eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'origin/development' into safer-ct5

Browse source
This commit is contained in:
Dave Rodgman 2023-06-28 18:52:02 +01:00
commit 9fbb0cf08e
66 changed files with 1354 additions and 1199 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog.d/fix-ilp32.txt Normal file
View file

@ -0,0 +1,4 @@
Bugfix
* Fix a compilation failure in the constant_time module when
building for arm64_32 (e.g., for watchos). Reported by Paulo
Coutinho in #7787.

3
ChangeLog.d/ssl_debug_helpers-stack_usage.txt Normal file
View file

@ -0,0 +1,3 @@
Bugfix
* Fix very high stack usage in SSL debug code. Reported by Maximilian
Gerhardt in #7804.

3
include/mbedtls/build_info.h
View file

@ -148,8 +148,7 @@
#if defined(MBEDTLS_ECP_C) || \ #if defined(MBEDTLS_ECP_C) || \
defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \ defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \ defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
(defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDSA))
#define MBEDTLS_ECP_LIGHT #define MBEDTLS_ECP_LIGHT
#endif #endif

4
include/mbedtls/oid.h
View file

@ -545,7 +545,7 @@ int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_al
int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg, int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg,
const char **oid, size_t *olen); const char **oid, size_t *olen);
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/** /**
* \brief Translate NamedCurve OID into an EC group identifier * \brief Translate NamedCurve OID into an EC group identifier
* *
@ -591,7 +591,7 @@ int mbedtls_oid_get_ec_grp_algid(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_
*/ */
int mbedtls_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id, int mbedtls_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id,
const char **oid, size_t *olen); const char **oid, size_t *olen);
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
/** /**
* \brief Translate SignatureAlgorithm OID into md_type and pk_type * \brief Translate SignatureAlgorithm OID into md_type and pk_type

14
include/mbedtls/pk.h
View file

@ -207,7 +207,8 @@ typedef struct mbedtls_pk_rsassa_pss_options {
* format. It should be noticed that this only affect how data is stored, not * format. It should be noticed that this only affect how data is stored, not
* which functions are used for various operations. The overall picture looks * which functions are used for various operations. The overall picture looks
* like this: * like this:
* - if ECP_C is defined then use legacy functions * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure
* and legacy functions
* - if USE_PSA is defined and * - if USE_PSA is defined and
* - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly
* format and use PSA functions * format and use PSA functions
@ -218,11 +219,18 @@ typedef struct mbedtls_pk_rsassa_pss_options {
* ecp_keypair structure inside the pk_context so he/she can modify it using * ecp_keypair structure inside the pk_context so he/she can modify it using
* ECP functions which are not under PK module's control. * ECP functions which are not under PK module's control.
*/ */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_ECP_C) && \ #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
defined(MBEDTLS_ECP_LIGHT) !defined(MBEDTLS_ECP_C)
#define MBEDTLS_PK_USE_PSA_EC_DATA #define MBEDTLS_PK_USE_PSA_EC_DATA
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ #endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */
/* Helper symbol to state that the PK module has support for EC keys. This
* can either be provided through the legacy ECP solution or through the
* PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C)
#define MBEDTLS_PK_HAVE_ECC_KEYS
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
/** /**
* \brief Types for interfacing with the debug module * \brief Types for interfacing with the debug module
*/ */

17
include/mbedtls/x509.h
View file

@ -500,6 +500,23 @@ int mbedtls_x509_info_cert_type(char **buf, size_t *size,
int mbedtls_x509_info_key_usage(char **buf, size_t *size, int mbedtls_x509_info_key_usage(char **buf, size_t *size,
unsigned int key_usage); unsigned int key_usage);
/**
* \brief This function parses a CN string as an IP address.
*
* \param cn The CN string to parse. CN string MUST be null-terminated.
* \param dst The target buffer to populate with the binary IP address.
* The buffer MUST be 16 bytes to save IPv6, and should be
* 4-byte aligned if the result will be used as struct in_addr.
* e.g. uint32_t dst[4]
*
* \note \p cn is parsed as an IPv6 address if string contains ':',
* else \p cn is parsed as an IPv4 address.
*
* \return Length of binary IP address; num bytes written to target.
* \return \c 0 on failure to parse CN string as an IP address.
*/
size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst);
#define MBEDTLS_X509_SAFE_SNPRINTF \ #define MBEDTLS_X509_SAFE_SNPRINTF \
do { \ do { \
if (ret < 0 || (size_t) ret >= n) \ if (ret < 0 || (size_t) ret >= n) \

112
include/psa/crypto_extra.h
View file

@ -572,8 +572,7 @@ psa_status_t psa_get_key_domain_parameters(
/** \defgroup psa_tls_helpers TLS helper functions /** \defgroup psa_tls_helpers TLS helper functions
* @{ * @{
*/ */
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
#if defined(MBEDTLS_ECP_LIGHT)
#include <mbedtls/ecp.h> #include <mbedtls/ecp.h>
/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA. /** Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
@ -589,54 +588,8 @@ psa_status_t psa_get_key_domain_parameters(
* (`PSA_ECC_FAMILY_xxx`). * (`PSA_ECC_FAMILY_xxx`).
* \return \c 0 on failure (\p grpid is not recognized). * \return \c 0 on failure (\p grpid is not recognized).
*/ */
static inline psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
size_t *bits) size_t *bits);
{
switch (grpid) {
case MBEDTLS_ECP_DP_SECP192R1:
*bits = 192;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP224R1:
*bits = 224;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP256R1:
*bits = 256;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP384R1:
*bits = 384;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP521R1:
*bits = 521;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_BP256R1:
*bits = 256;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_BP384R1:
*bits = 384;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_BP512R1:
*bits = 512;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_CURVE25519:
*bits = 255;
return PSA_ECC_FAMILY_MONTGOMERY;
case MBEDTLS_ECP_DP_SECP192K1:
*bits = 192;
return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_SECP224K1:
*bits = 224;
return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_SECP256K1:
*bits = 256;
return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_CURVE448:
*bits = 448;
return PSA_ECC_FAMILY_MONTGOMERY;
default:
*bits = 0;
return 0;
}
}
/** Convert an ECC curve identifier from the PSA encoding to Mbed TLS. /** Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
* *
@ -660,7 +613,7 @@ static inline psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grp
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
size_t bits, size_t bits,
int bits_is_sloppy); int bits_is_sloppy);
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
/**@}*/ /**@}*/
@ -2031,34 +1984,6 @@ struct psa_crypto_driver_pake_inputs_s {
psa_pake_cipher_suite_t MBEDTLS_PRIVATE(cipher_suite); psa_pake_cipher_suite_t MBEDTLS_PRIVATE(cipher_suite);
}; };
typedef enum psa_jpake_step {
PSA_PAKE_STEP_INVALID = 0,
PSA_PAKE_STEP_X1_X2 = 1,
PSA_PAKE_STEP_X2S = 2,
PSA_PAKE_STEP_DERIVE = 3,
} psa_jpake_step_t;
typedef enum psa_jpake_state {
PSA_PAKE_STATE_INVALID = 0,
PSA_PAKE_STATE_SETUP = 1,
PSA_PAKE_STATE_READY = 2,
PSA_PAKE_OUTPUT_X1_X2 = 3,
PSA_PAKE_OUTPUT_X2S = 4,
PSA_PAKE_INPUT_X1_X2 = 5,
PSA_PAKE_INPUT_X4S = 6,
} psa_jpake_state_t;
typedef enum psa_jpake_sequence {
PSA_PAKE_SEQ_INVALID = 0,
PSA_PAKE_X1_STEP_KEY_SHARE = 1, /* also X2S & X4S KEY_SHARE */
PSA_PAKE_X1_STEP_ZK_PUBLIC = 2, /* also X2S & X4S ZK_PUBLIC */
PSA_PAKE_X1_STEP_ZK_PROOF = 3, /* also X2S & X4S ZK_PROOF */
PSA_PAKE_X2_STEP_KEY_SHARE = 4,
PSA_PAKE_X2_STEP_ZK_PUBLIC = 5,
PSA_PAKE_X2_STEP_ZK_PROOF = 6,
PSA_PAKE_SEQ_END = 7,
} psa_jpake_sequence_t;
typedef enum psa_crypto_driver_pake_step { typedef enum psa_crypto_driver_pake_step {
PSA_JPAKE_STEP_INVALID = 0, /* Invalid step */ PSA_JPAKE_STEP_INVALID = 0, /* Invalid step */
PSA_JPAKE_X1_STEP_KEY_SHARE = 1, /* Round 1: input/output key share (for ephemeral private key X1).*/ PSA_JPAKE_X1_STEP_KEY_SHARE = 1, /* Round 1: input/output key share (for ephemeral private key X1).*/
@ -2075,14 +2000,35 @@ typedef enum psa_crypto_driver_pake_step {
PSA_JPAKE_X4S_STEP_ZK_PROOF = 12 /* Round 2: input Schnorr NIZKP proof for the X4S key (from peer) */ PSA_JPAKE_X4S_STEP_ZK_PROOF = 12 /* Round 2: input Schnorr NIZKP proof for the X4S key (from peer) */
} psa_crypto_driver_pake_step_t; } psa_crypto_driver_pake_step_t;
typedef enum psa_jpake_round {
PSA_JPAKE_FIRST = 0,
PSA_JPAKE_SECOND = 1,
PSA_JPAKE_FINISHED = 2
} psa_jpake_round_t;
typedef enum psa_jpake_io_mode {
PSA_JPAKE_INPUT = 0,
PSA_JPAKE_OUTPUT = 1
} psa_jpake_io_mode_t;
struct psa_jpake_computation_stage_s { struct psa_jpake_computation_stage_s {
psa_jpake_state_t MBEDTLS_PRIVATE(state); /* The J-PAKE round we are currently on */
psa_jpake_sequence_t MBEDTLS_PRIVATE(sequence); psa_jpake_round_t MBEDTLS_PRIVATE(round);
psa_jpake_step_t MBEDTLS_PRIVATE(input_step); /* The 'mode' we are currently in (inputting or outputting) */
psa_jpake_step_t MBEDTLS_PRIVATE(output_step); psa_jpake_io_mode_t MBEDTLS_PRIVATE(io_mode);
/* The number of completed inputs so far this round */
uint8_t MBEDTLS_PRIVATE(inputs);
/* The number of completed outputs so far this round */
uint8_t MBEDTLS_PRIVATE(outputs);
/* The next expected step (KEY_SHARE, ZK_PUBLIC or ZK_PROOF) */
psa_pake_step_t MBEDTLS_PRIVATE(step);
}; };
#define PSA_JPAKE_EXPECTED_INPUTS(round) ((round) == PSA_JPAKE_FINISHED ? 0 : \
((round) == PSA_JPAKE_FIRST ? 2 : 1))
#define PSA_JPAKE_EXPECTED_OUTPUTS(round) ((round) == PSA_JPAKE_FINISHED ? 0 : \
((round) == PSA_JPAKE_FIRST ? 2 : 1))
struct psa_pake_operation_s { struct psa_pake_operation_s {
/** Unique ID indicating which driver got assigned to do the /** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping * operation. Since driver contexts are driver-specific, swapping

51
library/bignum_mod.c
View file

@ -88,7 +88,7 @@ void mbedtls_mpi_mod_modulus_free(mbedtls_mpi_mod_modulus *N)
N->rep.mont.mm = 0; N->rep.mont.mm = 0;
break; break;
case MBEDTLS_MPI_MOD_REP_OPT_RED: case MBEDTLS_MPI_MOD_REP_OPT_RED:
mbedtls_free(N->rep.ored); N->rep.ored.modp = NULL;
break; break;
case MBEDTLS_MPI_MOD_REP_INVALID: case MBEDTLS_MPI_MOD_REP_INVALID:
break; break;
@ -136,33 +136,25 @@ cleanup:
return ret; return ret;
} }
int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, static inline void standard_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_mpi_uint *p, const mbedtls_mpi_uint *p,
size_t p_limbs, size_t p_limbs,
mbedtls_mpi_mod_rep_selector int_rep) mbedtls_mpi_mod_rep_selector int_rep)
{ {
int ret = 0;
N->p = p; N->p = p;
N->limbs = p_limbs; N->limbs = p_limbs;
N->bits = mbedtls_mpi_core_bitlen(p, p_limbs); N->bits = mbedtls_mpi_core_bitlen(p, p_limbs);
N->int_rep = int_rep;
}
switch (int_rep) { int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N,
case MBEDTLS_MPI_MOD_REP_MONTGOMERY: const mbedtls_mpi_uint *p,
N->int_rep = int_rep; size_t p_limbs)
N->rep.mont.mm = mbedtls_mpi_core_montmul_init(N->p); {
ret = set_mont_const_square(&N->rep.mont.rr, N->p, N->limbs); int ret = 0;
break; standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_MONTGOMERY);
case MBEDTLS_MPI_MOD_REP_OPT_RED: N->rep.mont.mm = mbedtls_mpi_core_montmul_init(N->p);
N->int_rep = int_rep; ret = set_mont_const_square(&N->rep.mont.rr, N->p, N->limbs);
N->rep.ored = NULL;
break;
default:
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
goto exit;
}
exit:
if (ret != 0) { if (ret != 0) {
mbedtls_mpi_mod_modulus_free(N); mbedtls_mpi_mod_modulus_free(N);
@ -171,6 +163,16 @@ exit:
return ret; return ret;
} }
int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_mpi_uint *p,
size_t p_limbs,
mbedtls_mpi_modp_fn modp)
{
standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_OPT_RED);
N->rep.ored.modp = modp;
return 0;
}
int mbedtls_mpi_mod_mul(mbedtls_mpi_mod_residue *X, int mbedtls_mpi_mod_mul(mbedtls_mpi_mod_residue *X,
const mbedtls_mpi_mod_residue *A, const mbedtls_mpi_mod_residue *A,
const mbedtls_mpi_mod_residue *B, const mbedtls_mpi_mod_residue *B,
@ -235,8 +237,7 @@ static int mbedtls_mpi_mod_inv_non_mont(mbedtls_mpi_mod_residue *X,
mbedtls_mpi_mod_modulus Nmont; mbedtls_mpi_mod_modulus Nmont;
mbedtls_mpi_mod_modulus_init(&Nmont); mbedtls_mpi_mod_modulus_init(&Nmont);
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_modulus_setup(&Nmont, N->p, N->limbs, MBEDTLS_MPI_CHK(mbedtls_mpi_mod_modulus_setup(&Nmont, N->p, N->limbs));
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* We'll use X->p to hold the Montgomery form of the input A->p */ /* We'll use X->p to hold the Montgomery form of the input A->p */
mbedtls_mpi_core_to_mont_rep(X->p, A->p, Nmont.p, Nmont.limbs, mbedtls_mpi_core_to_mont_rep(X->p, A->p, Nmont.p, Nmont.limbs,

38
library/bignum_mod.h
View file

@ -98,10 +98,11 @@ typedef enum {
/* Skip 1 as it is slightly easier to accidentally pass to functions. */ /* Skip 1 as it is slightly easier to accidentally pass to functions. */
/** Montgomery representation. */ /** Montgomery representation. */
MBEDTLS_MPI_MOD_REP_MONTGOMERY = 2, MBEDTLS_MPI_MOD_REP_MONTGOMERY = 2,
/** TODO: document this. /* Optimised reduction available. This indicates a coordinate modulus (P)
* * and one or more of the following have been configured:
* Residues are in canonical representation. * - A nist curve (MBEDTLS_ECP_DP_SECPXXXR1_ENABLED) & MBEDTLS_ECP_NIST_OPTIM.
*/ * - A Kobliz Curve.
* - A Fast Reduction Curve CURVE25519 or CURVE448. */
MBEDTLS_MPI_MOD_REP_OPT_RED, MBEDTLS_MPI_MOD_REP_OPT_RED,
} mbedtls_mpi_mod_rep_selector; } mbedtls_mpi_mod_rep_selector;
@ -123,7 +124,11 @@ typedef struct {
mbedtls_mpi_uint mm; /* Montgomery const for -N^{-1} mod 2^{ciL} */ mbedtls_mpi_uint mm; /* Montgomery const for -N^{-1} mod 2^{ciL} */
} mbedtls_mpi_mont_struct; } mbedtls_mpi_mont_struct;
typedef void *mbedtls_mpi_opt_red_struct; typedef int (*mbedtls_mpi_modp_fn)(mbedtls_mpi_uint *X, size_t X_limbs);
typedef struct {
mbedtls_mpi_modp_fn modp; /* The optimised reduction function pointer */
} mbedtls_mpi_opt_red_struct;
typedef struct { typedef struct {
const mbedtls_mpi_uint *p; const mbedtls_mpi_uint *p;
@ -197,16 +202,29 @@ void mbedtls_mpi_mod_modulus_init(mbedtls_mpi_mod_modulus *N);
* not be modified in any way until after * not be modified in any way until after
* mbedtls_mpi_mod_modulus_free() is called. * mbedtls_mpi_mod_modulus_free() is called.
* \param p_limbs The number of limbs of \p p. * \param p_limbs The number of limbs of \p p.
* \param int_rep The internal representation to be used for residues
* associated with \p N (see #mbedtls_mpi_mod_rep_selector).
* *
* \return \c 0 if successful. * \return \c 0 if successful.
* \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p int_rep is invalid.
*/ */
int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N, int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_mpi_uint *p, const mbedtls_mpi_uint *p,
size_t p_limbs, size_t p_limbs);
mbedtls_mpi_mod_rep_selector int_rep);
/** Setup an optimised-reduction compatible modulus structure.
*
* \param[out] N The address of the modulus structure to populate.
* \param[in] p The address of the limb array storing the value of \p N.
* The memory pointed to by \p p will be used by \p N and must
* not be modified in any way until after
* mbedtls_mpi_mod_modulus_free() is called.
* \param p_limbs The number of limbs of \p p.
* \param modp A pointer to the optimised reduction function to use. \p p.
*
* \return \c 0 if successful.
*/
int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_mpi_uint *p,
size_t p_limbs,
mbedtls_mpi_modp_fn modp);
/** Free elements of a modulus structure. /** Free elements of a modulus structure.
* *

30
library/bignum_mod_raw.c
View file

@ -114,8 +114,6 @@ void mbedtls_mpi_mod_raw_sub(mbedtls_mpi_uint *X,
(void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) c); (void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) c);
} }
#if defined(MBEDTLS_TEST_HOOKS)
MBEDTLS_STATIC_TESTABLE MBEDTLS_STATIC_TESTABLE
void mbedtls_mpi_mod_raw_fix_quasi_reduction(mbedtls_mpi_uint *X, void mbedtls_mpi_mod_raw_fix_quasi_reduction(mbedtls_mpi_uint *X,
const mbedtls_mpi_mod_modulus *N) const mbedtls_mpi_mod_modulus *N)
@ -125,7 +123,6 @@ void mbedtls_mpi_mod_raw_fix_quasi_reduction(mbedtls_mpi_uint *X,
(void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) c); (void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) c);
} }
#endif /* MBEDTLS_TEST_HOOKS */
void mbedtls_mpi_mod_raw_mul(mbedtls_mpi_uint *X, void mbedtls_mpi_mod_raw_mul(mbedtls_mpi_uint *X,
const mbedtls_mpi_uint *A, const mbedtls_mpi_uint *A,
@ -133,8 +130,31 @@ void mbedtls_mpi_mod_raw_mul(mbedtls_mpi_uint *X,
const mbedtls_mpi_mod_modulus *N, const mbedtls_mpi_mod_modulus *N,
mbedtls_mpi_uint *T) mbedtls_mpi_uint *T)
{ {
mbedtls_mpi_core_montmul(X, A, B, N->limbs, N->p, N->limbs, /* Standard (A * B) multiplication stored into pre-allocated T
N->rep.mont.mm, T); * buffer of fixed limb size of (2N + 1).
*
* The space may not not fully filled by when
* MBEDTLS_MPI_MOD_REP_OPT_RED is used. */
const size_t T_limbs = BITS_TO_LIMBS(N->bits) * 2;
switch (N->int_rep) {
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
mbedtls_mpi_core_montmul(X, A, B, N->limbs, N->p, N->limbs,
N->rep.mont.mm, T);
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
mbedtls_mpi_core_mul(T, A, N->limbs, B, N->limbs);
/* Optimised Reduction */
(*N->rep.ored.modp)(T, T_limbs);
/* Convert back to canonical representation */
mbedtls_mpi_mod_raw_fix_quasi_reduction(T, N);
memcpy(X, T, N->limbs * sizeof(mbedtls_mpi_uint));
break;
default:
break;
}
} }
size_t mbedtls_mpi_mod_raw_inv_prime_working_limbs(size_t AN_limbs) size_t mbedtls_mpi_mod_raw_inv_prime_working_limbs(size_t AN_limbs)

26
library/bn_mul.h
View file

@ -248,27 +248,39 @@
#endif /* AMD64 */ #endif /* AMD64 */
#if defined(__aarch64__) // The following assembly code assumes that a pointer will fit in a 64-bit register
// (including ILP32 __aarch64__ ABIs such as on watchOS, hence the 2^32 - 1)
#if defined(__aarch64__) && (UINTPTR_MAX == 0xfffffffful || UINTPTR_MAX == 0xfffffffffffffffful)
/*
* There are some issues around different compilers requiring different constraint
* syntax for updating pointers from assembly code (see notes for
* MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT in common.h), especially on aarch64_32 (aka ILP32).
*
* For this reason we cast the pointers to/from uintptr_t here.
*/
#define MULADDC_X1_INIT \ #define MULADDC_X1_INIT \
asm( do { uintptr_t muladdc_d = (uintptr_t) d, muladdc_s = (uintptr_t) s; asm(
#define MULADDC_X1_CORE \ #define MULADDC_X1_CORE \
"ldr x4, [%2], #8 \n\t" \ "ldr x4, [%x2], #8 \n\t" \
"ldr x5, [%1] \n\t" \ "ldr x5, [%x1] \n\t" \
"mul x6, x4, %4 \n\t" \ "mul x6, x4, %4 \n\t" \
"umulh x7, x4, %4 \n\t" \ "umulh x7, x4, %4 \n\t" \
"adds x5, x5, x6 \n\t" \ "adds x5, x5, x6 \n\t" \
"adc x7, x7, xzr \n\t" \ "adc x7, x7, xzr \n\t" \
"adds x5, x5, %0 \n\t" \ "adds x5, x5, %0 \n\t" \
"adc %0, x7, xzr \n\t" \ "adc %0, x7, xzr \n\t" \
"str x5, [%1], #8 \n\t" "str x5, [%x1], #8 \n\t"
#define MULADDC_X1_STOP \ #define MULADDC_X1_STOP \
: "+r" (c), "+r" (d), "+r" (s), "+m" (*(uint64_t (*)[16]) d) \ : "+r" (c), \
"+r" (muladdc_d), \
"+r" (muladdc_s), \
"+m" (*(uint64_t (*)[16]) d) \
: "r" (b), "m" (*(const uint64_t (*)[16]) s) \ : "r" (b), "m" (*(const uint64_t (*)[16]) s) \
: "x4", "x5", "x6", "x7", "cc" \ : "x4", "x5", "x6", "x7", "cc" \
); ); d = (mbedtls_mpi_uint *)muladdc_d; s = (mbedtls_mpi_uint *)muladdc_s; } while (0);
#endif /* Aarch64 */ #endif /* Aarch64 */

66
library/common.h
View file

@ -69,6 +69,44 @@ extern void (*mbedtls_test_hook_test_fail)(const char *test, int line, const cha
#define MBEDTLS_TEST_HOOK_TEST_ASSERT(TEST) #define MBEDTLS_TEST_HOOK_TEST_ASSERT(TEST)
#endif /* defined(MBEDTLS_TEST_HOOKS) */ #endif /* defined(MBEDTLS_TEST_HOOKS) */
/** \def ARRAY_LENGTH
* Return the number of elements of a static or stack array.
*
* \param array A value of array (not pointer) type.
*
* \return The number of elements of the array.
*/
/* A correct implementation of ARRAY_LENGTH, but which silently gives
* a nonsensical result if called with a pointer rather than an array. */
#define ARRAY_LENGTH_UNSAFE(array) \
(sizeof(array) / sizeof(*(array)))
#if defined(__GNUC__)
/* Test if arg and &(arg)[0] have the same type. This is true if arg is
* an array but not if it's a pointer. */
#define IS_ARRAY_NOT_POINTER(arg) \
(!__builtin_types_compatible_p(__typeof__(arg), \
__typeof__(&(arg)[0])))
/* A compile-time constant with the value 0. If `const_expr` is not a
* compile-time constant with a nonzero value, cause a compile-time error. */
#define STATIC_ASSERT_EXPR(const_expr) \
(0 && sizeof(struct { unsigned int STATIC_ASSERT : 1 - 2 * !(const_expr); }))
/* Return the scalar value `value` (possibly promoted). This is a compile-time
* constant if `value` is. `condition` must be a compile-time constant.
* If `condition` is false, arrange to cause a compile-time error. */
#define STATIC_ASSERT_THEN_RETURN(condition, value) \
(STATIC_ASSERT_EXPR(condition) ? 0 : (value))
#define ARRAY_LENGTH(array) \
(STATIC_ASSERT_THEN_RETURN(IS_ARRAY_NOT_POINTER(array), \
ARRAY_LENGTH_UNSAFE(array)))
#else
/* If we aren't sure the compiler supports our non-standard tricks,
* fall back to the unsafe implementation. */
#define ARRAY_LENGTH(array) ARRAY_LENGTH_UNSAFE(array)
#endif
/** Allow library to access its structs' private members. /** Allow library to access its structs' private members.
* *
* Although structs defined in header files are publicly available, * Although structs defined in header files are publicly available,
@ -169,6 +207,34 @@ inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned
#endif #endif
/* *INDENT-ON* */ /* *INDENT-ON* */
/*
* Define the constraint used for read-only pointer operands to aarch64 asm.
*
* This is normally the usual "r", but for aarch64_32 (aka ILP32,
* as found in watchos), "p" is required to avoid warnings from clang.
*
* Note that clang does not recognise '+p' or '=p', and armclang
* does not recognise 'p' at all. Therefore, to update a pointer from
* aarch64 assembly, it is necessary to use something like:
*
* uintptr_t uptr = (uintptr_t) ptr;
* asm( "ldr x4, [%x0], #8" ... : "+r" (uptr) : : )
* ptr = (void*) uptr;
*
* Note that the "x" in "%x0" is neccessary; writing "%0" will cause warnings.
*/
#if defined(__aarch64__) && defined(MBEDTLS_HAVE_ASM)
#if UINTPTR_MAX == 0xfffffffful
/* ILP32: Specify the pointer operand slightly differently, as per #7787. */
#define MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT "p"
#elif UINTPTR_MAX == 0xfffffffffffffffful
/* Normal case (64-bit pointers): use "r" as the constraint for pointer operands to asm */
#define MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT "r"
#else
#error Unrecognised pointer size for aarch64
#endif
#endif
/* Always provide a static assert macro, so it can be used unconditionally. /* Always provide a static assert macro, so it can be used unconditionally.
* It will expand to nothing on some systems. * It will expand to nothing on some systems.
* Can be used outside functions (but don't add a trailing ';' in that case: * Can be used outside functions (but don't add a trailing ';' in that case:

