbs = 2 * limbs_N; + limbs = 2 * BITS_TO_LIMBS(256); curve_bits = 256; curve_func = &mbedtls_ecp_mod_p256_raw; break; #endif #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP384R1: - limbs = 2 * limbs_N; + limbs = 2 * BITS_TO_LIMBS(384); curve_bits = 384; curve_func = &mbedtls_ecp_mod_p384_raw; break; #endif #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP521R1: - limbs = 2 * limbs_N; + limbs = 2 * BITS_TO_LIMBS(522); curve_bits = 522; curve_func = &mbedtls_ecp_mod_p521_raw; break; #endif #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) case MBEDTLS_ECP_DP_SECP192K1: - limbs = 2 * limbs_N; + limbs = 2 * BITS_TO_LIMBS(192); curve_bits = 192; curve_func = &mbedtls_ecp_mod_p192k1_raw; break; #endif #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) case MBEDTLS_ECP_DP_SECP224K1: - limbs = 448 / biL; + limbs = 2 * BITS_TO_LIMBS(224); curve_bits = 224; curve_func = &mbedtls_ecp_mod_p224k1_raw; break; #endif #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) case MBEDTLS_ECP_DP_SECP256K1: - limbs = 2 * limbs_N; + limbs = 2 * BITS_TO_LIMBS(256); curve_bits = 256; curve_func = &mbedtls_ecp_mod_p256k1_raw; break; #endif #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) case MBEDTLS_ECP_DP_CURVE25519: - limbs = 2 * limbs_N; + limbs = 2 * BITS_TO_LIMBS(255); curve_bits = 255; curve_func = &mbedtls_ecp_mod_p255_raw; break; #endif #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) case MBEDTLS_ECP_DP_CURVE448: - limbs = 2 * limbs_N; + limbs = 2 * BITS_TO_LIMBS(448); curve_bits = 448; curve_func = &mbedtls_ecp_mod_p448_raw; break; From 80c4ae893cc0fb6beb88300ec1716d245d195fe4 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 27 Jun 2023 16:34:59 +0100 Subject: [PATCH 97/99] bignum_common.py: Added `bits_to_limbs` method. This patch introduces a rounding-error-resiliant method to calculate bits_to_limbs, and is updating `SECP224R1` and `SECP224K1` to use it. Signed-off-by: Minos Galanakis --- scripts/mbedtls_dev/bignum_common.py | 10 ++++++++-- scripts/mbedtls_dev/ecp.py | 6 ++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index 51b25a371..3bef16db6 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -19,6 +19,7 @@ import enum from typing import Iterator, List, Tuple, TypeVar, Any from copy import deepcopy from itertools import chain +from math import ceil from . import test_case from . import test_data_generation @@ -76,9 +77,14 @@ def combination_pairs(values: List[T]) -> List[Tuple[T, T]]: """Return all pair combinations from input values.""" return [(x, y) for x in values for y in values] +def bits_to_limbs(bits: int, bits_in_limb: int) -> int: + """ Return the appropriate ammount of limbs needed to store + a number contained in input bits""" + return ceil(bits / bits_in_limb) + def hex_digits_for_limb(limbs: int, bits_in_limb: int) -> int: - """ Retrun the hex digits need for a number of limbs. """ - return 2 * (limbs * bits_in_limb // 8) + """ Return the hex digits need for a number of limbs. """ + return 2 * ((limbs * bits_in_limb) // 8) def hex_digits_max_int(val: str, bits_in_limb: int) -> int: """ Return the first number exceeding maximum the limb space diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index 8a3ab281f..ed79a073c 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -165,7 +165,8 @@ class EcpP224R1Raw(bignum_common.ModOperationCommon, @property def arg_a(self) -> str: - hex_digits = bignum_common.hex_digits_for_limb(448 // self.bits_in_limb, self.bits_in_limb) + limbs = 2 * bignum_common.bits_to_limbs(224, self.bits_in_limb) + hex_digits = bignum_common.hex_digits_for_limb(limbs, self.bits_in_limb) return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits) def result(self) -> List[str]: @@ -624,7 +625,8 @@ class EcpP224K1Raw(bignum_common.ModOperationCommon, @property def arg_a(self) -> str: - hex_digits = bignum_common.hex_digits_for_limb(448 // self.bits_in_limb, self.bits_in_limb) + limbs = 2 * bignum_common.bits_to_limbs(224, self.bits_in_limb) + hex_digits = bignum_common.hex_digits_for_limb(limbs, self.bits_in_limb) return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits) def result(self) -> List[str]: From dae4c038f869c476017ac3c317ce6bd9dfffd764 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 27 Jun 2023 18:54:53 +0100 Subject: [PATCH 98/99] ecp.py: Extended EcpP224K1Raw tests for 32/64 bit architectures. Signed-off-by: Minos Galanakis --- scripts/mbedtls_dev/ecp.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index ed79a073c..410c77e11 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -574,7 +574,7 @@ class EcpP224K1Raw(bignum_common.ModOperationCommon, symbol = "-" test_function = "ecp_mod_p_generic_raw" test_name = "ecp_mod_p224k1_raw" - input_style = "fixed" + input_style = "arch_split" arity = 1 dependencies = ["MBEDTLS_ECP_DP_SECP224K1_ENABLED"] From 163d34635595fb0b89faa4afd519f6412f3629c5 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 27 Jun 2023 21:34:42 +0100 Subject: [PATCH 99/99] test_suite_ecp: Changed to BITS_TO_LIMBS(224) * 2 in `ecp_mod_p_generic_raw`. Signed-off-by: Minos Galanakis --- tests/suites/test_suite_ecp.function | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 09349f44c..2658a432a 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1296,70 +1296,70 @@ void ecp_mod_p_generic_raw(int curve_id, switch (curve_id) { #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP192R1: - limbs = 2 * BITS_TO_LIMBS(192); + limbs = BITS_TO_LIMBS(192) * 2; curve_bits = 192; curve_func = &mbedtls_ecp_mod_p192_raw; break; #endif #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP224R1: - limbs = 2 * BITS_TO_LIMBS(224); + limbs = BITS_TO_LIMBS(224) * 2; curve_bits = 224; curve_func = &mbedtls_ecp_mod_p224_raw; break; #endif #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP256R1: - limbs = 2 * BITS_TO_LIMBS(256); + limbs = BITS_TO_LIMBS(256) * 2; curve_bits = 256; curve_func = &mbedtls_ecp_mod_p256_raw; break; #endif #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP384R1: - limbs = 2 * BITS_TO_LIMBS(384); + limbs = BITS_TO_LIMBS(384) * 2; curve_bits = 384; curve_func = &mbedtls_ecp_mod_p384_raw; break; #endif #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP521R1: - limbs = 2 * BITS_TO_LIMBS(522); + limbs = BITS_TO_LIMBS(522) * 2; curve_bits = 522; curve_func = &mbedtls_ecp_mod_p521_raw; break; #endif #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) case MBEDTLS_ECP_DP_SECP192K1: - limbs = 2 * BITS_TO_LIMBS(192); + limbs = BITS_TO_LIMBS(192) * 2; curve_bits = 192; curve_func = &mbedtls_ecp_mod_p192k1_raw; break; #endif #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) case MBEDTLS_ECP_DP_SECP224K1: - limbs = 2 * BITS_TO_LIMBS(224); + limbs = BITS_TO_LIMBS(224) * 2; curve_bits = 224; curve_func = &mbedtls_ecp_mod_p224k1_raw; break; #endif #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) case MBEDTLS_ECP_DP_SECP256K1: - limbs = 2 * BITS_TO_LIMBS(256); + limbs = BITS_TO_LIMBS(256) * 2; curve_bits = 256; curve_func = &mbedtls_ecp_mod_p256k1_raw; break; #endif #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) case MBEDTLS_ECP_DP_CURVE25519: - limbs = 2 * BITS_TO_LIMBS(255); + limbs = BITS_TO_LIMBS(255) * 2; curve_bits = 255; curve_func = &mbedtls_ecp_mod_p255_raw; break; #endif #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) case MBEDTLS_ECP_DP_CURVE448: - limbs = 2 * BITS_TO_LIMBS(448); + limbs = BITS_TO_LIMBS(448) * 2; curve_bits = 448; curve_func = &mbedtls_ecp_mod_p448_raw; break;