eden-emu/mbedtls
20
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only

Browse source
This commit is contained in:
Yanray Wang 2023-10-16 17:38:32 +08:00
commit aa01ee303a
300 changed files with 8348 additions and 4962 deletions
Download patch file Download diff file Expand all files Collapse all files

29
programs/Makefile
View file

@ -45,7 +45,7 @@ endif
ifdef WINDOWS_BUILD
DLEXT=dll
EXEXT=.exe
LOCAL_LDFLAGS += -lws2_32
LOCAL_LDFLAGS += -lws2_32 -lbcrypt
ifdef SHARED
SHARED_SUFFIX=.$(DLEXT)
endif
@ -109,6 +109,7 @@ APPS = \
psa/hmac_demo \
psa/key_ladder_demo \
psa/psa_constant_names \
psa/psa_hash \
random/gen_entropy \
random/gen_random_ctr_drbg \
ssl/dtls_client \
@ -176,22 +177,30 @@ ${MBEDTLS_TEST_OBJS}:
GENERATED_FILES = psa/psa_constant_names_generated.c test/query_config.c
generated_files: $(GENERATED_FILES)
psa/psa_constant_names_generated.c: ../scripts/generate_psa_constants.py
psa/psa_constant_names_generated.c: ../include/psa/crypto_values.h
psa/psa_constant_names_generated.c: ../include/psa/crypto_extra.h
psa/psa_constant_names_generated.c: ../tests/suites/test_suite_psa_crypto_metadata.data
# See root Makefile
GEN_FILES ?= yes
ifdef GEN_FILES
gen_file_dep =
else
gen_file_dep = |
endif
psa/psa_constant_names_generated.c: $(gen_file_dep) ../scripts/generate_psa_constants.py
psa/psa_constant_names_generated.c: $(gen_file_dep) ../include/psa/crypto_values.h
psa/psa_constant_names_generated.c: $(gen_file_dep) ../include/psa/crypto_extra.h
psa/psa_constant_names_generated.c: $(gen_file_dep) ../tests/suites/test_suite_psa_crypto_metadata.data
psa/psa_constant_names_generated.c:
echo " Gen $@"
$(PYTHON) ../scripts/generate_psa_constants.py
test/query_config.c: ../scripts/generate_query_config.pl
test/query_config.c: $(gen_file_dep) ../scripts/generate_query_config.pl
## The generated file only depends on the options that are present in mbedtls_config.h,
## not on which options are set. To avoid regenerating this file all the time
## when switching between configurations, don't declare mbedtls_config.h as a
## dependency. Remove this file from your working tree if you've just added or
## removed an option in mbedtls_config.h.
#test/query_config.c: ../include/mbedtls/mbedtls_config.h
test/query_config.c: ../scripts/data_files/query_config.fmt
#test/query_config.c: $(gen_file_dep) ../include/mbedtls/mbedtls_config.h
test/query_config.c: $(gen_file_dep) ../scripts/data_files/query_config.fmt
test/query_config.c:
echo " Gen $@"
$(PERL) ../scripts/generate_query_config.pl
@ -316,6 +325,10 @@ psa/psa_constant_names$(EXEXT): psa/psa_constant_names.c psa/psa_constant_names_
echo " CC psa/psa_constant_names.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
psa/psa_hash$(EXEXT): psa/psa_hash.c $(DEP)
echo " CC psa/psa_hash.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
random/gen_entropy$(EXEXT): random/gen_entropy.c $(DEP)
echo " CC random/gen_entropy.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_entropy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@

4
programs/fuzz/Makefile
View file

@ -27,6 +27,10 @@ ifdef FUZZINGENGINE
LOCAL_LDFLAGS += -lFuzzingEngine
endif
ifdef WINDOWS_BUILD
LOCAL_LDFLAGS += -lbcrypt
endif
# A test application is built for each suites/test_suite_*.data file.
# Application name is same as .data file's base name and can be
# constructed by stripping path 'suites/' and extension .data.