23
library/constant_time.c
View file

@ -31,10 +31,18 @@
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
psa_to_ssl_errors, \ #include "psa/crypto.h"
psa_generic_status_to_mbedtls) /* Define a local translating function to save code size by not using too many
* arguments in each translating place. */
static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_ssl_errors,
ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif #endif
#if !defined(MBEDTLS_CT_ASM) #if !defined(MBEDTLS_CT_ASM)
@ -57,8 +65,9 @@ volatile mbedtls_ct_uint_t mbedtls_ct_zero = 0;
* only used here. * only used here.
*/ */
#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) && \ #if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) && \
(defined(MBEDTLS_CT_ARM_ASM) || defined(MBEDTLS_CT_AARCH64_ASM)) ((defined(MBEDTLS_CT_ARM_ASM) && (UINTPTR_MAX == 0xfffffffful)) || \
defined(MBEDTLS_CT_AARCH64_ASM))
/* We check pointer sizes to avoid issues with them not matching register size requirements */
#define MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS #define MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS
static inline uint32_t mbedtls_get_unaligned_volatile_uint32(volatile const unsigned char *p) static inline uint32_t mbedtls_get_unaligned_volatile_uint32(volatile const unsigned char *p)
@ -71,7 +80,7 @@ static inline uint32_t mbedtls_get_unaligned_volatile_uint32(volatile const unsi
#if defined(MBEDTLS_CT_ARM_ASM) #if defined(MBEDTLS_CT_ARM_ASM)
asm volatile ("ldr %0, [%1]" : "=r" (r) : "r" (p) :); asm volatile ("ldr %0, [%1]" : "=r" (r) : "r" (p) :);
#elif defined(MBEDTLS_CT_AARCH64_ASM) #elif defined(MBEDTLS_CT_AARCH64_ASM)
asm volatile ("ldr %w0, [%1]" : "=r" (r) : "r" (p) :); asm volatile ("ldr %w0, [%1]" : "=r" (r) : MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT(p) :);
#else #else
#error No assembly defined for mbedtls_get_unaligned_volatile_uint32 #error No assembly defined for mbedtls_get_unaligned_volatile_uint32
#endif #endif

110
library/ecp_curves.c
View file

@ -4922,7 +4922,7 @@ static inline void carry64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry)
static int ecp_mod_p192(mbedtls_mpi *N) static int ecp_mod_p192(mbedtls_mpi *N)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * ((192 + biL - 1) / biL); size_t expected_width = BITS_TO_LIMBS(192) * 2;
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p192_raw(N->p, expected_width); ret = mbedtls_ecp_mod_p192_raw(N->p, expected_width);
@ -4936,7 +4936,7 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn)
mbedtls_mpi_uint c = 0, last_carry[WIDTH] = { 0 }; mbedtls_mpi_uint c = 0, last_carry[WIDTH] = { 0 };
mbedtls_mpi_uint *p, *end; mbedtls_mpi_uint *p, *end;
if (Nn != 2*((192 + biL - 1)/biL)) { if (Nn != BITS_TO_LIMBS(192) * 2) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
} }
@ -5082,7 +5082,7 @@ static inline int8_t extract_carry(int64_t cur)
static int ecp_mod_p224(mbedtls_mpi *N) static int ecp_mod_p224(mbedtls_mpi *N)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * 224 / biL; size_t expected_width = BITS_TO_LIMBS(224) * 2;
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p224_raw(N->p, expected_width); ret = mbedtls_ecp_mod_p224_raw(N->p, expected_width);
cleanup: cleanup:
@ -5092,7 +5092,7 @@ cleanup:
MBEDTLS_STATIC_TESTABLE MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs) int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs)
{ {
if (X_limbs != 2 * 224 / biL) { if (X_limbs != BITS_TO_LIMBS(224) * 2) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
} }
@ -5135,7 +5135,7 @@ int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs)
static int ecp_mod_p256(mbedtls_mpi *N) static int ecp_mod_p256(mbedtls_mpi *N)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * 256 / biL; size_t expected_width = BITS_TO_LIMBS(256) * 2;
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p256_raw(N->p, expected_width); ret = mbedtls_ecp_mod_p256_raw(N->p, expected_width);
cleanup: cleanup:
@ -5145,7 +5145,7 @@ cleanup:
MBEDTLS_STATIC_TESTABLE MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_mod_p256_raw(mbedtls_mpi_uint *X, size_t X_limbs) int mbedtls_ecp_mod_p256_raw(mbedtls_mpi_uint *X, size_t X_limbs)
{ {
if (X_limbs != 2 * 256 / biL) { if (X_limbs != BITS_TO_LIMBS(256) * 2) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
} }
@ -5215,7 +5215,7 @@ int mbedtls_ecp_mod_p256_raw(mbedtls_mpi_uint *X, size_t X_limbs)
static int ecp_mod_p384(mbedtls_mpi *N) static int ecp_mod_p384(mbedtls_mpi *N)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * ((384 + biL - 1) / biL); size_t expected_width = BITS_TO_LIMBS(384) * 2;
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p384_raw(N->p, expected_width); ret = mbedtls_ecp_mod_p384_raw(N->p, expected_width);
cleanup: cleanup:
@ -5225,7 +5225,7 @@ cleanup:
MBEDTLS_STATIC_TESTABLE MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs) int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs)
{ {
if (X_limbs != 2*((384 + biL - 1)/biL)) { if (X_limbs != BITS_TO_LIMBS(384) * 2) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
} }
@ -5337,7 +5337,7 @@ int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs)
static int ecp_mod_p521(mbedtls_mpi *N) static int ecp_mod_p521(mbedtls_mpi *N)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * P521_WIDTH; size_t expected_width = BITS_TO_LIMBS(521) * 2;
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p521_raw(N->p, expected_width); ret = mbedtls_ecp_mod_p521_raw(N->p, expected_width);
cleanup: cleanup:
@ -5349,7 +5349,7 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs)
{ {
mbedtls_mpi_uint carry = 0; mbedtls_mpi_uint carry = 0;
if (X_limbs != 2 * P521_WIDTH || X[2 * P521_WIDTH - 1] != 0) { if (X_limbs != BITS_TO_LIMBS(521) * 2) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
} }
@ -5423,7 +5423,7 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs)
static int ecp_mod_p255(mbedtls_mpi *N) static int ecp_mod_p255(mbedtls_mpi *N)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * P255_WIDTH; size_t expected_width = BITS_TO_LIMBS(255) * 2;
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p255_raw(N->p, expected_width); ret = mbedtls_ecp_mod_p255_raw(N->p, expected_width);
cleanup: cleanup:
@ -5434,7 +5434,7 @@ MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs)
{ {
if (X_Limbs != 2 * P255_WIDTH) { if (X_Limbs != BITS_TO_LIMBS(255) * 2) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
} }
@ -5492,7 +5492,7 @@ int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs)
static int ecp_mod_p448(mbedtls_mpi *N) static int ecp_mod_p448(mbedtls_mpi *N)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * ((448 + biL - 1) / biL); size_t expected_width = BITS_TO_LIMBS(448) * 2;
/* This is required as some tests and use cases do not pass in a Bignum of /* This is required as some tests and use cases do not pass in a Bignum of
* the correct size, and expect the growth to be done automatically, which * the correct size, and expect the growth to be done automatically, which
@ -5522,7 +5522,7 @@ int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *X, size_t X_limbs)
size_t round; size_t round;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if (X_limbs <= P448_WIDTH) { if (X_limbs != BITS_TO_LIMBS(448) * 2) {
return 0; return 0;
} }
@ -5577,9 +5577,9 @@ int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *X, size_t X_limbs)
(void) mbedtls_mpi_core_add(X, X, Q, Q_limbs); (void) mbedtls_mpi_core_add(X, X, Q, Q_limbs);
/* M = B0 */ /* M = B0 */
if (ciL > 4) { #ifdef MBEDTLS_HAVE_INT64
M[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS); M[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS);
} #endif
memset(M + P224_WIDTH_MAX, 0, ((M_limbs - P224_WIDTH_MAX) * ciL)); memset(M + P224_WIDTH_MAX, 0, ((M_limbs - P224_WIDTH_MAX) * ciL));
/* M = M + Q = B0 + B1 */ /* M = M + Q = B0 + B1 */
@ -5734,7 +5734,7 @@ cleanup:
static int ecp_mod_p192k1(mbedtls_mpi *N) static int ecp_mod_p192k1(mbedtls_mpi *N)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * ((192 + biL - 1) / biL); size_t expected_width = BITS_TO_LIMBS(192) * 2;
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p192k1_raw(N->p, expected_width); ret = mbedtls_ecp_mod_p192k1_raw(N->p, expected_width);
@ -5750,7 +5750,7 @@ int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
0x01, 0x00, 0x00, 0x00) 0x01, 0x00, 0x00, 0x00)
}; };
if (X_limbs != 2 * ((192 + biL - 1) / biL)) { if (X_limbs != BITS_TO_LIMBS(192) * 2) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
} }
@ -5768,7 +5768,7 @@ int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
static int ecp_mod_p224k1(mbedtls_mpi *N) static int ecp_mod_p224k1(mbedtls_mpi *N)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * 224 / biL; size_t expected_width = BITS_TO_LIMBS(224) * 2;
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p224k1_raw(N->p, expected_width); ret = mbedtls_ecp_mod_p224k1_raw(N->p, expected_width);
@ -5784,7 +5784,7 @@ int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
0x01, 0x00, 0x00, 0x00) 0x01, 0x00, 0x00, 0x00)
}; };
if (X_limbs != 2 * 224 / biL) { if (X_limbs != BITS_TO_LIMBS(224) * 2) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
} }
@ -5802,7 +5802,7 @@ int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
static int ecp_mod_p256k1(mbedtls_mpi *N) static int ecp_mod_p256k1(mbedtls_mpi *N)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * ((256 + biL - 1) / biL); size_t expected_width = BITS_TO_LIMBS(256) * 2;
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p256k1_raw(N->p, expected_width); ret = mbedtls_ecp_mod_p256k1_raw(N->p, expected_width);
@ -5818,7 +5818,7 @@ int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
0x01, 0x00, 0x00, 0x00) 0x01, 0x00, 0x00, 0x00)
}; };
if (X_limbs != 2 * ((256 + biL - 1) / biL)) { if (X_limbs != BITS_TO_LIMBS(256) * 2) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
} }
@ -5831,20 +5831,24 @@ int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
MBEDTLS_STATIC_TESTABLE MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_ecp_group_id id, const mbedtls_ecp_group_id id,
const mbedtls_ecp_curve_type ctype) const mbedtls_ecp_modulus_type ctype)
{ {
mbedtls_mpi_modp_fn modp = NULL;
mbedtls_mpi_uint *p = NULL; mbedtls_mpi_uint *p = NULL;
size_t p_limbs; size_t p_limbs;
if (!(ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE || \ if (!(ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE || \
ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_SCALAR)) { ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_SCALAR)) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
} }
switch (id) { switch (id) {
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
case MBEDTLS_ECP_DP_SECP192R1: case MBEDTLS_ECP_DP_SECP192R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
#if defined(MBEDTLS_ECP_NIST_OPTIM)
modp = &mbedtls_ecp_mod_p192_raw;
#endif
p = (mbedtls_mpi_uint *) secp192r1_p; p = (mbedtls_mpi_uint *) secp192r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_p));
} else { } else {
@ -5856,7 +5860,10 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
case MBEDTLS_ECP_DP_SECP224R1: case MBEDTLS_ECP_DP_SECP224R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
#if defined(MBEDTLS_ECP_NIST_OPTIM)
modp = &mbedtls_ecp_mod_p224_raw;
#endif
p = (mbedtls_mpi_uint *) secp224r1_p; p = (mbedtls_mpi_uint *) secp224r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_p));
} else { } else {
@ -5868,7 +5875,10 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case MBEDTLS_ECP_DP_SECP256R1: case MBEDTLS_ECP_DP_SECP256R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
#if defined(MBEDTLS_ECP_NIST_OPTIM)
modp = &mbedtls_ecp_mod_p256_raw;
#endif
p = (mbedtls_mpi_uint *) secp256r1_p; p = (mbedtls_mpi_uint *) secp256r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_p));
} else { } else {
@ -5880,7 +5890,10 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
case MBEDTLS_ECP_DP_SECP384R1: case MBEDTLS_ECP_DP_SECP384R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
#if defined(MBEDTLS_ECP_NIST_OPTIM)
modp = &mbedtls_ecp_mod_p384_raw;
#endif
p = (mbedtls_mpi_uint *) secp384r1_p; p = (mbedtls_mpi_uint *) secp384r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_p));
} else { } else {
@ -5892,7 +5905,10 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
case MBEDTLS_ECP_DP_SECP521R1: case MBEDTLS_ECP_DP_SECP521R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
#if defined(MBEDTLS_ECP_NIST_OPTIM)
modp = &mbedtls_ecp_mod_p521_raw;
#endif
p = (mbedtls_mpi_uint *) secp521r1_p; p = (mbedtls_mpi_uint *) secp521r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_p));
} else { } else {
@ -5904,7 +5920,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
case MBEDTLS_ECP_DP_BP256R1: case MBEDTLS_ECP_DP_BP256R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
p = (mbedtls_mpi_uint *) brainpoolP256r1_p; p = (mbedtls_mpi_uint *) brainpoolP256r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP256r1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP256r1_p));
} else { } else {
@ -5916,7 +5932,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
case MBEDTLS_ECP_DP_BP384R1: case MBEDTLS_ECP_DP_BP384R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
p = (mbedtls_mpi_uint *) brainpoolP384r1_p; p = (mbedtls_mpi_uint *) brainpoolP384r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP384r1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP384r1_p));
} else { } else {
@ -5928,7 +5944,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
case MBEDTLS_ECP_DP_BP512R1: case MBEDTLS_ECP_DP_BP512R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
p = (mbedtls_mpi_uint *) brainpoolP512r1_p; p = (mbedtls_mpi_uint *) brainpoolP512r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP512r1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP512r1_p));
} else { } else {
@ -5940,7 +5956,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
case MBEDTLS_ECP_DP_CURVE25519: case MBEDTLS_ECP_DP_CURVE25519:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
modp = &mbedtls_ecp_mod_p255_raw;
p = (mbedtls_mpi_uint *) curve25519_p; p = (mbedtls_mpi_uint *) curve25519_p;
p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_p)); p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_p));
} else { } else {
@ -5952,7 +5969,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
case MBEDTLS_ECP_DP_SECP192K1: case MBEDTLS_ECP_DP_SECP192K1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
modp = &mbedtls_ecp_mod_p192k1_raw;
p = (mbedtls_mpi_uint *) secp192k1_p; p = (mbedtls_mpi_uint *) secp192k1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_p));
} else { } else {
@ -5964,7 +5982,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
case MBEDTLS_ECP_DP_SECP224K1: case MBEDTLS_ECP_DP_SECP224K1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
modp = &mbedtls_ecp_mod_p224k1_raw;
p = (mbedtls_mpi_uint *) secp224k1_p; p = (mbedtls_mpi_uint *) secp224k1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_p));
} else { } else {
@ -5976,7 +5995,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
case MBEDTLS_ECP_DP_SECP256K1: case MBEDTLS_ECP_DP_SECP256K1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
modp = &mbedtls_ecp_mod_p256k1_raw;
p = (mbedtls_mpi_uint *) secp256k1_p; p = (mbedtls_mpi_uint *) secp256k1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_p)); p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_p));
} else { } else {
@ -5988,7 +6008,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
case MBEDTLS_ECP_DP_CURVE448: case MBEDTLS_ECP_DP_CURVE448:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
modp = &mbedtls_ecp_mod_p448_raw;
p = (mbedtls_mpi_uint *) curve448_p; p = (mbedtls_mpi_uint *) curve448_p;
p_limbs = CHARS_TO_LIMBS(sizeof(curve448_p)); p_limbs = CHARS_TO_LIMBS(sizeof(curve448_p));
} else { } else {
@ -6003,9 +6024,14 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
} }
if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs, if (modp != NULL) {
MBEDTLS_MPI_MOD_REP_MONTGOMERY)) { if (mbedtls_mpi_mod_optred_modulus_setup(N, p, p_limbs, modp)) {
return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
}
} else {
if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs)) {
return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
}
} }
return 0; return 0;
} }

4
library/ecp_invasive.h
View file

@ -306,7 +306,7 @@ int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *X, size_t X_limbs);
* \param[in,out] N The address of the modulus structure to populate. * \param[in,out] N The address of the modulus structure to populate.
* Must be initialized. * Must be initialized.
* \param[in] id The mbedtls_ecp_group_id for which to initialise the modulus. * \param[in] id The mbedtls_ecp_group_id for which to initialise the modulus.
* \param[in] ctype The mbedtls_ecp_curve_type identifier for a coordinate modulus (P) * \param[in] ctype The mbedtls_ecp_modulus_type identifier for a coordinate modulus (P)
* or a scalar modulus (N). * or a scalar modulus (N).
* *
* \return \c 0 if successful. * \return \c 0 if successful.
@ -317,7 +317,7 @@ int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *X, size_t X_limbs);
MBEDTLS_STATIC_TESTABLE MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_ecp_group_id id, const mbedtls_ecp_group_id id,
const mbedtls_ecp_curve_type ctype); const mbedtls_ecp_modulus_type ctype);
#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_ECP_C */ #endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_ECP_C */

12
library/lmots.c
View file

@ -45,9 +45,15 @@
#include "psa/crypto.h" #include "psa/crypto.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ /* Define a local translating function to save code size by not using too many
psa_to_lms_errors, \ * arguments in each translating place. */
psa_generic_status_to_mbedtls) static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_lms_errors,
ARRAY_LENGTH(psa_to_lms_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#define PUBLIC_KEY_TYPE_OFFSET (0) #define PUBLIC_KEY_TYPE_OFFSET (0)
#define PUBLIC_KEY_I_KEY_ID_OFFSET (PUBLIC_KEY_TYPE_OFFSET + \ #define PUBLIC_KEY_I_KEY_ID_OFFSET (PUBLIC_KEY_TYPE_OFFSET + \

12
library/lms.c
View file

@ -46,9 +46,15 @@
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ /* Define a local translating function to save code size by not using too many
psa_to_lms_errors, \ * arguments in each translating place. */
psa_generic_status_to_mbedtls) static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_lms_errors,
ARRAY_LENGTH(psa_to_lms_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#define SIG_Q_LEAF_ID_OFFSET (0) #define SIG_Q_LEAF_ID_OFFSET (0)
#define SIG_OTS_SIG_OFFSET (SIG_Q_LEAF_ID_OFFSET + \ #define SIG_OTS_SIG_OFFSET (SIG_Q_LEAF_ID_OFFSET + \

4
library/oid.c
View file

@ -543,7 +543,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg,
mbedtls_pk_type_t, mbedtls_pk_type_t,
pk_alg) pk_alg)
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/* /*
* For elliptic curves that use namedCurve inside ECParams (RFC 5480) * For elliptic curves that use namedCurve inside ECParams (RFC 5480)
*/ */
@ -674,7 +674,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp_algid,
oid_ecp_grp_algid, oid_ecp_grp_algid,
mbedtls_ecp_group_id, mbedtls_ecp_group_id,
grp_id) grp_id)
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_CIPHER_C)
/* /*

52
library/pk.c
View file

@ -31,7 +31,7 @@
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
#include "mbedtls/rsa.h" #include "mbedtls/rsa.h"
#endif #endif
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "mbedtls/ecp.h" #include "mbedtls/ecp.h"
#endif #endif
#if defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_ECDSA_C)
@ -125,12 +125,12 @@ const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type)
case MBEDTLS_PK_RSA: case MBEDTLS_PK_RSA:
return &mbedtls_rsa_info; return &mbedtls_rsa_info;
#endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY:
return &mbedtls_eckey_info; return &mbedtls_eckey_info;
case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECKEY_DH:
return &mbedtls_eckeydh_info; return &mbedtls_eckeydh_info;
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) #if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
case MBEDTLS_PK_ECDSA: case MBEDTLS_PK_ECDSA:
return &mbedtls_ecdsa_info; return &mbedtls_ecdsa_info;
@ -196,42 +196,6 @@ int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx,
} }
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
int mbedtls_pk_update_public_key_from_keypair(mbedtls_pk_context *pk,
mbedtls_ecp_keypair *ecp_keypair)
{
int ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
if (pk == NULL) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
/* The raw public key storing mechanism is only supported for EC keys so
* we fail silently for other ones. */
if ((pk->pk_info->type != MBEDTLS_PK_ECKEY) &&
(pk->pk_info->type != MBEDTLS_PK_ECKEY_DH) &&
(pk->pk_info->type != MBEDTLS_PK_ECDSA)) {
return 0;
}
ret = mbedtls_ecp_point_write_binary(&ecp_keypair->grp, &ecp_keypair->Q,
MBEDTLS_ECP_PF_UNCOMPRESSED,
&pk->pub_raw_len,
pk->pub_raw,
MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN);
if (ret != 0) {
return ret;
}
pk->ec_family = mbedtls_ecc_group_to_psa(ecp_keypair->grp.id,
&pk->ec_bits);
if (pk->ec_family == 0) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
return 0;
}
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/* /*
* Initialize an RSA-alt context * Initialize an RSA-alt context
@ -903,14 +867,14 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
psa_key_usage_t usage, psa_key_usage_t usage,
psa_algorithm_t alg2) psa_algorithm_t alg2)
{ {
#if !defined(MBEDTLS_ECP_LIGHT) && !defined(MBEDTLS_RSA_C) #if !defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_RSA_C)
((void) pk); ((void) pk);
((void) key); ((void) key);
((void) alg); ((void) alg);
((void) usage); ((void) usage);
((void) alg2); ((void) alg2);
#else /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */ #else /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY) { if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY) {
size_t d_len; size_t d_len;
psa_ecc_family_t curve_id; psa_ecc_family_t curve_id;
@ -965,7 +929,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
return mbedtls_pk_setup_opaque(pk, *key); return mbedtls_pk_setup_opaque(pk, *key);
} else } else
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) { if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) {
unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES]; unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
@ -1006,7 +970,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
return mbedtls_pk_setup_opaque(pk, *key); return mbedtls_pk_setup_opaque(pk, *key);
} else } else
#endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_RSA_C */
#endif /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */ #endif /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */
return MBEDTLS_ERR_PK_TYPE_MISMATCH; return MBEDTLS_ERR_PK_TYPE_MISMATCH;
} }
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */

20
library/pk_internal.h
View file

@ -25,7 +25,7 @@
#include "mbedtls/pk.h" #include "mbedtls/pk.h"
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "mbedtls/ecp.h" #include "mbedtls/ecp.h"
#endif #endif
@ -44,7 +44,7 @@
psa_pk_status_to_mbedtls) psa_pk_status_to_mbedtls)
#endif #endif
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/** /**
* Public function mbedtls_pk_ec() can be used to get direct access to the * Public function mbedtls_pk_ec() can be used to get direct access to the
* wrapped ecp_keypair structure pointed to the pk_ctx. However this is not * wrapped ecp_keypair structure pointed to the pk_ctx. However this is not
@ -115,21 +115,7 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_cont
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
#define MBEDTLS_PK_HAVE_RFC8410_CURVES #define MBEDTLS_PK_HAVE_RFC8410_CURVES
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED || MBEDTLS_ECP_DP_CURVE448_ENABLED */ #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED || MBEDTLS_ECP_DP_CURVE448_ENABLED */
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
/**
* \brief Copy the public key content in raw format from "ctx->pk_ctx"
* (which is an ecp_keypair) into the internal "ctx->pub_raw" buffer.
*
* \note This is a temporary function that can be removed as soon as the pk
* module is free from ECP_C
*
* \param pk It is the pk_context which is going to be updated. It acts both
* as input and output.
*/
int mbedtls_pk_update_public_key_from_keypair(mbedtls_pk_context *pk,
mbedtls_ecp_keypair *ecp_keypair);
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
#endif /* MBEDTLS_PK_INTERNAL_H */ #endif /* MBEDTLS_PK_INTERNAL_H */

4
library/pk_wrap.c
View file

@ -634,7 +634,7 @@ const mbedtls_pk_info_t mbedtls_rsa_info = {
}; };
#endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/* /*
* Generic EC key * Generic EC key
*/ */
@ -1335,7 +1335,7 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = {
#endif #endif
eckey_debug, /* Same underlying key structure */ eckey_debug, /* Same underlying key structure */
}; };
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) #if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
static int ecdsa_can_do(mbedtls_pk_type_t type) static int ecdsa_can_do(mbedtls_pk_type_t type)

2
library/pk_wrap.h
View file

@ -120,7 +120,7 @@ typedef struct {
extern const mbedtls_pk_info_t mbedtls_rsa_info; extern const mbedtls_pk_info_t mbedtls_rsa_info;
#endif #endif
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
extern const mbedtls_pk_info_t mbedtls_eckey_info; extern const mbedtls_pk_info_t mbedtls_eckey_info;
extern const mbedtls_pk_info_t mbedtls_eckeydh_info; extern const mbedtls_pk_info_t mbedtls_eckeydh_info;
#endif #endif

52
library/pkparse.c
View file

@ -37,7 +37,7 @@
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C)
#include "pkwrite.h" #include "pkwrite.h"
#endif #endif
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "pk_internal.h" #include "pk_internal.h"
#endif #endif
#if defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_ECDSA_C)
@ -64,10 +64,10 @@
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
/* Helper for Montgomery curves */ /* Helper for Montgomery curves */
#if defined(MBEDTLS_ECP_LIGHT) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
#define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \ #define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \
((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448)) ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448))
#endif /* MBEDTLS_ECP_LIGHT && MBEDTLS_PK_HAVE_RFC8410_CURVES */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS && MBEDTLS_PK_HAVE_RFC8410_CURVES */
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
/* /*
@ -174,7 +174,7 @@ int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path)
} }
#endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_FS_IO */
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
* *
* ECParameters ::= CHOICE { * ECParameters ::= CHOICE {
@ -655,7 +655,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk,
mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk);
if ((ret = mbedtls_mpi_read_binary_le(&eck->d, key, len)) != 0) { if ((ret = mbedtls_mpi_read_binary_le(&eck->d, key, len)) != 0) {
mbedtls_ecp_keypair_free(eck);
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
} }
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
@ -664,9 +663,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk,
* which never contain a public key. As such, derive the public key * which never contain a public key. As such, derive the public key
* unconditionally. */ * unconditionally. */
if ((ret = pk_derive_public_key(pk, key, len, f_rng, p_rng)) != 0) { if ((ret = pk_derive_public_key(pk, key, len, f_rng, p_rng)) != 0) {
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
mbedtls_ecp_keypair_free(eck);
#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
return ret; return ret;
} }
@ -674,7 +670,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk,
* into PSA. */ * into PSA. */
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) { if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) {
mbedtls_ecp_keypair_free(eck);
return ret; return ret;
} }
#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ #endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
@ -793,7 +788,7 @@ static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end,
return ret; return ret;
} }
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
/* /*
@ -878,7 +873,7 @@ static int pk_get_pk_alg(unsigned char **p,
} }
ret = mbedtls_oid_get_pk_alg(&alg_oid, pk_alg); ret = mbedtls_oid_get_pk_alg(&alg_oid, pk_alg);
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (ret == MBEDTLS_ERR_OID_NOT_FOUND) { if (ret == MBEDTLS_ERR_OID_NOT_FOUND) {
ret = mbedtls_oid_get_ec_grp_algid(&alg_oid, ec_grp_id); ret = mbedtls_oid_get_ec_grp_algid(&alg_oid, ec_grp_id);
if (ret == 0) { if (ret == 0) {
@ -952,7 +947,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end,
ret = pk_get_rsapubkey(p, end, mbedtls_pk_rsa(*pk)); ret = pk_get_rsapubkey(p, end, mbedtls_pk_rsa(*pk));
} else } else
#endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) { if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) {
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) {
@ -966,7 +961,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end,
ret = pk_get_ecpubkey(p, end, pk); ret = pk_get_ecpubkey(p, end, pk);
} }
} else } else
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
if (ret == 0 && *p != end) { if (ret == 0 && *p != end) {
@ -1170,7 +1165,7 @@ cleanup:
} }
#endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/* /*
* Parse a SEC1 encoded private EC key * Parse a SEC1 encoded private EC key
*/ */
@ -1186,10 +1181,11 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk,
unsigned char *d; unsigned char *d;
unsigned char *end = p + keylen; unsigned char *end = p + keylen;
unsigned char *end2; unsigned char *end2;
mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk);
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status; psa_status_t status;
#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk);
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
/* /*
@ -1226,7 +1222,6 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk,
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
if ((ret = mbedtls_mpi_read_binary(&eck->d, p, len)) != 0) { if ((ret = mbedtls_mpi_read_binary(&eck->d, p, len)) != 0) {
mbedtls_ecp_keypair_free(eck);
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
} }
#endif #endif
@ -1243,11 +1238,9 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk,
0)) == 0) { 0)) == 0) {
if ((ret = pk_get_ecparams(&p, p + len, &params)) != 0 || if ((ret = pk_get_ecparams(&p, p + len, &params)) != 0 ||
(ret = pk_use_ecparams(&params, pk)) != 0) { (ret = pk_use_ecparams(&params, pk)) != 0) {
mbedtls_ecp_keypair_free(eck);
return ret; return ret;
} }
} else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
mbedtls_ecp_keypair_free(eck);
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
} }
} }
@ -1283,7 +1276,6 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk,
} }
} }
} else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
mbedtls_ecp_keypair_free(eck);
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
} }
} }
@ -1311,21 +1303,19 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk,
if (!pubkey_done) { if (!pubkey_done) {
if ((ret = pk_derive_public_key(pk, d, d_len, f_rng, p_rng)) != 0) { if ((ret = pk_derive_public_key(pk, d, d_len, f_rng, p_rng)) != 0) {
mbedtls_ecp_keypair_free(eck);
return ret; return ret;
} }
} }
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) { if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) {
mbedtls_ecp_keypair_free(eck);
return ret; return ret;
} }
#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ #endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
return 0; return 0;
} }
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
/* /*
* Parse an unencrypted PKCS#8 encoded private key * Parse an unencrypted PKCS#8 encoded private key
@ -1354,7 +1344,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE; mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE;
const mbedtls_pk_info_t *pk_info; const mbedtls_pk_info_t *pk_info;
#if !defined(MBEDTLS_ECP_LIGHT) #if !defined(MBEDTLS_PK_HAVE_ECC_KEYS)
(void) f_rng; (void) f_rng;
(void) p_rng; (void) p_rng;
#endif #endif
@ -1419,7 +1409,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
} }
} else } else
#endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) { if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) {
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) {
@ -1441,7 +1431,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
} }
} }
} else } else
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
return 0; return 0;
@ -1608,7 +1598,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk,
} }
#endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
if (key[keylen - 1] != '\0') { if (key[keylen - 1] != '\0') {
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
@ -1637,7 +1627,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk,
} else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
return ret; return ret;
} }
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
if (key[keylen - 1] != '\0') { if (key[keylen - 1] != '\0') {
@ -1743,7 +1733,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk,
mbedtls_pk_init(pk); mbedtls_pk_init(pk);
#endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY); pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY);
if (mbedtls_pk_setup(pk, pk_info) == 0 && if (mbedtls_pk_setup(pk, pk_info) == 0 &&
pk_parse_key_sec1_der(pk, pk_parse_key_sec1_der(pk,
@ -1751,13 +1741,13 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk,
return 0; return 0;
} }
mbedtls_pk_free(pk); mbedtls_pk_free(pk);
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
/* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_LIGHT isn't, /* If MBEDTLS_RSA_C is defined but MBEDTLS_PK_HAVE_ECC_KEYS isn't,
* it is ok to leave the PK context initialized but not * it is ok to leave the PK context initialized but not
* freed: It is the caller's responsibility to call pk_init() * freed: It is the caller's responsibility to call pk_init()
* before calling this function, and to call pk_free() * before calling this function, and to call pk_free()
* when it fails. If MBEDTLS_ECP_LIGHT is defined but MBEDTLS_RSA_C * when it fails. If MBEDTLS_PK_HAVE_ECC_KEYS is defined but MBEDTLS_RSA_C
* isn't, this leads to mbedtls_pk_free() being called * isn't, this leads to mbedtls_pk_free() being called
* twice, once here and once by the caller, but this is * twice, once here and once by the caller, but this is
* also ok and in line with the mbedtls_pk_free() calls * also ok and in line with the mbedtls_pk_free() calls

59
library/pkwrite.c
View file

@ -38,10 +38,10 @@
#include "mbedtls/ecp.h" #include "mbedtls/ecp.h"
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
#endif #endif
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "pk_internal.h" #include "pk_internal.h"
#endif #endif
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "pkwrite.h" #include "pkwrite.h"
#endif #endif
#if defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_ECDSA_C)
@ -58,7 +58,7 @@
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
/* Helper for Montgomery curves */ /* Helper for Montgomery curves */
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk)
{ {
@ -76,6 +76,7 @@ static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk)
#endif #endif
return 0; return 0;
} }
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
/* It is assumed that the input key is opaque */ /* It is assumed that the input key is opaque */
static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk)
@ -93,7 +94,7 @@ static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk)
} }
#endif /* MBETLS_USE_PSA_CRYPTO */ #endif /* MBETLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
/* It is assumed that the input key is opaque */ /* It is assumed that the input key is opaque */
@ -158,7 +159,7 @@ end_of_export:
} }
#endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start,
const mbedtls_pk_context *pk) const mbedtls_pk_context *pk)
@ -316,7 +317,7 @@ exit:
return ret; return ret;
} }
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start, static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start,
@ -353,7 +354,7 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start,
MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, key)); MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, key));
} else } else
#endif #endif
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key)); MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key));
} else } else
@ -375,7 +376,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu
int has_par = 1; int has_par = 1;
size_t len = 0, par_len = 0, oid_len = 0; size_t len = 0, par_len = 0, oid_len = 0;
mbedtls_pk_type_t pk_type; mbedtls_pk_type_t pk_type;
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE; mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE;
#endif #endif
const char *oid; const char *oid;
@ -404,20 +405,20 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING)); MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING));
pk_type = mbedtls_pk_get_type(key); pk_type = mbedtls_pk_get_type(key);
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (pk_type == MBEDTLS_PK_ECKEY) { if (pk_type == MBEDTLS_PK_ECKEY) {
ec_grp_id = mbedtls_pk_get_group_id(key); ec_grp_id = mbedtls_pk_get_group_id(key);
} }
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if (pk_type == MBEDTLS_PK_OPAQUE) { if (pk_type == MBEDTLS_PK_OPAQUE) {
psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key); psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key);
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) { if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) {
pk_type = MBEDTLS_PK_ECKEY; pk_type = MBEDTLS_PK_ECKEY;
ec_grp_id = mbedtls_pk_get_group_id(key); ec_grp_id = mbedtls_pk_get_group_id(key);
} else } else
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
if (PSA_KEY_TYPE_IS_RSA(opaque_key_type)) { if (PSA_KEY_TYPE_IS_RSA(opaque_key_type)) {
/* The rest of the function works as for legacy RSA contexts. */ /* The rest of the function works as for legacy RSA contexts. */
pk_type = MBEDTLS_PK_RSA; pk_type = MBEDTLS_PK_RSA;
@ -429,7 +430,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu
} }
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (pk_type == MBEDTLS_PK_ECKEY) { if (pk_type == MBEDTLS_PK_ECKEY) {
/* Some groups have their own AlgorithmIdentifier OID, others are handled /* Some groups have their own AlgorithmIdentifier OID, others are handled
* by mbedtls_oid_get_oid_by_pk_alg() below */ * by mbedtls_oid_get_oid_by_pk_alg() below */
@ -445,7 +446,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu
return ret; return ret;
} }
} }
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
if (oid_len == 0) { if (oid_len == 0) {
if ((ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid, if ((ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid,
@ -464,7 +465,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu
return (int) len; return (int) len;
} }
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
/* /*
* RFC8410 section 7 * RFC8410 section 7
@ -572,7 +573,7 @@ static int pk_write_ec_der(unsigned char **p, unsigned char *buf,
return (int) len; return (int) len;
} }
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
static int pk_write_rsa_der(unsigned char **p, unsigned char *buf, static int pk_write_rsa_der(unsigned char **p, unsigned char *buf,
@ -691,9 +692,9 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf,
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
int is_rsa_opaque = 0; int is_rsa_opaque = 0;
#endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
int is_ec_opaque = 0; int is_ec_opaque = 0;
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t opaque_key_type; psa_key_type_t opaque_key_type;
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
@ -710,9 +711,9 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf,
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type); is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type);
#endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type); is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type);
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
} }
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
@ -721,7 +722,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf,
return pk_write_rsa_der(&c, buf, key); return pk_write_rsa_der(&c, buf, key);
} else } else
#endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) { if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) {
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (mbedtls_pk_is_rfc8410(key)) { if (mbedtls_pk_is_rfc8410(key)) {
@ -730,7 +731,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf,
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
return pk_write_ec_der(&c, buf, key); return pk_write_ec_der(&c, buf, key);
} else } else
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
return (int) len; return (int) len;
@ -781,12 +782,12 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf,
unsigned char output_buf[PRV_DER_MAX_BYTES]; unsigned char output_buf[PRV_DER_MAX_BYTES];
const char *begin, *end; const char *begin, *end;
size_t olen = 0; size_t olen = 0;
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
int is_ec_opaque = 0; int is_ec_opaque = 0;
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
int is_montgomery_opaque = 0; int is_montgomery_opaque = 0;
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
int is_rsa_opaque = 0; int is_rsa_opaque = 0;
#endif #endif
@ -802,14 +803,14 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf,
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type); is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type);
#endif #endif
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type); is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type);
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (pk_get_opaque_ec_family(key) == PSA_ECC_FAMILY_MONTGOMERY) { if (pk_get_opaque_ec_family(key) == PSA_ECC_FAMILY_MONTGOMERY) {
is_montgomery_opaque = 1; is_montgomery_opaque = 1;
} }
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
} }
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
@ -819,7 +820,7 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf,
end = PEM_END_PRIVATE_KEY_RSA; end = PEM_END_PRIVATE_KEY_RSA;
} else } else
#endif #endif
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) { if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) {
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (is_montgomery_opaque || if (is_montgomery_opaque ||
@ -828,13 +829,13 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf,
begin = PEM_BEGIN_PRIVATE_KEY_PKCS8; begin = PEM_BEGIN_PRIVATE_KEY_PKCS8;
end = PEM_END_PRIVATE_KEY_PKCS8; end = PEM_END_PRIVATE_KEY_PKCS8;
} else } else
#endif #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
{ {
begin = PEM_BEGIN_PRIVATE_KEY_EC; begin = PEM_BEGIN_PRIVATE_KEY_EC;
end = PEM_END_PRIVATE_KEY_EC; end = PEM_END_PRIVATE_KEY_EC;
} }
} else } else
#endif #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
if ((ret = mbedtls_pem_write_buffer(begin, end, if ((ret = mbedtls_pem_write_buffer(begin, end,

6
library/pkwrite.h
View file

@ -73,7 +73,7 @@
#endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/* /*
* EC public keys: * EC public keys:
* SubjectPublicKeyInfo ::= SEQUENCE { 1 + 2 * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 2
@ -98,10 +98,10 @@
*/ */
#define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES (29 + 3 * MBEDTLS_ECP_MAX_BYTES) #define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES (29 + 3 * MBEDTLS_ECP_MAX_BYTES)
#else /* MBEDTLS_ECP_LIGHT */ #else /* MBEDTLS_PK_HAVE_ECC_KEYS */
#define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES 0 #define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES 0
#define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES 0 #define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES 0
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#endif /* MBEDTLS_PK_WRITE_H */ #endif /* MBEDTLS_PK_WRITE_H */

348
library/psa_crypto.c
View file

@ -84,8 +84,6 @@
#include "mbedtls/sha512.h" #include "mbedtls/sha512.h"
#include "md_psa.h" #include "md_psa.h"
#define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array)))
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
@ -390,7 +388,56 @@ static void psa_wipe_tag_output_buffer(uint8_t *output_buffer, psa_status_t stat
/* Key management */ /* Key management */
/****************************************************************/ /****************************************************************/
#if defined(MBEDTLS_ECP_LIGHT) #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
size_t *bits)
{
switch (grpid) {
case MBEDTLS_ECP_DP_SECP192R1:
*bits = 192;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP224R1:
*bits = 224;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP256R1:
*bits = 256;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP384R1:
*bits = 384;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP521R1:
*bits = 521;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_BP256R1:
*bits = 256;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_BP384R1:
*bits = 384;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_BP512R1:
*bits = 512;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_CURVE25519:
*bits = 255;
return PSA_ECC_FAMILY_MONTGOMERY;
case MBEDTLS_ECP_DP_SECP192K1:
*bits = 192;
return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_SECP224K1:
*bits = 224;
return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_SECP256K1:
*bits = 256;
return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_CURVE448:
*bits = 448;
return PSA_ECC_FAMILY_MONTGOMERY;
default:
*bits = 0;
return 0;
}
}
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
size_t bits, size_t bits,
int bits_is_sloppy) int bits_is_sloppy)
@ -482,7 +529,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
(void) bits_is_sloppy; (void) bits_is_sloppy;
return MBEDTLS_ECP_DP_NONE; return MBEDTLS_ECP_DP_NONE;
} }
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
psa_status_t psa_validate_unstructured_key_bit_size(psa_key_type_t type, psa_status_t psa_validate_unstructured_key_bit_size(psa_key_type_t type,
size_t bits) size_t bits)
@ -7718,10 +7765,8 @@ psa_status_t psa_pake_setup(
psa_jpake_computation_stage_t *computation_stage = psa_jpake_computation_stage_t *computation_stage =
&operation->computation_stage.jpake; &operation->computation_stage.jpake;
computation_stage->state = PSA_PAKE_STATE_SETUP; memset(computation_stage, 0, sizeof(*computation_stage));
computation_stage->sequence = PSA_PAKE_SEQ_INVALID; computation_stage->step = PSA_PAKE_STEP_KEY_SHARE;
computation_stage->input_step = PSA_PAKE_STEP_X1_X2;
computation_stage->output_step = PSA_PAKE_STEP_X1_X2;
} else } else
#endif /* PSA_WANT_ALG_JPAKE */ #endif /* PSA_WANT_ALG_JPAKE */
{ {
@ -7890,59 +7935,32 @@ exit:
return status; return status;
} }
/* Auxiliary function to convert core computation stage(step, sequence, state) to single driver step. */ /* Auxiliary function to convert core computation stage to single driver step. */
#if defined(PSA_WANT_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_step( static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_step(
psa_jpake_computation_stage_t *stage) psa_jpake_computation_stage_t *stage)
{ {
switch (stage->state) { psa_crypto_driver_pake_step_t key_share_step;
case PSA_PAKE_OUTPUT_X1_X2: if (stage->round == PSA_JPAKE_FIRST) {
case PSA_PAKE_INPUT_X1_X2: int is_x1;
switch (stage->sequence) {
case PSA_PAKE_X1_STEP_KEY_SHARE: if (stage->io_mode == PSA_JPAKE_OUTPUT) {
return PSA_JPAKE_X1_STEP_KEY_SHARE; is_x1 = (stage->outputs < 1);
case PSA_PAKE_X1_STEP_ZK_PUBLIC: } else {
return PSA_JPAKE_X1_STEP_ZK_PUBLIC; is_x1 = (stage->inputs < 1);
case PSA_PAKE_X1_STEP_ZK_PROOF: }
return PSA_JPAKE_X1_STEP_ZK_PROOF;
case PSA_PAKE_X2_STEP_KEY_SHARE: key_share_step = is_x1 ?
return PSA_JPAKE_X2_STEP_KEY_SHARE; PSA_JPAKE_X1_STEP_KEY_SHARE :
case PSA_PAKE_X2_STEP_ZK_PUBLIC: PSA_JPAKE_X2_STEP_KEY_SHARE;
return PSA_JPAKE_X2_STEP_ZK_PUBLIC; } else if (stage->round == PSA_JPAKE_SECOND) {
case PSA_PAKE_X2_STEP_ZK_PROOF: key_share_step = (stage->io_mode == PSA_JPAKE_OUTPUT) ?
return PSA_JPAKE_X2_STEP_ZK_PROOF; PSA_JPAKE_X2S_STEP_KEY_SHARE :
default: PSA_JPAKE_X4S_STEP_KEY_SHARE;
return PSA_JPAKE_STEP_INVALID; } else {
} return PSA_JPAKE_STEP_INVALID;
break;
case PSA_PAKE_OUTPUT_X2S:
switch (stage->sequence) {
case PSA_PAKE_X1_STEP_KEY_SHARE:
return PSA_JPAKE_X2S_STEP_KEY_SHARE;
case PSA_PAKE_X1_STEP_ZK_PUBLIC:
return PSA_JPAKE_X2S_STEP_ZK_PUBLIC;
case PSA_PAKE_X1_STEP_ZK_PROOF:
return PSA_JPAKE_X2S_STEP_ZK_PROOF;
default:
return PSA_JPAKE_STEP_INVALID;
}
break;
case PSA_PAKE_INPUT_X4S:
switch (stage->sequence) {
case PSA_PAKE_X1_STEP_KEY_SHARE:
return PSA_JPAKE_X4S_STEP_KEY_SHARE;
case PSA_PAKE_X1_STEP_ZK_PUBLIC:
return PSA_JPAKE_X4S_STEP_ZK_PUBLIC;
case PSA_PAKE_X1_STEP_ZK_PROOF:
return PSA_JPAKE_X4S_STEP_ZK_PROOF;
default:
return PSA_JPAKE_STEP_INVALID;
}
break;
default:
return PSA_JPAKE_STEP_INVALID;
} }
return PSA_JPAKE_STEP_INVALID; return key_share_step + stage->step - PSA_PAKE_STEP_KEY_SHARE;
} }
#endif /* PSA_WANT_ALG_JPAKE */ #endif /* PSA_WANT_ALG_JPAKE */
@ -7981,12 +7999,6 @@ static psa_status_t psa_pake_complete_inputs(
#if defined(PSA_WANT_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
if (operation->alg == PSA_ALG_JPAKE) { if (operation->alg == PSA_ALG_JPAKE) {
operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION;
psa_jpake_computation_stage_t *computation_stage =
&operation->computation_stage.jpake;
computation_stage->state = PSA_PAKE_STATE_READY;
computation_stage->sequence = PSA_PAKE_SEQ_INVALID;
computation_stage->input_step = PSA_PAKE_STEP_X1_X2;
computation_stage->output_step = PSA_PAKE_STEP_X1_X2;
} else } else
#endif /* PSA_WANT_ALG_JPAKE */ #endif /* PSA_WANT_ALG_JPAKE */
{ {
@ -7997,9 +8009,10 @@ static psa_status_t psa_pake_complete_inputs(
} }
#if defined(PSA_WANT_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
static psa_status_t psa_jpake_output_prologue( static psa_status_t psa_jpake_prologue(
psa_pake_operation_t *operation, psa_pake_operation_t *operation,
psa_pake_step_t step) psa_pake_step_t step,
psa_jpake_io_mode_t io_mode)
{ {
if (step != PSA_PAKE_STEP_KEY_SHARE && if (step != PSA_PAKE_STEP_KEY_SHARE &&
step != PSA_PAKE_STEP_ZK_PUBLIC && step != PSA_PAKE_STEP_ZK_PUBLIC &&
@ -8010,84 +8023,66 @@ static psa_status_t psa_jpake_output_prologue(
psa_jpake_computation_stage_t *computation_stage = psa_jpake_computation_stage_t *computation_stage =
&operation->computation_stage.jpake; &operation->computation_stage.jpake;
if (computation_stage->state == PSA_PAKE_STATE_INVALID) { if (computation_stage->round != PSA_JPAKE_FIRST &&
computation_stage->round != PSA_JPAKE_SECOND) {
return PSA_ERROR_BAD_STATE; return PSA_ERROR_BAD_STATE;
} }
if (computation_stage->state != PSA_PAKE_STATE_READY && /* Check that the step we are given is the one we were expecting */
computation_stage->state != PSA_PAKE_OUTPUT_X1_X2 && if (step != computation_stage->step) {
computation_stage->state != PSA_PAKE_OUTPUT_X2S) {
return PSA_ERROR_BAD_STATE; return PSA_ERROR_BAD_STATE;
} }
if (computation_stage->state == PSA_PAKE_STATE_READY) { if (step == PSA_PAKE_STEP_KEY_SHARE &&
if (step != PSA_PAKE_STEP_KEY_SHARE) { computation_stage->inputs == 0 &&
return PSA_ERROR_BAD_STATE; computation_stage->outputs == 0) {
} /* Start of the round, so function decides whether we are inputting
* or outputting */
switch (computation_stage->output_step) { computation_stage->io_mode = io_mode;
case PSA_PAKE_STEP_X1_X2: } else if (computation_stage->io_mode != io_mode) {
computation_stage->state = PSA_PAKE_OUTPUT_X1_X2; /* Middle of the round so the mode we are in must match the function
break; * called by the user */
case PSA_PAKE_STEP_X2S: return PSA_ERROR_BAD_STATE;
computation_stage->state = PSA_PAKE_OUTPUT_X2S;
break;
default:
return PSA_ERROR_BAD_STATE;
}
computation_stage->sequence = PSA_PAKE_X1_STEP_KEY_SHARE;
}
/* Check if step matches current sequence */
switch (computation_stage->sequence) {
case PSA_PAKE_X1_STEP_KEY_SHARE:
case PSA_PAKE_X2_STEP_KEY_SHARE:
if (step != PSA_PAKE_STEP_KEY_SHARE) {
return PSA_ERROR_BAD_STATE;
}
break;
case PSA_PAKE_X1_STEP_ZK_PUBLIC:
case PSA_PAKE_X2_STEP_ZK_PUBLIC:
if (step != PSA_PAKE_STEP_ZK_PUBLIC) {
return PSA_ERROR_BAD_STATE;
}
break;
case PSA_PAKE_X1_STEP_ZK_PROOF:
case PSA_PAKE_X2_STEP_ZK_PROOF:
if (step != PSA_PAKE_STEP_ZK_PROOF) {
return PSA_ERROR_BAD_STATE;
}
break;
default:
return PSA_ERROR_BAD_STATE;
} }
return PSA_SUCCESS; return PSA_SUCCESS;
} }
static psa_status_t psa_jpake_output_epilogue( static psa_status_t psa_jpake_epilogue(
psa_pake_operation_t *operation) psa_pake_operation_t *operation,
psa_jpake_io_mode_t io_mode)
{ {
psa_jpake_computation_stage_t *computation_stage = psa_jpake_computation_stage_t *stage =
&operation->computation_stage.jpake; &operation->computation_stage.jpake;
if ((computation_stage->state == PSA_PAKE_OUTPUT_X1_X2 && if (stage->step == PSA_PAKE_STEP_ZK_PROOF) {
computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || /* End of an input/output */
(computation_stage->state == PSA_PAKE_OUTPUT_X2S && if (io_mode == PSA_JPAKE_INPUT) {
computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { stage->inputs++;
computation_stage->state = PSA_PAKE_STATE_READY; if (stage->inputs == PSA_JPAKE_EXPECTED_INPUTS(stage->round)) {
computation_stage->output_step++; stage->io_mode = PSA_JPAKE_OUTPUT;
computation_stage->sequence = PSA_PAKE_SEQ_INVALID; }
}
if (io_mode == PSA_JPAKE_OUTPUT) {
stage->outputs++;
if (stage->outputs == PSA_JPAKE_EXPECTED_OUTPUTS(stage->round)) {
stage->io_mode = PSA_JPAKE_INPUT;
}
}
if (stage->inputs == PSA_JPAKE_EXPECTED_INPUTS(stage->round) &&
stage->outputs == PSA_JPAKE_EXPECTED_OUTPUTS(stage->round)) {
/* End of a round, move to the next round */
stage->inputs = 0;
stage->outputs = 0;
stage->round++;
}
stage->step = PSA_PAKE_STEP_KEY_SHARE;
} else { } else {
computation_stage->sequence++; stage->step++;
} }
return PSA_SUCCESS; return PSA_SUCCESS;
} }
#endif /* PSA_WANT_ALG_JPAKE */ #endif /* PSA_WANT_ALG_JPAKE */
psa_status_t psa_pake_output( psa_status_t psa_pake_output(
@ -8121,7 +8116,7 @@ psa_status_t psa_pake_output(
switch (operation->alg) { switch (operation->alg) {
#if defined(PSA_WANT_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
case PSA_ALG_JPAKE: case PSA_ALG_JPAKE:
status = psa_jpake_output_prologue(operation, step); status = psa_jpake_prologue(operation, step, PSA_JPAKE_OUTPUT);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
goto exit; goto exit;
} }
@ -8145,7 +8140,7 @@ psa_status_t psa_pake_output(
switch (operation->alg) { switch (operation->alg) {
#if defined(PSA_WANT_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
case PSA_ALG_JPAKE: case PSA_ALG_JPAKE:
status = psa_jpake_output_epilogue(operation); status = psa_jpake_epilogue(operation, PSA_JPAKE_OUTPUT);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
goto exit; goto exit;
} }
@ -8162,100 +8157,6 @@ exit:
return status; return status;
} }
#if defined(PSA_WANT_ALG_JPAKE)
static psa_status_t psa_jpake_input_prologue(
psa_pake_operation_t *operation,
psa_pake_step_t step)
{
if (step != PSA_PAKE_STEP_KEY_SHARE &&
step != PSA_PAKE_STEP_ZK_PUBLIC &&
step != PSA_PAKE_STEP_ZK_PROOF) {
return PSA_ERROR_INVALID_ARGUMENT;
}
psa_jpake_computation_stage_t *computation_stage =
&operation->computation_stage.jpake;
if (computation_stage->state == PSA_PAKE_STATE_INVALID) {
return PSA_ERROR_BAD_STATE;
}
if (computation_stage->state != PSA_PAKE_STATE_READY &&
computation_stage->state != PSA_PAKE_INPUT_X1_X2 &&
computation_stage->state != PSA_PAKE_INPUT_X4S) {
return PSA_ERROR_BAD_STATE;
}
if (computation_stage->state == PSA_PAKE_STATE_READY) {
if (step != PSA_PAKE_STEP_KEY_SHARE) {
return PSA_ERROR_BAD_STATE;
}
switch (computation_stage->input_step) {
case PSA_PAKE_STEP_X1_X2:
computation_stage->state = PSA_PAKE_INPUT_X1_X2;
break;
case PSA_PAKE_STEP_X2S:
computation_stage->state = PSA_PAKE_INPUT_X4S;
break;
default:
return PSA_ERROR_BAD_STATE;
}
computation_stage->sequence = PSA_PAKE_X1_STEP_KEY_SHARE;
}
/* Check if step matches current sequence */
switch (computation_stage->sequence) {
case PSA_PAKE_X1_STEP_KEY_SHARE:
case PSA_PAKE_X2_STEP_KEY_SHARE:
if (step != PSA_PAKE_STEP_KEY_SHARE) {
return PSA_ERROR_BAD_STATE;
}
break;
case PSA_PAKE_X1_STEP_ZK_PUBLIC:
case PSA_PAKE_X2_STEP_ZK_PUBLIC:
if (step != PSA_PAKE_STEP_ZK_PUBLIC) {
return PSA_ERROR_BAD_STATE;
}
break;
case PSA_PAKE_X1_STEP_ZK_PROOF:
case PSA_PAKE_X2_STEP_ZK_PROOF:
if (step != PSA_PAKE_STEP_ZK_PROOF) {
return PSA_ERROR_BAD_STATE;
}
break;
default:
return PSA_ERROR_BAD_STATE;
}
return PSA_SUCCESS;
}
static psa_status_t psa_jpake_input_epilogue(
psa_pake_operation_t *operation)
{
psa_jpake_computation_stage_t *computation_stage =
&operation->computation_stage.jpake;
if ((computation_stage->state == PSA_PAKE_INPUT_X1_X2 &&
computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) ||
(computation_stage->state == PSA_PAKE_INPUT_X4S &&
computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) {
computation_stage->state = PSA_PAKE_STATE_READY;
computation_stage->input_step++;
computation_stage->sequence = PSA_PAKE_SEQ_INVALID;
} else {
computation_stage->sequence++;
}
return PSA_SUCCESS;
}
#endif /* PSA_WANT_ALG_JPAKE */
psa_status_t psa_pake_input( psa_status_t psa_pake_input(
psa_pake_operation_t *operation, psa_pake_operation_t *operation,
psa_pake_step_t step, psa_pake_step_t step,
@ -8288,7 +8189,7 @@ psa_status_t psa_pake_input(
switch (operation->alg) { switch (operation->alg) {
#if defined(PSA_WANT_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
case PSA_ALG_JPAKE: case PSA_ALG_JPAKE:
status = psa_jpake_input_prologue(operation, step); status = psa_jpake_prologue(operation, step, PSA_JPAKE_INPUT);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
goto exit; goto exit;
} }
@ -8312,7 +8213,7 @@ psa_status_t psa_pake_input(
switch (operation->alg) { switch (operation->alg) {
#if defined(PSA_WANT_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
case PSA_ALG_JPAKE: case PSA_ALG_JPAKE:
status = psa_jpake_input_epilogue(operation); status = psa_jpake_epilogue(operation, PSA_JPAKE_INPUT);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
goto exit; goto exit;
} }
@ -8347,8 +8248,7 @@ psa_status_t psa_pake_get_implicit_key(
if (operation->alg == PSA_ALG_JPAKE) { if (operation->alg == PSA_ALG_JPAKE) {
psa_jpake_computation_stage_t *computation_stage = psa_jpake_computation_stage_t *computation_stage =
&operation->computation_stage.jpake; &operation->computation_stage.jpake;
if (computation_stage->input_step != PSA_PAKE_STEP_DERIVE || if (computation_stage->round != PSA_JPAKE_FINISHED) {
computation_stage->output_step != PSA_PAKE_STEP_DERIVE) {
status = PSA_ERROR_BAD_STATE; status = PSA_ERROR_BAD_STATE;
goto exit; goto exit;
} }