1
programs/psa/CMakeLists.txt
View file

@ -4,6 +4,7 @@ set(executables
hmac_demo
key_ladder_demo
psa_constant_names
psa_hash
)
if(GEN_FILES)

171
programs/psa/psa_hash.c Normal file
View file

@ -0,0 +1,171 @@
/*
* Example computing a SHA-256 hash using the PSA Crypto API
*
* The example computes the SHA-256 hash of a test string using the
* one-shot API call psa_hash_compute() and the using multi-part
* operation, which requires psa_hash_setup(), psa_hash_update() and
* psa_hash_finish(). The multi-part operation is popular on embedded
* devices where a rolling hash needs to be computed.
*
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "psa/crypto.h"
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
/* Information about hashing with the PSA API can be
* found here:
* https://arm-software.github.io/psa-api/crypto/1.1/api/ops/hashes.html
*
* The algorithm used by this demo is SHA 256.
* Please see include/psa/crypto_values.h to see the other
* algorithms that are supported by Mbed TLS.
* If you switch to a different algorithm you will need to update
* the hash data in the EXAMPLE_HASH_VALUE macro below. */
#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256)
int main(void)
{
mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256"
"not defined.\r\n");
return EXIT_SUCCESS;
}
#else
#define HASH_ALG PSA_ALG_SHA_256
const uint8_t sample_message[] = "Hello World!";
/* sample_message is terminated with a null byte which is not part of
* the message itself so we make sure to subtract it in order to get
* the message length. */
const size_t sample_message_length = sizeof(sample_message) - 1;
#define EXPECTED_HASH_VALUE { \
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \
0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \
0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \
}
const uint8_t expected_hash[] = EXPECTED_HASH_VALUE;
const size_t expected_hash_len = sizeof(expected_hash);
int main(void)
{
psa_status_t status;
uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)];
size_t hash_length;
psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
psa_hash_operation_t cloned_hash_operation = PSA_HASH_OPERATION_INIT;
mbedtls_printf("PSA Crypto API: SHA-256 example\n\n");
status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_printf("psa_crypto_init failed\n");
return EXIT_FAILURE;
}
/* Compute hash using multi-part operation */
status = psa_hash_setup(&hash_operation, HASH_ALG);
if (status == PSA_ERROR_NOT_SUPPORTED) {
mbedtls_printf("unknown hash algorithm supplied\n");
return EXIT_FAILURE;
} else if (status != PSA_SUCCESS) {
mbedtls_printf("psa_hash_setup failed\n");
return EXIT_FAILURE;
}
status = psa_hash_update(&hash_operation, sample_message, sample_message_length);
if (status != PSA_SUCCESS) {
mbedtls_printf("psa_hash_update failed\n");
goto cleanup;
}
status = psa_hash_clone(&hash_operation, &cloned_hash_operation);
if (status != PSA_SUCCESS) {
mbedtls_printf("PSA hash clone failed\n");
goto cleanup;
}
status = psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_length);
if (status != PSA_SUCCESS) {
mbedtls_printf("psa_hash_finish failed\n");
goto cleanup;
}
/* Check the result of the operation against the sample */
if (hash_length != expected_hash_len ||
(memcmp(hash, expected_hash, expected_hash_len) != 0)) {
mbedtls_printf("Multi-part hash operation gave the wrong result!\n\n");
goto cleanup;
}
status =
psa_hash_verify(&cloned_hash_operation, expected_hash,
expected_hash_len);
if (status != PSA_SUCCESS) {
mbedtls_printf("psa_hash_verify failed\n");
goto cleanup;
} else {
mbedtls_printf("Multi-part hash operation successful!\n");
}
/* Clear local variables prior to one-shot hash demo */
memset(hash, 0, sizeof(hash));
hash_length = 0;
/* Compute hash using one-shot function call */
status = psa_hash_compute(HASH_ALG,
sample_message, sample_message_length,
hash, sizeof(hash),
&hash_length);
if (status != PSA_SUCCESS) {
mbedtls_printf("psa_hash_compute failed\n");
goto cleanup;
}
if (hash_length != expected_hash_len ||
(memcmp(hash, expected_hash, expected_hash_len) != 0)) {
mbedtls_printf("One-shot hash operation gave the wrong result!\n\n");
goto cleanup;
}
mbedtls_printf("One-shot hash operation successful!\n\n");
/* Print out result */
mbedtls_printf("The SHA-256( '%s' ) is: ", sample_message);
for (size_t j = 0; j < expected_hash_len; j++) {
mbedtls_printf("%02x", hash[j]);
}
mbedtls_printf("\n");
mbedtls_psa_crypto_free();
return EXIT_SUCCESS;
cleanup:
psa_hash_abort(&hash_operation);
psa_hash_abort(&cloned_hash_operation);
return EXIT_FAILURE;
}
#endif /* !MBEDTLS_PSA_CRYPTO_C || !PSA_WANT_ALG_SHA_256 */