14
library/psa_crypto_ffdh.h
View file

@ -47,8 +47,8 @@
* \retval #PSA_ERROR_INVALID_ARGUMENT * \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key_buffer_size, \p peer_key_length, \p shared_secret_size * \p key_buffer_size, \p peer_key_length, \p shared_secret_size
* do not match * do not match
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/ */
psa_status_t mbedtls_psa_key_agreement_ffdh( psa_status_t mbedtls_psa_key_agreement_ffdh(
const psa_key_attributes_t *attributes, const psa_key_attributes_t *attributes,
@ -73,9 +73,9 @@ psa_status_t mbedtls_psa_key_agreement_ffdh(
* \retval #PSA_SUCCESS The public key was exported successfully. * \retval #PSA_SUCCESS The public key was exported successfully.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL * \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of \p key_buffer is too small. * The size of \p key_buffer is too small.
* \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/ */
psa_status_t mbedtls_psa_export_ffdh_public_key( psa_status_t mbedtls_psa_export_ffdh_public_key(
const psa_key_attributes_t *attributes, const psa_key_attributes_t *attributes,
@ -103,8 +103,8 @@ psa_status_t mbedtls_psa_export_ffdh_public_key(
* Key size in bits is invalid. * Key size in bits is invalid.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL * \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of \p key_buffer is too small. * The size of \p key_buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/ */
psa_status_t mbedtls_psa_ffdh_generate_key( psa_status_t mbedtls_psa_ffdh_generate_key(
const psa_key_attributes_t *attributes, const psa_key_attributes_t *attributes,

88
library/psa_crypto_pake.c
View file

@ -80,65 +80,37 @@
*/ */
/* /*
* The first PAKE step shares the same sequences of the second PAKE step * Possible sequence of calls to implementation:
* but with a second set of KEY_SHARE/ZK_PUBLIC/ZK_PROOF outputs/inputs.
* It's simpler to share the same sequences numbers of the first
* set of KEY_SHARE/ZK_PUBLIC/ZK_PROOF outputs/inputs in both PAKE steps.
* *
* State sequence with step, state & sequence enums: * |--- In any order:
* => Input & Output Step = PSA_PAKE_STEP_INVALID * | |
* => state = PSA_PAKE_STATE_INVALID * | |------ In Order
* psa_pake_setup() * | | | mbedtls_psa_pake_output(PSA_JPAKE_X1_STEP_KEY_SHARE)
* => Input & Output Step = PSA_PAKE_STEP_X1_X2 * | | | mbedtls_psa_pake_output(PSA_JPAKE_X1_STEP_ZK_PUBLIC)
* => state = PSA_PAKE_STATE_SETUP * | | | mbedtls_psa_pake_output(PSA_JPAKE_X1_STEP_ZK_PROOF)
* => sequence = PSA_PAKE_SEQ_INVALID * | | | mbedtls_psa_pake_output(PSA_JPAKE_X2_STEP_KEY_SHARE)
* | * | | | mbedtls_psa_pake_output(PSA_JPAKE_X2_STEP_ZK_PUBLIC)
* |--- In any order: (First round input before or after first round output) * | | | mbedtls_psa_pake_output(PSA_JPAKE_X2_STEP_ZK_PROOF)
* | | First call of psa_pake_output() or psa_pake_input() sets * | |
* | | state = PSA_PAKE_STATE_READY * | |------ In Order:
* | | * | | mbedtls_psa_pake_input(PSA_JPAKE_X1_STEP_KEY_SHARE)
* | |------ In Order: => state = PSA_PAKE_OUTPUT_X1_X2 * | | mbedtls_psa_pake_input(PSA_JPAKE_X1_STEP_ZK_PUBLIC)
* | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_KEY_SHARE * | | mbedtls_psa_pake_input(PSA_JPAKE_X1_STEP_ZK_PROOF)
* | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_ZK_PUBLIC * | | mbedtls_psa_pake_input(PSA_JPAKE_X2_STEP_KEY_SHARE)
* | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_ZK_PROOF * | | mbedtls_psa_pake_input(PSA_JPAKE_X2_STEP_ZK_PUBLIC)
* | | | psa_pake_output() => sequence = PSA_PAKE_X2_STEP_KEY_SHARE * | | mbedtls_psa_pake_input(PSA_JPAKE_X2_STEP_ZK_PROOF)
* | | | psa_pake_output() => sequence = PSA_PAKE_X2_STEP_ZK_PUBLIC * |
* | | | psa_pake_output() => sequence = PSA_PAKE_X2_STEP_ZK_PROOF * |--- In any order:
* | | | => state = PSA_PAKE_STATE_READY * | |
* | | | => sequence = PSA_PAKE_SEQ_INVALID * | |------ In Order
* | | | => Output Step = PSA_PAKE_STEP_X2S * | | | mbedtls_psa_pake_output(PSA_JPAKE_X2S_STEP_KEY_SHARE)
* | | * | | | mbedtls_psa_pake_output(PSA_JPAKE_X2S_STEP_ZK_PUBLIC)
* | |------ In Order: => state = PSA_PAKE_INPUT_X1_X2 * | | | mbedtls_psa_pake_output(PSA_JPAKE_X2S_STEP_ZK_PROOF)
* | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_KEY_SHARE * | |
* | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_ZK_PUBLIC * | |------ In Order:
* | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_ZK_PROOF * | | mbedtls_psa_pake_input(PSA_JPAKE_X4S_STEP_KEY_SHARE)
* | | | psa_pake_input() => sequence = PSA_PAKE_X2_STEP_KEY_SHARE * | | mbedtls_psa_pake_input(PSA_JPAKE_X4S_STEP_ZK_PUBLIC)
* | | | psa_pake_input() => sequence = PSA_PAKE_X2_STEP_ZK_PUBLIC * | | mbedtls_psa_pake_input(PSA_JPAKE_X4S_STEP_ZK_PROOF)
* | | | psa_pake_input() => sequence = PSA_PAKE_X2_STEP_ZK_PROOF
* | | | => state = PSA_PAKE_STATE_READY
* | | | => sequence = PSA_PAKE_SEQ_INVALID
* | | | => Output Step = PSA_PAKE_INPUT_X4S
* |
* |--- In any order: (Second round input before or after second round output)
* | |
* | |------ In Order: => state = PSA_PAKE_OUTPUT_X2S
* | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_KEY_SHARE
* | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_ZK_PUBLIC
* | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_ZK_PROOF
* | | | => state = PSA_PAKE_STATE_READY
* | | | => sequence = PSA_PAKE_SEQ_INVALID
* | | | => Output Step = PSA_PAKE_STEP_DERIVE
* | |
* | |------ In Order: => state = PSA_PAKE_INPUT_X4S
* | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_KEY_SHARE
* | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_ZK_PUBLIC
* | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_ZK_PROOF
* | | | => state = PSA_PAKE_STATE_READY
* | | | => sequence = PSA_PAKE_SEQ_INVALID
* | | | => Output Step = PSA_PAKE_STEP_DERIVE
* |
* psa_pake_get_implicit_key()
* => Input & Output Step = PSA_PAKE_STEP_INVALID
*/ */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)

30
library/psa_crypto_pake.h
View file

@ -43,8 +43,8 @@
* compatible with the PAKE algorithm, or the hash algorithm in * compatible with the PAKE algorithm, or the hash algorithm in
* \p cipher_suite is not supported or not compatible with the PAKE * \p cipher_suite is not supported or not compatible with the PAKE
* algorithm and primitive. * algorithm and primitive.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/ */
psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation,
const psa_crypto_driver_pake_inputs_t *inputs); const psa_crypto_driver_pake_inputs_t *inputs);
@ -78,10 +78,10 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation,
* Success. * Success.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL * \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small. * The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_DATA_CORRUPT * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
* \retval #PSA_ERROR_DATA_INVALID * \retval #PSA_ERROR_DATA_INVALID \emptydescription
*/ */
psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation,
psa_crypto_driver_pake_step_t step, psa_crypto_driver_pake_step_t step,
@ -116,10 +116,10 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation,
* \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_NOT_SUPPORTED
* the \p input is not supported for the \p operation's algorithm, cipher * the \p input is not supported for the \p operation's algorithm, cipher
* suite or \p step. * suite or \p step.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_DATA_CORRUPT * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
* \retval #PSA_ERROR_DATA_INVALID * \retval #PSA_ERROR_DATA_INVALID \emptydescription
*/ */
psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation,
psa_crypto_driver_pake_step_t step, psa_crypto_driver_pake_step_t step,
@ -143,10 +143,10 @@ psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation,
* \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_NOT_SUPPORTED
* Input from a PAKE is not supported by the algorithm in the \p output * Input from a PAKE is not supported by the algorithm in the \p output
* key derivation operation. * key derivation operation.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_DATA_CORRUPT * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
* \retval #PSA_ERROR_DATA_INVALID * \retval #PSA_ERROR_DATA_INVALID \emptydescription
*/ */
psa_status_t mbedtls_psa_pake_get_implicit_key( psa_status_t mbedtls_psa_pake_get_implicit_key(
mbedtls_psa_pake_operation_t *operation, mbedtls_psa_pake_operation_t *operation,
@ -164,7 +164,7 @@ psa_status_t mbedtls_psa_pake_get_implicit_key(
* *
* \retval #PSA_SUCCESS * \retval #PSA_SUCCESS
* Success. * Success.
* \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/ */
psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation); psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation);

2
library/psa_crypto_slot_management.c
View file

@ -36,8 +36,6 @@
#include <string.h> #include <string.h>
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array)))
typedef struct { typedef struct {
psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT]; psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT];
unsigned key_slots_initialized : 1; unsigned key_slots_initialized : 1;

2
library/sha512.c
View file

@ -1001,8 +1001,6 @@ static sha_test_sum_t sha512_test_sum[] =
}; };
#endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_SHA512_C */
#define ARRAY_LENGTH(a) (sizeof(a) / sizeof((a)[0]))
static int mbedtls_sha512_common_self_test(int verbose, int is384) static int mbedtls_sha512_common_self_test(int verbose, int is384)
{ {
int i, buflen, ret = 0; int i, buflen, ret = 0;

12
library/ssl_cookie.c
View file

@ -37,9 +37,15 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "md_psa.h" #include "md_psa.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ /* Define a local translating function to save code size by not using too many
psa_to_ssl_errors, \ * arguments in each translating place. */
psa_generic_status_to_mbedtls) static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_ssl_errors,
ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif #endif
/* /*

12
library/ssl_msg.c
View file

@ -49,9 +49,15 @@
#endif #endif
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ /* Define a local translating function to save code size by not using too many
psa_to_ssl_errors, \ * arguments in each translating place. */
psa_generic_status_to_mbedtls) static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_ssl_errors,
ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif #endif
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)

12
library/ssl_ticket.c
View file

@ -31,9 +31,15 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ /* Define a local translating function to save code size by not using too many
psa_to_ssl_errors, \ * arguments in each translating place. */
psa_generic_status_to_mbedtls) static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_ssl_errors,
ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif #endif
/* /*

17
library/ssl_tls.c
View file

@ -51,12 +51,15 @@
#endif #endif
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ /* Define local translating functions to save code size by not using too many
psa_to_ssl_errors, \ * arguments in each translating place. */
psa_generic_status_to_mbedtls) static int local_err_translation(psa_status_t status)
#define PSA_TO_MD_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ {
psa_to_md_errors, \ return psa_status_to_mbedtls(status, psa_to_ssl_errors,
psa_generic_status_to_mbedtls) ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif #endif
#if defined(MBEDTLS_TEST_HOOKS) #if defined(MBEDTLS_TEST_HOOKS)
@ -748,8 +751,6 @@ void mbedtls_ssl_print_extensions(const mbedtls_ssl_context *ssl,
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
#define ARRAY_LENGTH(a) (sizeof(a) / sizeof(*(a)))
static const char *ticket_flag_name_table[] = static const char *ticket_flag_name_table[] =
{ {
[0] = "ALLOW_PSK_RESUMPTION", [0] = "ALLOW_PSK_RESUMPTION",

14
library/ssl_tls12_client.c
View file

@ -33,9 +33,17 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "mbedtls/psa_util.h" #include "mbedtls/psa_util.h"
#include "psa/crypto.h" #include "psa/crypto.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
psa_to_ssl_errors, \ /* Define a local translating function to save code size by not using too many
psa_generic_status_to_mbedtls) * arguments in each translating place. */
static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_ssl_errors,
ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
#include <string.h> #include <string.h>

57
library/ssl_tls12_server.c
View file

@ -34,9 +34,18 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ /* Define a local translating function to save code size by not using too many
psa_to_ssl_errors, \ * arguments in each translating place. */
psa_generic_status_to_mbedtls) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_ssl_errors,
ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif
#endif #endif
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
@ -2589,14 +2598,17 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
unsigned char buf[ mbedtls_pk_context *pk;
PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; mbedtls_pk_type_t pk_type;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
uint16_t tls_id = 0; uint16_t tls_id = 0;
psa_ecc_family_t ecc_family; psa_ecc_family_t ecc_family;
size_t key_len; size_t key_len;
mbedtls_pk_context *pk;
mbedtls_ecp_group_id grp_id; mbedtls_ecp_group_id grp_id;
unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
mbedtls_ecp_keypair *key;
#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
pk = mbedtls_ssl_own_key(ssl); pk = mbedtls_ssl_own_key(ssl);
@ -2604,18 +2616,20 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
} }
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) pk_type = mbedtls_pk_get_type(pk);
mbedtls_ecp_keypair *key = mbedtls_pk_ec_rw(*pk);
#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
switch (mbedtls_pk_get_type(pk)) { switch (pk_type) {
case MBEDTLS_PK_OPAQUE: case MBEDTLS_PK_OPAQUE:
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH:
case MBEDTLS_PK_ECDSA:
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) { if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) {
return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
} }
ssl->handshake->ecdh_psa_privkey = pk->priv_id; ssl->handshake->ecdh_psa_privkey = pk->priv_id;
/* Key should not be destroyed in the TLS library */ /* Key should not be destroyed in the TLS library */
ssl->handshake->ecdh_psa_privkey_is_external = 1; ssl->handshake->ecdh_psa_privkey_is_external = 1;
@ -2633,9 +2647,11 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
ret = 0; ret = 0;
break; break;
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECKEY_DH:
case MBEDTLS_PK_ECDSA: case MBEDTLS_PK_ECDSA:
key = mbedtls_pk_ec_rw(*pk);
grp_id = mbedtls_pk_get_group_id(pk); grp_id = mbedtls_pk_get_group_id(pk);
if (grp_id == MBEDTLS_ECP_DP_NONE) { if (grp_id == MBEDTLS_ECP_DP_NONE) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
@ -2660,36 +2676,29 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->ecdh_psa_type)); PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->ecdh_psa_type));
psa_set_key_bits(&key_attributes, ssl->handshake->ecdh_bits); psa_set_key_bits(&key_attributes, ssl->handshake->ecdh_bits);
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
status = psa_export_key(pk->priv_id, buf, sizeof(buf), &key_len);
if (status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status);
goto cleanup;
}
#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
key_len = PSA_BITS_TO_BYTES(key->grp.pbits); key_len = PSA_BITS_TO_BYTES(key->grp.pbits);
ret = mbedtls_ecp_write_key(key, buf, key_len); ret = mbedtls_ecp_write_key(key, buf, key_len);
if (ret != 0) { if (ret != 0) {
goto cleanup; mbedtls_platform_zeroize(buf, sizeof(buf));
break;
} }
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
status = psa_import_key(&key_attributes, buf, key_len, status = psa_import_key(&key_attributes, buf, key_len,
&ssl->handshake->ecdh_psa_privkey); &ssl->handshake->ecdh_psa_privkey);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status); ret = PSA_TO_MBEDTLS_ERR(status);
goto cleanup; mbedtls_platform_zeroize(buf, sizeof(buf));
break;
} }
mbedtls_platform_zeroize(buf, sizeof(buf));
ret = 0; ret = 0;
break; break;
#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
default: default:
ret = MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; ret = MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
} }
cleanup:
mbedtls_platform_zeroize(buf, sizeof(buf));
return ret; return ret;
} }
#elif defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ #elif defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \

14
library/ssl_tls13_client.c
View file

@ -35,9 +35,17 @@
#include "ssl_debug_helpers.h" #include "ssl_debug_helpers.h"
#include "md_psa.h" #include "md_psa.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ #if defined(PSA_WANT_ALG_ECDH)
psa_to_ssl_errors, \ /* Define a local translating function to save code size by not using too many
psa_generic_status_to_mbedtls) * arguments in each translating place. */
static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_ssl_errors,
ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif
/* Write extensions */ /* Write extensions */

15
library/ssl_tls13_generic.c
View file

@ -39,9 +39,18 @@
#include "psa/crypto.h" #include "psa/crypto.h"
#include "mbedtls/psa_util.h" #include "mbedtls/psa_util.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \
psa_to_ssl_errors, \ defined(PSA_WANT_ALG_ECDH)
psa_generic_status_to_mbedtls) /* Define a local translating function to save code size by not using too many
* arguments in each translating place. */
static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_ssl_errors,
ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif
const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[ const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[
MBEDTLS_SERVER_HELLO_RANDOM_LEN] = MBEDTLS_SERVER_HELLO_RANDOM_LEN] =

12
library/ssl_tls13_keys.c
View file

@ -36,9 +36,15 @@
#include "psa/crypto.h" #include "psa/crypto.h"
#include "md_psa.h" #include "md_psa.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ /* Define a local translating function to save code size by not using too many
psa_to_ssl_errors, \ * arguments in each translating place. */
psa_generic_status_to_mbedtls) static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_ssl_errors,
ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
.name = string, .name = string,

46
library/x509.c
View file

@ -53,13 +53,17 @@
#include <time.h> #include <time.h>
#endif #endif
#define CHECK(code) if ((ret = (code)) != 0) { return ret; } #define CHECK(code) \
do { \
if ((ret = (code)) != 0) { \
return ret; \
} \
} while (0)
#define CHECK_RANGE(min, max, val) \ #define CHECK_RANGE(min, max, val) \
do \ do { \
{ \ if ((val) < (min) || (val) > (max)) { \
if ((val) < (min) || (val) > (max)) \ return ret; \
{ \
return ret; \
} \ } \
} while (0) } while (0)
@ -1700,16 +1704,19 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size,
return 0; return 0;
} }
#define PRINT_ITEM(i) \ #define PRINT_ITEM(i) \
{ \ do { \
ret = mbedtls_snprintf(p, n, "%s" i, sep); \ ret = mbedtls_snprintf(p, n, "%s" i, sep); \
MBEDTLS_X509_SAFE_SNPRINTF; \ MBEDTLS_X509_SAFE_SNPRINTF; \
sep = ", "; \ sep = ", "; \
} } while (0)
#define CERT_TYPE(type, name) \ #define CERT_TYPE(type, name) \
if (ns_cert_type & (type)) \ do { \
PRINT_ITEM(name); if (ns_cert_type & (type)) { \
PRINT_ITEM(name); \
} \
} while (0)
int mbedtls_x509_info_cert_type(char **buf, size_t *size, int mbedtls_x509_info_cert_type(char **buf, size_t *size,
unsigned char ns_cert_type) unsigned char ns_cert_type)
@ -1734,9 +1741,12 @@ int mbedtls_x509_info_cert_type(char **buf, size_t *size,
return 0; return 0;
} }
#define KEY_USAGE(code, name) \ #define KEY_USAGE(code, name) \
if (key_usage & (code)) \ do { \
PRINT_ITEM(name); if ((key_usage) & (code)) { \
PRINT_ITEM(name); \
} \
} while (0)
int mbedtls_x509_info_key_usage(char **buf, size_t *size, int mbedtls_x509_info_key_usage(char **buf, size_t *size,
unsigned int key_usage) unsigned int key_usage)

18
library/x509_crt.c
View file

@ -49,7 +49,6 @@
#include "mbedtls/psa_util.h" #include "mbedtls/psa_util.h"
#include "md_psa.h" #include "md_psa.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
#include "x509_invasive.h"
#include "pk_internal.h" #include "pk_internal.h"
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
@ -107,7 +106,7 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) |
MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
0xFFFFFFF, /* Any PK alg */ 0xFFFFFFF, /* Any PK alg */
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/* Curves at or above 128-bit security level. Note that this selection /* Curves at or above 128-bit security level. Note that this selection
* should be aligned with ssl_preset_default_curves in ssl_tls.c. */ * should be aligned with ssl_preset_default_curves in ssl_tls.c. */
MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) |
@ -117,9 +116,9 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) |
MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) |
0, 0,
#else /* MBEDTLS_ECP_LIGHT */ #else /* MBEDTLS_PK_HAVE_ECC_KEYS */
0, 0,
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
2048, 2048,
}; };
@ -158,13 +157,13 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
/* Only ECDSA */ /* Only ECDSA */
MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECDSA) | MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECDSA) |
MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECKEY), MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECKEY),
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/* Only NIST P-256 and P-384 */ /* Only NIST P-256 and P-384 */
MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) |
MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1), MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1),
#else /* MBEDTLS_ECP_LIGHT */ #else /* MBEDTLS_PK_HAVE_ECC_KEYS */
0, 0,
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
0, 0,
}; };
@ -234,7 +233,7 @@ static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile,
} }
#endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (pk_alg == MBEDTLS_PK_ECDSA || if (pk_alg == MBEDTLS_PK_ECDSA ||
pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY ||
pk_alg == MBEDTLS_PK_ECKEY_DH) { pk_alg == MBEDTLS_PK_ECKEY_DH) {
@ -250,7 +249,7 @@ static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile,
return -1; return -1;
} }
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return -1; return -1;
} }
@ -2862,7 +2861,6 @@ static int x509_inet_pton_ipv4(const char *src, void *dst)
#endif /* !AF_INET6 || MBEDTLS_TEST_SW_INET_PTON */ //no-check-names #endif /* !AF_INET6 || MBEDTLS_TEST_SW_INET_PTON */ //no-check-names
MBEDTLS_STATIC_TESTABLE
size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst) size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst)
{ {
return strchr(cn, ':') == NULL return strchr(cn, ':') == NULL

53
library/x509_invasive.h
View file

@ -1,53 +0,0 @@
/**
* \file x509_invasive.h
*
* \brief x509 module: interfaces for invasive testing only.
*
* The interfaces in this file are intended for testing purposes only.
* They SHOULD NOT be made available in library integrations except when
* building the library for testing.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef MBEDTLS_X509_INVASIVE_H
#define MBEDTLS_X509_INVASIVE_H
#include "common.h"
#if defined(MBEDTLS_TEST_HOOKS)
/**
* \brief This function parses a CN string as an IP address.
*
* \param cn The CN string to parse. CN string MUST be NUL-terminated.
* \param dst The target buffer to populate with the binary IP address.
* The buffer MUST be 16 bytes to save IPv6, and should be
* 4-byte aligned if the result will be used as struct in_addr.
* e.g. uint32_t dst[4]
*
* \note \cn is parsed as an IPv6 address if string contains ':',
* else \cn is parsed as an IPv4 address.
*
* \return Length of binary IP address; num bytes written to target.
* \return \c 0 on failure to parse CN string as an IP address.
*/
size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst);
#endif /* MBEDTLS_TEST_HOOKS */
#endif /* MBEDTLS_X509_INVASIVE_H */

41
programs/x509/cert_req.c
View file

@ -116,18 +116,6 @@ struct options {
mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */ mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */
} opt; } opt;
static void ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes)
{
for (int i = 0; i < maxBytes; i++) {
bytes[i] = (uint8_t) strtoul(str, NULL, 10);
str = strchr(str, '.');
if (str == NULL || *str == '\0') {
break;
}
str++;
}
}
int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file, int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng) void *p_rng)
@ -165,13 +153,15 @@ int main(int argc, char *argv[])
mbedtls_pk_context key; mbedtls_pk_context key;
char buf[1024]; char buf[1024];
int i; int i;
char *p, *q, *r, *r2; char *p, *q, *r, *subtype_value;
mbedtls_x509write_csr req; mbedtls_x509write_csr req;
mbedtls_entropy_context entropy; mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "csr example app"; const char *pers = "csr example app";
mbedtls_x509_san_list *cur, *prev; mbedtls_x509_san_list *cur, *prev;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
uint8_t ip[4] = { 0 };
#endif
/* /*
* Set to sane values * Set to sane values
*/ */
@ -231,8 +221,6 @@ usage:
prev = NULL; prev = NULL;
while (q != NULL) { while (q != NULL) {
uint8_t ip[4] = { 0 };
if ((r = strchr(q, ';')) != NULL) { if ((r = strchr(q, ';')) != NULL) {
*r++ = '\0'; *r++ = '\0';
} }
@ -245,8 +233,8 @@ usage:
cur->next = NULL; cur->next = NULL;
if ((r2 = strchr(q, ':')) != NULL) { if ((subtype_value = strchr(q, ':')) != NULL) {
*r2++ = '\0'; *subtype_value++ = '\0';
} }
if (strcmp(q, "URI") == 0) { if (strcmp(q, "URI") == 0) {
@ -254,18 +242,31 @@ usage:
} else if (strcmp(q, "DNS") == 0) { } else if (strcmp(q, "DNS") == 0) {
cur->node.type = MBEDTLS_X509_SAN_DNS_NAME; cur->node.type = MBEDTLS_X509_SAN_DNS_NAME;
} else if (strcmp(q, "IP") == 0) { } else if (strcmp(q, "IP") == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C)
size_t ip_len = 0;
cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS; cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
ip_string_to_bytes(r2, ip, 4); ip_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip);
if (ip_len == 0) {
mbedtls_printf("mbedtls_x509_crt_parse_cn_inet_pton failed to parse %s\n",
subtype_value);
goto exit;
}
#else
mbedtls_printf("IP SAN parsing requires MBEDTLS_X509_CRT_PARSE_C to be defined");
goto exit;
#endif
} else { } else {
mbedtls_free(cur); mbedtls_free(cur);
goto usage; goto usage;
} }
if (strcmp(q, "IP") == 0) { if (strcmp(q, "IP") == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C)
cur->node.san.unstructured_name.p = (unsigned char *) ip; cur->node.san.unstructured_name.p = (unsigned char *) ip;
cur->node.san.unstructured_name.len = sizeof(ip); cur->node.san.unstructured_name.len = sizeof(ip);
#endif
} else { } else {
q = r2; q = subtype_value;
cur->node.san.unstructured_name.p = (unsigned char *) q; cur->node.san.unstructured_name.p = (unsigned char *) q;
cur->node.san.unstructured_name.len = strlen(q); cur->node.san.unstructured_name.len = strlen(q);
} }