1
programs/ssl/dtls_client.c
View file

@ -294,7 +294,6 @@ send_request:
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
mbedtls_printf(" connection was closed gracefully\n");
ret = 0;
goto close_notify;
default:

1
programs/ssl/dtls_server.c
View file

@ -331,7 +331,6 @@ reset:
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
printf(" connection was closed gracefully\n");
ret = 0;
goto close_notify;
default:

2
programs/ssl/ssl_context_info.c
View file

@ -1,5 +1,5 @@
/*
* MbedTLS SSL context deserializer from base64 code
* Mbed TLS SSL context deserializer from base64 code
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0

2
programs/ssl/ssl_fork_server.c
View file

@ -65,7 +65,7 @@ int main(void)
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
"<h2>mbed TLS Test Server</h2>\r\n" \
"<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
#define DEBUG_LEVEL 0

4
programs/ssl/ssl_mail_client.c
View file

@ -775,9 +775,9 @@ usage:
mbedtls_printf(" > Write content to server:");
fflush(stdout);
len = sprintf((char *) buf, "From: %s\r\nSubject: mbed TLS Test mail\r\n\r\n"
len = sprintf((char *) buf, "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n"
"This is a simple test mail from the "
"mbed TLS mail client example.\r\n"
"Mbed TLS mail client example.\r\n"
"\r\n"
"Enjoy!", opt.mail_from);
ret = write_ssl_data(&ssl, buf, len);

2
programs/ssl/ssl_pthread_server.c
View file

@ -66,7 +66,7 @@ int main(void)
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
"<h2>mbed TLS Test Server</h2>\r\n" \
"<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
#define DEBUG_LEVEL 0

2
programs/ssl/ssl_server.c
View file

@ -59,7 +59,7 @@ int main(void)
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
"<h2>mbed TLS Test Server</h2>\r\n" \
"<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
#define DEBUG_LEVEL 0

3
programs/ssl/ssl_server2.c
View file

@ -173,7 +173,7 @@ int main(void)
* packets (for fragmentation purposes) */
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
"<h2>mbed TLS Test Server</h2>\r\n" \
"<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n" // LONG_RESPONSE
/*
@ -3781,7 +3781,6 @@ data_exchange:
switch (ret) {
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
mbedtls_printf(" connection was closed gracefully\n");
ret = 0;
goto close_notify;
default:

2
programs/test/CMakeLists.txt
View file

@ -45,11 +45,13 @@ if(GEN_FILES)
${PERL}
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl
${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt
${CMAKE_CURRENT_BINARY_DIR}/query_config.c
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl
${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt
)
# this file will also be used in another directory, so create a target, see