25
programs/x509/cert_write.c
View file

@ -216,18 +216,6 @@ struct options {
int format; /* format */ int format; /* format */
} opt; } opt;
static void ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes)
{
for (int i = 0; i < maxBytes; i++) {
bytes[i] = (uint8_t) strtoul(str, NULL, 10);
str = strchr(str, '.');
if (str == NULL || *str == '\0') {
break;
}
str++;
}
}
int write_certificate(mbedtls_x509write_cert *crt, const char *output_file, int write_certificate(mbedtls_x509write_cert *crt, const char *output_file,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng) void *p_rng)
@ -601,8 +589,14 @@ usage:
} else if (strcmp(q, "DNS") == 0) { } else if (strcmp(q, "DNS") == 0) {
cur->node.type = MBEDTLS_X509_SAN_DNS_NAME; cur->node.type = MBEDTLS_X509_SAN_DNS_NAME;
} else if (strcmp(q, "IP") == 0) { } else if (strcmp(q, "IP") == 0) {
size_t ip_len = 0;
cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS; cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
ip_string_to_bytes(subtype_value, ip, 4); ip_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip);
if (ip_len == 0) {
mbedtls_printf("mbedtls_x509_crt_parse_cn_inet_pton failed to parse %s\n",
subtype_value);
goto exit;
}
cur->node.san.unstructured_name.p = (unsigned char *) ip; cur->node.san.unstructured_name.p = (unsigned char *) ip;
cur->node.san.unstructured_name.len = sizeof(ip); cur->node.san.unstructured_name.len = sizeof(ip);
} else if (strcmp(q, "DN") == 0) { } else if (strcmp(q, "DN") == 0) {
@ -625,8 +619,9 @@ usage:
if (cur->node.type == MBEDTLS_X509_SAN_RFC822_NAME || if (cur->node.type == MBEDTLS_X509_SAN_RFC822_NAME ||
cur->node.type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER || cur->node.type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER ||
cur->node.type == MBEDTLS_X509_SAN_DNS_NAME) { cur->node.type == MBEDTLS_X509_SAN_DNS_NAME) {
cur->node.san.unstructured_name.p = (unsigned char *) subtype_value; q = subtype_value;
cur->node.san.unstructured_name.len = strlen(subtype_value); cur->node.san.unstructured_name.p = (unsigned char *) q;
cur->node.san.unstructured_name.len = strlen(q);
} }
if (prev == NULL) { if (prev == NULL) {

16
scripts/generate_ssl_debug_helpers.py
View file

@ -209,24 +209,18 @@ class EnumDefinition:
continue continue
member = field.strip().split()[0] member = field.strip().split()[0]
translation_table.append( translation_table.append(
'{space}[{member}] = "{member}",'.format(member=member, '{space}case {member}:\n{space} return "{member}";'
space=' '*8) .format(member=member, space=' '*8)
) )
body = textwrap.dedent('''\ body = textwrap.dedent('''\
const char *{name}_str( {prototype} in ) const char *{name}_str( {prototype} in )
{{ {{
const char * in_to_str[]= switch (in) {{
{{
{translation_table} {translation_table}
}}; default:
return "UNKNOWN_VALUE";
if( in > ( sizeof( in_to_str )/sizeof( in_to_str[0]) - 1 ) ||
in_to_str[ in ] == NULL )
{{
return "UNKNOWN_VALUE";
}} }}
return in_to_str[ in ];
}} }}
''') ''')
body = body.format(translation_table='\n'.join(translation_table), body = body.format(translation_table='\n'.join(translation_table),

10
scripts/mbedtls_dev/bignum_common.py
View file

@ -19,6 +19,7 @@ import enum
from typing import Iterator, List, Tuple, TypeVar, Any from typing import Iterator, List, Tuple, TypeVar, Any
from copy import deepcopy from copy import deepcopy
from itertools import chain from itertools import chain
from math import ceil
from . import test_case from . import test_case
from . import test_data_generation from . import test_data_generation
@ -76,9 +77,14 @@ def combination_pairs(values: List[T]) -> List[Tuple[T, T]]:
"""Return all pair combinations from input values.""" """Return all pair combinations from input values."""
return [(x, y) for x in values for y in values] return [(x, y) for x in values for y in values]
def bits_to_limbs(bits: int, bits_in_limb: int) -> int:
""" Return the appropriate ammount of limbs needed to store
a number contained in input bits"""
return ceil(bits / bits_in_limb)
def hex_digits_for_limb(limbs: int, bits_in_limb: int) -> int: def hex_digits_for_limb(limbs: int, bits_in_limb: int) -> int:
""" Retrun the hex digits need for a number of limbs. """ """ Return the hex digits need for a number of limbs. """
return 2 * (limbs * bits_in_limb // 8) return 2 * ((limbs * bits_in_limb) // 8)
def hex_digits_max_int(val: str, bits_in_limb: int) -> int: def hex_digits_max_int(val: str, bits_in_limb: int) -> int:
""" Return the first number exceeding maximum the limb space """ Return the first number exceeding maximum the limb space

23
scripts/mbedtls_dev/ecp.py
View file

@ -34,7 +34,8 @@ class EcpP192R1Raw(bignum_common.ModOperationCommon,
test_name = "ecp_mod_p192_raw" test_name = "ecp_mod_p192_raw"
input_style = "fixed" input_style = "fixed"
arity = 1 arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP192R1_ENABLED"] dependencies = ["MBEDTLS_ECP_DP_SECP192R1_ENABLED",
"MBEDTLS_ECP_NIST_OPTIM"]
moduli = ["fffffffffffffffffffffffffffffffeffffffffffffffff"] # type: List[str] moduli = ["fffffffffffffffffffffffffffffffeffffffffffffffff"] # type: List[str]
@ -110,7 +111,8 @@ class EcpP224R1Raw(bignum_common.ModOperationCommon,
test_name = "ecp_mod_p224_raw" test_name = "ecp_mod_p224_raw"
input_style = "arch_split" input_style = "arch_split"
arity = 1 arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP224R1_ENABLED"] dependencies = ["MBEDTLS_ECP_DP_SECP224R1_ENABLED",
"MBEDTLS_ECP_NIST_OPTIM"]
moduli = ["ffffffffffffffffffffffffffffffff000000000000000000000001"] # type: List[str] moduli = ["ffffffffffffffffffffffffffffffff000000000000000000000001"] # type: List[str]
@ -163,7 +165,8 @@ class EcpP224R1Raw(bignum_common.ModOperationCommon,
@property @property
def arg_a(self) -> str: def arg_a(self) -> str:
hex_digits = bignum_common.hex_digits_for_limb(448 // self.bits_in_limb, self.bits_in_limb) limbs = 2 * bignum_common.bits_to_limbs(224, self.bits_in_limb)
hex_digits = bignum_common.hex_digits_for_limb(limbs, self.bits_in_limb)
return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits) return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits)
def result(self) -> List[str]: def result(self) -> List[str]:
@ -187,7 +190,8 @@ class EcpP256R1Raw(bignum_common.ModOperationCommon,
test_name = "ecp_mod_p256_raw" test_name = "ecp_mod_p256_raw"
input_style = "fixed" input_style = "fixed"
arity = 1 arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP256R1_ENABLED"] dependencies = ["MBEDTLS_ECP_DP_SECP256R1_ENABLED",
"MBEDTLS_ECP_NIST_OPTIM"]
moduli = ["ffffffff00000001000000000000000000000000ffffffffffffffffffffffff"] # type: List[str] moduli = ["ffffffff00000001000000000000000000000000ffffffffffffffffffffffff"] # type: List[str]
@ -270,7 +274,8 @@ class EcpP384R1Raw(bignum_common.ModOperationCommon,
test_name = "ecp_mod_p384_raw" test_name = "ecp_mod_p384_raw"
input_style = "fixed" input_style = "fixed"
arity = 1 arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP384R1_ENABLED"] dependencies = ["MBEDTLS_ECP_DP_SECP384R1_ENABLED",
"MBEDTLS_ECP_NIST_OPTIM"]
moduli = [("ffffffffffffffffffffffffffffffffffffffffffffffff" moduli = [("ffffffffffffffffffffffffffffffffffffffffffffffff"
"fffffffffffffffeffffffff0000000000000000ffffffff") "fffffffffffffffeffffffff0000000000000000ffffffff")
@ -392,7 +397,8 @@ class EcpP521R1Raw(bignum_common.ModOperationCommon,
test_name = "ecp_mod_p521_raw" test_name = "ecp_mod_p521_raw"
input_style = "arch_split" input_style = "arch_split"
arity = 1 arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP521R1_ENABLED"] dependencies = ["MBEDTLS_ECP_DP_SECP521R1_ENABLED",
"MBEDTLS_ECP_NIST_OPTIM"]
moduli = [("01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" moduli = [("01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff") "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff")
@ -568,7 +574,7 @@ class EcpP224K1Raw(bignum_common.ModOperationCommon,
symbol = "-" symbol = "-"
test_function = "ecp_mod_p_generic_raw" test_function = "ecp_mod_p_generic_raw"
test_name = "ecp_mod_p224k1_raw" test_name = "ecp_mod_p224k1_raw"
input_style = "fixed" input_style = "arch_split"
arity = 1 arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP224K1_ENABLED"] dependencies = ["MBEDTLS_ECP_DP_SECP224K1_ENABLED"]
@ -619,7 +625,8 @@ class EcpP224K1Raw(bignum_common.ModOperationCommon,
@property @property
def arg_a(self) -> str: def arg_a(self) -> str:
hex_digits = bignum_common.hex_digits_for_limb(448 // self.bits_in_limb, self.bits_in_limb) limbs = 2 * bignum_common.bits_to_limbs(224, self.bits_in_limb)
hex_digits = bignum_common.hex_digits_for_limb(limbs, self.bits_in_limb)
return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits) return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits)
def result(self) -> List[str]: def result(self) -> List[str]:

40
tests/include/test/macros.h
View file

@ -33,6 +33,7 @@
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
#include "mbedtls/memory_buffer_alloc.h" #include "mbedtls/memory_buffer_alloc.h"
#endif #endif
#include "common.h"
/** /**
* \brief This macro tests the expression passed to it as a test step or * \brief This macro tests the expression passed to it as a test step or
@ -196,45 +197,6 @@
mbedtls_exit(1); \ mbedtls_exit(1); \
} }
/** \def ARRAY_LENGTH
* Return the number of elements of a static or stack array.
*
* \param array A value of array (not pointer) type.
*
* \return The number of elements of the array.
*/
/* A correct implementation of ARRAY_LENGTH, but which silently gives
* a nonsensical result if called with a pointer rather than an array. */
#define ARRAY_LENGTH_UNSAFE(array) \
(sizeof(array) / sizeof(*(array)))
#if defined(__GNUC__)
/* Test if arg and &(arg)[0] have the same type. This is true if arg is
* an array but not if it's a pointer. */
#define IS_ARRAY_NOT_POINTER(arg) \
(!__builtin_types_compatible_p(__typeof__(arg), \
__typeof__(&(arg)[0])))
/* A compile-time constant with the value 0. If `const_expr` is not a
* compile-time constant with a nonzero value, cause a compile-time error. */
#define STATIC_ASSERT_EXPR(const_expr) \
(0 && sizeof(struct { unsigned int STATIC_ASSERT : 1 - 2 * !(const_expr); }))
/* Return the scalar value `value` (possibly promoted). This is a compile-time
* constant if `value` is. `condition` must be a compile-time constant.
* If `condition` is false, arrange to cause a compile-time error. */
#define STATIC_ASSERT_THEN_RETURN(condition, value) \
(STATIC_ASSERT_EXPR(condition) ? 0 : (value))
#define ARRAY_LENGTH(array) \
(STATIC_ASSERT_THEN_RETURN(IS_ARRAY_NOT_POINTER(array), \
ARRAY_LENGTH_UNSAFE(array)))
#else
/* If we aren't sure the compiler supports our non-standard tricks,
* fall back to the unsafe implementation. */
#define ARRAY_LENGTH(array) ARRAY_LENGTH_UNSAFE(array)
#endif
/** Return the smaller of two values. /** Return the smaller of two values.
* *
* \param x An integer-valued expression without side effects. * \param x An integer-valued expression without side effects.

52
tests/scripts/all.sh
View file

@ -2418,9 +2418,17 @@ component_test_psa_crypto_config_reference_ecc_ecp_light_only () {
# on the ECP module. # on the ECP module.
config_psa_crypto_no_ecp_at_all () { config_psa_crypto_no_ecp_at_all () {
DRIVER_ONLY="$1" DRIVER_ONLY="$1"
# start with crypto_full config for maximum coverage (also enables USE_PSA), # start with full config for maximum coverage (also enables USE_PSA)
# but excluding X509, TLS and key exchanges helper_libtestdriver1_adjust_config "full"
helper_libtestdriver1_adjust_config "crypto_full"
# keep excluding TLS and key exchanges (this will be removed in #7749)
# Note: key exchanges are not explicitly disabled here because they are
# auto-disabled in build_info.h as long as the following symbols
# are not enabled.
scripts/config.py unset MBEDTLS_SSL_TLS_C
scripts/config.py unset MBEDTLS_SSL_PROTO_DTLS
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_2
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# enable support for drivers and configuring PSA-only algorithms # enable support for drivers and configuring PSA-only algorithms
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
@ -2433,22 +2441,6 @@ config_psa_crypto_no_ecp_at_all () {
scripts/config.py unset MBEDTLS_ECP_C scripts/config.py unset MBEDTLS_ECP_C
fi fi
# Disable PK module since it depends on ECP
scripts/config.py unset MBEDTLS_PK_C
scripts/config.py unset MBEDTLS_PK_PARSE_C
scripts/config.py unset MBEDTLS_PK_WRITE_C
# Disable also RSA_C that would re-enable PK
scripts/config.py unset MBEDTLS_RSA_C
scripts/config.py unset MBEDTLS_PKCS1_V15
scripts/config.py unset MBEDTLS_PKCS1_V21
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
# Disable also key exchanges that depend on RSA for completeness
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
# Disable all the features that auto-enable ECP_LIGHT (see build_info.h) # Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
@ -2458,16 +2450,6 @@ config_psa_crypto_no_ecp_at_all () {
# the future, the following line could be removed (see issues # the future, the following line could be removed (see issues
# 6061, 6332 and following ones) # 6061, 6332 and following ones)
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
# Disable PSA_WANT symbols that would re-enable PK
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
scripts/config.py -f include/psa/crypto_config.h unset $ALG
done
} }
# Build and test a configuration where driver accelerates all EC algs while # Build and test a configuration where driver accelerates all EC algs while
@ -2476,7 +2458,7 @@ config_psa_crypto_no_ecp_at_all () {
# #
# Keep in sync with component_test_psa_crypto_config_reference_ecc_no_ecp_at_all() # Keep in sync with component_test_psa_crypto_config_reference_ecc_no_ecp_at_all()
component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
msg "build: crypto_full + accelerated EC algs + USE_PSA - ECP" msg "build: full + accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE - ECP"
# Algorithms and key types to accelerate # Algorithms and key types to accelerate
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
@ -2507,12 +2489,11 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
not grep mbedtls_ecjpake_ library/ecjpake.o not grep mbedtls_ecjpake_ library/ecjpake.o
# Also ensure that ECP or RSA modules were not re-enabled # Also ensure that ECP or RSA modules were not re-enabled
not grep mbedtls_ecp_ library/ecp.o not grep mbedtls_ecp_ library/ecp.o
not grep mbedtls_rsa_ library/rsa.o
# Run the tests # Run the tests
# ------------- # -------------
msg "test suites: crypto_full + accelerated EC algs + USE_PSA - ECP" msg "test: full + accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE - ECP"
make test make test
} }
@ -2520,16 +2501,13 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
# in conjunction with component_test_psa_crypto_config_accel_ecc_no_ecp_at_all(). # in conjunction with component_test_psa_crypto_config_accel_ecc_no_ecp_at_all().
# Keep in sync with its accelerated counterpart. # Keep in sync with its accelerated counterpart.
component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () {
msg "build: crypto_full + non accelerated EC algs + USE_PSA" msg "build: full + non accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE"
config_psa_crypto_no_ecp_at_all 0 config_psa_crypto_no_ecp_at_all 0
make make
# Esure that the RSA module was not re-enabled msg "test: crypto_full + non accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE"
not grep mbedtls_rsa_ library/rsa.o
msg "test suites: crypto_full + non accelerated EC algs + USE_PSA"
make test make test
} }

22
tests/scripts/analyze_outcomes.py
View file

@ -302,6 +302,28 @@ TASKS = {
# case above. # case above.
('Key ASN1 (OneAsymmetricKey X25519, doesn\'t match masking ' ('Key ASN1 (OneAsymmetricKey X25519, doesn\'t match masking '
'requirements, from RFC8410 Appendix A but made into version 0)'), 'requirements, from RFC8410 Appendix A but made into version 0)'),
# When PK_PARSE_C and ECP_C are defined then PK_PARSE_EC_COMPRESSED
# is automatically enabled in build_info.h (backward compatibility)
# even if it is disabled in config_psa_crypto_no_ecp_at_all(). As a
# consequence compressed points are supported in the reference
# component but not in the accelerated one, so they should be skipped
# while checking driver's coverage.
'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)',
'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)',
'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)',
'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)',
'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)',
'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)',
'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)',
'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)',
'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)',
'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)',
'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)',
'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)',
'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)',
'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)',
'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)',
'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)',
], ],
} }
} }

13
tests/src/bignum_helpers.c
View file

@ -99,7 +99,18 @@ int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N,
if (ret != 0) { if (ret != 0) {
return ret; return ret;
} }
ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs, int_rep);
switch (int_rep) {
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs);
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
ret = mbedtls_mpi_mod_optred_modulus_setup(N, p, limbs, NULL);
break;
default:
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
break;
}
if (ret != 0) { if (ret != 0) {
mbedtls_free(p); mbedtls_free(p);
} }

58
tests/suites/test_suite_bignum_mod.function
View file

@ -10,21 +10,6 @@
ASSERT_COMPARE((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \ ASSERT_COMPARE((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \
(b).p, (b).limbs * sizeof(mbedtls_mpi_uint)) (b).p, (b).limbs * sizeof(mbedtls_mpi_uint))
static int test_read_modulus(mbedtls_mpi_mod_modulus *m,
mbedtls_mpi_mod_rep_selector int_rep,
char *input)
{
mbedtls_mpi_uint *p = NULL;
size_t limbs;
int ret = mbedtls_test_read_mpi_core(&p, &limbs, input);
if (ret != 0) {
return ret;
}
return mbedtls_mpi_mod_modulus_setup(m, p, limbs, int_rep);
}
static int test_read_residue(mbedtls_mpi_mod_residue *r, static int test_read_residue(mbedtls_mpi_mod_residue *r,
const mbedtls_mpi_mod_modulus *m, const mbedtls_mpi_mod_modulus *m,
char *input, char *input,
@ -65,7 +50,19 @@ void mpi_mod_setup(int int_rep, int iret)
memset(mp, 0xFF, sizeof(mp)); memset(mp, 0xFF, sizeof(mp));
mbedtls_mpi_mod_modulus_init(&m); mbedtls_mpi_mod_modulus_init(&m);
ret = mbedtls_mpi_mod_modulus_setup(&m, mp, MLIMBS, int_rep);
switch (int_rep) {
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
ret = mbedtls_mpi_mod_modulus_setup(&m, mp, MLIMBS);
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
ret = mbedtls_mpi_mod_optred_modulus_setup(&m, mp, MLIMBS, NULL);
break;
default:
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
break;
}
TEST_EQUAL(ret, iret); TEST_EQUAL(ret, iret);
/* Only test if the constants have been set-up */ /* Only test if the constants have been set-up */
@ -112,8 +109,8 @@ void mpi_mod_mul(char *input_A,
mbedtls_mpi_mod_modulus m; mbedtls_mpi_mod_modulus m;
mbedtls_mpi_mod_modulus_init(&m); mbedtls_mpi_mod_modulus_init(&m);
TEST_EQUAL(test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N), TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N,
0); MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
TEST_EQUAL(test_read_residue(&rA, &m, input_A, 0), 0); TEST_EQUAL(test_read_residue(&rA, &m, input_A, 0), 0);
TEST_EQUAL(test_read_residue(&rB, &m, input_B, 0), 0); TEST_EQUAL(test_read_residue(&rB, &m, input_B, 0), 0);
@ -200,8 +197,8 @@ void mpi_mod_mul_neg(char *input_A,
mbedtls_mpi_mod_modulus fake_m; mbedtls_mpi_mod_modulus fake_m;
mbedtls_mpi_mod_modulus_init(&fake_m); mbedtls_mpi_mod_modulus_init(&fake_m);
TEST_EQUAL(test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N), TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N,
0); MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
TEST_EQUAL(test_read_residue(&rA, &m, input_A, 1), 0); TEST_EQUAL(test_read_residue(&rA, &m, input_A, 1), 0);
TEST_EQUAL(test_read_residue(&rB, &m, input_B, 1), 0); TEST_EQUAL(test_read_residue(&rB, &m, input_B, 1), 0);
@ -247,7 +244,8 @@ void mpi_mod_sub(char *input_N,
mbedtls_mpi_mod_modulus_init(&m); mbedtls_mpi_mod_modulus_init(&m);
TEST_EQUAL(0, TEST_EQUAL(0,
test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N)); mbedtls_test_read_mpi_modulus(&m, input_N,
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* test_read_residue() normally checks that inputs have the same number of /* test_read_residue() normally checks that inputs have the same number of
* limbs as the modulus. For negative testing we can ask it to skip this * limbs as the modulus. For negative testing we can ask it to skip this
@ -348,7 +346,8 @@ void mpi_mod_inv_mont(char *input_N,
mbedtls_mpi_mod_modulus_init(&N); mbedtls_mpi_mod_modulus_init(&N);
TEST_EQUAL(0, TEST_EQUAL(0,
test_read_modulus(&N, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N)); mbedtls_test_read_mpi_modulus(&N, input_N,
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* test_read_residue() normally checks that inputs have the same number of /* test_read_residue() normally checks that inputs have the same number of
* limbs as the modulus. For negative testing we can ask it to skip this * limbs as the modulus. For negative testing we can ask it to skip this
@ -397,7 +396,8 @@ void mpi_mod_inv_non_mont(char *input_N,
mbedtls_mpi_mod_modulus_init(&N); mbedtls_mpi_mod_modulus_init(&N);
TEST_EQUAL(0, TEST_EQUAL(0,
test_read_modulus(&N, MBEDTLS_MPI_MOD_REP_OPT_RED, input_N)); mbedtls_test_read_mpi_modulus(&N, input_N,
MBEDTLS_MPI_MOD_REP_OPT_RED));
/* test_read_residue() normally checks that inputs have the same number of /* test_read_residue() normally checks that inputs have the same number of
* limbs as the modulus. For negative testing we can ask it to skip this * limbs as the modulus. For negative testing we can ask it to skip this
@ -447,7 +447,8 @@ void mpi_mod_add(char *input_N,
mbedtls_mpi_mod_modulus_init(&m); mbedtls_mpi_mod_modulus_init(&m);
TEST_EQUAL(0, TEST_EQUAL(0,
test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N)); mbedtls_test_read_mpi_modulus(&m, input_N,
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* test_read_residue() normally checks that inputs have the same number of /* test_read_residue() normally checks that inputs have the same number of
* limbs as the modulus. For negative testing we can ask it to skip this * limbs as the modulus. For negative testing we can ask it to skip this
@ -550,8 +551,7 @@ void mpi_residue_setup(char *input_N, char *input_R, int ret)
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &n_limbs, input_N)); TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &n_limbs, input_N));
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&R, &r_limbs, input_R)); TEST_EQUAL(0, mbedtls_test_read_mpi_core(&R, &r_limbs, input_R));
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
TEST_EQUAL(ret, mbedtls_mpi_mod_residue_setup(&r, &m, R, r_limbs)); TEST_EQUAL(ret, mbedtls_mpi_mod_residue_setup(&r, &m, R, r_limbs));
@ -592,8 +592,7 @@ void mpi_mod_io_neg(char *input_N, data_t *buf, int ret)
mbedtls_mpi_mod_write(&r, &m, buf->x, buf->len, endian)); mbedtls_mpi_mod_write(&r, &m, buf->x, buf->len, endian));
/* Set up modulus and test with residue->p == NULL */ /* Set up modulus and test with residue->p == NULL */
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
mbedtls_mpi_mod_read(&r, &m, buf->x, buf->len, endian)); mbedtls_mpi_mod_read(&r, &m, buf->x, buf->len, endian));
@ -666,8 +665,7 @@ void mpi_mod_io(char *input_N, data_t *input_A, int endian)
TEST_LE_U(a_bytes, n_bytes); TEST_LE_U(a_bytes, n_bytes);
/* Init Structures */ /* Init Structures */
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* Enforcing p_limbs >= m->limbs */ /* Enforcing p_limbs >= m->limbs */
TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&r, &m, R, n_limbs)); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&r, &m, R, n_limbs));