66
programs/test/benchmark.c
View file

@ -113,13 +113,13 @@ static void mbedtls_set_alarm(int seconds);
#define HEADER_FORMAT " %-24s : "
#define TITLE_LEN 25
#define OPTIONS \
"md5, ripemd160, sha1, sha256, sha512,\n" \
"sha3_224, sha3_256, sha3_384, sha3_512,\n" \
"des3, des, camellia, chacha20,\n" \
"aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly,\n" \
"aes_cmac, des3_cmac, poly1305\n" \
"ctr_drbg, hmac_drbg\n" \
#define OPTIONS \
"md5, ripemd160, sha1, sha256, sha512,\n" \
"sha3_224, sha3_256, sha3_384, sha3_512,\n" \
"des3, des, camellia, chacha20,\n" \
"aes_cbc, aes_cfb128, aes_cfb8, aes_gcm, aes_ccm, aes_xts, chachapoly\n" \
"aes_cmac, des3_cmac, poly1305\n" \
"ctr_drbg, hmac_drbg\n" \
"rsa, dhm, ecdsa, ecdh.\n"
#if defined(MBEDTLS_ERROR_C)
@ -510,7 +510,7 @@ typedef struct {
char md5, ripemd160, sha1, sha256, sha512,
sha3_224, sha3_256, sha3_384, sha3_512,
des3, des,
aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly,
aes_cbc, aes_cfb128, aes_cfb8, aes_gcm, aes_ccm, aes_xts, chachapoly,
aes_cmac, des3_cmac,
aria, camellia, chacha20,
poly1305,
@ -570,6 +570,10 @@ int main(int argc, char *argv[])
todo.des = 1;
} else if (strcmp(argv[i], "aes_cbc") == 0) {
todo.aes_cbc = 1;
} else if (strcmp(argv[i], "aes_cfb128") == 0) {
todo.aes_cfb128 = 1;
} else if (strcmp(argv[i], "aes_cfb8") == 0) {
todo.aes_cfb8 = 1;
} else if (strcmp(argv[i], "aes_xts") == 0) {
todo.aes_xts = 1;
} else if (strcmp(argv[i], "aes_gcm") == 0) {
@ -675,6 +679,7 @@ int main(int argc, char *argv[])
#if defined(MBEDTLS_CIPHER_MODE_CBC)
if (todo.des3) {
mbedtls_des3_context des3;
mbedtls_des3_init(&des3);
if (mbedtls_des3_set3key_enc(&des3, tmp) != 0) {
mbedtls_exit(1);
@ -686,6 +691,7 @@ int main(int argc, char *argv[])
if (todo.des) {
mbedtls_des_context des;
mbedtls_des_init(&des);
if (mbedtls_des_setkey_enc(&des, tmp) != 0) {
mbedtls_exit(1);
@ -718,6 +724,7 @@ int main(int argc, char *argv[])
if (todo.aes_cbc) {
int keysize;
mbedtls_aes_context aes;
mbedtls_aes_init(&aes);
for (keysize = 128; keysize <= 256; keysize += 64) {
mbedtls_snprintf(title, sizeof(title), "AES-CBC-%d", keysize);
@ -732,6 +739,44 @@ int main(int argc, char *argv[])
mbedtls_aes_free(&aes);
}
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
if (todo.aes_cfb128) {
int keysize;
size_t iv_off = 0;
mbedtls_aes_context aes;
mbedtls_aes_init(&aes);
for (keysize = 128; keysize <= 256; keysize += 64) {
mbedtls_snprintf(title, sizeof(title), "AES-CFB128-%d", keysize);
memset(buf, 0, sizeof(buf));
memset(tmp, 0, sizeof(tmp));
CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize));
TIME_AND_TSC(title,
mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE,
&iv_off, tmp, buf, buf));
}
mbedtls_aes_free(&aes);
}
if (todo.aes_cfb8) {
int keysize;
mbedtls_aes_context aes;
mbedtls_aes_init(&aes);
for (keysize = 128; keysize <= 256; keysize += 64) {
mbedtls_snprintf(title, sizeof(title), "AES-CFB8-%d", keysize);
memset(buf, 0, sizeof(buf));
memset(tmp, 0, sizeof(tmp));
CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize));
TIME_AND_TSC(title,
mbedtls_aes_crypt_cfb8(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf));
}
mbedtls_aes_free(&aes);
}
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
if (todo.aes_xts) {
int keysize;
@ -849,6 +894,7 @@ int main(int argc, char *argv[])
if (todo.aria) {
int keysize;
mbedtls_aria_context aria;
mbedtls_aria_init(&aria);
for (keysize = 128; keysize <= 256; keysize += 64) {
mbedtls_snprintf(title, sizeof(title), "ARIA-CBC-%d", keysize);
@ -869,6 +915,7 @@ int main(int argc, char *argv[])
if (todo.camellia) {
int keysize;
mbedtls_camellia_context camellia;
mbedtls_camellia_init(&camellia);
for (keysize = 128; keysize <= 256; keysize += 64) {
mbedtls_snprintf(title, sizeof(title), "CAMELLIA-CBC-%d", keysize);
@ -975,6 +1022,7 @@ int main(int argc, char *argv[])
if (todo.rsa) {
int keysize;
mbedtls_rsa_context rsa;
for (keysize = 2048; keysize <= 4096; keysize *= 2) {
mbedtls_snprintf(title, sizeof(title), "RSA-%d", keysize);
@ -1017,6 +1065,7 @@ int main(int argc, char *argv[])
mbedtls_dhm_context dhm;
size_t olen;
size_t n;
for (i = 0; (size_t) i < sizeof(dhm_sizes) / sizeof(dhm_sizes[0]); i++) {
mbedtls_dhm_init(&dhm);
@ -1130,6 +1179,7 @@ int main(int argc, char *argv[])
if (curve_list == (const mbedtls_ecp_curve_info *) &single_curve) {
mbedtls_ecp_group grp;
mbedtls_ecp_group_init(&grp);
if (mbedtls_ecp_group_load(&grp, curve_list->grp_id) != 0) {
mbedtls_exit(1);