31
tests/suites/test_suite_bignum_mod_raw.function
View file

@ -54,8 +54,7 @@ void mpi_mod_raw_io(data_t *input, int nb_int, int nx_32_int,
mbedtls_mpi_uint init[sizeof(X) / sizeof(X[0])]; mbedtls_mpi_uint init[sizeof(X) / sizeof(X[0])];
memset(init, 0xFF, sizeof(init)); memset(init, 0xFF, sizeof(init));
int ret = mbedtls_mpi_mod_modulus_setup(&m, init, nx, int ret = mbedtls_mpi_mod_modulus_setup(&m, init, nx);
MBEDTLS_MPI_MOD_REP_MONTGOMERY);
TEST_EQUAL(ret, 0); TEST_EQUAL(ret, 0);
if (iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID && iret != 0) { if (iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID && iret != 0) {
@ -137,8 +136,7 @@ void mpi_mod_raw_cond_assign(char *input_X,
ASSERT_ALLOC(buff_m, copy_limbs); ASSERT_ALLOC(buff_m, copy_limbs);
memset(buff_m, 0xFF, copy_limbs); memset(buff_m, 0xFF, copy_limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, buff_m, copy_limbs, &m, buff_m, copy_limbs), 0);
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
/* condition is false */ /* condition is false */
TEST_CF_SECRET(X, bytes); TEST_CF_SECRET(X, bytes);
@ -208,8 +206,7 @@ void mpi_mod_raw_cond_swap(char *input_X,
ASSERT_ALLOC(buff_m, copy_limbs); ASSERT_ALLOC(buff_m, copy_limbs);
memset(buff_m, 0xFF, copy_limbs); memset(buff_m, 0xFF, copy_limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, buff_m, copy_limbs, &m, buff_m, copy_limbs), 0);
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
ASSERT_ALLOC(X, limbs); ASSERT_ALLOC(X, limbs);
memcpy(X, tmp_X, bytes); memcpy(X, tmp_X, bytes);
@ -297,8 +294,7 @@ void mpi_mod_raw_sub(char *input_A,
ASSERT_ALLOC(X, limbs); ASSERT_ALLOC(X, limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, N, limbs, &m, N, limbs), 0);
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
mbedtls_mpi_mod_raw_sub(X, A, B, &m); mbedtls_mpi_mod_raw_sub(X, A, B, &m);
ASSERT_COMPARE(X, bytes, res, bytes); ASSERT_COMPARE(X, bytes, res, bytes);
@ -368,8 +364,7 @@ void mpi_mod_raw_fix_quasi_reduction(char *input_N,
TEST_ASSERT(c || mbedtls_mpi_core_lt_ct(tmp, N, limbs)); TEST_ASSERT(c || mbedtls_mpi_core_lt_ct(tmp, N, limbs));
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, N, limbs, &m, N, limbs), 0);
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m); mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m);
ASSERT_COMPARE(X, bytes, res, bytes); ASSERT_COMPARE(X, bytes, res, bytes);
@ -419,8 +414,7 @@ void mpi_mod_raw_mul(char *input_A,
ASSERT_ALLOC(X, limbs); ASSERT_ALLOC(X, limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, N, limbs, &m, N, limbs), 0);
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
const size_t limbs_T = limbs * 2 + 1; const size_t limbs_T = limbs * 2 + 1;
ASSERT_ALLOC(T, limbs_T); ASSERT_ALLOC(T, limbs_T);
@ -580,9 +574,7 @@ void mpi_mod_raw_add(char *input_N,
ASSERT_ALLOC(X, limbs); ASSERT_ALLOC(X, limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, N, limbs, &m, N, limbs), 0);
MBEDTLS_MPI_MOD_REP_MONTGOMERY
), 0);
/* A + B => Correct result */ /* A + B => Correct result */
mbedtls_mpi_mod_raw_add(X, A, B, &m); mbedtls_mpi_mod_raw_add(X, A, B, &m);
@ -720,8 +712,7 @@ void mpi_mod_raw_to_mont_rep(char *input_N, char *input_A, char *input_X)
size_t limbs = n_limbs; size_t limbs = n_limbs;
size_t bytes = limbs * sizeof(mbedtls_mpi_uint); size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* 1. Test low-level function first */ /* 1. Test low-level function first */
@ -785,8 +776,7 @@ void mpi_mod_raw_from_mont_rep(char *input_N, char *input_A, char *input_X)
size_t limbs = n_limbs; size_t limbs = n_limbs;
size_t bytes = limbs * sizeof(mbedtls_mpi_uint); size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* 1. Test low-level function first */ /* 1. Test low-level function first */
@ -847,8 +837,7 @@ void mpi_mod_raw_neg(char *input_N, char *input_A, char *input_X)
ASSERT_ALLOC(R, n_limbs); ASSERT_ALLOC(R, n_limbs);
ASSERT_ALLOC(Z, n_limbs); ASSERT_ALLOC(Z, n_limbs);
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs, TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* Neg( A == 0 ) => Zero result */ /* Neg( A == 0 ) => Zero result */
mbedtls_mpi_mod_raw_neg(R, Z, &m); mbedtls_mpi_mod_raw_neg(R, Z, &m);

183
tests/suites/test_suite_ecp.data
View file

@ -1101,6 +1101,10 @@ ecp_mul_inv #18 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1)
depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
ecp_mod_mul_inv:"8d9454c7494b6e08d068391c811cb23cbe9318246a6c021b0018745eb6918751":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE ecp_mod_mul_inv:"8d9454c7494b6e08d068391c811cb23cbe9318246a6c021b0018745eb6918751":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #18.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1)
depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
ecp_mod_mul_inv:"a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5376":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #19 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) ecp_mul_inv #19 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1)
depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
ecp_mod_mul_inv:"3aff86b1ee706d38e4995b76f6433d9173c5d3ec19b43ff0a3d53ac20965c911":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR ecp_mod_mul_inv:"3aff86b1ee706d38e4995b76f6433d9173c5d3ec19b43ff0a3d53ac20965c911":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR
@ -1125,6 +1129,10 @@ ecp_mul_inv #24 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1)
depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
ecp_mod_mul_inv:"80acca473c3fcee61d13a0a766ed0dcd5f50277f576ff6f3461664d436e2054ad7ecc8b7c0a9424fbda1d431c540c05a":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE ecp_mod_mul_inv:"80acca473c3fcee61d13a0a766ed0dcd5f50277f576ff6f3461664d436e2054ad7ecc8b7c0a9424fbda1d431c540c05a":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #24.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1)
depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
ecp_mod_mul_inv:"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec52":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #25 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) ecp_mul_inv #25 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1)
depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
ecp_mod_mul_inv:"371851bd69a5a1734b195c6ad6b041f51d94718cb437ab4a0a14ee5fa5fccd29328f3e77bfa2e4c58195ccb55cdc6a4":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR ecp_mod_mul_inv:"371851bd69a5a1734b195c6ad6b041f51d94718cb437ab4a0a14ee5fa5fccd29328f3e77bfa2e4c58195ccb55cdc6a4":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR
@ -1149,6 +1157,10 @@ ecp_mul_inv #30 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1)
depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
ecp_mod_mul_inv:"8be202ecb80ae3f6fe07a17b03c14997668b37d029d38943245c8a6cd1cbce3d57cfc673886a22db7ab8686570881a5dc1d9855aa6618c52df55a04510e00bba":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE ecp_mod_mul_inv:"8be202ecb80ae3f6fe07a17b03c14997668b37d029d38943245c8a6cd1cbce3d57cfc673886a22db7ab8686570881a5dc1d9855aa6618c52df55a04510e00bba":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #30.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1)
depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
ecp_mod_mul_inv:"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f2":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #31 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) ecp_mul_inv #31 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1)
depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
ecp_mod_mul_inv:"572a5522bc45566df4c7575b91fdbc74975fd59380339b5aa23cbce2204744793ca3255705f5d9ba48335f36baf462010680f1e35cca26468d7d8f4223988189":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR ecp_mod_mul_inv:"572a5522bc45566df4c7575b91fdbc74975fd59380339b5aa23cbce2204744793ca3255705f5d9ba48335f36baf462010680f1e35cca26468d7d8f4223988189":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR
@ -1235,6 +1247,177 @@ ecp_mul_inv #48 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448)
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff01243a939d867d7e0a75a8568d4d66de88f3ecc1ad37f91a8f9d7d70":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff01243a939d867d7e0a75a8568d4d66de88f3ecc1ad37f91a8f9d7d70":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR
ecp_mul_inv #49 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192R1)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_mod_mul_inv:"0000000000000000000000000000152d02c7e14af67fe0bf":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #50 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192R1)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_mod_mul_inv:"4acca2d7100bad687080217babfb490d23dd6460a0007f24":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #51 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192R1)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_mod_mul_inv:"c4fd9a06df9b4efa94531578af8b5886ec0ada82884199f7":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #51.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192R1)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_mod_mul_inv:"fffffffffffffffffffffffffffffffefffffffffffffffe":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #52 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1)
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
ecp_mod_mul_inv:"0f9c4728bef9fba3e7d856a8e2ff62f20c2a57bf64f6d707f0829a8ff":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #53 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1)
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
ecp_mod_mul_inv:"0cee8071ade3e016fd47627782f6543814dd6ab7e6f432679ddacf9ed":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #54 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1)
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
ecp_mod_mul_inv:"00326258467dcbf4d1ab1665a4c5036cb35f4c9231199b58166b3966c6":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #54.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1)
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
ecp_mod_mul_inv:"00ffffffffffffffffffffffffffffffff000000000000000000000000":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #55 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_mod_mul_inv:"c36eadeab80f149cd51a1ed6311270ae2e4acc6734e787135f499c3a97f1edc3":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #56 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_mod_mul_inv:"e384042f3130be8a796b221724cf1127a44290804cfbeb7fb6f57142a2a5cddd":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #57 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_mod_mul_inv:"f1d356376f03b5dbf0fd08bde5c4293115f7c7911f7a3ec3f90557602eb20147":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #57.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_mod_mul_inv:"ffffffff00000001000000000000000000000000fffffffffffffffffffffffe":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #58 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP384R1)
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
ecp_mod_mul_inv:"a3137cd9b0c9e75a871f92e3ab6b284069ee06cd9c0afb2368fd8d381afcfecc553cb6b3f29216038d268a8d8fcd00f7":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #59 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP384R1)
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
ecp_mod_mul_inv:"a340ca2e1f39f89261f20a23881cde271e36b32add90cbc1801d2375d6db664df297df2364aaafbb9ba3d4672e4fd022":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #60 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP384R1)
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
ecp_mod_mul_inv:"491b1d169c9262fd737847c13bb7370d91825fe985cfa000d4b9bd3c22e7b63016122c53156fae4757943a819a1ced6d":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #60.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP384R1)
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
ecp_mod_mul_inv:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffe":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #61 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP521R1)
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecp_mod_mul_inv:"1477156c589f498b61beb35f57662410d8821f3a1ee4a5968a8009618dbe4afda408809822eb0e994fbf9da1659c1ea21b151db97cd1f1567fa4b9327967e0aa591":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #62 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP521R1)
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecp_mod_mul_inv:"158dd0fdd801513590d221009f2b6c212f2b30214cc3b1f80aaf9142dc9f328c8e2b0af83e1acdb102d85f287d77188c2b8e7911cf9452f5014966f28da330e1fa6":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #63 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP521R1)
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecp_mod_mul_inv:"1e53d580521a1cff4cd72576c13fecb2cbcf39453f2b437f0c8dc78d7982a37749f099942ce693751ec43407c3acf46315132ea2a9ae5fa9253408da2375d2b58fc":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #63.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP521R1)
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecp_mod_mul_inv:"1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #64 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE25519)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_mod_mul_inv:"1000000000000000000000000000000014def9dea2079cd65812631a5cf5d3ed":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #65 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE25519)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_mod_mul_inv:"1000000000000000000000000000000010caf49570936f75d70f03efac6c1c19":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #66 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE25519)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_mod_mul_inv:"468de1bfdbb20b67371bc5ad0f2bc3e70705b6d85c14ad75daafdbd1502cfd1":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #66.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE25519)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_mod_mul_inv:"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #67 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1)
depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
ecp_mod_mul_inv:"2228b202d612f2e66d8ca00b7e1c19a737ee7db2708d91cd":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #68 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1)
depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
ecp_mod_mul_inv:"40c0451d06b0d622c65b8336c4c9abe8828f6fd5d5c1abde":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #69 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1)
depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
ecp_mod_mul_inv:"d2a10413f48d7bcc18a9b7c53c7914c5302c9c9e48b2eb62":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #69.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1)
depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
ecp_mod_mul_inv:"fffffffffffffffffffffffffffffffffffffffeffffee36":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE
# For coordinate moduli of secp224K1 the values are selected as one for
# modulus - 1, and four random values, generated with
# random.getrandbits(224) % modulus with a seed(2, 2).
ecp_mul_inv #70 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1)
depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
ecp_mod_mul_inv:"fffffffffffffffffffffffffffffffffffffffffffffffeffffe56c":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #71 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1)
depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
ecp_mod_mul_inv:"15ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #72 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1)
depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
ecp_mod_mul_inv:"da94e3e8ab73738fcf1822ffbc6887782b491044d5e341245c6e4337":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #73 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1)
depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
ecp_mod_mul_inv:"94c9c9500925e4749b575bd13653f8dd9b1f282e4067c3584ee207f8":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #74 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1)
depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
ecp_mod_mul_inv:"cdbd47d364be8049a372db8f6e405d93ffed9235288bc781ae662675":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #75 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1)
depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
ecp_mod_mul_inv:"8b4f2fc15f3f57ebf30b94fa82523e86feac7eb7dc38f519b91751da":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #76 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256K1)
depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
ecp_mod_mul_inv:"9fd95fed98cc1c2ef91b5dc02fa84f63597e15a3326c07f2918afb3ffd093343":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #77 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256K1)
depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
ecp_mod_mul_inv:"5ddbd441c7037e11caaa9878216c5cfeae67864260429eab4529b56c2661f3de":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #78 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256K1)
depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
ecp_mod_mul_inv:"f8d3f3c02fd712f711d8e30d0d4c142eb106e5f75c25f55b3f983bc5c83c568a":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #78.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256K1)
depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
ecp_mod_mul_inv:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #79 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448)
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff11ca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #80 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448)
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff0169d3f35081924aeaf1beac2f2720557c9bdf6b42cdceb54c6160ba":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #81 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448)
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff01243a939d867d7e0a75a8568d4d66de88f3ecc1ad37f91a8f9d7d70":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #81.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448)
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_mod_mul_inv:"000000000000000fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffffffffffffffffffffffffffffffffffffffffffffffffffffe":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE
# The following data was generated using python's standard random library, # The following data was generated using python's standard random library,
# initialised with seed(2,2) and random.getrandbits(curve bits). Curve bits are 192,256,384,520. # initialised with seed(2,2) and random.getrandbits(curve bits). Curve bits are 192,256,384,520.
# They must be less than the named curves' modulus. mbedtls_mpi_mod_residue_setup() # They must be less than the named curves' modulus. mbedtls_mpi_mod_residue_setup()

47
tests/suites/test_suite_ecp.function
View file

@ -1294,72 +1294,72 @@ void ecp_mod_p_generic_raw(int curve_id,
bytes = limbs_N * sizeof(mbedtls_mpi_uint); bytes = limbs_N * sizeof(mbedtls_mpi_uint);
switch (curve_id) { switch (curve_id) {
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP192R1: case MBEDTLS_ECP_DP_SECP192R1:
limbs = 2 * limbs_N; limbs = BITS_TO_LIMBS(192) * 2;
curve_bits = 192; curve_bits = 192;
curve_func = &mbedtls_ecp_mod_p192_raw; curve_func = &mbedtls_ecp_mod_p192_raw;
break; break;
#endif #endif
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP224R1: case MBEDTLS_ECP_DP_SECP224R1:
limbs = 448 / biL; limbs = BITS_TO_LIMBS(224) * 2;
curve_bits = 224; curve_bits = 224;
curve_func = &mbedtls_ecp_mod_p224_raw; curve_func = &mbedtls_ecp_mod_p224_raw;
break; break;
#endif #endif
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP256R1: case MBEDTLS_ECP_DP_SECP256R1:
limbs = 2 * limbs_N; limbs = BITS_TO_LIMBS(256) * 2;
curve_bits = 256; curve_bits = 256;
curve_func = &mbedtls_ecp_mod_p256_raw; curve_func = &mbedtls_ecp_mod_p256_raw;
break; break;
#endif #endif
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP384R1: case MBEDTLS_ECP_DP_SECP384R1:
limbs = 2 * limbs_N; limbs = BITS_TO_LIMBS(384) * 2;
curve_bits = 384; curve_bits = 384;
curve_func = &mbedtls_ecp_mod_p384_raw; curve_func = &mbedtls_ecp_mod_p384_raw;
break; break;
#endif #endif
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP521R1: case MBEDTLS_ECP_DP_SECP521R1:
limbs = 2 * limbs_N; limbs = BITS_TO_LIMBS(522) * 2;
curve_bits = 522; curve_bits = 522;
curve_func = &mbedtls_ecp_mod_p521_raw; curve_func = &mbedtls_ecp_mod_p521_raw;
break; break;
#endif #endif
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
case MBEDTLS_ECP_DP_SECP192K1: case MBEDTLS_ECP_DP_SECP192K1:
limbs = 2 * limbs_N; limbs = BITS_TO_LIMBS(192) * 2;
curve_bits = 192; curve_bits = 192;
curve_func = &mbedtls_ecp_mod_p192k1_raw; curve_func = &mbedtls_ecp_mod_p192k1_raw;
break; break;
#endif #endif
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
case MBEDTLS_ECP_DP_SECP224K1: case MBEDTLS_ECP_DP_SECP224K1:
limbs = 448 / biL; limbs = BITS_TO_LIMBS(224) * 2;
curve_bits = 224; curve_bits = 224;
curve_func = &mbedtls_ecp_mod_p224k1_raw; curve_func = &mbedtls_ecp_mod_p224k1_raw;
break; break;
#endif #endif
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
case MBEDTLS_ECP_DP_SECP256K1: case MBEDTLS_ECP_DP_SECP256K1:
limbs = 2 * limbs_N; limbs = BITS_TO_LIMBS(256) * 2;
curve_bits = 256; curve_bits = 256;
curve_func = &mbedtls_ecp_mod_p256k1_raw; curve_func = &mbedtls_ecp_mod_p256k1_raw;
break; break;
#endif #endif
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
case MBEDTLS_ECP_DP_CURVE25519: case MBEDTLS_ECP_DP_CURVE25519:
limbs = 2 * limbs_N; limbs = BITS_TO_LIMBS(255) * 2;
curve_bits = 255; curve_bits = 255;
curve_func = &mbedtls_ecp_mod_p255_raw; curve_func = &mbedtls_ecp_mod_p255_raw;
break; break;
#endif #endif
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
case MBEDTLS_ECP_DP_CURVE448: case MBEDTLS_ECP_DP_CURVE448:
limbs = 2 * limbs_N; limbs = BITS_TO_LIMBS(448) * 2;
curve_bits = 448; curve_bits = 448;
curve_func = &mbedtls_ecp_mod_p448_raw; curve_func = &mbedtls_ecp_mod_p448_raw;
break; break;
@ -1373,8 +1373,7 @@ void ecp_mod_p_generic_raw(int curve_id,
TEST_EQUAL(limbs_res, limbs_N); TEST_EQUAL(limbs_res, limbs_N);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, N, limbs_N, &m, N, limbs_N), 0);
MBEDTLS_MPI_MOD_REP_OPT_RED), 0);
TEST_EQUAL((*curve_func)(X, limbs_X), 0); TEST_EQUAL((*curve_func)(X, limbs_X), 0);
@ -1407,16 +1406,18 @@ void ecp_mod_setup(char *input_A, int id, int ctype, int iret)
TEST_EQUAL(ret, iret); TEST_EQUAL(ret, iret);
if (ret == 0) { if (ret == 0) {
TEST_ASSERT(m.int_rep != MBEDTLS_MPI_MOD_REP_INVALID);
/* Test for limb sizes */ /* Test for limb sizes */
TEST_EQUAL(m.limbs, p_limbs); TEST_EQUAL(m.limbs, p_limbs);
bytes = p_limbs * sizeof(mbedtls_mpi_uint); bytes = p_limbs * sizeof(mbedtls_mpi_uint);
/* Test for validity of moduli by the presence of Montgomery consts */ if (m.int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
/* Test for validity of moduli by the presence of Montgomery consts */
TEST_ASSERT(m.rep.mont.mm != 0); TEST_ASSERT(m.rep.mont.mm != 0);
TEST_ASSERT(m.rep.mont.rr != NULL); TEST_ASSERT(m.rep.mont.rr != NULL);
} else {
TEST_ASSERT(m.rep.ored.modp != NULL);
}
/* Compare output byte-by-byte */ /* Compare output byte-by-byte */
ASSERT_COMPARE(p, bytes, m.p, bytes); ASSERT_COMPARE(p, bytes, m.p, bytes);

24
tests/suites/test_suite_pk.data
View file

@ -13,19 +13,19 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_utils:MBEDTLS_PK_RSA:512:512:64:"RSA" pk_utils:MBEDTLS_PK_RSA:512:512:64:"RSA"
PK utils: ECKEY SECP192R1 PK utils: ECKEY SECP192R1
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_utils:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC" pk_utils:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC"
PK utils: ECKEY_DH SECP192R1 PK utils: ECKEY_DH SECP192R1
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC_DH" pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC_DH"
PK utils: ECKEY_DH Curve25519 PK utils: ECKEY_DH Curve25519
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE25519:255:32:"EC_DH" pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE25519:255:32:"EC_DH"
PK utils: ECKEY_DH Curve448 PK utils: ECKEY_DH Curve448
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE448:448:56:"EC_DH" pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE448:448:56:"EC_DH"
PK utils: ECDSA SECP192R1 PK utils: ECDSA SECP192R1
@ -289,11 +289,11 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: MBEDTLS_PK_ECKEY, check ECDSA(SHA256) PK can do ext: MBEDTLS_PK_ECKEY, check ECDSA(SHA256)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: MBEDTLS_PK_ECKEY, check ECDH PK can do ext: MBEDTLS_PK_ECKEY, check ECDH
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1 pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1
PK can do ext: MBEDTLS_PK_RSA, check RSA_PKCS1V15_SIGN(SHA256) PK can do ext: MBEDTLS_PK_RSA, check RSA_PKCS1V15_SIGN(SHA256)
@ -397,7 +397,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_
pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0 pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0
EC_DH (no) sign-verify: SECP192R1 EC_DH (no) sign-verify: SECP192R1
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH
RSA sign-verify RSA sign-verify
@ -425,11 +425,11 @@ depends_on:MBEDTLS_PKCS1_V15
pk_wrap_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404feb284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING pk_wrap_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404feb284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING
EC nocrypt EC nocrypt
depends_on:MBEDTLS_ECP_LIGHT depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_ec_nocrypt:MBEDTLS_PK_ECKEY pk_ec_nocrypt:MBEDTLS_PK_ECKEY
EC-DH nocrypt EC-DH nocrypt
depends_on:MBEDTLS_ECP_LIGHT depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_ec_nocrypt:MBEDTLS_PK_ECKEY_DH pk_ec_nocrypt:MBEDTLS_PK_ECKEY_DH
ECDSA nocrypt ECDSA nocrypt
@ -525,11 +525,11 @@ depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256
pk_rsa_verify_ext_test_vec:"ae6e43dd387c25741e42fc3570cdfc52e4f51a2343294f3b677dfe01cd5339f6":MBEDTLS_MD_SHA256:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:129:MBEDTLS_ERR_RSA_VERIFY_FAILED pk_rsa_verify_ext_test_vec:"ae6e43dd387c25741e42fc3570cdfc52e4f51a2343294f3b677dfe01cd5339f6":MBEDTLS_MD_SHA256:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:129:MBEDTLS_ERR_RSA_VERIFY_FAILED
Check pair #1 (EC, OK) Check pair #1 (EC, OK)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0 mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0
Check pair #2 (EC, bad) Check pair #2 (EC, bad)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
Check pair #3 (RSA, OK) Check pair #3 (RSA, OK)
@ -541,7 +541,7 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
Check pair #5 (RSA vs EC) Check pair #5 (RSA vs EC)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":MBEDTLS_ERR_PK_TYPE_MISMATCH mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":MBEDTLS_ERR_PK_TYPE_MISMATCH
RSA hash_len overflow (size_t vs unsigned int) RSA hash_len overflow (size_t vs unsigned int)

28
tests/suites/test_suite_pk.function
View file

@ -94,7 +94,7 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter)
parameter, 3); parameter, 3);
} }
#endif #endif
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY || if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY ||
mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH || mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH ||
mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) {
@ -112,25 +112,16 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter)
#endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
mbedtls_ecp_group grp; ret = pk_genkey_ec(pk, parameter);
/* Duplicating the mbedtls_ecp_group_load call to make this part
* more future future proof for when ECP_C will not be defined. */
mbedtls_ecp_group_init(&grp);
ret = mbedtls_ecp_group_load(&grp, parameter);
if (ret != 0) { if (ret != 0) {
return ret; return ret;
} }
ret = pk_genkey_ec(pk, grp.id);
if (ret != 0) {
return ret;
}
mbedtls_ecp_group_free(&grp);
return 0; return 0;
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
} }
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return -1; return -1;
} }
@ -737,15 +728,10 @@ void pk_ec_test_vec(int type, int id, data_t *key, data_t *hash,
TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA)); TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA));
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
mbedtls_ecp_keypair ecp; TEST_ASSERT(key->len <= MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN);
mbedtls_ecp_keypair_init(&ecp); memcpy(pk.pub_raw, key->x, key->len);
pk.ec_family = mbedtls_ecc_group_to_psa(id, &(pk.ec_bits));
TEST_ASSERT(mbedtls_ecp_group_load(&ecp.grp, id) == 0); pk.pub_raw_len = key->len;
TEST_ASSERT(mbedtls_ecp_point_read_binary(&ecp.grp, &ecp.Q,
key->x, key->len) == 0);
TEST_ASSERT(mbedtls_pk_update_public_key_from_keypair(&pk, &ecp) == 0);
mbedtls_ecp_keypair_free(&ecp);
#else #else
mbedtls_ecp_keypair *eckey = (mbedtls_ecp_keypair *) mbedtls_pk_ec(pk); mbedtls_ecp_keypair *eckey = (mbedtls_ecp_keypair *) mbedtls_pk_ec(pk);

82
tests/suites/test_suite_pkparse.data
View file

@ -905,11 +905,11 @@ Parse Public RSA Key #4 (PKCS#1 wrapped, DER)
pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.der":0 pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.der":0
Parse Public EC Key #1 (RFC 5480, DER) Parse Public EC Key #1 (RFC 5480, DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_pub.der":0 pk_parse_public_keyfile_ec:"data_files/ec_pub.der":0
Parse Public EC Key #2 (RFC 5480, PEM) Parse Public EC Key #2 (RFC 5480, PEM)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_pub.pem":0 pk_parse_public_keyfile_ec:"data_files/ec_pub.pem":0
Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed) Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)
@ -917,7 +917,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_public_keyfile_ec:"data_files/ec_pub.comp.pem":0 pk_parse_public_keyfile_ec:"data_files/ec_pub.comp.pem":0
Parse Public EC Key #3 (RFC 5480, secp224r1) Parse Public EC Key #3 (RFC 5480, secp224r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP224R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_224_pub.pem":0 pk_parse_public_keyfile_ec:"data_files/ec_224_pub.pem":0
# Compressed points parsing does not support MBEDTLS_ECP_DP_SECP224R1 and # Compressed points parsing does not support MBEDTLS_ECP_DP_SECP224R1 and
@ -927,7 +927,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_public_keyfile_ec:"data_files/ec_224_pub.comp.pem":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE pk_parse_public_keyfile_ec:"data_files/ec_224_pub.comp.pem":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
Parse Public EC Key #4 (RFC 5480, secp256r1) Parse Public EC Key #4 (RFC 5480, secp256r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0 pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0
Parse Public EC Key #4a (RFC 5480, secp256r1, compressed) Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)
@ -935,7 +935,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_public_keyfile_ec:"data_files/ec_256_pub.comp.pem":0 pk_parse_public_keyfile_ec:"data_files/ec_256_pub.comp.pem":0
Parse Public EC Key #5 (RFC 5480, secp384r1) Parse Public EC Key #5 (RFC 5480, secp384r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_384_pub.pem":0 pk_parse_public_keyfile_ec:"data_files/ec_384_pub.pem":0
Parse Public EC Key #5a (RFC 5480, secp384r1, compressed) Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)
@ -943,7 +943,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_public_keyfile_ec:"data_files/ec_384_pub.comp.pem":0 pk_parse_public_keyfile_ec:"data_files/ec_384_pub.comp.pem":0
Parse Public EC Key #6 (RFC 5480, secp521r1) Parse Public EC Key #6 (RFC 5480, secp521r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_521_pub.pem":0 pk_parse_public_keyfile_ec:"data_files/ec_521_pub.pem":0
Parse Public EC Key #6a (RFC 5480, secp521r1, compressed) Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)
@ -951,7 +951,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_public_keyfile_ec:"data_files/ec_521_pub.comp.pem":0 pk_parse_public_keyfile_ec:"data_files/ec_521_pub.comp.pem":0
Parse Public EC Key #7 (RFC 5480, brainpoolP256r1) Parse Public EC Key #7 (RFC 5480, brainpoolP256r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP256R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.pem":0 pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.pem":0
Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed) Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)
@ -959,7 +959,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP2
pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.comp.pem":0 pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.comp.pem":0
Parse Public EC Key #8 (RFC 5480, brainpoolP384r1) Parse Public EC Key #8 (RFC 5480, brainpoolP384r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP384R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.pem":0 pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.pem":0
Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed) Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)
@ -967,7 +967,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP3
pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.comp.pem":0 pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.comp.pem":0
Parse Public EC Key #9 (RFC 5480, brainpoolP512r1) Parse Public EC Key #9 (RFC 5480, brainpoolP512r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0 pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0
Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed) Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)
@ -975,27 +975,27 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP5
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.comp.pem":0 pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.comp.pem":0
Parse Public EC Key #10 (RFC 8410, DER, X25519) Parse Public EC Key #10 (RFC 8410, DER, X25519)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.der":0 pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.der":0
Parse Public EC Key #11 (RFC 8410, DER, X448) Parse Public EC Key #11 (RFC 8410, DER, X448)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.der":0 pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.der":0
Parse Public EC Key #12 (RFC 8410, PEM, X25519) Parse Public EC Key #12 (RFC 8410, PEM, X25519)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.pem":0 pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.pem":0
Parse Public EC Key #13 (RFC 8410, PEM, X448) Parse Public EC Key #13 (RFC 8410, PEM, X448)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.pem":0 pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.pem":0
Parse EC Key #1 (SEC1 DER) Parse EC Key #1 (SEC1 DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0
Parse EC Key #2 (SEC1 PEM) Parse EC Key #2 (SEC1 PEM)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0
Parse EC Key #2a (SEC1 PEM, secp192r1, compressed) Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)
@ -1003,43 +1003,43 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.comp.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.sec1.comp.pem":"NULL":0
Parse EC Key #3 (SEC1 PEM encrypted) Parse EC Key #3 (SEC1 PEM encrypted)
depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0 pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0
Parse EC Key #4 (PKCS8 DER) Parse EC Key #4 (PKCS8 DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0
Parse EC Key #4a (PKCS8 DER, no public key) Parse EC Key #4a (PKCS8 DER, no public key)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0
Parse EC Key #4b (PKCS8 DER, no public key, with parameters) Parse EC Key #4b (PKCS8 DER, no public key, with parameters)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0
Parse EC Key #4c (PKCS8 DER, with parameters) Parse EC Key #4c (PKCS8 DER, with parameters)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0
Parse EC Key #5 (PKCS8 PEM) Parse EC Key #5 (PKCS8 PEM)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pem":"NULL":0
Parse EC Key #5a (PKCS8 PEM, no public key) Parse EC Key #5a (PKCS8 PEM, no public key)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0
Parse EC Key #5b (PKCS8 PEM, no public key, with parameters) Parse EC Key #5b (PKCS8 PEM, no public key, with parameters)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0
Parse EC Key #5c (PKCS8 PEM, with parameters) Parse EC Key #5c (PKCS8 PEM, with parameters)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0
Parse EC Key #8 (SEC1 PEM, secp224r1) Parse EC Key #8 (SEC1 PEM, secp224r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP224R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0
Parse EC Key #8a (SEC1 PEM, secp224r1, compressed) Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)
@ -1047,7 +1047,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_keyfile_ec:"data_files/ec_224_prv.comp.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_224_prv.comp.pem":"NULL":0
Parse EC Key #9 (SEC1 PEM, secp256r1) Parse EC Key #9 (SEC1 PEM, secp256r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0
Parse EC Key #9a (SEC1 PEM, secp256r1, compressed) Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)
@ -1055,7 +1055,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_keyfile_ec:"data_files/ec_256_prv.comp.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_256_prv.comp.pem":"NULL":0
Parse EC Key #10 (SEC1 PEM, secp384r1) Parse EC Key #10 (SEC1 PEM, secp384r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0
Parse EC Key #10a (SEC1 PEM, secp384r1, compressed) Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)
@ -1063,7 +1063,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_keyfile_ec:"data_files/ec_384_prv.comp.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_384_prv.comp.pem":"NULL":0
Parse EC Key #11 (SEC1 PEM, secp521r1) Parse EC Key #11 (SEC1 PEM, secp521r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0
Parse EC Key #11a (SEC1 PEM, secp521r1, compressed) Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)
@ -1071,7 +1071,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_keyfile_ec:"data_files/ec_521_prv.comp.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_521_prv.comp.pem":"NULL":0
Parse EC Key #12 (SEC1 PEM, bp256r1) Parse EC Key #12 (SEC1 PEM, bp256r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP256R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp256_prv.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_bp256_prv.pem":"NULL":0
Parse EC Key #12a (SEC1 PEM, bp256r1, compressed) Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)
@ -1079,7 +1079,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP2
pk_parse_keyfile_ec:"data_files/ec_bp256_prv.comp.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_bp256_prv.comp.pem":"NULL":0
Parse EC Key #13 (SEC1 PEM, bp384r1) Parse EC Key #13 (SEC1 PEM, bp384r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP384R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp384_prv.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_bp384_prv.pem":"NULL":0
Parse EC Key #13a (SEC1 PEM, bp384r1, compressed) Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)
@ -1087,7 +1087,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP3
pk_parse_keyfile_ec:"data_files/ec_bp384_prv.comp.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_bp384_prv.comp.pem":"NULL":0
Parse EC Key #14 (SEC1 PEM, bp512r1) Parse EC Key #14 (SEC1 PEM, bp512r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0
Parse EC Key #14a (SEC1 PEM, bp512r1, compressed) Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)
@ -1099,19 +1099,19 @@ depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED
pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0
Parse EC Key #16 (RFC 8410, DER, X25519) Parse EC Key #16 (RFC 8410, DER, X25519)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_parse_keyfile_ec:"data_files/ec_x25519_prv.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_x25519_prv.der":"NULL":0
Parse EC Key #17 (RFC 8410, DER, X448) Parse EC Key #17 (RFC 8410, DER, X448)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_parse_keyfile_ec:"data_files/ec_x448_prv.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_x448_prv.der":"NULL":0
Parse EC Key #18 (RFC 8410, PEM, X25519) Parse EC Key #18 (RFC 8410, PEM, X25519)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_parse_keyfile_ec:"data_files/ec_x25519_prv.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_x25519_prv.pem":"NULL":0
Parse EC Key #19 (RFC 8410, PEM, X448) Parse EC Key #19 (RFC 8410, PEM, X448)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_parse_keyfile_ec:"data_files/ec_x448_prv.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_x448_prv.pem":"NULL":0
Key ASN1 (No data) Key ASN1 (No data)
@ -1193,7 +1193,7 @@ depends_on:MBEDTLS_RSA_C
pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b7221FF08052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b7221FF08052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (ECPrivateKey, empty parameters) Key ASN1 (ECPrivateKey, empty parameters)
depends_on:MBEDTLS_ECP_LIGHT depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, doesn't match masking requirements, from RFC8410 Appendix A but made into version 0) Key ASN1 (OneAsymmetricKey X25519, doesn't match masking requirements, from RFC8410 Appendix A but made into version 0)
@ -1201,24 +1201,24 @@ depends_on:MBEDTLS_ECP_C
pk_parse_key:"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT pk_parse_key:"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, with invalid optional AlgorithIdentifier parameters) Key ASN1 (OneAsymmetricKey X25519, with invalid optional AlgorithIdentifier parameters)
depends_on:MBEDTLS_ECP_LIGHT depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_parse_key:"3030020100300706032b656e050004220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT pk_parse_key:"3030020100300706032b656e050004220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, with NULL private key) Key ASN1 (OneAsymmetricKey X25519, with NULL private key)
depends_on:MBEDTLS_ECP_LIGHT depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_parse_key:"300e020100300506032b656e04020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT pk_parse_key:"300e020100300506032b656e04020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey with invalid AlgorithIdentifier) Key ASN1 (OneAsymmetricKey with invalid AlgorithIdentifier)
pk_parse_key:"3013020100300a06082b0601040181fd5904020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT pk_parse_key:"3013020100300a06082b0601040181fd5904020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, with unsupported attributes) Key ASN1 (OneAsymmetricKey X25519, with unsupported attributes)
depends_on:MBEDTLS_ECP_LIGHT depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_parse_key:"304f020100300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c6520436861697273":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT pk_parse_key:"304f020100300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c6520436861697273":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key) Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key)
depends_on:MBEDTLS_ECP_LIGHT depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_parse_key:"3051020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a598121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT pk_parse_key:"3051020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a598121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key and unsupported attributes) Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key and unsupported attributes)
depends_on:MBEDTLS_ECP_LIGHT depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_parse_key:"3072020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c65204368616972738121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT pk_parse_key:"3072020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c65204368616972738121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT

4
tests/suites/test_suite_pkparse.function
View file

@ -70,7 +70,7 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_LIGHT */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */
void pk_parse_public_keyfile_ec(char *key_file, int result) void pk_parse_public_keyfile_ec(char *key_file, int result)
{ {
mbedtls_pk_context ctx; mbedtls_pk_context ctx;
@ -102,7 +102,7 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_LIGHT */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */
void pk_parse_keyfile_ec(char *key_file, char *password, int result) void pk_parse_keyfile_ec(char *key_file, char *password, int result)
{ {
mbedtls_pk_context ctx; mbedtls_pk_context ctx;

58
tests/suites/test_suite_pkwrite.data
View file

@ -15,43 +15,43 @@ depends_on:MBEDTLS_RSA_C
pk_write_pubkey_check:"data_files/rsa4096_pub.der":TEST_DER pk_write_pubkey_check:"data_files/rsa4096_pub.der":TEST_DER
Public key write check EC 192 bits Public key write check EC 192 bits
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_write_pubkey_check:"data_files/ec_pub.pem":TEST_PEM pk_write_pubkey_check:"data_files/ec_pub.pem":TEST_PEM
Public key write check EC 192 bits (DER) Public key write check EC 192 bits (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_write_pubkey_check:"data_files/ec_pub.der":TEST_DER pk_write_pubkey_check:"data_files/ec_pub.der":TEST_DER
Public key write check EC 521 bits Public key write check EC 521 bits
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_pubkey_check:"data_files/ec_521_pub.pem":TEST_PEM pk_write_pubkey_check:"data_files/ec_521_pub.pem":TEST_PEM
Public key write check EC 521 bits (DER) Public key write check EC 521 bits (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_pubkey_check:"data_files/ec_521_pub.der":TEST_DER pk_write_pubkey_check:"data_files/ec_521_pub.der":TEST_DER
Public key write check EC Brainpool 512 bits Public key write check EC Brainpool 512 bits
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_write_pubkey_check:"data_files/ec_bp512_pub.pem":TEST_PEM pk_write_pubkey_check:"data_files/ec_bp512_pub.pem":TEST_PEM
Public key write check EC Brainpool 512 bits (DER) Public key write check EC Brainpool 512 bits (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_write_pubkey_check:"data_files/ec_bp512_pub.der":TEST_DER pk_write_pubkey_check:"data_files/ec_bp512_pub.der":TEST_DER
Public key write check EC X25519 Public key write check EC X25519
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_write_pubkey_check:"data_files/ec_x25519_pub.pem":TEST_PEM pk_write_pubkey_check:"data_files/ec_x25519_pub.pem":TEST_PEM
Public key write check EC X25519 (DER) Public key write check EC X25519 (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_write_pubkey_check:"data_files/ec_x25519_pub.der":TEST_DER pk_write_pubkey_check:"data_files/ec_x25519_pub.der":TEST_DER
Public key write check EC X448 Public key write check EC X448
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_write_pubkey_check:"data_files/ec_x448_pub.pem":TEST_PEM pk_write_pubkey_check:"data_files/ec_x448_pub.pem":TEST_PEM
Public key write check EC X448 (DER) Public key write check EC X448 (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_write_pubkey_check:"data_files/ec_x448_pub.der":TEST_DER pk_write_pubkey_check:"data_files/ec_x448_pub.der":TEST_DER
Private key write check RSA Private key write check RSA
@ -71,59 +71,59 @@ depends_on:MBEDTLS_RSA_C
pk_write_key_check:"data_files/rsa4096_prv.der":TEST_DER pk_write_key_check:"data_files/rsa4096_prv.der":TEST_DER
Private key write check EC 192 bits Private key write check EC 192 bits
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_write_key_check:"data_files/ec_prv.sec1.pem":TEST_PEM pk_write_key_check:"data_files/ec_prv.sec1.pem":TEST_PEM
Private key write check EC 192 bits (DER) Private key write check EC 192 bits (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_write_key_check:"data_files/ec_prv.sec1.der":TEST_DER pk_write_key_check:"data_files/ec_prv.sec1.der":TEST_DER
Private key write check EC 256 bits (top bit set) Private key write check EC 256 bits (top bit set)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_write_key_check:"data_files/ec_256_long_prv.pem":TEST_PEM pk_write_key_check:"data_files/ec_256_long_prv.pem":TEST_PEM
Private key write check EC 256 bits (top bit set) (DER) Private key write check EC 256 bits (top bit set) (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_write_key_check:"data_files/ec_256_long_prv.der":TEST_DER pk_write_key_check:"data_files/ec_256_long_prv.der":TEST_DER
Private key write check EC 521 bits Private key write check EC 521 bits
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_key_check:"data_files/ec_521_prv.pem":TEST_PEM pk_write_key_check:"data_files/ec_521_prv.pem":TEST_PEM
Private key write check EC 521 bits (DER) Private key write check EC 521 bits (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_key_check:"data_files/ec_521_prv.der":TEST_DER pk_write_key_check:"data_files/ec_521_prv.der":TEST_DER
Private key write check EC 521 bits (top byte is 0) Private key write check EC 521 bits (top byte is 0)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_key_check:"data_files/ec_521_short_prv.pem":TEST_PEM pk_write_key_check:"data_files/ec_521_short_prv.pem":TEST_PEM
Private key write check EC 521 bits (top byte is 0) (DER) Private key write check EC 521 bits (top byte is 0) (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_key_check:"data_files/ec_521_short_prv.der":TEST_DER pk_write_key_check:"data_files/ec_521_short_prv.der":TEST_DER
Private key write check EC Brainpool 512 bits Private key write check EC Brainpool 512 bits
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_write_key_check:"data_files/ec_bp512_prv.pem":TEST_PEM pk_write_key_check:"data_files/ec_bp512_prv.pem":TEST_PEM
Private key write check EC Brainpool 512 bits (DER) Private key write check EC Brainpool 512 bits (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_write_key_check:"data_files/ec_bp512_prv.der":TEST_DER pk_write_key_check:"data_files/ec_bp512_prv.der":TEST_DER
Private key write check EC X25519 Private key write check EC X25519
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_write_key_check:"data_files/ec_x25519_prv.pem":TEST_PEM pk_write_key_check:"data_files/ec_x25519_prv.pem":TEST_PEM
Private key write check EC X25519 (DER) Private key write check EC X25519 (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_write_key_check:"data_files/ec_x25519_prv.der":TEST_DER pk_write_key_check:"data_files/ec_x25519_prv.der":TEST_DER
Private key write check EC X448 Private key write check EC X448
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_write_key_check:"data_files/ec_x448_prv.pem":TEST_PEM pk_write_key_check:"data_files/ec_x448_prv.pem":TEST_PEM
Private key write check EC X448 (DER) Private key write check EC X448 (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_write_key_check:"data_files/ec_x448_prv.der":TEST_DER pk_write_key_check:"data_files/ec_x448_prv.der":TEST_DER
Derive public key RSA Derive public key RSA
@ -135,21 +135,21 @@ depends_on:MBEDTLS_RSA_C
pk_write_public_from_private:"data_files/rsa4096_prv.der":"data_files/rsa4096_pub.der" pk_write_public_from_private:"data_files/rsa4096_prv.der":"data_files/rsa4096_pub.der"
Derive public key EC 192 bits Derive public key EC 192 bits
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_write_public_from_private:"data_files/ec_prv.sec1.der":"data_files/ec_pub.der" pk_write_public_from_private:"data_files/ec_prv.sec1.der":"data_files/ec_pub.der"
Derive public key EC 521 bits Derive public key EC 521 bits
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_public_from_private:"data_files/ec_521_prv.der":"data_files/ec_521_pub.der" pk_write_public_from_private:"data_files/ec_521_prv.der":"data_files/ec_521_pub.der"
Derive public key EC Brainpool 512 bits Derive public key EC Brainpool 512 bits
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_write_public_from_private:"data_files/ec_bp512_prv.der":"data_files/ec_bp512_pub.der" pk_write_public_from_private:"data_files/ec_bp512_prv.der":"data_files/ec_bp512_pub.der"
Derive public key EC X25519 Derive public key EC X25519
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_write_public_from_private:"data_files/ec_x25519_prv.der":"data_files/ec_x25519_pub.der" pk_write_public_from_private:"data_files/ec_x25519_prv.der":"data_files/ec_x25519_pub.der"
Derive public key EC X448 Derive public key EC X448
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_write_public_from_private:"data_files/ec_x448_prv.der":"data_files/ec_x448_pub.der" pk_write_public_from_private:"data_files/ec_x448_prv.der":"data_files/ec_x448_pub.der"

6
tests/suites/test_suite_psa_crypto_driver_wrappers.function
View file

@ -3127,8 +3127,10 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st
PSA_SUCCESS); PSA_SUCCESS);
/* Simulate that we are ready to get implicit key. */ /* Simulate that we are ready to get implicit key. */
operation.computation_stage.jpake.input_step = PSA_PAKE_STEP_DERIVE; operation.computation_stage.jpake.round = PSA_JPAKE_FINISHED;
operation.computation_stage.jpake.output_step = PSA_PAKE_STEP_DERIVE; operation.computation_stage.jpake.inputs = 0;
operation.computation_stage.jpake.outputs = 0;
operation.computation_stage.jpake.step = PSA_PAKE_STEP_KEY_SHARE;
/* --- psa_pake_get_implicit_key --- */ /* --- psa_pake_get_implicit_key --- */
mbedtls_test_driver_pake_hooks.forced_status = forced_status; mbedtls_test_driver_pake_hooks.forced_status = forced_status;

56
tests/suites/test_suite_psa_crypto_pake.data
View file

@ -132,83 +132,99 @@ ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA
PSA PAKE: no injected errors PSA PAKE: no injected errors
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_NONE:PSA_SUCCESS ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_NONE:PSA_SUCCESS:0
PSA PAKE: no injected errors, client input first PSA PAKE: no injected errors, client input first
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_NONE:PSA_SUCCESS ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_NONE:PSA_SUCCESS:0
PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1 PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1:PSA_ERROR_DATA_INVALID ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART1 PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART1
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART1:PSA_ERROR_DATA_INVALID ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART1:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART1 PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART1
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART1:PSA_ERROR_DATA_INVALID ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART1:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART2 PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART2
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART2:PSA_ERROR_DATA_INVALID ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART2:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART2 PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART2
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART2:PSA_ERROR_DATA_INVALID ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART2:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2 PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2:PSA_ERROR_DATA_INVALID ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1 PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1:PSA_ERROR_DATA_INVALID ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART1 PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART1
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART1:PSA_ERROR_DATA_INVALID ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART1:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART1 PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART1
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART1:PSA_ERROR_DATA_INVALID ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART1:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART2 PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART2
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART2:PSA_ERROR_DATA_INVALID ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART2:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART2 PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART2
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART2:PSA_ERROR_DATA_INVALID ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART2:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2 PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2:PSA_ERROR_DATA_INVALID ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_KEY_SHARE PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_KEY_SHARE
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_KEY_SHARE:PSA_ERROR_DATA_INVALID ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_KEY_SHARE:PSA_ERROR_DATA_INVALID:1
PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC:PSA_ERROR_DATA_INVALID ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC:PSA_ERROR_DATA_INVALID:1
PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_ZK_PROOF PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_ZK_PROOF
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_ZK_PROOF:PSA_ERROR_DATA_INVALID ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_ZK_PROOF:PSA_ERROR_DATA_INVALID:1
PSA PAKE: inject ERR_INJECT_ROUND2_SERVER_KEY_SHARE PSA PAKE: inject ERR_INJECT_ROUND2_SERVER_KEY_SHARE
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_KEY_SHARE:PSA_ERROR_DATA_INVALID ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_KEY_SHARE:PSA_ERROR_DATA_INVALID:1
PSA PAKE: inject ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC PSA PAKE: inject ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC:PSA_ERROR_DATA_INVALID ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC:PSA_ERROR_DATA_INVALID:1
PSA PAKE: inject ERR_INJECT_ROUND2_SERVER_ZK_PROOF PSA PAKE: inject ERR_INJECT_ROUND2_SERVER_ZK_PROOF
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_ZK_PROOF:PSA_ERROR_DATA_INVALID ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_ZK_PROOF:PSA_ERROR_DATA_INVALID:1
PSA PAKE: inject ERR_INJECT_EXTRA_OUTPUT
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_EXTRA_OUTPUT:PSA_ERROR_BAD_STATE:0
PSA PAKE: inject ERR_INJECT_EXTRA_INPUT
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_INJECT_EXTRA_INPUT:PSA_ERROR_BAD_STATE:0
PSA PAKE: inject ERR_INJECT_EXTRA_OUTPUT_AT_END
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_INJECT_EXTRA_OUTPUT_AT_END:PSA_ERROR_BAD_STATE:1
PSA PAKE: inject ERR_INJECT_EXTRA_INPUT_AT_END
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_EXTRA_INPUT_AT_END:PSA_ERROR_BAD_STATE:1
PSA PAKE: ecjpake size macros PSA PAKE: ecjpake size macros
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256 depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256

48
tests/suites/test_suite_psa_crypto_pake.function
View file

@ -2,6 +2,7 @@
#include <stdint.h> #include <stdint.h>
#include "psa/crypto.h" #include "psa/crypto.h"
#include "psa/crypto_extra.h"
typedef enum { typedef enum {
ERR_NONE = 0, ERR_NONE = 0,
@ -39,6 +40,10 @@ typedef enum {
ERR_INJECT_ROUND2_SERVER_KEY_SHARE, ERR_INJECT_ROUND2_SERVER_KEY_SHARE,
ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC, ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC,
ERR_INJECT_ROUND2_SERVER_ZK_PROOF, ERR_INJECT_ROUND2_SERVER_ZK_PROOF,
ERR_INJECT_EXTRA_OUTPUT,
ERR_INJECT_EXTRA_INPUT,
ERR_INJECT_EXTRA_OUTPUT_AT_END,
ERR_INJECT_EXTRA_INPUT_AT_END,
/* erros issued from the .data file */ /* erros issued from the .data file */
ERR_IN_SETUP, ERR_IN_SETUP,
ERR_IN_SET_USER, ERR_IN_SET_USER,
@ -69,6 +74,13 @@ static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
*(buf + 7) ^= 1; \ *(buf + 7) ^= 1; \
} }
#define DO_ROUND_CONDITIONAL_CHECK_FAILURE(this_stage, function) \
if (this_stage == err_stage) \
{ \
TEST_EQUAL(function, expected_error_arg); \
break; \
}
#define DO_ROUND_UPDATE_OFFSETS(main_buf_offset, step_offset, step_size) \ #define DO_ROUND_UPDATE_OFFSETS(main_buf_offset, step_offset, step_size) \
{ \ { \
step_offset = main_buf_offset; \ step_offset = main_buf_offset; \
@ -185,6 +197,12 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer0 + buffer0_off); buffer0 + buffer0_off);
DO_ROUND_UPDATE_OFFSETS(buffer0_off, s_x2_pr_off, s_x2_pr_len); DO_ROUND_UPDATE_OFFSETS(buffer0_off, s_x2_pr_off, s_x2_pr_len);
size_t extra_output_len;
DO_ROUND_CONDITIONAL_CHECK_FAILURE(
ERR_INJECT_EXTRA_OUTPUT,
psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + s_g2_off, 512 - s_g2_off, &extra_output_len));
(void) extra_output_len;
/* /*
* When injecting errors in inputs, the implementation is * When injecting errors in inputs, the implementation is
* free to detect it right away of with a delay. * free to detect it right away of with a delay.
@ -223,6 +241,12 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
s_x2_pr_len); s_x2_pr_len);
DO_ROUND_CHECK_FAILURE(); DO_ROUND_CHECK_FAILURE();
/* Note: Must have client_input_first == 1 to inject extra input */
DO_ROUND_CONDITIONAL_CHECK_FAILURE(
ERR_INJECT_EXTRA_INPUT,
psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + s_g2_off, s_g2_len));
/* Error didn't trigger, make test fail */ /* Error didn't trigger, make test fail */
if ((err_stage >= ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1) && if ((err_stage >= ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1) &&
(err_stage <= ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2)) { (err_stage <= ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2)) {
@ -444,6 +468,16 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer1 + buffer1_off); buffer1 + buffer1_off);
DO_ROUND_UPDATE_OFFSETS(buffer1_off, c_x2s_pr_off, c_x2s_pr_len); DO_ROUND_UPDATE_OFFSETS(buffer1_off, c_x2s_pr_off, c_x2s_pr_len);
if (client_input_first == 1) {
size_t extra_output_at_end_len;
DO_ROUND_CONDITIONAL_CHECK_FAILURE(
ERR_INJECT_EXTRA_OUTPUT_AT_END,
psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + c_a_off, 512 - c_a_off,
&extra_output_at_end_len));
(void) extra_output_at_end_len;
}
if (client_input_first == 0) { if (client_input_first == 0) {
/* Client second round Input */ /* Client second round Input */
status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE,
@ -481,6 +515,12 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer1 + c_x2s_pr_off, c_x2s_pr_len); buffer1 + c_x2s_pr_off, c_x2s_pr_len);
DO_ROUND_CHECK_FAILURE(); DO_ROUND_CHECK_FAILURE();
DO_ROUND_CONDITIONAL_CHECK_FAILURE(
ERR_INJECT_EXTRA_INPUT_AT_END,
psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + c_a_off, c_a_len));
/* Error didn't trigger, make test fail */ /* Error didn't trigger, make test fail */
if ((err_stage >= ERR_INJECT_ROUND2_CLIENT_KEY_SHARE) && if ((err_stage >= ERR_INJECT_ROUND2_CLIENT_KEY_SHARE) &&
(err_stage <= ERR_INJECT_ROUND2_CLIENT_ZK_PROOF)) { (err_stage <= ERR_INJECT_ROUND2_CLIENT_ZK_PROOF)) {
@ -733,7 +773,8 @@ void ecjpake_rounds_inject(int alg_arg, int primitive_arg, int hash_arg,
int client_input_first, int client_input_first,
data_t *pw_data, data_t *pw_data,
int err_stage_arg, int err_stage_arg,
int expected_error_arg) int expected_error_arg,
int inject_in_second_round)
{ {
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
psa_pake_operation_t server = psa_pake_operation_init(); psa_pake_operation_t server = psa_pake_operation_init();
@ -770,9 +811,10 @@ void ecjpake_rounds_inject(int alg_arg, int primitive_arg, int hash_arg,
ecjpake_do_round(alg, primitive_arg, &server, &client, ecjpake_do_round(alg, primitive_arg, &server, &client,
client_input_first, PAKE_ROUND_ONE, client_input_first, PAKE_ROUND_ONE,
err_stage, expected_error_arg); inject_in_second_round ? ERR_NONE : err_stage,
expected_error_arg);
if (err_stage != ERR_NONE) { if (!inject_in_second_round && err_stage != ERR_NONE) {
goto exit; goto exit;
} }