6
programs/test/cmake_package/CMakeLists.txt
View file

@ -1,4 +1,4 @@
cmake_minimum_required(VERSION 2.8.12)
cmake_minimum_required(VERSION 3.5.1)
#
# Simulate configuring and building Mbed TLS as the user might do it. We'll
@ -13,7 +13,9 @@ execute_process(
"-H${MbedTLS_SOURCE_DIR}"
"-B${MbedTLS_BINARY_DIR}"
"-DENABLE_PROGRAMS=NO"
"-DENABLE_TESTING=NO")
"-DENABLE_TESTING=NO"
# Turn on generated files explicitly in case this is a release
"-DGEN_FILES=ON")
execute_process(
COMMAND "${CMAKE_COMMAND}"

4
programs/test/cmake_package_install/CMakeLists.txt
View file

@ -1,4 +1,4 @@
cmake_minimum_required(VERSION 2.8.12)
cmake_minimum_required(VERSION 3.5.1)
#
# Simulate configuring and building Mbed TLS as the user might do it. We'll
@ -15,6 +15,8 @@ execute_process(
"-B${MbedTLS_BINARY_DIR}"
"-DENABLE_PROGRAMS=NO"
"-DENABLE_TESTING=NO"
# Turn on generated files explicitly in case this is a release
"-DGEN_FILES=ON"
"-DCMAKE_INSTALL_PREFIX=${MbedTLS_INSTALL_DIR}")
execute_process(

2
programs/test/cmake_subproject/CMakeLists.txt
View file

@ -1,4 +1,4 @@
cmake_minimum_required(VERSION 2.6)
cmake_minimum_required(VERSION 3.5.1)
# Test the target renaming support by adding a prefix to the targets built
set(MBEDTLS_TARGET_PREFIX subproject_test_)