2
tests/suites/test_suite_x509parse.data
View file

@ -996,7 +996,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all" x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all"
X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA) X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1
x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL" x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL"
X509 CRT verification #94 (Suite B invalid, RSA cert, EC CA) X509 CRT verification #94 (Suite B invalid, RSA cert, EC CA)

190
tests/suites/test_suite_x509parse.function
View file

@ -11,8 +11,6 @@
#include "mbedtls/pk.h" #include "mbedtls/pk.h"
#include "string.h" #include "string.h"
#include "x509_invasive.h"
#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19 #if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \ #error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
than the current threshold 19. To test larger values, please \ than the current threshold 19. To test larger values, please \
@ -433,7 +431,7 @@ void x509_accessor_ext_types(int ext_type, int has_ext_type)
crt.ext_types = ext_type; crt.ext_types = ext_type;
TEST_ASSERT(mbedtls_x509_crt_has_ext_type(&crt, has_ext_type) == expected_result); TEST_EQUAL(mbedtls_x509_crt_has_ext_type(&crt, has_ext_type), expected_result);
exit: exit:
mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_free(&crt);
@ -491,7 +489,7 @@ void x509_parse_san(char *crt_file, char *result_str, int parse_result)
} }
} }
TEST_ASSERT(strcmp(buf, result_str) == 0); TEST_EQUAL(strcmp(buf, result_str), 0);
exit: exit:
mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_free(&crt);
@ -510,13 +508,13 @@ void x509_cert_info(char *crt_file, char *result_str)
USE_PSA_INIT(); USE_PSA_INIT();
memset(buf, 0, 2000); memset(buf, 0, 2000);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
res = mbedtls_x509_crt_info(buf, 2000, "", &crt); res = mbedtls_x509_crt_info(buf, 2000, "", &crt);
TEST_ASSERT(res != -1); TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2); TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp(buf, result_str) == 0); TEST_EQUAL(strcmp(buf, result_str), 0);
exit: exit:
mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_free(&crt);
@ -535,13 +533,13 @@ void mbedtls_x509_crl_info(char *crl_file, char *result_str)
USE_PSA_INIT(); USE_PSA_INIT();
memset(buf, 0, 2000); memset(buf, 0, 2000);
TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == 0); TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0);
res = mbedtls_x509_crl_info(buf, 2000, "", &crl); res = mbedtls_x509_crl_info(buf, 2000, "", &crl);
TEST_ASSERT(res != -1); TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2); TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp(buf, result_str) == 0); TEST_EQUAL(strcmp(buf, result_str), 0);
exit: exit:
mbedtls_x509_crl_free(&crl); mbedtls_x509_crl_free(&crl);
@ -559,7 +557,7 @@ void mbedtls_x509_crl_parse(char *crl_file, int result)
USE_PSA_INIT(); USE_PSA_INIT();
memset(buf, 0, 2000); memset(buf, 0, 2000);
TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == result); TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), result);
exit: exit:
mbedtls_x509_crl_free(&crl); mbedtls_x509_crl_free(&crl);
@ -578,13 +576,13 @@ void mbedtls_x509_csr_info(char *csr_file, char *result_str)
USE_PSA_INIT(); USE_PSA_INIT();
memset(buf, 0, 2000); memset(buf, 0, 2000);
TEST_ASSERT(mbedtls_x509_csr_parse_file(&csr, csr_file) == 0); TEST_EQUAL(mbedtls_x509_csr_parse_file(&csr, csr_file), 0);
res = mbedtls_x509_csr_info(buf, 2000, "", &csr); res = mbedtls_x509_csr_info(buf, 2000, "", &csr);
TEST_ASSERT(res != -1); TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2); TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp(buf, result_str) == 0); TEST_EQUAL(strcmp(buf, result_str), 0);
exit: exit:
mbedtls_x509_csr_free(&csr); mbedtls_x509_csr_free(&csr);
@ -605,7 +603,7 @@ void x509_verify_info(int flags, char *prefix, char *result_str)
TEST_ASSERT(res >= 0); TEST_ASSERT(res >= 0);
TEST_ASSERT(strcmp(buf, result_str) == 0); TEST_EQUAL(strcmp(buf, result_str), 0);
exit: exit:
USE_PSA_DONE(); USE_PSA_DONE();
@ -637,8 +635,8 @@ void x509_verify_restart(char *crt_file, char *ca_file,
mbedtls_x509_crt_init(&ca); mbedtls_x509_crt_init(&ca);
MD_OR_USE_PSA_INIT(); MD_OR_USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
mbedtls_ecp_set_max_ops(max_ops); mbedtls_ecp_set_max_ops(max_ops);
@ -649,8 +647,8 @@ void x509_verify_restart(char *crt_file, char *ca_file,
NULL, NULL, &rs_ctx); NULL, NULL, &rs_ctx);
} while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
TEST_ASSERT(ret == result); TEST_EQUAL(ret, result);
TEST_ASSERT(flags == (uint32_t) flags_result); TEST_EQUAL(flags, (uint32_t) flags_result);
TEST_ASSERT(cnt_restart >= min_restart); TEST_ASSERT(cnt_restart >= min_restart);
TEST_ASSERT(cnt_restart <= max_restart); TEST_ASSERT(cnt_restart <= max_restart);
@ -717,9 +715,9 @@ void x509_verify(char *crt_file, char *ca_file, char *crl_file,
TEST_ASSERT("No known verify callback selected" == 0); TEST_ASSERT("No known verify callback selected" == 0);
} }
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == 0); TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0);
res = mbedtls_x509_crt_verify_with_profile(&crt, res = mbedtls_x509_crt_verify_with_profile(&crt,
&ca, &ca,
@ -748,8 +746,8 @@ void x509_verify(char *crt_file, char *ca_file, char *crl_file,
f_vrfy, f_vrfy,
NULL); NULL);
TEST_ASSERT(res == (result)); TEST_EQUAL(res, result);
TEST_ASSERT(flags == (uint32_t) (flags_result)); TEST_EQUAL(flags, (uint32_t) (flags_result));
} }
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
exit: exit:
@ -773,8 +771,8 @@ void x509_verify_ca_cb_failure(char *crt_file, char *ca_file, char *name,
mbedtls_x509_crt_init(&ca); mbedtls_x509_crt_init(&ca);
USE_PSA_INIT(); USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
if (strcmp(name, "NULL") == 0) { if (strcmp(name, "NULL") == 0) {
name = NULL; name = NULL;
@ -784,8 +782,8 @@ void x509_verify_ca_cb_failure(char *crt_file, char *ca_file, char *name,
&compat_profile, name, &flags, &compat_profile, name, &flags,
NULL, NULL); NULL, NULL);
TEST_ASSERT(ret == exp_ret); TEST_EQUAL(ret, exp_ret);
TEST_ASSERT(flags == (uint32_t) (-1)); TEST_EQUAL(flags, (uint32_t) (-1));
exit: exit:
mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_free(&ca); mbedtls_x509_crt_free(&ca);
@ -809,8 +807,8 @@ void x509_verify_callback(char *crt_file, char *ca_file, char *name,
verify_print_init(&vrfy_ctx); verify_print_init(&vrfy_ctx);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
if (strcmp(name, "NULL") == 0) { if (strcmp(name, "NULL") == 0) {
name = NULL; name = NULL;
@ -821,8 +819,8 @@ void x509_verify_callback(char *crt_file, char *ca_file, char *name,
name, &flags, name, &flags,
verify_print, &vrfy_ctx); verify_print, &vrfy_ctx);
TEST_ASSERT(ret == exp_ret); TEST_EQUAL(ret, exp_ret);
TEST_ASSERT(strcmp(vrfy_ctx.buf, exp_vrfy_out) == 0); TEST_EQUAL(strcmp(vrfy_ctx.buf, exp_vrfy_out), 0);
exit: exit:
mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_free(&crt);
@ -846,18 +844,18 @@ void mbedtls_x509_dn_gets_subject_replace(char *crt_file,
memset(buf, 0, 2000); memset(buf, 0, 2000);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
crt.subject.next->val.p = (unsigned char *) new_subject_ou; crt.subject.next->val.p = (unsigned char *) new_subject_ou;
crt.subject.next->val.len = strlen(new_subject_ou); crt.subject.next->val.len = strlen(new_subject_ou);
res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject); res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject);
if (ret != 0) { if (ret != 0) {
TEST_ASSERT(res == ret); TEST_EQUAL(res, ret);
} else { } else {
TEST_ASSERT(res != -1); TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2); TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp(buf, result_str) == 0); TEST_EQUAL(strcmp(buf, result_str), 0);
} }
exit: exit:
mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_free(&crt);
@ -877,7 +875,7 @@ void mbedtls_x509_dn_gets(char *crt_file, char *entity, char *result_str)
memset(buf, 0, 2000); memset(buf, 0, 2000);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
if (strcmp(entity, "subject") == 0) { if (strcmp(entity, "subject") == 0) {
res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject); res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject);
} else if (strcmp(entity, "issuer") == 0) { } else if (strcmp(entity, "issuer") == 0) {
@ -889,7 +887,7 @@ void mbedtls_x509_dn_gets(char *crt_file, char *entity, char *result_str)
TEST_ASSERT(res != -1); TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2); TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp(buf, result_str) == 0); TEST_EQUAL(strcmp(buf, result_str), 0);
exit: exit:
mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_free(&crt);
@ -1001,12 +999,12 @@ void mbedtls_x509_time_is_past(char *crt_file, char *entity, int result)
mbedtls_x509_crt_init(&crt); mbedtls_x509_crt_init(&crt);
USE_PSA_INIT(); USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
if (strcmp(entity, "valid_from") == 0) { if (strcmp(entity, "valid_from") == 0) {
TEST_ASSERT(mbedtls_x509_time_is_past(&crt.valid_from) == result); TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_from), result);
} else if (strcmp(entity, "valid_to") == 0) { } else if (strcmp(entity, "valid_to") == 0) {
TEST_ASSERT(mbedtls_x509_time_is_past(&crt.valid_to) == result); TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_to), result);
} else { } else {
TEST_ASSERT("Unknown entity" == 0); TEST_ASSERT("Unknown entity" == 0);
} }
@ -1025,12 +1023,12 @@ void mbedtls_x509_time_is_future(char *crt_file, char *entity, int result)
mbedtls_x509_crt_init(&crt); mbedtls_x509_crt_init(&crt);
USE_PSA_INIT(); USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
if (strcmp(entity, "valid_from") == 0) { if (strcmp(entity, "valid_from") == 0) {
TEST_ASSERT(mbedtls_x509_time_is_future(&crt.valid_from) == result); TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_from), result);
} else if (strcmp(entity, "valid_to") == 0) { } else if (strcmp(entity, "valid_to") == 0) {
TEST_ASSERT(mbedtls_x509_time_is_future(&crt.valid_to) == result); TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_to), result);
} else { } else {
TEST_ASSERT("Unknown entity" == 0); TEST_ASSERT("Unknown entity" == 0);
} }
@ -1049,7 +1047,7 @@ void x509parse_crt_file(char *crt_file, int result)
mbedtls_x509_crt_init(&crt); mbedtls_x509_crt_init(&crt);
USE_PSA_INIT(); USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == result); TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), result);
exit: exit:
mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_free(&crt);
@ -1071,14 +1069,14 @@ void x509parse_crt(data_t *buf, char *result_str, int result)
mbedtls_x509_crt_init(&crt); mbedtls_x509_crt_init(&crt);
USE_PSA_INIT(); USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len) == (result)); TEST_EQUAL(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len), result);
#if !defined(MBEDTLS_X509_REMOVE_INFO) #if !defined(MBEDTLS_X509_REMOVE_INFO)
if ((result) == 0) { if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
TEST_ASSERT(res != -1); TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2); TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp((char *) output, result_str) == 0); TEST_EQUAL(strcmp((char *) output, result_str), 0);
} }
memset(output, 0, 2000); memset(output, 0, 2000);
#endif #endif
@ -1086,7 +1084,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result)
mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_init(&crt); mbedtls_x509_crt_init(&crt);
TEST_ASSERT(mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len) == (result)); TEST_EQUAL(mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len), result);
#if !defined(MBEDTLS_X509_REMOVE_INFO) #if !defined(MBEDTLS_X509_REMOVE_INFO)
if ((result) == 0) { if ((result) == 0) {
memset(output, 0, 2000); memset(output, 0, 2000);
@ -1096,7 +1094,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result)
TEST_ASSERT(res != -1); TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2); TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp((char *) output, result_str) == 0); TEST_EQUAL(strcmp((char *) output, result_str), 0);
} }
memset(output, 0, 2000); memset(output, 0, 2000);
#endif /* !MBEDTLS_X509_REMOVE_INFO */ #endif /* !MBEDTLS_X509_REMOVE_INFO */
@ -1104,8 +1102,8 @@ void x509parse_crt(data_t *buf, char *result_str, int result)
mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_init(&crt); mbedtls_x509_crt_init(&crt);
TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, NULL),
NULL) == (result)); result);
#if !defined(MBEDTLS_X509_REMOVE_INFO) #if !defined(MBEDTLS_X509_REMOVE_INFO)
if ((result) == 0) { if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
@ -1113,7 +1111,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result)
TEST_ASSERT(res != -1); TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2); TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp((char *) output, result_str) == 0); TEST_EQUAL(strcmp((char *) output, result_str), 0);
} }
memset(output, 0, 2000); memset(output, 0, 2000);
#endif /* !MBEDTLS_X509_REMOVE_INFO */ #endif /* !MBEDTLS_X509_REMOVE_INFO */
@ -1121,8 +1119,8 @@ void x509parse_crt(data_t *buf, char *result_str, int result)
mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_init(&crt); mbedtls_x509_crt_init(&crt);
TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, NULL),
NULL) == (result)); result);
#if !defined(MBEDTLS_X509_REMOVE_INFO) #if !defined(MBEDTLS_X509_REMOVE_INFO)
if ((result) == 0) { if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
@ -1130,7 +1128,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result)
TEST_ASSERT(res != -1); TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2); TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp((char *) output, result_str) == 0); TEST_EQUAL(strcmp((char *) output, result_str), 0);
} }
#endif /* !MBEDTLS_X509_REMOVE_INFO */ #endif /* !MBEDTLS_X509_REMOVE_INFO */
@ -1160,8 +1158,8 @@ void x509parse_crt_cb(data_t *buf, char *result_str, int result)
mbedtls_x509_crt_init(&crt); mbedtls_x509_crt_init(&crt);
USE_PSA_INIT(); USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, parse_crt_ext_cb, TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, parse_crt_ext_cb,
&oid) == (result)); &oid), result);
#if !defined(MBEDTLS_X509_REMOVE_INFO) #if !defined(MBEDTLS_X509_REMOVE_INFO)
if ((result) == 0) { if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
@ -1169,7 +1167,7 @@ void x509parse_crt_cb(data_t *buf, char *result_str, int result)
TEST_ASSERT(res != -1); TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2); TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp((char *) output, result_str) == 0); TEST_EQUAL(strcmp((char *) output, result_str), 0);
} }
memset(output, 0, 2000); memset(output, 0, 2000);
#endif /* !MBEDTLS_X509_REMOVE_INFO */ #endif /* !MBEDTLS_X509_REMOVE_INFO */
@ -1177,8 +1175,8 @@ void x509parse_crt_cb(data_t *buf, char *result_str, int result)
mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_init(&crt); mbedtls_x509_crt_init(&crt);
TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, parse_crt_ext_cb, TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, parse_crt_ext_cb,
&oid) == (result)); &oid), (result));
#if !defined(MBEDTLS_X509_REMOVE_INFO) #if !defined(MBEDTLS_X509_REMOVE_INFO)
if ((result) == 0) { if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
@ -1186,7 +1184,7 @@ void x509parse_crt_cb(data_t *buf, char *result_str, int result)
TEST_ASSERT(res != -1); TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2); TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp((char *) output, result_str) == 0); TEST_EQUAL(strcmp((char *) output, result_str), 0);
} }
#endif /* !MBEDTLS_X509_REMOVE_INFO */ #endif /* !MBEDTLS_X509_REMOVE_INFO */
@ -1209,14 +1207,14 @@ void x509parse_crl(data_t *buf, char *result_str, int result)
memset(output, 0, 2000); memset(output, 0, 2000);
TEST_ASSERT(mbedtls_x509_crl_parse(&crl, buf->x, buf->len) == (result)); TEST_EQUAL(mbedtls_x509_crl_parse(&crl, buf->x, buf->len), (result));
if ((result) == 0) { if ((result) == 0) {
res = mbedtls_x509_crl_info((char *) output, 2000, "", &crl); res = mbedtls_x509_crl_info((char *) output, 2000, "", &crl);
TEST_ASSERT(res != -1); TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2); TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp((char *) output, result_str) == 0); TEST_EQUAL(strcmp((char *) output, result_str), 0);
} }
exit: exit:
@ -1238,12 +1236,12 @@ void mbedtls_x509_csr_parse(data_t *csr_der, char *ref_out, int ref_ret)
memset(my_out, 0, sizeof(my_out)); memset(my_out, 0, sizeof(my_out));
my_ret = mbedtls_x509_csr_parse_der(&csr, csr_der->x, csr_der->len); my_ret = mbedtls_x509_csr_parse_der(&csr, csr_der->x, csr_der->len);
TEST_ASSERT(my_ret == ref_ret); TEST_EQUAL(my_ret, ref_ret);
if (ref_ret == 0) { if (ref_ret == 0) {
size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr); size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr);
TEST_ASSERT(my_out_len == strlen(ref_out)); TEST_EQUAL(my_out_len, strlen(ref_out));
TEST_ASSERT(strcmp(my_out, ref_out) == 0); TEST_EQUAL(strcmp(my_out, ref_out), 0);
} }
exit: exit:
@ -1265,12 +1263,12 @@ void mbedtls_x509_csr_parse_file(char *csr_file, char *ref_out, int ref_ret)
memset(my_out, 0, sizeof(my_out)); memset(my_out, 0, sizeof(my_out));
my_ret = mbedtls_x509_csr_parse_file(&csr, csr_file); my_ret = mbedtls_x509_csr_parse_file(&csr, csr_file);
TEST_ASSERT(my_ret == ref_ret); TEST_EQUAL(my_ret, ref_ret);
if (ref_ret == 0) { if (ref_ret == 0) {
size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr); size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr);
TEST_ASSERT(my_out_len == strlen(ref_out)); TEST_EQUAL(my_out_len, strlen(ref_out));
TEST_ASSERT(strcmp(my_out, ref_out) == 0); TEST_EQUAL(strcmp(my_out, ref_out), 0);
} }
exit: exit:
@ -1288,7 +1286,7 @@ void mbedtls_x509_crt_parse_path(char *crt_path, int ret, int nb_crt)
mbedtls_x509_crt_init(&chain); mbedtls_x509_crt_init(&chain);
USE_PSA_INIT(); USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_path(&chain, crt_path) == ret); TEST_EQUAL(mbedtls_x509_crt_parse_path(&chain, crt_path), ret);
/* Check how many certs we got */ /* Check how many certs we got */
for (i = 0, cur = &chain; cur != NULL; cur = cur->next) { for (i = 0, cur = &chain; cur != NULL; cur = cur->next) {
@ -1297,7 +1295,7 @@ void mbedtls_x509_crt_parse_path(char *crt_path, int ret, int nb_crt)
} }
} }
TEST_ASSERT(i == nb_crt); TEST_EQUAL(i, nb_crt);
exit: exit:
mbedtls_x509_crt_free(&chain); mbedtls_x509_crt_free(&chain);
@ -1323,20 +1321,20 @@ void mbedtls_x509_crt_verify_max(char *ca_file, char *chain_dir, int nb_int,
MD_OR_USE_PSA_INIT(); MD_OR_USE_PSA_INIT();
/* Load trusted root */ /* Load trusted root */
TEST_ASSERT(mbedtls_x509_crt_parse_file(&trusted, ca_file) == 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, ca_file), 0);
/* Load a chain with nb_int intermediates (from 01 to nb_int), /* Load a chain with nb_int intermediates (from 01 to nb_int),
* plus one "end-entity" cert (nb_int + 1) */ * plus one "end-entity" cert (nb_int + 1) */
ret = mbedtls_snprintf(file_buf, sizeof(file_buf), "%s/c%02d.pem", chain_dir, ret = mbedtls_snprintf(file_buf, sizeof(file_buf), "%s/c%02d.pem", chain_dir,
nb_int + 1); nb_int + 1);
TEST_ASSERT(ret > 0 && (size_t) ret < sizeof(file_buf)); TEST_ASSERT(ret > 0 && (size_t) ret < sizeof(file_buf));
TEST_ASSERT(mbedtls_x509_crt_parse_file(&chain, file_buf) == 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, file_buf), 0);
/* Try to verify that chain */ /* Try to verify that chain */
ret = mbedtls_x509_crt_verify(&chain, &trusted, NULL, NULL, &flags, ret = mbedtls_x509_crt_verify(&chain, &trusted, NULL, NULL, &flags,
NULL, NULL); NULL, NULL);
TEST_ASSERT(ret == ret_chk); TEST_EQUAL(ret, ret_chk);
TEST_ASSERT(flags == (uint32_t) flags_chk); TEST_EQUAL(flags, (uint32_t) flags_chk);
exit: exit:
mbedtls_x509_crt_free(&chain); mbedtls_x509_crt_free(&chain);
@ -1361,9 +1359,9 @@ void mbedtls_x509_crt_verify_chain(char *chain_paths, char *trusted_ca,
MD_OR_USE_PSA_INIT(); MD_OR_USE_PSA_INIT();
while ((act = mystrsep(&chain_paths, " ")) != NULL) { while ((act = mystrsep(&chain_paths, " ")) != NULL) {
TEST_ASSERT(mbedtls_x509_crt_parse_file(&chain, act) == 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, act), 0);
} }
TEST_ASSERT(mbedtls_x509_crt_parse_file(&trusted, trusted_ca) == 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, trusted_ca), 0);
if (strcmp(profile_name, "") == 0) { if (strcmp(profile_name, "") == 0) {
profile = &mbedtls_x509_crt_profile_default; profile = &mbedtls_x509_crt_profile_default;
@ -1380,8 +1378,8 @@ void mbedtls_x509_crt_verify_chain(char *chain_paths, char *trusted_ca,
res = mbedtls_x509_crt_verify_with_profile(&chain, &trusted, NULL, profile, res = mbedtls_x509_crt_verify_with_profile(&chain, &trusted, NULL, profile,
NULL, &flags, verify_fatal, &vrfy_fatal_lvls); NULL, &flags, verify_fatal, &vrfy_fatal_lvls);
TEST_ASSERT(res == (result)); TEST_EQUAL(res, (result));
TEST_ASSERT(flags == (uint32_t) (flags_result)); TEST_EQUAL(flags, (uint32_t) (flags_result));
exit: exit:
mbedtls_x509_crt_free(&trusted); mbedtls_x509_crt_free(&trusted);
@ -1409,9 +1407,9 @@ void x509_oid_desc(data_t *buf, char *ref_desc)
TEST_ASSERT(ret != 0); TEST_ASSERT(ret != 0);
TEST_ASSERT(desc == NULL); TEST_ASSERT(desc == NULL);
} else { } else {
TEST_ASSERT(ret == 0); TEST_EQUAL(ret, 0);
TEST_ASSERT(desc != NULL); TEST_ASSERT(desc != NULL);
TEST_ASSERT(strcmp(desc, ref_desc) == 0); TEST_EQUAL(strcmp(desc, ref_desc), 0);
} }
exit: exit:
@ -1435,11 +1433,11 @@ void x509_oid_numstr(data_t *oid_buf, char *numstr, int blen, int ret)
TEST_ASSERT((size_t) blen <= sizeof(num_buf)); TEST_ASSERT((size_t) blen <= sizeof(num_buf));
TEST_ASSERT(mbedtls_oid_get_numeric_string(num_buf, blen, &oid) == ret); TEST_EQUAL(mbedtls_oid_get_numeric_string(num_buf, blen, &oid), ret);
if (ret >= 0) { if (ret >= 0) {
TEST_ASSERT(num_buf[ret] == 0); TEST_EQUAL(num_buf[ret], 0);
TEST_ASSERT(strcmp(num_buf, numstr) == 0); TEST_EQUAL(strcmp(num_buf, numstr), 0);
} }
exit: exit:
@ -1455,9 +1453,9 @@ void x509_check_key_usage(char *crt_file, int usage, int ret)
mbedtls_x509_crt_init(&crt); mbedtls_x509_crt_init(&crt);
USE_PSA_INIT(); USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
TEST_ASSERT(mbedtls_x509_crt_check_key_usage(&crt, usage) == ret); TEST_EQUAL(mbedtls_x509_crt_check_key_usage(&crt, usage), ret);
exit: exit:
mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_free(&crt);
@ -1474,10 +1472,10 @@ void x509_check_extended_key_usage(char *crt_file, data_t *oid, int ret
mbedtls_x509_crt_init(&crt); mbedtls_x509_crt_init(&crt);
USE_PSA_INIT(); USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
TEST_ASSERT(mbedtls_x509_crt_check_extended_key_usage(&crt, (const char *) oid->x, TEST_EQUAL(mbedtls_x509_crt_check_extended_key_usage(&crt, (const char *) oid->x, oid->len),
oid->len) == ret); ret);
exit: exit:
mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_free(&crt);
@ -1503,14 +1501,14 @@ void x509_get_time(int tag, char *time_str, int ret, int year, int mon,
memcpy(end, time_str, (size_t) *(end - 1)); memcpy(end, time_str, (size_t) *(end - 1));
end += *(end - 1); end += *(end - 1);
TEST_ASSERT(mbedtls_x509_get_time(&start, end, &time) == ret); TEST_EQUAL(mbedtls_x509_get_time(&start, end, &time), ret);
if (ret == 0) { if (ret == 0) {
TEST_ASSERT(year == time.year); TEST_EQUAL(year, time.year);
TEST_ASSERT(mon == time.mon); TEST_EQUAL(mon, time.mon);
TEST_ASSERT(day == time.day); TEST_EQUAL(day, time.day);
TEST_ASSERT(hour == time.hour); TEST_EQUAL(hour, time.hour);
TEST_ASSERT(min == time.min); TEST_EQUAL(min, time.min);
TEST_ASSERT(sec == time.sec); TEST_EQUAL(sec, time.sec);
} }
exit: exit:
USE_PSA_DONE(); USE_PSA_DONE();
@ -1536,12 +1534,12 @@ void x509_parse_rsassa_pss_params(data_t *params, int params_tag,
my_ret = mbedtls_x509_get_rsassa_pss_params(&buf, &my_msg_md, &my_mgf_md, my_ret = mbedtls_x509_get_rsassa_pss_params(&buf, &my_msg_md, &my_mgf_md,
&my_salt_len); &my_salt_len);
TEST_ASSERT(my_ret == ref_ret); TEST_EQUAL(my_ret, ref_ret);
if (ref_ret == 0) { if (ref_ret == 0) {
TEST_ASSERT(my_msg_md == (mbedtls_md_type_t) ref_msg_md); TEST_EQUAL(my_msg_md, (mbedtls_md_type_t) ref_msg_md);
TEST_ASSERT(my_mgf_md == (mbedtls_md_type_t) ref_mgf_md); TEST_EQUAL(my_mgf_md, (mbedtls_md_type_t) ref_mgf_md);
TEST_ASSERT(my_salt_len == ref_salt_len); TEST_EQUAL(my_salt_len, ref_salt_len);
} }
exit: exit: