From 720c638717ee0d4b19f888537e316cfac154c311 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Zwoli=C5=84ski?= Date: Tue, 16 May 2023 12:02:47 +0200 Subject: [PATCH 001/166] Add AES encrypted keys support for PKCS5 PBES2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Maciej Zwoliński --- include/mbedtls/oid.h | 3 +++ library/oid.c | 14 +++++++++++++- tests/suites/host_test.function | 2 +- tests/suites/test_suite_pkcs5.data | 16 ++++++++++++++++ 4 files changed, 33 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 954507229..3a7f740c9 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -306,6 +306,9 @@ MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */ #define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */ #define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */ +#define MBEDTLS_OID_AES_128_CBC MBEDTLS_OID_AES "\x02" /** aes128-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes128-CBC-PAD(2) } */ +#define MBEDTLS_OID_AES_192_CBC MBEDTLS_OID_AES "\x16" /** aes192-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes192-CBC-PAD(22) } */ +#define MBEDTLS_OID_AES_256_CBC MBEDTLS_OID_AES "\x2a" /** aes256-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes256-CBC-PAD(42) } */ /* * Key Wrapping algorithms diff --git a/library/oid.c b/library/oid.c index d139a6d0d..89d133dfe 100644 --- a/library/oid.c +++ b/library/oid.c @@ -695,10 +695,22 @@ static const oid_cipher_alg_t oid_cipher_alg[] = OID_DESCRIPTOR(MBEDTLS_OID_DES_EDE3_CBC, "des-ede3-cbc", "DES-EDE3-CBC"), MBEDTLS_CIPHER_DES_EDE3_CBC, }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AES_128_CBC, "aes128-cbc", "AES128-CBC"), + MBEDTLS_CIPHER_AES_128_CBC, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AES_192_CBC, "aes192-cbc", "AES192-CBC"), + MBEDTLS_CIPHER_AES_192_CBC, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AES_256_CBC, "aes256-cbc", "AES256-CBC"), + MBEDTLS_CIPHER_AES_256_CBC, + }, { NULL_OID_DESCRIPTOR, MBEDTLS_CIPHER_NONE, - }, + } }; FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg) diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index 06f391fa4..95d30f8d2 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -459,7 +459,7 @@ int execute_tests(int argc, const char **argv) int ret; unsigned total_errors = 0, total_tests = 0, total_skipped = 0; FILE *file; - char buf[5000]; + char buf[10000]; char *params[50]; /* Store for processed integer params. */ mbedtls_test_argument_t int_params[50]; diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index f3ea5536f..8480b5c00 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -142,6 +142,22 @@ PBES2 Decrypt (Invalid padding & PKCS7 padding enabled) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607" +PBES2 Decrypt DES-EDE3-CBC (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302906092A864886F70D01050C301C040832A773780540A2D602020800300C06082A864886F70D02090500301406082A864886F70D03070408480B29975B655BCE":"7A776F6C696E":"7C4948C17F9ABCDD9CC8DE3C91C83B6BAA2D01ABBC86DD3336875B018A7AA5527EEBA4788992FED8966923A1BD0405A1B2CA2FC011944E360863E4437D14C2F82A465D3F58D3B005389F8B46F5900A170B7A6A371DD052C59EF76858ADB553E1BD9EAA284EE1DA150BBF61879A6FC265886B5D12596D2413A9E3881EA49366D68BFD6DDA087E15A3F1C426D0416B294A57F7599D2F49C5090550A4DAD4781541E362D76F84A3389676EBE4F556FCCFC8E16065101ECC888E60D5DD58244A3CD1B90731DB5A43B30BDBF41C66A3E26AAF6363D630242CC1A6F456672FB7290D5542BFD32776619C6FD9C863CAC856DC529EFEFBE96F353697E5EC878762814ED0E6A672B38BF0D5B76F1825E8C697A646779FCD819BF4F28AE461D436D8535641670638E5C6FC8F7F2B6CA9F2868DEC0A3830645BC84701CC6A02A14E2AEE8D33D9224C96FA2F26F4675B3A73A0C7571552FE25C49F2455526D93F869A7E7C56E5E9F3012A05B298A38D7E3EEF66C6E13301B34B15C3D98446BF044E1F7C4A6FCE867AB9A68567ABC844A6B65AF8FA33D6BF899ADE0DCE98D50352F15EE2AFFD5D3BECD867DA7F54C6DEDB3396D30516FAECD3E62083E55A4A65D3CE6AB39DADD6A7C5EB192F14B8D13773AFA2CBB081350FA7DD9B5F1AD78E0F9DE17216DAE4D21EA843C4DDCD2C0B963F27F9F774435C200864D59CF28C483BCD948CA1E8950CF7C924D7BB69D85FD99BBB3E466AC36B0887CCCCDA508C55D55AC0B7045B6CC4013E9B216E6C40A6F1EFA299A078849DF7C90D1F8BCA7295B0C74403C6AE3D79717955F134AB7962F44DA87351B6F71569CA30A3D55B58958C485A285C169649607F2736DA0FC1E6BD35B7F63DBD8B3BDF300603BBFB54C23F895DCC5E086BDA3EB41D54E591A5B8537EBA4AA876513271270E2D953DA6F7AF95EF91CC986487E1F3136B15368C9638D5867FD4F8E581A3E6E1D552E778C99E465D7B243AE2C4525CE15C35E6588931FE8C476BA8ECA7CAE327B946C384FDF37448BE3662D1EAEFF7063C8427BADD713CB8EB7093FD9F3ABE582B9175C5AE10F1C85369B93A0DA29F120B12206B31B25670C8025C7F74FC2F59ADBA35E157F5BF2E77B01D61A77F1E33B7877A54F66ABD1E6CA12819EB951CFD89BBF985FD550EB2AB5AD4B8B0099A00E3FD358D2808E6178C14B1C365A1D31B7BA3F9F7F7A06852C5329D26C64AB4C1392C2FA9CDD78D30983C14E7BC9F19EF30BA5CC58759C7BC6F7F324D0A79188EB0740FD83E3B0B0664748F16071BB658C5679B7967C31300BC11B73A18545959F324734FCD4C06DE33E9290915A40A8F7799E049B8B7CCEACA02515720ECFAD78B7CB36A6144EB9AE483EA1AE978054B84C68BBA29D95C619516B783D11A6150D88DD594B975A7FD217944BD177E04FE21FE78B7BDC4B4E1E4012B756AF83589447739A5CEF211AB706C137FFC28D17F24891DF0C5DD811DE3AE90B6C4B0324376EB8A4980CF789541E2A1BFAAB3E0E64D50F584346727FEEB4EC1BBC1FFE08AF71E1A700E890006401191047661CAF3030F0D489C28BFFF374334036A68A6F4D67C25E90B04ADD9AC1763183E30E461918D45EE9C3A4F4CE621FABF6907901939278FB6FE940BCF0C6575F25C759263931383B001C7823340D9D739520E23517A8CE6EBBD4D16AAFA2149B9F04873DBD652D8CE033D65C021D4825A065F6E4CAD1927F9A":0:"308204BD020100300D06092A864886F70D0101010500048204A7308204A30201000282010100D0680E66E3F69348A111BC720B747A402236FA15B330004F21A97E903AB94419F485688BAF2EEC07306D4C321D91DEA5D426D6336D342D967DC4192D537FDFE42548AEE817B57B82A9D75C8308839C739C830C3B6847D9F2EE65899F117DA196DBF64BD6AC6CE4486619FDFB41C57AFB8B8E893526699976CEB8CD3E07B668FB3F18D70C816F6BC1B26F767B1BF987B4D994FD5F53F7B497FF6A43F73D383F8DA05BAA2A68DDDDCFD2B3A7AACFA8B06D26D2C261BFEC13E7BA7C88AC7CA5AE187BE31D8E579FEE2FC90C31E38C249EBC13C70490AC3463269FACF294D419505ADBC54B0697BF01DEB8EB83DF3236DD9059E6BD0CE64D8D39CB80A2DCDF82E19B020301000102820100517E4F1B66CAF5BEF1D4F8A673DA412FB0F1648B75BD3071C10D0143AEE2E14170FF75E92140ACE506C7C682D6534307FF548C7021A4C4AAD3550A2F52366FBB4BE5071814A54FBDC1624877A8ADA6510303AF95CF6A414CA0722E05789672C8860CE28CF871C0369B4E50A59E8B7552C5B89FE89BB3B161E6E616C3C9CA47743A32482A8885035BEB72E85564A0F004C4A99A935F4BAB523857E558FCF4A27ECD30EA5A91205BD84B9F550565561C9CDC324E3CFC478445D12C032B0057035EF4F548280F238038F3EE6097864D8724AFB53BCA8C62A8F5177AA072D4784EAAEB8B81BB6A3ACF453C5859B374E1FA3B3959FDBD630044B530A2FB50232517D902818100FE860C42D18CBDF8758CF5D4D2487E8EA4C0D6D3A1C735AD14A37A66D972B7B2B3D9551E0B25BAB7F58EAD0B7A696686F4B98DDCB15A20A388D1AB7793004B83B97915D747F8CB09390D2C2A0DE05FCAFAA36911DA2F5D30E0E0178FA7B7B0E57006A44056169078690F9B48225340812A2ADA48CC56B48A0FC75C842DE94FA702818100D19D86F612C92312B3C7F673CA9F4C4808ABEBAD925526A4509E3179C025DFE351720B40562355955B5856A0C9B306F0AAA3C132CEF8E04D94651FCE6A6B89FAD6A683E40551743D962FB4AE5895F7186D9EEC1F5E8A11CCC8BE1783080C5C86E909CF366B26E79316AC687F42E6A6300BC50B944642CF297393FE9EF47F3CED0281806035C18ABC754C1610314177BA2947159A777E7D2F0903643289FD29C58694A3CB521AD7A97510989B0CDCA29B1A1E74632B84D16884DE13931356927391C7F9B9F1686D213A8D5D2620B1920FFEC1971399138D79013063DA8D3ABAC5B62CFAFD96B51DD0ACE4DD6F31440C47555AEBB849CC8B7A1A48526BD67B4547A98ABF0281800E8210AD476F9475DEEBA02B3383030C994D0CEADE8DF636B93DB9BEEB85B3915039CC7D8F78B29BBBCEC9702785B49D43B241D4FA6E4F580F45508640E7608D73FDE2730DCB2D7875C4A784C9ACD7856150F696D53C492F1B55CCDACCDBCE2BA8457D8A0EB08AA6AB9313487BA0EB2FB820D34457F897CE0EA9D79DB8DE75A102818100DB30BDD1E07CB8131091FB3DE7284553FCB0C5C9797C02A74D364D235A41DBCB3D210528722440AF91B073BD5D8EEE0123DC32FF67CE8410E9875B3061AA976E0470797A03C7A59B4A25986AF2C79D2237AABADEF8A9F7BD117CA7274FBFAB4DB7BB77583720419A14938FF1DC643D7AAF7119A3DC46F7F178778C51310579A1" + +PBES2 Decrypt AES-128-CBC (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302906092A864886F70D01050C301C0408E9ED80B476045B2602020800300C06082A864886F70D02090500301D0609608648016503040102041052C89F1A8BE8E0EAE6D415F1974624A4":"7A776F6C696E":"279EBEFD0DDC751FFEABDC91F9C8BEA6081E58702D429E0D44FE96735AE6DD58BD4CD84498A91804F43D669A7159C57B758D536C0CF237FE4E868CE0AE87DA2C97B9649975FE189A9200435BFFD0304286508B0F9AB8C2E36B09AF336E27A6F40EE1AA1906A38A9E187E4A7A14B472D89C6A65D39AA9D390445A6859894431BEF8EAE07B914A70F55D95DF2FB1DB8B40154C1F1E16B4273156328DBAFDDBE2AE41BEAF227525D3B5D57FE9B7C188A2FE8493ABA3C916EDF486F520C670F505A4FC8DD083245032EF69C6C76141C8576AE7E59D4DB5974C316848CCCF6A36EFB3BA67175FD996756F3E51034D659CF98D95F953BBE5A9DE564426FCE324D3A3F463C2E6464DBC34610ECEC20518B47ACB9A4ED85C326A963D3B3C7088AF2A320E4B364666D2EE3D38D067808EC01BB765C5D4B4487E2F9D9FFEC8F0EC4C4262070F252C7E9D95CF01747055E2176BB9D17DE302ADC1C39335849797DF171AAF89946931D5A5C94FB85DB84D67290974B4F8F8E677F77FD62FE7B0A10E4DE9FE83598F47D3B32015FA2B1558672D2D81C65C123AE821052C84FA0ED2C5A5A39A7B12CFEB68887722970FC907D1B586A67F8479A1EBC4E8AE4676047086A7EE7520C9147C089B4AE5B2505C14C6F28F645F90C55E51BADBC4B4167EC4A757CD59452E800BCCA9D3DD01BD084057102403B4804D51A6EF404AB5B31FFFFA19AC56861D9863A5460077D109E043E5B2134D812652E80E3FF804FD1A0114FD8F1F72D97A0A6E88A2DE124FFCD2C17B7BCAC30B19189BC8301B25012C05014BA7DA9949A9F0F30470C760474E27A8160F237DAFA85CBE5499C7429109858E581AD2D5A4634691BEFA1C5545F78D0B93F140D5ABF06FB91CFDBD1D93D106199A1E35F651053D0E80787CEED53404F0F0C9EA54C8CC39682916D6731C3B91A4988B54D821F0EAD621606765F8048ED9FAE9DAB781C830C77DA70C44DB8C4BB000CE12C59DCA4BA5966EB25F7B32EBCB524C8C4B019B65E3B024E41BBDE68531A2205A784A842EB9673B56CDF88C2F056C9E5685C7BA0E52E067EC8B4B7CDAA8C6F1AFAFC05C51119A6AC25122C5F93E9157761788AB76641300CCBA08845C2932729CC31FE6E8577E3A565BCA9E6668619874540FC866B8677A8452BEAD9C6648893355D82B2D0EAEF1B13C5B1A3DDDB23B2EA00B9C9F627E753D7FF51D5AF87C2A07FE228CB00EC497D8869973282188833E36C74111050B409877913760E7C77F05B6B4DD19778F69F3F46F54B4842863B7BB0716DA26DDA07DDD334FCC7DD2B1A03FE0DE31B4018D2D96AED72B8D2F206D1011BCEFEE9EA413CDB053665553FEEA2E3EB54DD525DC12B7BBC3A76F1530F320717CBEF5AA541791335901A57436ECFE9917B9D009178CDDFBD9FD8756A808B72668B34A3D86303A6D5F6D38685356C1A87ECD2EC61A63FC53F5DA959B33988E869785E694AB079763CA9DD9B1EA2B8BAE5F31EB75D0F71D87B68AA9A4CB6995859FAB0028EFC633ED4DAA4A8FB0E6A55EF9B2DEA1E947C8DEA81CEAB9232A29340947719D4CEAABFB8E1E065F43F231D6A1C83E8F554530C58F8C02D2386F2C67D2F043097375ABD0C18F390BFA2867F870B1A1DA1AB6103D2275420B09778D9B775F147B6BB47598367F9C44AF509136F5F69E61E4A8592E44C860041D5C9C94A63BE17C6E93995A321238D80EF111F8BF137C7A38FACB6329CFDC9A5B9FB2DB":0:"308204BD020100300D06092A864886F70D0101010500048204A7308204A30201000282010100D0680E66E3F69348A111BC720B747A402236FA15B330004F21A97E903AB94419F485688BAF2EEC07306D4C321D91DEA5D426D6336D342D967DC4192D537FDFE42548AEE817B57B82A9D75C8308839C739C830C3B6847D9F2EE65899F117DA196DBF64BD6AC6CE4486619FDFB41C57AFB8B8E893526699976CEB8CD3E07B668FB3F18D70C816F6BC1B26F767B1BF987B4D994FD5F53F7B497FF6A43F73D383F8DA05BAA2A68DDDDCFD2B3A7AACFA8B06D26D2C261BFEC13E7BA7C88AC7CA5AE187BE31D8E579FEE2FC90C31E38C249EBC13C70490AC3463269FACF294D419505ADBC54B0697BF01DEB8EB83DF3236DD9059E6BD0CE64D8D39CB80A2DCDF82E19B020301000102820100517E4F1B66CAF5BEF1D4F8A673DA412FB0F1648B75BD3071C10D0143AEE2E14170FF75E92140ACE506C7C682D6534307FF548C7021A4C4AAD3550A2F52366FBB4BE5071814A54FBDC1624877A8ADA6510303AF95CF6A414CA0722E05789672C8860CE28CF871C0369B4E50A59E8B7552C5B89FE89BB3B161E6E616C3C9CA47743A32482A8885035BEB72E85564A0F004C4A99A935F4BAB523857E558FCF4A27ECD30EA5A91205BD84B9F550565561C9CDC324E3CFC478445D12C032B0057035EF4F548280F238038F3EE6097864D8724AFB53BCA8C62A8F5177AA072D4784EAAEB8B81BB6A3ACF453C5859B374E1FA3B3959FDBD630044B530A2FB50232517D902818100FE860C42D18CBDF8758CF5D4D2487E8EA4C0D6D3A1C735AD14A37A66D972B7B2B3D9551E0B25BAB7F58EAD0B7A696686F4B98DDCB15A20A388D1AB7793004B83B97915D747F8CB09390D2C2A0DE05FCAFAA36911DA2F5D30E0E0178FA7B7B0E57006A44056169078690F9B48225340812A2ADA48CC56B48A0FC75C842DE94FA702818100D19D86F612C92312B3C7F673CA9F4C4808ABEBAD925526A4509E3179C025DFE351720B40562355955B5856A0C9B306F0AAA3C132CEF8E04D94651FCE6A6B89FAD6A683E40551743D962FB4AE5895F7186D9EEC1F5E8A11CCC8BE1783080C5C86E909CF366B26E79316AC687F42E6A6300BC50B944642CF297393FE9EF47F3CED0281806035C18ABC754C1610314177BA2947159A777E7D2F0903643289FD29C58694A3CB521AD7A97510989B0CDCA29B1A1E74632B84D16884DE13931356927391C7F9B9F1686D213A8D5D2620B1920FFEC1971399138D79013063DA8D3ABAC5B62CFAFD96B51DD0ACE4DD6F31440C47555AEBB849CC8B7A1A48526BD67B4547A98ABF0281800E8210AD476F9475DEEBA02B3383030C994D0CEADE8DF636B93DB9BEEB85B3915039CC7D8F78B29BBBCEC9702785B49D43B241D4FA6E4F580F45508640E7608D73FDE2730DCB2D7875C4A784C9ACD7856150F696D53C492F1B55CCDACCDBCE2BA8457D8A0EB08AA6AB9313487BA0EB2FB820D34457F897CE0EA9D79DB8DE75A102818100DB30BDD1E07CB8131091FB3DE7284553FCB0C5C9797C02A74D364D235A41DBCB3D210528722440AF91B073BD5D8EEE0123DC32FF67CE8410E9875B3061AA976E0470797A03C7A59B4A25986AF2C79D2237AABADEF8A9F7BD117CA7274FBFAB4DB7BB77583720419A14938FF1DC643D7AAF7119A3DC46F7F178778C51310579A1" + +PBES2 Decrypt AES-192-CBC (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302906092A864886F70D01050C301C0408777618CD183CC88102020800300C06082A864886F70D02090500301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"7A776F6C696E":"540DADAE140E86453630405F6C5C97FFBD691D1BB3F9294292138BB3757EB78E1AAC1016257D387FB6D92A85E7D2E41EAC0D532018423B6DD38F3D44460FC818704BF4BF7BA15AA62143386C58615F719A1C0F4D178E0A3BECD7FFD3DC96AA261BE2006DB5C398BBDCFC8CE8D67DE6FD4B5079E60D5C865B41765A2881FD8AFC6D71B0B3B9C3F347EEDE5D355DA83895DF6E055CF6FF713AA9396821403C31440D40DD410FC0AB965ACA89A2A017A9F00084B6C32DB6A65B4EF5698C994B8B822DADE62789C7F0884372FD4CE7F5E9F9A77B35390AA1A236991B1ECA4C072A3760AEA316291112814A0B81793196EEA5ECF45A0E98DA780F251601AAC03950128A6587C83CA3F78A81D046982167B18DBEF4EEF1350E421A7CE37D62D11823E37C0CDA4FDE22198BED5C49F1ABEBDD9A769FC94B8BF2D023A876C9DE5DAC56EFDF4E00164AF02077046D7C8D5A056A2BFFA4E40B385727E12D6B9AC8CF72C7EE3B7FD86D1CE9EA9856C88A0BAE90AF780C32B9C96A064B84D16D343B9F4E5E1C0F76D19AAD9FAC7C7E56810FC44801F81207669C2E8AE3AC7CEF853F87E68082AD620131768360908A6257248FB53E185D97B22F574555F0B9E366C39FD5B1394FDBAE8D14923E90DD9A9F2256627CD3E19E1FC2C1FF773077A459B902564011E5C23254EC62084604BDA1D2ED134F5BA1EF8AB993778267E54851ED04B6A28EEBA9102F69429A8450A246730E071690E245BD5DE3522641664CC31E11AE648414AB825BB9A774CB9E525C23DD83EB7B650CFCB5AE9EE88E0504B34E667B4FE04336572AB95B42ED10C961B7D176C8E7D3A6EF797CBEF33988AB2899DA553210001855AEE49D9E218B1367472D954EDF4681F138554EBC885B5A20BAA0353AA745FBF1D1FBFE6627E5BB03A34DFA9D2A30674A7968BDD705E744A74649D16D00690D8F01880C41F0A7EC090528E228A4DD24B530BD5CDF4F0387DA4A199015CCAC611665424965F69B91782097B4AFCBB696A600A12D15C88E25A6F77FB4AE5D50E81330CBD2F6EA6704E9862413A4B8D66CC66CDAD4A06D74FF4699F06A15EEB8BC79F05A9498010013004A0BCCECBE0EB62DCFFE8F6436B567119AD0A38E870415D39E14A92BB2B4F3C05C552ACC7CC9AD0781735E94CEF1B6422660DF0E501ED8CA1BFA3EB14F9470B889D7FE006E2AD4E4999CB6DF95FF724FDDBFF4C6476FEB9D6AADD0489A226A825EA4F450DDACB34480D5F1E6B9C0A1CABE14659D28068D8806FC75833FFB98B2B81CC91AA590701E061F882020F78FC04C38E3A325E75192A22A6AE1AD60E393AA2F1DF160F881699F3025F7A78E28A14CCB99BD73C135D0E07BFE4E2A2523BF1E0445C550BAE2A72C67C649B1C29A067A7CAC2E47D4A7ECFAF8A255EAC64E764ACC741AE35FC01FA12057F7352FBE7D92E717327EEACD1BD50E5753A26C40BE8DC2FB8375621EB83F96A004BC8AC8B21C0F5217AFE091A844DE866D89E5EA9705813F960DF6457455317835C4B77A443B955960179D3E5A4649BEC702090AFE7E9E2F1AC2DE85BEB31760A8EC81CC58CFF1DD9F06E2786F4320A144E2E4F4A852056007FA5D27A22E99D60B19FC4D36FE1A5BC201D82C5BE861A9D5BAAC6AFB7F6AB1EE748B9880C40D92B7EA65D00A6970C386C1FCDC5E25B7E8790B6F6B8BF631D70262B3CDBD7CA3023090D0F34112135D75E5BE28378CC5EF48585EDD3C95FD9C817F":0:"308204BD020100300D06092A864886F70D0101010500048204A7308204A30201000282010100D0680E66E3F69348A111BC720B747A402236FA15B330004F21A97E903AB94419F485688BAF2EEC07306D4C321D91DEA5D426D6336D342D967DC4192D537FDFE42548AEE817B57B82A9D75C8308839C739C830C3B6847D9F2EE65899F117DA196DBF64BD6AC6CE4486619FDFB41C57AFB8B8E893526699976CEB8CD3E07B668FB3F18D70C816F6BC1B26F767B1BF987B4D994FD5F53F7B497FF6A43F73D383F8DA05BAA2A68DDDDCFD2B3A7AACFA8B06D26D2C261BFEC13E7BA7C88AC7CA5AE187BE31D8E579FEE2FC90C31E38C249EBC13C70490AC3463269FACF294D419505ADBC54B0697BF01DEB8EB83DF3236DD9059E6BD0CE64D8D39CB80A2DCDF82E19B020301000102820100517E4F1B66CAF5BEF1D4F8A673DA412FB0F1648B75BD3071C10D0143AEE2E14170FF75E92140ACE506C7C682D6534307FF548C7021A4C4AAD3550A2F52366FBB4BE5071814A54FBDC1624877A8ADA6510303AF95CF6A414CA0722E05789672C8860CE28CF871C0369B4E50A59E8B7552C5B89FE89BB3B161E6E616C3C9CA47743A32482A8885035BEB72E85564A0F004C4A99A935F4BAB523857E558FCF4A27ECD30EA5A91205BD84B9F550565561C9CDC324E3CFC478445D12C032B0057035EF4F548280F238038F3EE6097864D8724AFB53BCA8C62A8F5177AA072D4784EAAEB8B81BB6A3ACF453C5859B374E1FA3B3959FDBD630044B530A2FB50232517D902818100FE860C42D18CBDF8758CF5D4D2487E8EA4C0D6D3A1C735AD14A37A66D972B7B2B3D9551E0B25BAB7F58EAD0B7A696686F4B98DDCB15A20A388D1AB7793004B83B97915D747F8CB09390D2C2A0DE05FCAFAA36911DA2F5D30E0E0178FA7B7B0E57006A44056169078690F9B48225340812A2ADA48CC56B48A0FC75C842DE94FA702818100D19D86F612C92312B3C7F673CA9F4C4808ABEBAD925526A4509E3179C025DFE351720B40562355955B5856A0C9B306F0AAA3C132CEF8E04D94651FCE6A6B89FAD6A683E40551743D962FB4AE5895F7186D9EEC1F5E8A11CCC8BE1783080C5C86E909CF366B26E79316AC687F42E6A6300BC50B944642CF297393FE9EF47F3CED0281806035C18ABC754C1610314177BA2947159A777E7D2F0903643289FD29C58694A3CB521AD7A97510989B0CDCA29B1A1E74632B84D16884DE13931356927391C7F9B9F1686D213A8D5D2620B1920FFEC1971399138D79013063DA8D3ABAC5B62CFAFD96B51DD0ACE4DD6F31440C47555AEBB849CC8B7A1A48526BD67B4547A98ABF0281800E8210AD476F9475DEEBA02B3383030C994D0CEADE8DF636B93DB9BEEB85B3915039CC7D8F78B29BBBCEC9702785B49D43B241D4FA6E4F580F45508640E7608D73FDE2730DCB2D7875C4A784C9ACD7856150F696D53C492F1B55CCDACCDBCE2BA8457D8A0EB08AA6AB9313487BA0EB2FB820D34457F897CE0EA9D79DB8DE75A102818100DB30BDD1E07CB8131091FB3DE7284553FCB0C5C9797C02A74D364D235A41DBCB3D210528722440AF91B073BD5D8EEE0123DC32FF67CE8410E9875B3061AA976E0470797A03C7A59B4A25986AF2C79D2237AABADEF8A9F7BD117CA7274FBFAB4DB7BB77583720419A14938FF1DC643D7AAF7119A3DC46F7F178778C51310579A1" + +PBES2 Decrypt AES-256-CBC (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302906092A864886F70D01050C301C0408B948C29B606B981502020800300C06082A864886F70D02090500301D060960864801650304012A0410FD87E5DBEE6E498D887C771C454D4265":"7A776F6C696E":"3BDA5B8B7C541816276A84F779F4961C291CCA695D2DEE57F23B359886852947F1609CAA73072A3D1CEC95B17E987B05C4F401ADBF73B602F031BE107D2290E905E1B16455954C58DE8605CA679FDC83EB3C16427294400AFF227126300E4568CF1332ADAA4CB361F52E0DC4FD19682B7762EAF860B1674549D30ABF4DA2F998364FED59247552E807CCCE4CFD5E4B1F5E37EF3F18ED31BC1318193160AC1FFC487646FAB1FC006A0603AB3DFAB0F068B459665D4902624AC487B924914135BDDD7A2899007F45DB30847745464E1D134A58FCFBA69E13C4BDCDAA6845D57404EF0C46C102DB3621A5EFB0B8DC247951C51BB3777782EF59BBA0211AA5B8E6A91AF6409ED2984B50DC06A2295BE99E4A9B2D769BE13E8E6CF9F01259FCDB09642C10AF77B3B3F057F2D8F7AF234293DF08175D40831FAF776C299CCE88AA5F860318BF96F5C4B52CBAEB3E9BF3092A818A4B638F835084C9666D79668E08D125E0668925123F24BE675B592068F8E29D0FCD9D763148F261D88A9DE9022A6759467EA1BB06CDB20FD335E8D080F18A8DE331873C4A5C4213D36C332E319C146EA10F6FB1BF82493616776BBBD6B38251F847F1961FDAE518E18BECACE932C1EB477946D9381036DC2C9537786A3BE295D5156AB479DD6DD0B3E85652A4B66C0BF69926504A2DC5068A99E05F08DDAC2FD99C2AFA76203B64886D99E8D3C67C94C92BDB9D22B28CA775512A55BB7B4A9483DD2541B0BABF58769CDBFB05EE53FE452E0B4B42DF086F2932969AE943837CD2EDF7B5B731245B1A6C83079F42BFF3B170819F852B5AA493B2D9A378FB8C99F400E7F4E2FE503AB7399F271451238DCA8667077E555D6F96747C5854A9D2F13CE93D2BD6AAF9808DAF0BEFE1448A5536927A9D8C7886FCA937C6912943E4B20412540625F277552E6B6FB914F2916B780CD529FB0A3491C9011E3CFED7BDBFEC3BD18B260DB882294D647AB70577E60C6E3E85F6CAAE9F2EC6820115B5CD854A1368CB4B6D23B16B32CB5DB9D77D7A556EEB6ECD4075C74CE606EA25E0300EC65761F0EFDA7B6E8DA3C0196E274D86BC2911C2A96A6E0B6C259449E4D43C248AE5614D4D74147FB1963C5770958523F7AB8606F904892523BECD2D7CC81DD296361C0D11DFB2CA306B42CC0481E9B3A66FE2E17562FC9210139CE33B9724283207EF6B17496D6D0E1D07641A7BDB4DEF9A7CDE297CFBB119FDB43CF970B6DFF5F08EABE5E087DFBDB067CAEEEB460D381C844154947B527C4C40F452A64EF2E15A4A9D13F060835380FA49B5201682F13E543207E791147D15C54C6540F2F3F3D8AAFC50623B260422EA5558906798FB555BEF0EE8BAFB544442185911883C3CA4DAC700BB8198C4C9E136F3517410AB2FFE605BA6AA27CB35958C7B51EDDA0961CD8F42ED7B61342E9BF7783289CB9D299C9CC84F08B7546D28CCCE2ABCB68A7BAEAC6C67E3FAA14E4502D9711CFAC16E4BBFBE016A9755D49E233B3DDDBF03C77F4542D7566B03264B0B85E006CAABEED61715F2E97913F36DB841B3DFEC1CF6549976D93D35AAE9BC1383F84133F38904F819DF3FDC3DBE636F0661DABEF654D2C52BF1A1A2E33F79032F4E2C34981BC354B74B727CCC759209790FFAFED8E9DB5532AD6F9F0BD7B74A5DE63A4363464DC5A137D56BCCFACBB8C77229B048A587027B24D1968A1BEB3935C6C416E4A8AB14F3AF2C1858942D27CB976AF4":0:"308204BD020100300D06092A864886F70D0101010500048204A7308204A30201000282010100D0680E66E3F69348A111BC720B747A402236FA15B330004F21A97E903AB94419F485688BAF2EEC07306D4C321D91DEA5D426D6336D342D967DC4192D537FDFE42548AEE817B57B82A9D75C8308839C739C830C3B6847D9F2EE65899F117DA196DBF64BD6AC6CE4486619FDFB41C57AFB8B8E893526699976CEB8CD3E07B668FB3F18D70C816F6BC1B26F767B1BF987B4D994FD5F53F7B497FF6A43F73D383F8DA05BAA2A68DDDDCFD2B3A7AACFA8B06D26D2C261BFEC13E7BA7C88AC7CA5AE187BE31D8E579FEE2FC90C31E38C249EBC13C70490AC3463269FACF294D419505ADBC54B0697BF01DEB8EB83DF3236DD9059E6BD0CE64D8D39CB80A2DCDF82E19B020301000102820100517E4F1B66CAF5BEF1D4F8A673DA412FB0F1648B75BD3071C10D0143AEE2E14170FF75E92140ACE506C7C682D6534307FF548C7021A4C4AAD3550A2F52366FBB4BE5071814A54FBDC1624877A8ADA6510303AF95CF6A414CA0722E05789672C8860CE28CF871C0369B4E50A59E8B7552C5B89FE89BB3B161E6E616C3C9CA47743A32482A8885035BEB72E85564A0F004C4A99A935F4BAB523857E558FCF4A27ECD30EA5A91205BD84B9F550565561C9CDC324E3CFC478445D12C032B0057035EF4F548280F238038F3EE6097864D8724AFB53BCA8C62A8F5177AA072D4784EAAEB8B81BB6A3ACF453C5859B374E1FA3B3959FDBD630044B530A2FB50232517D902818100FE860C42D18CBDF8758CF5D4D2487E8EA4C0D6D3A1C735AD14A37A66D972B7B2B3D9551E0B25BAB7F58EAD0B7A696686F4B98DDCB15A20A388D1AB7793004B83B97915D747F8CB09390D2C2A0DE05FCAFAA36911DA2F5D30E0E0178FA7B7B0E57006A44056169078690F9B48225340812A2ADA48CC56B48A0FC75C842DE94FA702818100D19D86F612C92312B3C7F673CA9F4C4808ABEBAD925526A4509E3179C025DFE351720B40562355955B5856A0C9B306F0AAA3C132CEF8E04D94651FCE6A6B89FAD6A683E40551743D962FB4AE5895F7186D9EEC1F5E8A11CCC8BE1783080C5C86E909CF366B26E79316AC687F42E6A6300BC50B944642CF297393FE9EF47F3CED0281806035C18ABC754C1610314177BA2947159A777E7D2F0903643289FD29C58694A3CB521AD7A97510989B0CDCA29B1A1E74632B84D16884DE13931356927391C7F9B9F1686D213A8D5D2620B1920FFEC1971399138D79013063DA8D3ABAC5B62CFAFD96B51DD0ACE4DD6F31440C47555AEBB849CC8B7A1A48526BD67B4547A98ABF0281800E8210AD476F9475DEEBA02B3383030C994D0CEADE8DF636B93DB9BEEB85B3915039CC7D8F78B29BBBCEC9702785B49D43B241D4FA6E4F580F45508640E7608D73FDE2730DCB2D7875C4A784C9ACD7856150F696D53C492F1B55CCDACCDBCE2BA8457D8A0EB08AA6AB9313487BA0EB2FB820D34457F897CE0EA9D79DB8DE75A102818100DB30BDD1E07CB8131091FB3DE7284553FCB0C5C9797C02A74D364D235A41DBCB3D210528722440AF91B073BD5D8EEE0123DC32FF67CE8410E9875B3061AA976E0470797A03C7A59B4A25986AF2C79D2237AABADEF8A9F7BD117CA7274FBFAB4DB7BB77583720419A14938FF1DC643D7AAF7119A3DC46F7F178778C51310579A1" + PBES2 Decrypt (bad params tag) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C pbes2_decrypt:MBEDTLS_ASN1_SEQUENCE:"":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" From 1c19557f49c191df26d4066838575f42d1b786d3 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 19 Sep 2023 17:27:28 +0100 Subject: [PATCH 002/166] Revert increase of test buffer size. Signed-off-by: Ryan Everett --- tests/suites/host_test.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index 95d30f8d2..06f391fa4 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -459,7 +459,7 @@ int execute_tests(int argc, const char **argv) int ret; unsigned total_errors = 0, total_tests = 0, total_skipped = 0; FILE *file; - char buf[10000]; + char buf[5000]; char *params[50]; /* Store for processed integer params. */ mbedtls_test_argument_t int_params[50]; From 1a913093244aff20c37fa1b6b60fc7c21139ff37 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 25 Sep 2023 14:15:03 +0100 Subject: [PATCH 003/166] Restore array formatting Signed-off-by: Ryan Everett --- library/oid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/oid.c b/library/oid.c index 89d133dfe..a1cf6fcd0 100644 --- a/library/oid.c +++ b/library/oid.c @@ -710,7 +710,7 @@ static const oid_cipher_alg_t oid_cipher_alg[] = { NULL_OID_DESCRIPTOR, MBEDTLS_CIPHER_NONE, - } + }, }; FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg) From 223e716693f969561db05d887e66b6aad576e814 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 25 Sep 2023 14:26:53 +0100 Subject: [PATCH 004/166] Replace AES-CBC test data Previously the buffer size was increased in order to allow for large test data, these new tests fit in the original sized buffer. Test data generated with openssl using the following command line: openssl kdf -keylen $LEN -kdfopt digest:SHA256 -kdfopt iter:10000 -kdfopt pass:"PasswordPasswordPassword" -kdfopt hexsalt:0102030405060708 PBKDF2 openssl enc -$ENC -iv 2F904F75B47B48A618068D79BD9A826C -K $KEY -in $IN -e -out $OUT Signed-off-by: Ryan Everett --- tests/suites/test_suite_pkcs5.data | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index 8480b5c00..94ac86c04 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -142,21 +142,17 @@ PBES2 Decrypt (Invalid padding & PKCS7 padding enabled) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607" -PBES2 Decrypt DES-EDE3-CBC (OK) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302906092A864886F70D01050C301C040832A773780540A2D602020800300C06082A864886F70D02090500301406082A864886F70D03070408480B29975B655BCE":"7A776F6C696E":"7C4948C17F9ABCDD9CC8DE3C91C83B6BAA2D01ABBC86DD3336875B018A7AA5527EEBA4788992FED8966923A1BD0405A1B2CA2FC011944E360863E4437D14C2F82A465D3F58D3B005389F8B46F5900A170B7A6A371DD052C59EF76858ADB553E1BD9EAA284EE1DA150BBF61879A6FC265886B5D12596D2413A9E3881EA49366D68BFD6DDA087E15A3F1C426D0416B294A57F7599D2F49C5090550A4DAD4781541E362D76F84A3389676EBE4F556FCCFC8E16065101ECC888E60D5DD58244A3CD1B90731DB5A43B30BDBF41C66A3E26AAF6363D630242CC1A6F456672FB7290D5542BFD32776619C6FD9C863CAC856DC529EFEFBE96F353697E5EC878762814ED0E6A672B38BF0D5B76F1825E8C697A646779FCD819BF4F28AE461D436D8535641670638E5C6FC8F7F2B6CA9F2868DEC0A3830645BC84701CC6A02A14E2AEE8D33D9224C96FA2F26F4675B3A73A0C7571552FE25C49F2455526D93F869A7E7C56E5E9F3012A05B298A38D7E3EEF66C6E13301B34B15C3D98446BF044E1F7C4A6FCE867AB9A68567ABC844A6B65AF8FA33D6BF899ADE0DCE98D50352F15EE2AFFD5D3BECD867DA7F54C6DEDB3396D30516FAECD3E62083E55A4A65D3CE6AB39DADD6A7C5EB192F14B8D13773AFA2CBB081350FA7DD9B5F1AD78E0F9DE17216DAE4D21EA843C4DDCD2C0B963F27F9F774435C200864D59CF28C483BCD948CA1E8950CF7C924D7BB69D85FD99BBB3E466AC36B0887CCCCDA508C55D55AC0B7045B6CC4013E9B216E6C40A6F1EFA299A078849DF7C90D1F8BCA7295B0C74403C6AE3D79717955F134AB7962F44DA87351B6F71569CA30A3D55B58958C485A285C169649607F2736DA0FC1E6BD35B7F63DBD8B3BDF300603BBFB54C23F895DCC5E086BDA3EB41D54E591A5B8537EBA4AA876513271270E2D953DA6F7AF95EF91CC986487E1F3136B15368C9638D5867FD4F8E581A3E6E1D552E778C99E465D7B243AE2C4525CE15C35E6588931FE8C476BA8ECA7CAE327B946C384FDF37448BE3662D1EAEFF7063C8427BADD713CB8EB7093FD9F3ABE582B9175C5AE10F1C85369B93A0DA29F120B12206B31B25670C8025C7F74FC2F59ADBA35E157F5BF2E77B01D61A77F1E33B7877A54F66ABD1E6CA12819EB951CFD89BBF985FD550EB2AB5AD4B8B0099A00E3FD358D2808E6178C14B1C365A1D31B7BA3F9F7F7A06852C5329D26C64AB4C1392C2FA9CDD78D30983C14E7BC9F19EF30BA5CC58759C7BC6F7F324D0A79188EB0740FD83E3B0B0664748F16071BB658C5679B7967C31300BC11B73A18545959F324734FCD4C06DE33E9290915A40A8F7799E049B8B7CCEACA02515720ECFAD78B7CB36A6144EB9AE483EA1AE978054B84C68BBA29D95C619516B783D11A6150D88DD594B975A7FD217944BD177E04FE21FE78B7BDC4B4E1E4012B756AF83589447739A5CEF211AB706C137FFC28D17F24891DF0C5DD811DE3AE90B6C4B0324376EB8A4980CF789541E2A1BFAAB3E0E64D50F584346727FEEB4EC1BBC1FFE08AF71E1A700E890006401191047661CAF3030F0D489C28BFFF374334036A68A6F4D67C25E90B04ADD9AC1763183E30E461918D45EE9C3A4F4CE621FABF6907901939278FB6FE940BCF0C6575F25C759263931383B001C7823340D9D739520E23517A8CE6EBBD4D16AAFA2149B9F04873DBD652D8CE033D65C021D4825A065F6E4CAD1927F9A":0:"308204BD020100300D06092A864886F70D0101010500048204A7308204A30201000282010100D0680E66E3F69348A111BC720B747A402236FA15B330004F21A97E903AB94419F485688BAF2EEC07306D4C321D91DEA5D426D6336D342D967DC4192D537FDFE42548AEE817B57B82A9D75C8308839C739C830C3B6847D9F2EE65899F117DA196DBF64BD6AC6CE4486619FDFB41C57AFB8B8E893526699976CEB8CD3E07B668FB3F18D70C816F6BC1B26F767B1BF987B4D994FD5F53F7B497FF6A43F73D383F8DA05BAA2A68DDDDCFD2B3A7AACFA8B06D26D2C261BFEC13E7BA7C88AC7CA5AE187BE31D8E579FEE2FC90C31E38C249EBC13C70490AC3463269FACF294D419505ADBC54B0697BF01DEB8EB83DF3236DD9059E6BD0CE64D8D39CB80A2DCDF82E19B020301000102820100517E4F1B66CAF5BEF1D4F8A673DA412FB0F1648B75BD3071C10D0143AEE2E14170FF75E92140ACE506C7C682D6534307FF548C7021A4C4AAD3550A2F52366FBB4BE5071814A54FBDC1624877A8ADA6510303AF95CF6A414CA0722E05789672C8860CE28CF871C0369B4E50A59E8B7552C5B89FE89BB3B161E6E616C3C9CA47743A32482A8885035BEB72E85564A0F004C4A99A935F4BAB523857E558FCF4A27ECD30EA5A91205BD84B9F550565561C9CDC324E3CFC478445D12C032B0057035EF4F548280F238038F3EE6097864D8724AFB53BCA8C62A8F5177AA072D4784EAAEB8B81BB6A3ACF453C5859B374E1FA3B3959FDBD630044B530A2FB50232517D902818100FE860C42D18CBDF8758CF5D4D2487E8EA4C0D6D3A1C735AD14A37A66D972B7B2B3D9551E0B25BAB7F58EAD0B7A696686F4B98DDCB15A20A388D1AB7793004B83B97915D747F8CB09390D2C2A0DE05FCAFAA36911DA2F5D30E0E0178FA7B7B0E57006A44056169078690F9B48225340812A2ADA48CC56B48A0FC75C842DE94FA702818100D19D86F612C92312B3C7F673CA9F4C4808ABEBAD925526A4509E3179C025DFE351720B40562355955B5856A0C9B306F0AAA3C132CEF8E04D94651FCE6A6B89FAD6A683E40551743D962FB4AE5895F7186D9EEC1F5E8A11CCC8BE1783080C5C86E909CF366B26E79316AC687F42E6A6300BC50B944642CF297393FE9EF47F3CED0281806035C18ABC754C1610314177BA2947159A777E7D2F0903643289FD29C58694A3CB521AD7A97510989B0CDCA29B1A1E74632B84D16884DE13931356927391C7F9B9F1686D213A8D5D2620B1920FFEC1971399138D79013063DA8D3ABAC5B62CFAFD96B51DD0ACE4DD6F31440C47555AEBB849CC8B7A1A48526BD67B4547A98ABF0281800E8210AD476F9475DEEBA02B3383030C994D0CEADE8DF636B93DB9BEEB85B3915039CC7D8F78B29BBBCEC9702785B49D43B241D4FA6E4F580F45508640E7608D73FDE2730DCB2D7875C4A784C9ACD7856150F696D53C492F1B55CCDACCDBCE2BA8457D8A0EB08AA6AB9313487BA0EB2FB820D34457F897CE0EA9D79DB8DE75A102818100DB30BDD1E07CB8131091FB3DE7284553FCB0C5C9797C02A74D364D235A41DBCB3D210528722440AF91B073BD5D8EEE0123DC32FF67CE8410E9875B3061AA976E0470797A03C7A59B4A25986AF2C79D2237AABADEF8A9F7BD117CA7274FBFAB4DB7BB77583720419A14938FF1DC643D7AAF7119A3DC46F7F178778C51310579A1" - PBES2 Decrypt AES-128-CBC (OK) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302906092A864886F70D01050C301C0408E9ED80B476045B2602020800300C06082A864886F70D02090500301D0609608648016503040102041052C89F1A8BE8E0EAE6D415F1974624A4":"7A776F6C696E":"279EBEFD0DDC751FFEABDC91F9C8BEA6081E58702D429E0D44FE96735AE6DD58BD4CD84498A91804F43D669A7159C57B758D536C0CF237FE4E868CE0AE87DA2C97B9649975FE189A9200435BFFD0304286508B0F9AB8C2E36B09AF336E27A6F40EE1AA1906A38A9E187E4A7A14B472D89C6A65D39AA9D390445A6859894431BEF8EAE07B914A70F55D95DF2FB1DB8B40154C1F1E16B4273156328DBAFDDBE2AE41BEAF227525D3B5D57FE9B7C188A2FE8493ABA3C916EDF486F520C670F505A4FC8DD083245032EF69C6C76141C8576AE7E59D4DB5974C316848CCCF6A36EFB3BA67175FD996756F3E51034D659CF98D95F953BBE5A9DE564426FCE324D3A3F463C2E6464DBC34610ECEC20518B47ACB9A4ED85C326A963D3B3C7088AF2A320E4B364666D2EE3D38D067808EC01BB765C5D4B4487E2F9D9FFEC8F0EC4C4262070F252C7E9D95CF01747055E2176BB9D17DE302ADC1C39335849797DF171AAF89946931D5A5C94FB85DB84D67290974B4F8F8E677F77FD62FE7B0A10E4DE9FE83598F47D3B32015FA2B1558672D2D81C65C123AE821052C84FA0ED2C5A5A39A7B12CFEB68887722970FC907D1B586A67F8479A1EBC4E8AE4676047086A7EE7520C9147C089B4AE5B2505C14C6F28F645F90C55E51BADBC4B4167EC4A757CD59452E800BCCA9D3DD01BD084057102403B4804D51A6EF404AB5B31FFFFA19AC56861D9863A5460077D109E043E5B2134D812652E80E3FF804FD1A0114FD8F1F72D97A0A6E88A2DE124FFCD2C17B7BCAC30B19189BC8301B25012C05014BA7DA9949A9F0F30470C760474E27A8160F237DAFA85CBE5499C7429109858E581AD2D5A4634691BEFA1C5545F78D0B93F140D5ABF06FB91CFDBD1D93D106199A1E35F651053D0E80787CEED53404F0F0C9EA54C8CC39682916D6731C3B91A4988B54D821F0EAD621606765F8048ED9FAE9DAB781C830C77DA70C44DB8C4BB000CE12C59DCA4BA5966EB25F7B32EBCB524C8C4B019B65E3B024E41BBDE68531A2205A784A842EB9673B56CDF88C2F056C9E5685C7BA0E52E067EC8B4B7CDAA8C6F1AFAFC05C51119A6AC25122C5F93E9157761788AB76641300CCBA08845C2932729CC31FE6E8577E3A565BCA9E6668619874540FC866B8677A8452BEAD9C6648893355D82B2D0EAEF1B13C5B1A3DDDB23B2EA00B9C9F627E753D7FF51D5AF87C2A07FE228CB00EC497D8869973282188833E36C74111050B409877913760E7C77F05B6B4DD19778F69F3F46F54B4842863B7BB0716DA26DDA07DDD334FCC7DD2B1A03FE0DE31B4018D2D96AED72B8D2F206D1011BCEFEE9EA413CDB053665553FEEA2E3EB54DD525DC12B7BBC3A76F1530F320717CBEF5AA541791335901A57436ECFE9917B9D009178CDDFBD9FD8756A808B72668B34A3D86303A6D5F6D38685356C1A87ECD2EC61A63FC53F5DA959B33988E869785E694AB079763CA9DD9B1EA2B8BAE5F31EB75D0F71D87B68AA9A4CB6995859FAB0028EFC633ED4DAA4A8FB0E6A55EF9B2DEA1E947C8DEA81CEAB9232A29340947719D4CEAABFB8E1E065F43F231D6A1C83E8F554530C58F8C02D2386F2C67D2F043097375ABD0C18F390BFA2867F870B1A1DA1AB6103D2275420B09778D9B775F147B6BB47598367F9C44AF509136F5F69E61E4A8592E44C860041D5C9C94A63BE17C6E93995A321238D80EF111F8BF137C7A38FACB6329CFDC9A5B9FB2DB":0:"308204BD020100300D06092A864886F70D0101010500048204A7308204A30201000282010100D0680E66E3F69348A111BC720B747A402236FA15B330004F21A97E903AB94419F485688BAF2EEC07306D4C321D91DEA5D426D6336D342D967DC4192D537FDFE42548AEE817B57B82A9D75C8308839C739C830C3B6847D9F2EE65899F117DA196DBF64BD6AC6CE4486619FDFB41C57AFB8B8E893526699976CEB8CD3E07B668FB3F18D70C816F6BC1B26F767B1BF987B4D994FD5F53F7B497FF6A43F73D383F8DA05BAA2A68DDDDCFD2B3A7AACFA8B06D26D2C261BFEC13E7BA7C88AC7CA5AE187BE31D8E579FEE2FC90C31E38C249EBC13C70490AC3463269FACF294D419505ADBC54B0697BF01DEB8EB83DF3236DD9059E6BD0CE64D8D39CB80A2DCDF82E19B020301000102820100517E4F1B66CAF5BEF1D4F8A673DA412FB0F1648B75BD3071C10D0143AEE2E14170FF75E92140ACE506C7C682D6534307FF548C7021A4C4AAD3550A2F52366FBB4BE5071814A54FBDC1624877A8ADA6510303AF95CF6A414CA0722E05789672C8860CE28CF871C0369B4E50A59E8B7552C5B89FE89BB3B161E6E616C3C9CA47743A32482A8885035BEB72E85564A0F004C4A99A935F4BAB523857E558FCF4A27ECD30EA5A91205BD84B9F550565561C9CDC324E3CFC478445D12C032B0057035EF4F548280F238038F3EE6097864D8724AFB53BCA8C62A8F5177AA072D4784EAAEB8B81BB6A3ACF453C5859B374E1FA3B3959FDBD630044B530A2FB50232517D902818100FE860C42D18CBDF8758CF5D4D2487E8EA4C0D6D3A1C735AD14A37A66D972B7B2B3D9551E0B25BAB7F58EAD0B7A696686F4B98DDCB15A20A388D1AB7793004B83B97915D747F8CB09390D2C2A0DE05FCAFAA36911DA2F5D30E0E0178FA7B7B0E57006A44056169078690F9B48225340812A2ADA48CC56B48A0FC75C842DE94FA702818100D19D86F612C92312B3C7F673CA9F4C4808ABEBAD925526A4509E3179C025DFE351720B40562355955B5856A0C9B306F0AAA3C132CEF8E04D94651FCE6A6B89FAD6A683E40551743D962FB4AE5895F7186D9EEC1F5E8A11CCC8BE1783080C5C86E909CF366B26E79316AC687F42E6A6300BC50B944642CF297393FE9EF47F3CED0281806035C18ABC754C1610314177BA2947159A777E7D2F0903643289FD29C58694A3CB521AD7A97510989B0CDCA29B1A1E74632B84D16884DE13931356927391C7F9B9F1686D213A8D5D2620B1920FFEC1971399138D79013063DA8D3ABAC5B62CFAFD96B51DD0ACE4DD6F31440C47555AEBB849CC8B7A1A48526BD67B4547A98ABF0281800E8210AD476F9475DEEBA02B3383030C994D0CEADE8DF636B93DB9BEEB85B3915039CC7D8F78B29BBBCEC9702785B49D43B241D4FA6E4F580F45508640E7608D73FDE2730DCB2D7875C4A784C9ACD7856150F696D53C492F1B55CCDACCDBCE2BA8457D8A0EB08AA6AB9313487BA0EB2FB820D34457F897CE0EA9D79DB8DE75A102818100DB30BDD1E07CB8131091FB3DE7284553FCB0C5C9797C02A74D364D235A41DBCB3D210528722440AF91B073BD5D8EEE0123DC32FF67CE8410E9875B3061AA976E0470797A03C7A59B4A25986AF2C79D2237AABADEF8A9F7BD117CA7274FBFAB4DB7BB77583720419A14938FF1DC643D7AAF7119A3DC46F7F178778C51310579A1" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" PBES2 Decrypt AES-192-CBC (OK) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302906092A864886F70D01050C301C0408777618CD183CC88102020800300C06082A864886F70D02090500301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"7A776F6C696E":"540DADAE140E86453630405F6C5C97FFBD691D1BB3F9294292138BB3757EB78E1AAC1016257D387FB6D92A85E7D2E41EAC0D532018423B6DD38F3D44460FC818704BF4BF7BA15AA62143386C58615F719A1C0F4D178E0A3BECD7FFD3DC96AA261BE2006DB5C398BBDCFC8CE8D67DE6FD4B5079E60D5C865B41765A2881FD8AFC6D71B0B3B9C3F347EEDE5D355DA83895DF6E055CF6FF713AA9396821403C31440D40DD410FC0AB965ACA89A2A017A9F00084B6C32DB6A65B4EF5698C994B8B822DADE62789C7F0884372FD4CE7F5E9F9A77B35390AA1A236991B1ECA4C072A3760AEA316291112814A0B81793196EEA5ECF45A0E98DA780F251601AAC03950128A6587C83CA3F78A81D046982167B18DBEF4EEF1350E421A7CE37D62D11823E37C0CDA4FDE22198BED5C49F1ABEBDD9A769FC94B8BF2D023A876C9DE5DAC56EFDF4E00164AF02077046D7C8D5A056A2BFFA4E40B385727E12D6B9AC8CF72C7EE3B7FD86D1CE9EA9856C88A0BAE90AF780C32B9C96A064B84D16D343B9F4E5E1C0F76D19AAD9FAC7C7E56810FC44801F81207669C2E8AE3AC7CEF853F87E68082AD620131768360908A6257248FB53E185D97B22F574555F0B9E366C39FD5B1394FDBAE8D14923E90DD9A9F2256627CD3E19E1FC2C1FF773077A459B902564011E5C23254EC62084604BDA1D2ED134F5BA1EF8AB993778267E54851ED04B6A28EEBA9102F69429A8450A246730E071690E245BD5DE3522641664CC31E11AE648414AB825BB9A774CB9E525C23DD83EB7B650CFCB5AE9EE88E0504B34E667B4FE04336572AB95B42ED10C961B7D176C8E7D3A6EF797CBEF33988AB2899DA553210001855AEE49D9E218B1367472D954EDF4681F138554EBC885B5A20BAA0353AA745FBF1D1FBFE6627E5BB03A34DFA9D2A30674A7968BDD705E744A74649D16D00690D8F01880C41F0A7EC090528E228A4DD24B530BD5CDF4F0387DA4A199015CCAC611665424965F69B91782097B4AFCBB696A600A12D15C88E25A6F77FB4AE5D50E81330CBD2F6EA6704E9862413A4B8D66CC66CDAD4A06D74FF4699F06A15EEB8BC79F05A9498010013004A0BCCECBE0EB62DCFFE8F6436B567119AD0A38E870415D39E14A92BB2B4F3C05C552ACC7CC9AD0781735E94CEF1B6422660DF0E501ED8CA1BFA3EB14F9470B889D7FE006E2AD4E4999CB6DF95FF724FDDBFF4C6476FEB9D6AADD0489A226A825EA4F450DDACB34480D5F1E6B9C0A1CABE14659D28068D8806FC75833FFB98B2B81CC91AA590701E061F882020F78FC04C38E3A325E75192A22A6AE1AD60E393AA2F1DF160F881699F3025F7A78E28A14CCB99BD73C135D0E07BFE4E2A2523BF1E0445C550BAE2A72C67C649B1C29A067A7CAC2E47D4A7ECFAF8A255EAC64E764ACC741AE35FC01FA12057F7352FBE7D92E717327EEACD1BD50E5753A26C40BE8DC2FB8375621EB83F96A004BC8AC8B21C0F5217AFE091A844DE866D89E5EA9705813F960DF6457455317835C4B77A443B955960179D3E5A4649BEC702090AFE7E9E2F1AC2DE85BEB31760A8EC81CC58CFF1DD9F06E2786F4320A144E2E4F4A852056007FA5D27A22E99D60B19FC4D36FE1A5BC201D82C5BE861A9D5BAAC6AFB7F6AB1EE748B9880C40D92B7EA65D00A6970C386C1FCDC5E25B7E8790B6F6B8BF631D70262B3CDBD7CA3023090D0F34112135D75E5BE28378CC5EF48585EDD3C95FD9C817F":0:"308204BD020100300D06092A864886F70D0101010500048204A7308204A30201000282010100D0680E66E3F69348A111BC720B747A402236FA15B330004F21A97E903AB94419F485688BAF2EEC07306D4C321D91DEA5D426D6336D342D967DC4192D537FDFE42548AEE817B57B82A9D75C8308839C739C830C3B6847D9F2EE65899F117DA196DBF64BD6AC6CE4486619FDFB41C57AFB8B8E893526699976CEB8CD3E07B668FB3F18D70C816F6BC1B26F767B1BF987B4D994FD5F53F7B497FF6A43F73D383F8DA05BAA2A68DDDDCFD2B3A7AACFA8B06D26D2C261BFEC13E7BA7C88AC7CA5AE187BE31D8E579FEE2FC90C31E38C249EBC13C70490AC3463269FACF294D419505ADBC54B0697BF01DEB8EB83DF3236DD9059E6BD0CE64D8D39CB80A2DCDF82E19B020301000102820100517E4F1B66CAF5BEF1D4F8A673DA412FB0F1648B75BD3071C10D0143AEE2E14170FF75E92140ACE506C7C682D6534307FF548C7021A4C4AAD3550A2F52366FBB4BE5071814A54FBDC1624877A8ADA6510303AF95CF6A414CA0722E05789672C8860CE28CF871C0369B4E50A59E8B7552C5B89FE89BB3B161E6E616C3C9CA47743A32482A8885035BEB72E85564A0F004C4A99A935F4BAB523857E558FCF4A27ECD30EA5A91205BD84B9F550565561C9CDC324E3CFC478445D12C032B0057035EF4F548280F238038F3EE6097864D8724AFB53BCA8C62A8F5177AA072D4784EAAEB8B81BB6A3ACF453C5859B374E1FA3B3959FDBD630044B530A2FB50232517D902818100FE860C42D18CBDF8758CF5D4D2487E8EA4C0D6D3A1C735AD14A37A66D972B7B2B3D9551E0B25BAB7F58EAD0B7A696686F4B98DDCB15A20A388D1AB7793004B83B97915D747F8CB09390D2C2A0DE05FCAFAA36911DA2F5D30E0E0178FA7B7B0E57006A44056169078690F9B48225340812A2ADA48CC56B48A0FC75C842DE94FA702818100D19D86F612C92312B3C7F673CA9F4C4808ABEBAD925526A4509E3179C025DFE351720B40562355955B5856A0C9B306F0AAA3C132CEF8E04D94651FCE6A6B89FAD6A683E40551743D962FB4AE5895F7186D9EEC1F5E8A11CCC8BE1783080C5C86E909CF366B26E79316AC687F42E6A6300BC50B944642CF297393FE9EF47F3CED0281806035C18ABC754C1610314177BA2947159A777E7D2F0903643289FD29C58694A3CB521AD7A97510989B0CDCA29B1A1E74632B84D16884DE13931356927391C7F9B9F1686D213A8D5D2620B1920FFEC1971399138D79013063DA8D3ABAC5B62CFAFD96B51DD0ACE4DD6F31440C47555AEBB849CC8B7A1A48526BD67B4547A98ABF0281800E8210AD476F9475DEEBA02B3383030C994D0CEADE8DF636B93DB9BEEB85B3915039CC7D8F78B29BBBCEC9702785B49D43B241D4FA6E4F580F45508640E7608D73FDE2730DCB2D7875C4A784C9ACD7856150F696D53C492F1B55CCDACCDBCE2BA8457D8A0EB08AA6AB9313487BA0EB2FB820D34457F897CE0EA9D79DB8DE75A102818100DB30BDD1E07CB8131091FB3DE7284553FCB0C5C9797C02A74D364D235A41DBCB3D210528722440AF91B073BD5D8EEE0123DC32FF67CE8410E9875B3061AA976E0470797A03C7A59B4A25986AF2C79D2237AABADEF8A9F7BD117CA7274FBFAB4DB7BB77583720419A14938FF1DC643D7AAF7119A3DC46F7F178778C51310579A1" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" PBES2 Decrypt AES-256-CBC (OK) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302906092A864886F70D01050C301C0408B948C29B606B981502020800300C06082A864886F70D02090500301D060960864801650304012A0410FD87E5DBEE6E498D887C771C454D4265":"7A776F6C696E":"3BDA5B8B7C541816276A84F779F4961C291CCA695D2DEE57F23B359886852947F1609CAA73072A3D1CEC95B17E987B05C4F401ADBF73B602F031BE107D2290E905E1B16455954C58DE8605CA679FDC83EB3C16427294400AFF227126300E4568CF1332ADAA4CB361F52E0DC4FD19682B7762EAF860B1674549D30ABF4DA2F998364FED59247552E807CCCE4CFD5E4B1F5E37EF3F18ED31BC1318193160AC1FFC487646FAB1FC006A0603AB3DFAB0F068B459665D4902624AC487B924914135BDDD7A2899007F45DB30847745464E1D134A58FCFBA69E13C4BDCDAA6845D57404EF0C46C102DB3621A5EFB0B8DC247951C51BB3777782EF59BBA0211AA5B8E6A91AF6409ED2984B50DC06A2295BE99E4A9B2D769BE13E8E6CF9F01259FCDB09642C10AF77B3B3F057F2D8F7AF234293DF08175D40831FAF776C299CCE88AA5F860318BF96F5C4B52CBAEB3E9BF3092A818A4B638F835084C9666D79668E08D125E0668925123F24BE675B592068F8E29D0FCD9D763148F261D88A9DE9022A6759467EA1BB06CDB20FD335E8D080F18A8DE331873C4A5C4213D36C332E319C146EA10F6FB1BF82493616776BBBD6B38251F847F1961FDAE518E18BECACE932C1EB477946D9381036DC2C9537786A3BE295D5156AB479DD6DD0B3E85652A4B66C0BF69926504A2DC5068A99E05F08DDAC2FD99C2AFA76203B64886D99E8D3C67C94C92BDB9D22B28CA775512A55BB7B4A9483DD2541B0BABF58769CDBFB05EE53FE452E0B4B42DF086F2932969AE943837CD2EDF7B5B731245B1A6C83079F42BFF3B170819F852B5AA493B2D9A378FB8C99F400E7F4E2FE503AB7399F271451238DCA8667077E555D6F96747C5854A9D2F13CE93D2BD6AAF9808DAF0BEFE1448A5536927A9D8C7886FCA937C6912943E4B20412540625F277552E6B6FB914F2916B780CD529FB0A3491C9011E3CFED7BDBFEC3BD18B260DB882294D647AB70577E60C6E3E85F6CAAE9F2EC6820115B5CD854A1368CB4B6D23B16B32CB5DB9D77D7A556EEB6ECD4075C74CE606EA25E0300EC65761F0EFDA7B6E8DA3C0196E274D86BC2911C2A96A6E0B6C259449E4D43C248AE5614D4D74147FB1963C5770958523F7AB8606F904892523BECD2D7CC81DD296361C0D11DFB2CA306B42CC0481E9B3A66FE2E17562FC9210139CE33B9724283207EF6B17496D6D0E1D07641A7BDB4DEF9A7CDE297CFBB119FDB43CF970B6DFF5F08EABE5E087DFBDB067CAEEEB460D381C844154947B527C4C40F452A64EF2E15A4A9D13F060835380FA49B5201682F13E543207E791147D15C54C6540F2F3F3D8AAFC50623B260422EA5558906798FB555BEF0EE8BAFB544442185911883C3CA4DAC700BB8198C4C9E136F3517410AB2FFE605BA6AA27CB35958C7B51EDDA0961CD8F42ED7B61342E9BF7783289CB9D299C9CC84F08B7546D28CCCE2ABCB68A7BAEAC6C67E3FAA14E4502D9711CFAC16E4BBFBE016A9755D49E233B3DDDBF03C77F4542D7566B03264B0B85E006CAABEED61715F2E97913F36DB841B3DFEC1CF6549976D93D35AAE9BC1383F84133F38904F819DF3FDC3DBE636F0661DABEF654D2C52BF1A1A2E33F79032F4E2C34981BC354B74B727CCC759209790FFAFED8E9DB5532AD6F9F0BD7B74A5DE63A4363464DC5A137D56BCCFACBB8C77229B048A587027B24D1968A1BEB3935C6C416E4A8AB14F3AF2C1858942D27CB976AF4":0:"308204BD020100300D06092A864886F70D0101010500048204A7308204A30201000282010100D0680E66E3F69348A111BC720B747A402236FA15B330004F21A97E903AB94419F485688BAF2EEC07306D4C321D91DEA5D426D6336D342D967DC4192D537FDFE42548AEE817B57B82A9D75C8308839C739C830C3B6847D9F2EE65899F117DA196DBF64BD6AC6CE4486619FDFB41C57AFB8B8E893526699976CEB8CD3E07B668FB3F18D70C816F6BC1B26F767B1BF987B4D994FD5F53F7B497FF6A43F73D383F8DA05BAA2A68DDDDCFD2B3A7AACFA8B06D26D2C261BFEC13E7BA7C88AC7CA5AE187BE31D8E579FEE2FC90C31E38C249EBC13C70490AC3463269FACF294D419505ADBC54B0697BF01DEB8EB83DF3236DD9059E6BD0CE64D8D39CB80A2DCDF82E19B020301000102820100517E4F1B66CAF5BEF1D4F8A673DA412FB0F1648B75BD3071C10D0143AEE2E14170FF75E92140ACE506C7C682D6534307FF548C7021A4C4AAD3550A2F52366FBB4BE5071814A54FBDC1624877A8ADA6510303AF95CF6A414CA0722E05789672C8860CE28CF871C0369B4E50A59E8B7552C5B89FE89BB3B161E6E616C3C9CA47743A32482A8885035BEB72E85564A0F004C4A99A935F4BAB523857E558FCF4A27ECD30EA5A91205BD84B9F550565561C9CDC324E3CFC478445D12C032B0057035EF4F548280F238038F3EE6097864D8724AFB53BCA8C62A8F5177AA072D4784EAAEB8B81BB6A3ACF453C5859B374E1FA3B3959FDBD630044B530A2FB50232517D902818100FE860C42D18CBDF8758CF5D4D2487E8EA4C0D6D3A1C735AD14A37A66D972B7B2B3D9551E0B25BAB7F58EAD0B7A696686F4B98DDCB15A20A388D1AB7793004B83B97915D747F8CB09390D2C2A0DE05FCAFAA36911DA2F5D30E0E0178FA7B7B0E57006A44056169078690F9B48225340812A2ADA48CC56B48A0FC75C842DE94FA702818100D19D86F612C92312B3C7F673CA9F4C4808ABEBAD925526A4509E3179C025DFE351720B40562355955B5856A0C9B306F0AAA3C132CEF8E04D94651FCE6A6B89FAD6A683E40551743D962FB4AE5895F7186D9EEC1F5E8A11CCC8BE1783080C5C86E909CF366B26E79316AC687F42E6A6300BC50B944642CF297393FE9EF47F3CED0281806035C18ABC754C1610314177BA2947159A777E7D2F0903643289FD29C58694A3CB521AD7A97510989B0CDCA29B1A1E74632B84D16884DE13931356927391C7F9B9F1686D213A8D5D2620B1920FFEC1971399138D79013063DA8D3ABAC5B62CFAFD96B51DD0ACE4DD6F31440C47555AEBB849CC8B7A1A48526BD67B4547A98ABF0281800E8210AD476F9475DEEBA02B3383030C994D0CEADE8DF636B93DB9BEEB85B3915039CC7D8F78B29BBBCEC9702785B49D43B241D4FA6E4F580F45508640E7608D73FDE2730DCB2D7875C4A784C9ACD7856150F696D53C492F1B55CCDACCDBCE2BA8457D8A0EB08AA6AB9313487BA0EB2FB820D34457F897CE0EA9D79DB8DE75A102818100DB30BDD1E07CB8131091FB3DE7284553FCB0C5C9797C02A74D364D235A41DBCB3D210528722440AF91B073BD5D8EEE0123DC32FF67CE8410E9875B3061AA976E0470797A03C7A59B4A25986AF2C79D2237AABADEF8A9F7BD117CA7274FBFAB4DB7BB77583720419A14938FF1DC643D7AAF7119A3DC46F7F178778C51310579A1" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" PBES2 Decrypt (bad params tag) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C From 8494c986a0cf12ad8e8dd8359bed055eb7028f0a Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 10 Oct 2023 18:26:57 +0100 Subject: [PATCH 005/166] Add Encryption test data for AES 128,196,256 PBES2 Data (for encryption and decryption) generated using openssl: openssl kdf -keylen 24 -kdfopt digest:SHA256 -kdfopt iter:10000 -kdfopt pass:"PasswordPasswordPassword" -kdfopt hexsalt:0102030405060708 PBKDF2 69D1831EA16816B82797E5E9619C2F62153BC65C1791B5C0 openssl enc $MODE -iv 2F904F75B47B48A618068D79BD9A826C -K $KEY -in $FILE -e -out $ENC Signed-off-by: Ryan Everett --- tests/suites/test_suite_pkcs5.data | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index 94ac86c04..f372520e3 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -142,6 +142,18 @@ PBES2 Decrypt (Invalid padding & PKCS7 padding enabled) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607" +PBES2 Encrypt AES-128-CBC (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e" + +PBES2 Encrypt AES-192-CBC (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94" + +PBES2 Encrypt AES-256-CBC (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566" + PBES2 Decrypt AES-128-CBC (OK) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" From 632699b9255be5070c35618622b70db1bbc7248d Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 11 Oct 2023 14:20:33 +0100 Subject: [PATCH 006/166] Add Changelog Signed-off-by: Ryan Everett --- ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt diff --git a/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt b/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt new file mode 100644 index 000000000..96f48d6e7 --- /dev/null +++ b/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt @@ -0,0 +1,3 @@ +Features + * Add support for using AES-CBC 128, 192, and 256 bit schemes + with PKCS#5 PBES2. \ No newline at end of file From cd80f09aa3628d671394fa985948de1b287c5689 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 12 Oct 2023 11:08:20 +0100 Subject: [PATCH 007/166] Fix Changelog formatting Signed-off-by: Ryan Everett --- ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt b/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt index 96f48d6e7..e00c1e0a6 100644 --- a/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt +++ b/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt @@ -1,3 +1,3 @@ Features * Add support for using AES-CBC 128, 192, and 256 bit schemes - with PKCS#5 PBES2. \ No newline at end of file + with PKCS#5 PBES2. From 86bfbe8ef2621973f4760bc8f0299e14aa1dc7a2 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 12 Oct 2023 11:19:13 +0100 Subject: [PATCH 008/166] Fix test data dependencies Signed-off-by: Ryan Everett --- tests/suites/test_suite_pkcs5.data | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index f372520e3..3bd6b49f0 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -143,27 +143,27 @@ depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIP pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607" PBES2 Encrypt AES-128-CBC (OK) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e" PBES2 Encrypt AES-192-CBC (OK) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94" PBES2 Encrypt AES-256-CBC (OK) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566" PBES2 Decrypt AES-128-CBC (OK) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" PBES2 Decrypt AES-192-CBC (OK) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" PBES2 Decrypt AES-256-CBC (OK) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" PBES2 Decrypt (bad params tag) From 4580d4d8297d8339f23ef837a65d02a8aee5eeff Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 27 Oct 2023 18:41:02 +0100 Subject: [PATCH 009/166] Add accessor helpers for mbedtls_test_info Step one of being able to control access to mbedtls_test_info with a mutex. Signed-off-by: Paul Elliott --- programs/ssl/ssl_test_lib.c | 2 +- programs/test/metatest.c | 6 ++- tests/include/test/helpers.h | 76 +++++++++++++++++++++++++++- tests/src/helpers.c | 55 ++++++++++++++++++++ tests/src/threading_helpers.c | 14 ++--- tests/suites/host_test.function | 37 +++++++------- tests/suites/test_suite_dhm.function | 2 +- 7 files changed, 159 insertions(+), 33 deletions(-) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index b49dd67c2..d4511acb8 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -427,7 +427,7 @@ int test_hooks_failure_detected(void) mbedtls_test_mutex_usage_check(); #endif - if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_SUCCESS) { + if (mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_SUCCESS) { return 1; } return 0; diff --git a/programs/test/metatest.c b/programs/test/metatest.c index b8dffa9bb..545129dff 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -343,9 +343,11 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_TEST_MUTEX_USAGE) mbedtls_test_mutex_usage_check(); #endif + int result = (int) mbedtls_test_get_result(); + mbedtls_printf("Running metatest %s... done, result=%d\n", - argv[1], (int) mbedtls_test_info.result); - mbedtls_exit(mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SUCCESS ? + argv[1], result); + mbedtls_exit(result == MBEDTLS_TEST_RESULT_SUCCESS ? MBEDTLS_EXIT_SUCCESS : MBEDTLS_EXIT_FAILURE); } diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 7c962a283..689a1b573 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -74,7 +74,81 @@ typedef struct { #endif } mbedtls_test_info_t; -extern mbedtls_test_info_t mbedtls_test_info; + +/** + * \brief Get the current test result status + * + * \return The current test result status + */ +mbedtls_test_result_t mbedtls_test_get_result(void); + +/** + * \brief Get the current test name/description + * + * \return The current test name/description + */ +const char *mbedtls_test_get_test(void); + +/** + * \brief Get the current test filename + * + * \return The current test filename + */ +const char *mbedtls_get_test_filename(void); + +/** + * \brief Get the current test file line number (for failure / skip) + * + * \return The current test file line number (for failure / skip) + */ +int mbedtls_test_get_line_no(void); + +/** + * \brief Increment the current test step. + */ +void mbedtls_test_increment_step(void); + +/** + * \brief Get the current test step + * + * \return The current test step + */ +unsigned long mbedtls_test_get_step(void); + +/** + * \brief Get the current test line buffer 1 + * + * \return The current test line buffer 1 + */ +const char *mbedtls_test_get_line1(void); + +/** + * \brief Get the current test line buffer 2 + * + * \return The current test line buffer 2 + */ +const char *mbedtls_test_get_line2(void); + +#if defined(MBEDTLS_TEST_MUTEX_USAGE) +/** + * \brief Get the current mutex usage error message + * + * \return The current mutex error message (may be NULL if no error) + */ +const char *mbedtls_test_get_mutex_usage_error(void); + +/** + * \brief Set the current mutex usage error message + * + * \note This will only set the mutex error message if one has not + * already been set, or if we are clearing the message (msg is + * NULL) + * + * \param msg Error message to set (can be NULL to clear) + */ +void mbedtls_test_set_mutex_usage_error(const char *msg); +#endif + int mbedtls_test_platform_setup(void); void mbedtls_test_platform_teardown(void); diff --git a/tests/src/helpers.c b/tests/src/helpers.c index eb28919b8..6bfe15dd7 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -22,6 +22,61 @@ static mbedtls_platform_context platform_ctx; mbedtls_test_info_t mbedtls_test_info; +/*----------------------------------------------------------------------------*/ +/* Mbedtls Test Info accessors */ + +mbedtls_test_result_t mbedtls_test_get_result(void) +{ + return mbedtls_test_info.result; +} + +const char *mbedtls_test_get_test(void) +{ + return mbedtls_test_info.test; +} +const char *mbedtls_get_test_filename(void) +{ + return mbedtls_test_info.filename; +} + +int mbedtls_test_get_line_no(void) +{ + return mbedtls_test_info.line_no; +} + +void mbedtls_test_increment_step(void) +{ + ++mbedtls_test_info.step; +} + +unsigned long mbedtls_test_get_step(void) +{ + return mbedtls_test_info.step; +} + +const char *mbedtls_test_get_line1(void) +{ + return mbedtls_test_info.line1; +} +const char *mbedtls_test_get_line2(void) +{ + return mbedtls_test_info.line2; +} + +#if defined(MBEDTLS_TEST_MUTEX_USAGE) +const char *mbedtls_test_get_mutex_usage_error(void) +{ + return mbedtls_test_info.mutex_usage_error; +} + +void mbedtls_test_set_mutex_usage_error(const char *msg) +{ + if (mbedtls_test_info.mutex_usage_error == NULL || msg == NULL) { + mbedtls_test_info.mutex_usage_error = msg; + } +} +#endif // #if defined(MBEDTLS_TEST_MUTEX_USAGE) + /*----------------------------------------------------------------------------*/ /* Helper Functions */ diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c index 5fbf65b2d..261d14175 100644 --- a/tests/src/threading_helpers.c +++ b/tests/src/threading_helpers.c @@ -109,9 +109,7 @@ static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex, { (void) mutex; - if (mbedtls_test_info.mutex_usage_error == NULL) { - mbedtls_test_info.mutex_usage_error = msg; - } + mbedtls_test_set_mutex_usage_error(msg); mbedtls_fprintf(stdout, "[mutex: %s] ", msg); /* Don't mark the test as failed yet. This way, if the test fails later * for a functional reason, the test framework will report the message @@ -233,17 +231,15 @@ void mbedtls_test_mutex_usage_check(void) * negative number means a missing init somewhere. */ mbedtls_fprintf(stdout, "[mutex: %d leaked] ", live_mutexes); live_mutexes = 0; - if (mbedtls_test_info.mutex_usage_error == NULL) { - mbedtls_test_info.mutex_usage_error = "missing free"; - } + mbedtls_test_set_mutex_usage_error("missing free"); } - if (mbedtls_test_info.mutex_usage_error != NULL && - mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { + if (mbedtls_test_get_mutex_usage_error() != NULL && + mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_FAILED) { /* Functionally, the test passed. But there was a mutex usage error, * so mark the test as failed after all. */ mbedtls_test_fail("Mutex usage error", __LINE__, __FILE__); } - mbedtls_test_info.mutex_usage_error = NULL; + mbedtls_test_set_mutex_usage_error(NULL); } void mbedtls_test_mutex_usage_end(void) diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index cc286973c..1ebaf46de 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -371,14 +371,12 @@ static void write_outcome_entry(FILE *outcome_file, * \param missing_unmet_dependencies Non-zero if there was a problem tracking * all unmet dependencies, 0 otherwise. * \param ret The test dispatch status (DISPATCH_xxx). - * \param info A pointer to the test info structure. */ static void write_outcome_result(FILE *outcome_file, size_t unmet_dep_count, int unmet_dependencies[], int missing_unmet_dependencies, - int ret, - const mbedtls_test_info_t *info) + int ret) { if (outcome_file == NULL) { return; @@ -401,7 +399,7 @@ static void write_outcome_result(FILE *outcome_file, } break; } - switch (info->result) { + switch (mbedtls_test_get_result()) { case MBEDTLS_TEST_RESULT_SUCCESS: mbedtls_fprintf(outcome_file, "PASS;"); break; @@ -410,8 +408,9 @@ static void write_outcome_result(FILE *outcome_file, break; default: mbedtls_fprintf(outcome_file, "FAIL;%s:%d:%s", - info->filename, info->line_no, - info->test); + mbedtls_get_test_filename(), + mbedtls_test_get_line_no(), + mbedtls_test_get_test()); break; } break; @@ -614,7 +613,7 @@ int execute_tests(int argc, const char **argv) break; } mbedtls_fprintf(stdout, "%s%.66s", - mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED ? + mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED ? "\n" : "", buf); mbedtls_fprintf(stdout, " "); for (i = strlen(buf) + 1; i < 67; i++) { @@ -690,7 +689,7 @@ int execute_tests(int argc, const char **argv) write_outcome_result(outcome_file, unmet_dep_count, unmet_dependencies, missing_unmet_dependencies, - ret, &mbedtls_test_info); + ret); if (unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE) { total_skipped++; mbedtls_fprintf(stdout, "----"); @@ -715,30 +714,30 @@ int execute_tests(int argc, const char **argv) unmet_dep_count = 0; missing_unmet_dependencies = 0; } else if (ret == DISPATCH_TEST_SUCCESS) { - if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SUCCESS) { + if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_SUCCESS) { mbedtls_fprintf(stdout, "PASS\n"); - } else if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SKIPPED) { + } else if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_SKIPPED) { mbedtls_fprintf(stdout, "----\n"); total_skipped++; } else { total_errors++; mbedtls_fprintf(stdout, "FAILED\n"); mbedtls_fprintf(stdout, " %s\n at ", - mbedtls_test_info.test); - if (mbedtls_test_info.step != (unsigned long) (-1)) { + mbedtls_test_get_test()); + if (mbedtls_test_get_step() != (unsigned long) (-1)) { mbedtls_fprintf(stdout, "step %lu, ", - mbedtls_test_info.step); + mbedtls_test_get_step()); } mbedtls_fprintf(stdout, "line %d, %s", - mbedtls_test_info.line_no, - mbedtls_test_info.filename); - if (mbedtls_test_info.line1[0] != 0) { + mbedtls_test_get_line_no(), + mbedtls_get_test_filename()); + if (mbedtls_test_get_line1()[0] != 0) { mbedtls_fprintf(stdout, "\n %s", - mbedtls_test_info.line1); + mbedtls_test_get_line1()); } - if (mbedtls_test_info.line2[0] != 0) { + if (mbedtls_test_get_line2()[0] != 0) { mbedtls_fprintf(stdout, "\n %s", - mbedtls_test_info.line2); + mbedtls_test_get_line2()); } } fflush(stdout); diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index e6f75de77..20905940b 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -31,7 +31,7 @@ static int check_dhm_param_output(const mbedtls_mpi *expected, int ok = 0; mbedtls_mpi_init(&actual); - ++mbedtls_test_info.step; + mbedtls_test_increment_step(); TEST_ASSERT(size >= *offset + 2); n = (buffer[*offset] << 8) | buffer[*offset + 1]; From 5c498f355dffbb479283125bb2c22b08ac076273 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 31 Oct 2023 16:38:56 +0000 Subject: [PATCH 010/166] Use mbedtls_test_info accessors internally as well Signed-off-by: Paul Elliott --- tests/include/test/helpers.h | 6 ++- tests/src/helpers.c | 94 ++++++++++++++++++++++-------------- 2 files changed, 62 insertions(+), 38 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 689a1b573..564a5539f 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -61,14 +61,16 @@ typedef enum { MBEDTLS_TEST_RESULT_SKIPPED } mbedtls_test_result_t; +#define MBEDTLS_TEST_LINE_LENGTH 76 + typedef struct { mbedtls_test_result_t result; const char *test; const char *filename; int line_no; unsigned long step; - char line1[76]; - char line2[76]; + char line1[MBEDTLS_TEST_LINE_LENGTH]; + char line2[MBEDTLS_TEST_LINE_LENGTH]; #if defined(MBEDTLS_TEST_MUTEX_USAGE) const char *mutex_usage_error; #endif diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 6bfe15dd7..52785fc01 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -30,6 +30,15 @@ mbedtls_test_result_t mbedtls_test_get_result(void) return mbedtls_test_info.result; } +void mbedtls_test_set_result(mbedtls_test_result_t result, const char *test, + int line_no, const char *filename) +{ + mbedtls_test_info.result = result; + mbedtls_test_info.test = test; + mbedtls_test_info.line_no = line_no; + mbedtls_test_info.filename = filename; +} + const char *mbedtls_test_get_test(void) { return mbedtls_test_info.test; @@ -54,15 +63,38 @@ unsigned long mbedtls_test_get_step(void) return mbedtls_test_info.step; } +void mbedtls_test_set_step(unsigned long step) { + mbedtls_test_info.step = step; +} + const char *mbedtls_test_get_line1(void) { return mbedtls_test_info.line1; } + +void mbedtls_test_set_line1(const char *line) +{ + if (line == NULL) { + memset(mbedtls_test_info.line1, 0, sizeof(mbedtls_test_info.line1)); + } else { + strncpy(mbedtls_test_info.line1, line, sizeof(mbedtls_test_info.line1)); + } +} + const char *mbedtls_test_get_line2(void) { return mbedtls_test_info.line2; } +void mbedtls_test_set_line2(const char *line) { + if (line == NULL) { + memset(mbedtls_test_info.line2, 0, sizeof(mbedtls_test_info.line2)); + } else { + strncpy(mbedtls_test_info.line2, line, sizeof(mbedtls_test_info.line2)); + } +} + + #if defined(MBEDTLS_TEST_MUTEX_USAGE) const char *mbedtls_test_get_mutex_usage_error(void) { @@ -126,28 +158,17 @@ int mbedtls_test_ascii2uc(const char c, unsigned char *uc) void mbedtls_test_fail(const char *test, int line_no, const char *filename) { - if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { + if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { /* We've already recorded the test as having failed. Don't * overwrite any previous information about the failure. */ return; } - mbedtls_test_info.result = MBEDTLS_TEST_RESULT_FAILED; - mbedtls_test_info.test = test; - mbedtls_test_info.line_no = line_no; - mbedtls_test_info.filename = filename; + mbedtls_test_set_result(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename); } void mbedtls_test_skip(const char *test, int line_no, const char *filename) { - mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SKIPPED; - mbedtls_test_info.test = test; - mbedtls_test_info.line_no = line_no; - mbedtls_test_info.filename = filename; -} - -void mbedtls_test_set_step(unsigned long step) -{ - mbedtls_test_info.step = step; + mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SKIPPED, test, line_no, filename); } #if defined(MBEDTLS_BIGNUM_C) @@ -156,13 +177,11 @@ unsigned mbedtls_test_case_uses_negative_0 = 0; void mbedtls_test_info_reset(void) { - mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SUCCESS; - mbedtls_test_info.step = (unsigned long) (-1); - mbedtls_test_info.test = 0; - mbedtls_test_info.line_no = 0; - mbedtls_test_info.filename = 0; - memset(mbedtls_test_info.line1, 0, sizeof(mbedtls_test_info.line1)); - memset(mbedtls_test_info.line2, 0, sizeof(mbedtls_test_info.line2)); + mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0); + mbedtls_test_set_step((unsigned long) (-1)); + mbedtls_test_set_line1(NULL); + mbedtls_test_set_line2(NULL); + #if defined(MBEDTLS_BIGNUM_C) mbedtls_test_case_uses_negative_0 = 0; #endif @@ -178,20 +197,21 @@ int mbedtls_test_equal(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { + if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { /* We've already recorded the test as having failed. Don't * overwrite any previous information about the failure. */ return 0; } + char buf[MBEDTLS_TEST_LINE_LENGTH]; mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(mbedtls_test_info.line1, - sizeof(mbedtls_test_info.line1), + (void) mbedtls_snprintf(buf, sizeof(buf), "lhs = 0x%016llx = %lld", value1, (long long) value1); - (void) mbedtls_snprintf(mbedtls_test_info.line2, - sizeof(mbedtls_test_info.line2), + mbedtls_test_set_line1(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), "rhs = 0x%016llx = %lld", value2, (long long) value2); + mbedtls_test_set_line2(buf); return 0; } @@ -205,20 +225,21 @@ int mbedtls_test_le_u(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { + if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { /* We've already recorded the test as having failed. Don't * overwrite any previous information about the failure. */ return 0; } + char buf[MBEDTLS_TEST_LINE_LENGTH]; mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(mbedtls_test_info.line1, - sizeof(mbedtls_test_info.line1), + (void) mbedtls_snprintf(buf, sizeof(buf), "lhs = 0x%016llx = %llu", value1, value1); - (void) mbedtls_snprintf(mbedtls_test_info.line2, - sizeof(mbedtls_test_info.line2), + mbedtls_test_set_line1(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), "rhs = 0x%016llx = %llu", value2, value2); + mbedtls_test_set_line2(buf); return 0; } @@ -232,20 +253,21 @@ int mbedtls_test_le_s(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { + if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { /* We've already recorded the test as having failed. Don't * overwrite any previous information about the failure. */ return 0; } + char buf[MBEDTLS_TEST_LINE_LENGTH]; mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(mbedtls_test_info.line1, - sizeof(mbedtls_test_info.line1), + (void) mbedtls_snprintf(buf, sizeof(buf), "lhs = 0x%016llx = %lld", (unsigned long long) value1, value1); - (void) mbedtls_snprintf(mbedtls_test_info.line2, - sizeof(mbedtls_test_info.line2), + mbedtls_test_set_line1(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), "rhs = 0x%016llx = %lld", (unsigned long long) value2, value2); + mbedtls_test_set_line2(buf); return 0; } From 17c119a5e30631716773eb96ce3e8b507daf4a41 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 8 Dec 2023 16:55:03 +0000 Subject: [PATCH 011/166] Migrate to threading_helpers.h Signed-off-by: Paul Elliott --- programs/ssl/ssl_test_lib.c | 2 +- programs/test/metatest.c | 1 + tests/include/test/helpers.h | 24 +------------- tests/include/test/threading_helpers.h | 45 ++++++++++++++++++++++++++ tests/src/threading_helpers.c | 1 + tests/suites/helpers.function | 1 + 6 files changed, 50 insertions(+), 24 deletions(-) create mode 100644 tests/include/test/threading_helpers.h diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index b49dd67c2..d562cb156 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -13,7 +13,7 @@ #include "ssl_test_lib.h" #if defined(MBEDTLS_TEST_HOOKS) -#include "test/helpers.h" +#include "test/threading_helpers.h" #endif #if !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index b8dffa9bb..82ecf953b 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -31,6 +31,7 @@ #include #include #include "test/helpers.h" +#include "test/threading_helpers.h" #include "test/macros.h" #include diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 7c962a283..b2b07cfa8 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -35,11 +35,7 @@ # endif #endif -#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \ - defined(MBEDTLS_TEST_HOOKS) -#define MBEDTLS_TEST_MUTEX_USAGE -#endif - +#include "test/threading_helpers.h" #include "mbedtls/platform.h" #include @@ -254,24 +250,6 @@ int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b, #include "test/fake_external_rng_for_test.h" #endif -#if defined(MBEDTLS_TEST_MUTEX_USAGE) -/** - * Activate the mutex usage verification framework. See threading_helpers.c for - * information. - * */ -void mbedtls_test_mutex_usage_init(void); - -/** - * Deactivate the mutex usage verification framework. See threading_helpers.c - * for information. - */ -void mbedtls_test_mutex_usage_end(void); - -/** Call this function after executing a test case to check for mutex usage - * errors. */ -void mbedtls_test_mutex_usage_check(void); -#endif /* MBEDTLS_TEST_MUTEX_USAGE */ - #if defined(MBEDTLS_TEST_HOOKS) /** * \brief Check that only a pure high-level error code is being combined with diff --git a/tests/include/test/threading_helpers.h b/tests/include/test/threading_helpers.h new file mode 100644 index 000000000..3c4d44126 --- /dev/null +++ b/tests/include/test/threading_helpers.h @@ -0,0 +1,45 @@ +/** + * \file threading_helpers.h + * + * \brief This file contains the prototypes of helper functions for the purpose + * of testing threading. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef THREADING_HELPERS_H +#define THREADING_HELPERS_H + +#if defined MBEDTLS_THREADING_C + +#if defined(MBEDTLS_THREADING_PTHREAD) && defined(MBEDTLS_TEST_HOOKS) +#define MBEDTLS_TEST_MUTEX_USAGE +#endif + +#if defined(MBEDTLS_TEST_MUTEX_USAGE) +/** + * Activate the mutex usage verification framework. See threading_helpers.c for + * information. + */ +void mbedtls_test_mutex_usage_init(void); + +/** + * Deactivate the mutex usage verification framework. See threading_helpers.c + * for information. + */ +void mbedtls_test_mutex_usage_end(void); + +/** + * Call this function after executing a test case to check for mutex usage + * errors. + */ +void mbedtls_test_mutex_usage_check(void); +#endif /* MBEDTLS_TEST_MUTEX_USAGE */ + +#endif /* MBEDTLS_THREADING_C */ + +#endif /* THREADING_HELPERS_H */ + diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c index 5fbf65b2d..38059343d 100644 --- a/tests/src/threading_helpers.c +++ b/tests/src/threading_helpers.c @@ -6,6 +6,7 @@ */ #include +#include #include #if defined(MBEDTLS_TEST_MUTEX_USAGE) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 86ff5b489..b5f5796e4 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -8,6 +8,7 @@ #include #include #include +#include #include #include From 3a4d2f14a8c05a4f16a86d4ebf3d46f2d9f59a0a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 8 Dec 2023 20:49:47 +0000 Subject: [PATCH 012/166] Add test thread create/join abstraction Signed-off-by: Paul Elliott --- tests/include/test/threading_helpers.h | 61 ++++++++++++++++++++++- tests/src/threading_helpers.c | 67 ++++++++++++++++++++++++++ 2 files changed, 127 insertions(+), 1 deletion(-) diff --git a/tests/include/test/threading_helpers.h b/tests/include/test/threading_helpers.h index 3c4d44126..9b7ced519 100644 --- a/tests/include/test/threading_helpers.h +++ b/tests/include/test/threading_helpers.h @@ -15,6 +15,66 @@ #if defined MBEDTLS_THREADING_C +#include "mbedtls/private_access.h" +#include "mbedtls/build_info.h" + +/* Most fields of publicly available structs are private and are wrapped with + * MBEDTLS_PRIVATE macro. This define allows tests to access the private fields + * directly (without using the MBEDTLS_PRIVATE wrapper). */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + +#define MBEDTLS_ERR_THREADING_THREAD_ERROR -0x001F + +#if defined(MBEDTLS_THREADING_PTHREAD) +#include + +typedef struct mbedtls_test_thread_t { + pthread_t MBEDTLS_PRIVATE(thread); +} mbedtls_test_thread_t; + +#endif /* MBEDTLS_THREADING_PTHREAD */ + +#if defined(MBEDTLS_THREADING_ALT) +/* You should define the mbedtls_test_thread_t type in your header */ +#include "threading_alt.h" + +/** + * \brief Set your alternate threading implementation + * function pointers fgr test threads. If used, + * this function must be called once in the main thread + * before any other MbedTLS function is called. + * + * \note These functions are part of the testing API only and + * thus not considered part of the public API of + * MbedTLS and thus may change without notice. + * + * \param thread_create The thread create function implementation + * \param thread_join The thread join function implementation + + */ +void mbedtls_test_thread_set_alt(int (*thread_create)(mbedtls_test_thread_t *thread, + void *(*thread_func)( + void *), + void *thread_data), + int (*thread_join)(mbedtls_test_thread_t *thread)); + +#endif /* MBEDTLS_THREADING_ALT*/ + +/** + * \brief The function pointers for thread create and thread + * join. + * + * \note These functions are part of the testing API only and + * thus not considered part of the public API of + * MbedTLS and thus may change without notice. + * + * \note All these functions are expected to work or + * the result will be undefined. + */ +extern int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, + void *(*thread_func)(void *), void *thread_data); +extern int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread); + #if defined(MBEDTLS_THREADING_PTHREAD) && defined(MBEDTLS_TEST_HOOKS) #define MBEDTLS_TEST_MUTEX_USAGE #endif @@ -42,4 +102,3 @@ void mbedtls_test_mutex_usage_check(void); #endif /* MBEDTLS_THREADING_C */ #endif /* THREADING_HELPERS_H */ - diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c index 38059343d..5a871e102 100644 --- a/tests/src/threading_helpers.c +++ b/tests/src/threading_helpers.c @@ -9,6 +9,71 @@ #include #include +#include "mbedtls/threading.h" + +#if defined(MBEDTLS_THREADING_C) + +#if defined(MBEDTLS_THREADING_PTHREAD) + +static int threading_thread_create_pthread(mbedtls_test_thread_t *thread, void *(*thread_func)( + void *), void *thread_data) +{ + if (thread == NULL || thread_func == NULL) { + return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; + } + + if (pthread_create(&thread->thread, NULL, thread_func, thread_data)) { + return MBEDTLS_ERR_THREADING_THREAD_ERROR; + } + + return 0; +} + +static int threading_thread_join_pthread(mbedtls_test_thread_t *thread) +{ + if (thread == NULL) { + return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; + } + + if (pthread_join(thread->thread, NULL) != 0) { + return MBEDTLS_ERR_THREADING_THREAD_ERROR; + } + + return 0; +} + +int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, void *(*thread_func)(void *), + void *thread_data) = threading_thread_create_pthread; +int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread) = threading_thread_join_pthread; + +#endif /* MBEDTLS_THREADING_PTHREAD */ + +#if defined(MBEDTLS_THREADING_ALT) + +static int threading_thread_create_fail(mbedtls_test_thread_t *thread, + void *(*thread_func)(void *), + void *thread_data) +{ + (void) thread; + (void) thread_func; + (void) thread_data; + + return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; +} + +static int threading_thread_join_fail(mbedtls_test_thread_t *thread) +{ + (void) thread; + + return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; +} + +int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, void *(*thread_func)(void *), + void *thread_data) = threading_thread_create_fail; +int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread) = threading_thread_join_fail; + +#endif /* MBEDTLS_THREADING_ALT */ + #if defined(MBEDTLS_TEST_MUTEX_USAGE) #include "mbedtls/threading.h" @@ -258,3 +323,5 @@ void mbedtls_test_mutex_usage_end(void) } #endif /* MBEDTLS_TEST_MUTEX_USAGE */ + +#endif /* MBEDTLS_THREADING_C */ From 3dce2327ab55525bdecdf69f73805d016fbd08d5 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 8 Dec 2023 21:13:42 +0000 Subject: [PATCH 013/166] Use new thread abstraction for ctr_drbg tests Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.function | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 1f0a072c7..492a65f7d 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -346,7 +346,7 @@ exit: void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count) { size_t thread_count = (size_t) arg_thread_count; - pthread_t *threads = NULL; + mbedtls_test_thread_t *threads = NULL; unsigned char out[16]; unsigned char *entropy = NULL; @@ -358,7 +358,7 @@ void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count) AES_PSA_INIT(); - TEST_CALLOC(threads, sizeof(pthread_t) * thread_count); + TEST_CALLOC(threads, sizeof(mbedtls_test_thread_t) * thread_count); memset(out, 0, sizeof(out)); mbedtls_ctr_drbg_context ctx; @@ -392,13 +392,13 @@ void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count) for (size_t i = 0; i < thread_count; i++) { TEST_EQUAL( - pthread_create(&threads[i], NULL, - thread_random_function, (void *) &ctx), + mbedtls_test_thread_create(&threads[i], + thread_random_function, (void *) &ctx), 0); } for (size_t i = 0; i < thread_count; i++) { - TEST_EQUAL(pthread_join(threads[i], NULL), 0); + TEST_EQUAL(mbedtls_test_thread_join(&threads[i]), 0); } /* Take a last output for comparing and thus verifying the DRBG state */ From 4068c7e47cf7180550c7a52e3c5f6513392c7720 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 15 Dec 2023 17:14:34 +0000 Subject: [PATCH 014/166] Link programs with pthread via cmake All programs are now linked directly with all test code, thus adding a pthread abstraction into the test code means having to link the programs with pthread (if the library is found under cmake). Signed-off-by: Paul Elliott --- programs/aes/CMakeLists.txt | 4 +++- programs/cipher/CMakeLists.txt | 4 +++- programs/fuzz/CMakeLists.txt | 3 +++ programs/fuzz/Makefile | 4 ++++ programs/hash/CMakeLists.txt | 4 +++- programs/pkey/CMakeLists.txt | 6 ++++-- programs/psa/CMakeLists.txt | 4 +++- programs/random/CMakeLists.txt | 4 +++- programs/ssl/CMakeLists.txt | 2 +- programs/test/CMakeLists.txt | 8 +++++--- programs/test/cmake_subproject/CMakeLists.txt | 4 +++- programs/util/CMakeLists.txt | 4 +++- programs/x509/CMakeLists.txt | 4 +++- 13 files changed, 41 insertions(+), 14 deletions(-) diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt index 85bcd5fca..457a0fc26 100644 --- a/programs/aes/CMakeLists.txt +++ b/programs/aes/CMakeLists.txt @@ -1,10 +1,12 @@ +find_package(Threads) + set(executables crypt_and_hash ) foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} ${mbedcrypto_target}) + target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/cipher/CMakeLists.txt b/programs/cipher/CMakeLists.txt index 93e5f31ee..c047dd69e 100644 --- a/programs/cipher/CMakeLists.txt +++ b/programs/cipher/CMakeLists.txt @@ -1,10 +1,12 @@ +find_package(Threads) + set(executables cipher_aead_demo ) foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} ${mbedcrypto_target}) + target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 7747744cd..a0eba0fd0 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -1,5 +1,8 @@ +find_package(Threads) + set(libs ${mbedtls_target} + ${CMAKE_THREAD_LIBS_INIT} ) find_library(FUZZINGENGINE_LIB FuzzingEngine) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index b4fc76ae1..3b9b50df8 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -29,6 +29,10 @@ endif ifdef WINDOWS_BUILD LOCAL_LDFLAGS += -lbcrypt +else +ifeq ($(THREADING),pthread) +LOCAL_LDFLAGS += -lpthread +endif endif # A test application is built for each suites/test_suite_*.data file. diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt index da9818844..3d6989cca 100644 --- a/programs/hash/CMakeLists.txt +++ b/programs/hash/CMakeLists.txt @@ -1,3 +1,5 @@ +find_package(Threads) + set(executables generic_sum hello @@ -6,7 +8,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} ${mbedcrypto_target}) + target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt index 3ad56436e..e2fb40402 100644 --- a/programs/pkey/CMakeLists.txt +++ b/programs/pkey/CMakeLists.txt @@ -1,3 +1,5 @@ +find_package(Threads) + set(executables_mbedtls dh_client dh_server @@ -5,7 +7,7 @@ set(executables_mbedtls foreach(exe IN LISTS executables_mbedtls) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} ${mbedtls_target}) + target_link_libraries(${exe} ${mbedtls_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() @@ -32,7 +34,7 @@ set(executables_mbedcrypto foreach(exe IN LISTS executables_mbedcrypto) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} ${mbedcrypto_target}) + target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt index c8ee626d8..d86f29e2c 100644 --- a/programs/psa/CMakeLists.txt +++ b/programs/psa/CMakeLists.txt @@ -1,3 +1,5 @@ +find_package(Threads) + set(executables aead_demo crypto_examples @@ -28,7 +30,7 @@ endif() foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} ${mbedcrypto_target}) + target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt index e5edf7b58..a4c99f561 100644 --- a/programs/random/CMakeLists.txt +++ b/programs/random/CMakeLists.txt @@ -1,3 +1,5 @@ +find_package(Threads) + set(executables gen_entropy gen_random_ctr_drbg @@ -5,7 +7,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} ${mbedcrypto_target}) + target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index 280bbcf3d..8ffa85464 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -39,7 +39,7 @@ foreach(exe IN LISTS executables) endif() add_executable(${exe} ${exe}.c $ ${extra_sources}) - target_link_libraries(${exe} ${libs}) + target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2") if(GEN_FILES) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 077873112..a7260452f 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -1,3 +1,5 @@ +find_package(Threads) + set(libs ${mbedtls_target} ) @@ -26,7 +28,7 @@ if(TEST_CPP) ) add_executable(cpp_dummy_build "${cpp_dummy_build_cpp}") target_include_directories(cpp_dummy_build PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include) - target_link_libraries(cpp_dummy_build ${mbedcrypto_target}) + target_link_libraries(cpp_dummy_build ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) endif() if(USE_SHARED_MBEDTLS_LIBRARY AND @@ -81,9 +83,9 @@ foreach(exe IN LISTS executables_libs executables_mbedcrypto) # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_libs ${exe} exe_index) if (${exe_index} GREATER -1) - target_link_libraries(${exe} ${libs}) + target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) else() - target_link_libraries(${exe} ${mbedcrypto_target}) + target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) endif() endforeach() diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt index 3c3cba3c2..dd23d6165 100644 --- a/programs/test/cmake_subproject/CMakeLists.txt +++ b/programs/test/cmake_subproject/CMakeLists.txt @@ -1,5 +1,7 @@ cmake_minimum_required(VERSION 3.5.1) +find_package(Threads) + # Test the target renaming support by adding a prefix to the targets built set(MBEDTLS_TARGET_PREFIX subproject_test_) @@ -20,4 +22,4 @@ set(libs ) add_executable(cmake_subproject cmake_subproject.c) -target_link_libraries(cmake_subproject ${libs}) +target_link_libraries(cmake_subproject ${libs} ${CMAKE_THREAD_LIBS_INIT}) diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt index 7fc58cbcf..920f69e88 100644 --- a/programs/util/CMakeLists.txt +++ b/programs/util/CMakeLists.txt @@ -1,3 +1,5 @@ +find_package(Threads) + set(libs ${mbedcrypto_target} ) @@ -9,7 +11,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} ${libs}) + target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt index 5876b8d21..c507de2a7 100644 --- a/programs/x509/CMakeLists.txt +++ b/programs/x509/CMakeLists.txt @@ -1,3 +1,5 @@ +find_package(Threads) + set(libs ${mbedx509_target} ) @@ -13,7 +15,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} ${libs}) + target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() From 7ed1cf57ba67c736cf311663ba995805d4428b2f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 5 Jan 2024 18:10:44 +0000 Subject: [PATCH 015/166] Enable common.make to be included by programs/fuzz Signed-off-by: Paul Elliott --- scripts/common.make | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/scripts/common.make b/scripts/common.make index 6c95b4235..2714bcd32 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -1,25 +1,29 @@ # To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS +ifndef MBEDTLS_PATH +MBEDTLS_PATH := .. +endif + CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include -I../include -D_FILE_OFFSET_BITS=64 -LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -I../tests/include -D_FILE_OFFSET_BITS=64 +LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include -I$(MBEDTLS_PATH)/include -D_FILE_OFFSET_BITS=64 +LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tests/include -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ - -L../library \ + -L$(MBEDTLS_PATH)/library \ -lmbedtls$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \ -lmbedcrypto$(SHARED_SUFFIX) -include ../3rdparty/Makefile.inc +include $(MBEDTLS_PATH)/3rdparty/Makefile.inc LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) ifndef SHARED -MBEDLIBS=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a +MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.a $(MBEDTLS_PATH)/library/libmbedx509.a $(MBEDTLS_PATH)/library/libmbedtls.a else -MBEDLIBS=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT) +MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.$(DLEXT) $(MBEDTLS_PATH)/library/libmbedx509.$(DLEXT) $(MBEDTLS_PATH)/library/libmbedtls.$(DLEXT) endif ifdef DEBUG @@ -97,7 +101,7 @@ endif default: all $(MBEDLIBS): - $(MAKE) -C ../library + $(MAKE) -C $(MBEDTLS_PATH)/library neat: clean ifndef WINDOWS From 053db696b37dfccb4e251ebd22c532438f92b0ef Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 5 Jan 2024 18:11:32 +0000 Subject: [PATCH 016/166] Allow programs/fuzz to be linked against pthread Use the same mechanisms used to link other programs against pthread with make, i.e. include common.make, and remove common code from programs/ fuzz/Makefile Signed-off-by: Paul Elliott --- programs/fuzz/Makefile | 34 ++++------------------------------ 1 file changed, 4 insertions(+), 30 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 3b9b50df8..afe80b7d5 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -1,40 +1,17 @@ -MBEDTLS_TEST_PATH:=../../tests/src -MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c ${MBEDTLS_TEST_PATH}/drivers/*.c)) +MBEDTLS_TEST_PATH:=../../tests -CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -Wextra LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../../tests/include -I../../include -D_FILE_OFFSET_BITS=64 -LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ - -L../../library \ - -lmbedtls$(SHARED_SUFFIX) \ - -lmbedx509$(SHARED_SUFFIX) \ - -lmbedcrypto$(SHARED_SUFFIX) +MBEDTLS_PATH := ../.. +include ../../scripts/common.make LOCAL_CFLAGS += $(patsubst -I../%,-I../../%,$(THIRDPARTY_INCLUDES)) -ifndef SHARED -DEP=../../library/libmbedcrypto.a ../../library/libmbedx509.a ../../library/libmbedtls.a -else -DEP=../../library/libmbedcrypto.$(DLEXT) ../../library/libmbedx509.$(DLEXT) ../../library/libmbedtls.$(DLEXT) -endif - - -DLEXT ?= so -EXEXT= -SHARED_SUFFIX= +DEP=${MBEDLIBS} ifdef FUZZINGENGINE LOCAL_LDFLAGS += -lFuzzingEngine endif -ifdef WINDOWS_BUILD -LOCAL_LDFLAGS += -lbcrypt -else -ifeq ($(THREADING),pthread) -LOCAL_LDFLAGS += -lpthread -endif -endif - # A test application is built for each suites/test_suite_*.data file. # Application name is same as .data file's base name and can be # constructed by stripping path 'suites/' and extension .data. @@ -49,9 +26,6 @@ BINARIES := $(addsuffix $(EXEXT),$(APPS)) all: $(BINARIES) -$(DEP): - $(MAKE) -C ../../library - C_FILES := $(addsuffix .c,$(APPS)) %.o: %.c From c7a1e9936aaca86c85c1ec1bff3a56a04a6454fa Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 3 Nov 2023 18:44:57 +0000 Subject: [PATCH 017/166] Move bignum flag for negative zero into test_info Add accessors ready for protection with test_info mutex. Signed-off-by: Paul Elliott --- tests/include/test/bignum_helpers.h | 28 +++++++++---------------- tests/include/test/helpers.h | 25 ++++++++++++++++++++++ tests/src/bignum_helpers.c | 2 +- tests/src/helpers.c | 25 +++++++++++++++++----- tests/suites/test_suite_bignum.function | 2 +- 5 files changed, 57 insertions(+), 25 deletions(-) diff --git a/tests/include/test/bignum_helpers.h b/tests/include/test/bignum_helpers.h index 2f6bf8931..cf175a3ac 100644 --- a/tests/include/test/bignum_helpers.h +++ b/tests/include/test/bignum_helpers.h @@ -77,30 +77,22 @@ void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N); * * - This function guarantees that if \p s begins with '-' then the sign * bit of the result will be negative, even if the value is 0. - * When this function encounters such a "negative 0", it - * increments #mbedtls_test_case_uses_negative_0. - * - The size of the result is exactly the minimum number of limbs needed - * to fit the digits in the input. In particular, this function constructs - * a bignum with 0 limbs for an empty string, and a bignum with leading 0 - * limbs if the string has sufficiently many leading 0 digits. - * This is important so that the "0 (null)" and "0 (1 limb)" and - * "leading zeros" test cases do what they claim. + * When this function encounters such a "negative 0", it calls + * mbedtls_test_increment_case_uses_negative_0(). + * - The size of the result is exactly the minimum number of limbs needed to fit + * the digits in the input. In particular, this function constructs a bignum + * with 0 limbs for an empty string, and a bignum with leading 0 limbs if the + * string has sufficiently many leading 0 digits. This is important so that + * the "0 (null)" and "0 (1 limb)" and "leading zeros" test cases do what they + * claim. * - * \param[out] X The MPI object to populate. It must be initialized. - * \param[in] s The null-terminated hexadecimal string to read from. + * \param[out] X The MPI object to populate. It must be initialized. + * \param[in] s The null-terminated hexadecimal string to read from. * * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. */ int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s); -/** Nonzero if the current test case had an input parsed with - * mbedtls_test_read_mpi() that is a negative 0 (`"-"`, `"-0"`, `"-00"`, etc., - * constructing a result with the sign bit set to -1 and the value being - * all-limbs-0, which is not a valid representation in #mbedtls_mpi but is - * tested for robustness). - */ -extern unsigned mbedtls_test_case_uses_negative_0; - #endif /* MBEDTLS_BIGNUM_C */ #endif /* TEST_BIGNUM_HELPERS_H */ diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 564a5539f..b672ecca6 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -74,6 +74,9 @@ typedef struct { #if defined(MBEDTLS_TEST_MUTEX_USAGE) const char *mutex_usage_error; #endif +#if defined(MBEDTLS_BIGNUM_C) + unsigned case_uses_negative_0; +#endif } mbedtls_test_info_t; @@ -151,6 +154,28 @@ const char *mbedtls_test_get_mutex_usage_error(void); void mbedtls_test_set_mutex_usage_error(const char *msg); #endif +#if defined(MBEDTLS_BIGNUM_C) + +/** + * \brief Get whether the current test is a bignum test that uses + * negative zero. + * + * \return non zero if the current test uses bignum negative zero. + */ +unsigned mbedtls_test_get_case_uses_negative_0(void); + +/** + * \brief Indicate that the current test uses bignum negative zero. + * + * \note This function is called if the current test case had an + * input parsed with mbedtls_test_read_mpi() that is a negative + * 0 (`"-"`, `"-0"`, `"-00"`, etc., constructing a result with + * the sign bit set to -1 and the value being all-limbs-0, + * which is not a valid representation in #mbedtls_mpi but is + * tested for robustness). * + */ +void mbedtls_test_increment_case_uses_negative_0(void); +#endif int mbedtls_test_platform_setup(void); void mbedtls_test_platform_teardown(void); diff --git a/tests/src/bignum_helpers.c b/tests/src/bignum_helpers.c index c85e2caaf..913f5e387 100644 --- a/tests/src/bignum_helpers.c +++ b/tests/src/bignum_helpers.c @@ -135,7 +135,7 @@ int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s) } if (negative) { if (mbedtls_mpi_cmp_int(X, 0) == 0) { - ++mbedtls_test_case_uses_negative_0; + mbedtls_test_increment_case_uses_negative_0(); } X->s = -1; } diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 52785fc01..03a8fa728 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -109,6 +109,25 @@ void mbedtls_test_set_mutex_usage_error(const char *msg) } #endif // #if defined(MBEDTLS_TEST_MUTEX_USAGE) +#if defined(MBEDTLS_BIGNUM_C) + +unsigned mbedtls_test_get_case_uses_negative_0(void) +{ + return mbedtls_test_info.case_uses_negative_0; +} + +void mbedtls_test_set_case_uses_negative_0(unsigned uses) +{ + mbedtls_test_info.case_uses_negative_0 = uses; +} + +void mbedtls_test_increment_case_uses_negative_0(void) +{ + ++mbedtls_test_info.case_uses_negative_0; +} + +#endif + /*----------------------------------------------------------------------------*/ /* Helper Functions */ @@ -171,10 +190,6 @@ void mbedtls_test_skip(const char *test, int line_no, const char *filename) mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SKIPPED, test, line_no, filename); } -#if defined(MBEDTLS_BIGNUM_C) -unsigned mbedtls_test_case_uses_negative_0 = 0; -#endif - void mbedtls_test_info_reset(void) { mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0); @@ -183,7 +198,7 @@ void mbedtls_test_info_reset(void) mbedtls_test_set_line2(NULL); #if defined(MBEDTLS_BIGNUM_C) - mbedtls_test_case_uses_negative_0 = 0; + mbedtls_test_set_case_uses_negative_0(0); #endif } diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function index c90f1bbbb..35900e620 100644 --- a/tests/suites/test_suite_bignum.function +++ b/tests/suites/test_suite_bignum.function @@ -24,7 +24,7 @@ static int sign_is_valid(const mbedtls_mpi *X) * we sometimes test the robustness of library functions when given * a negative zero input. If a test case has a negative zero as input, * we don't mind if the function has a negative zero output. */ - if (!mbedtls_test_case_uses_negative_0 && + if (!mbedtls_test_get_case_uses_negative_0() && mbedtls_mpi_bitlen(X) == 0 && X->s != 1) { return 0; } From 65064265c2706b88b8e6ba44f7d65e7053bd7140 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 27 Nov 2023 17:29:05 +0000 Subject: [PATCH 018/166] Protect test info access with mutex Signed-off-by: Paul Elliott --- tests/include/test/helpers.h | 10 +- tests/src/helpers.c | 208 +++++++++++++++++++++++++++++--- tests/suites/host_test.function | 15 ++- 3 files changed, 204 insertions(+), 29 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index b672ecca6..73459d992 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -123,16 +123,18 @@ unsigned long mbedtls_test_get_step(void); /** * \brief Get the current test line buffer 1 * - * \return The current test line buffer 1 + * \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH, + * which will have line buffer 1 copied to it. */ -const char *mbedtls_test_get_line1(void); +void mbedtls_test_get_line1(char *line); /** * \brief Get the current test line buffer 2 * - * \return The current test line buffer 2 + * \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH, + * which will have line buffer 1 copied to it. */ -const char *mbedtls_test_get_line2(void); +void mbedtls_test_get_line2(char *line); #if defined(MBEDTLS_TEST_MUTEX_USAGE) /** diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 03a8fa728..1bad819ac 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -13,6 +13,10 @@ #include #endif +#if defined(MBEDTLS_THREADING_C) +#include "mbedtls/threading.h" +#endif + /*----------------------------------------------------------------------------*/ /* Static global variables */ @@ -22,76 +26,200 @@ static mbedtls_platform_context platform_ctx; mbedtls_test_info_t mbedtls_test_info; +#ifdef MBEDTLS_THREADING_C +mbedtls_threading_mutex_t mbedtls_test_info_mutex; +#endif /* MBEDTLS_THREADING_C */ + /*----------------------------------------------------------------------------*/ /* Mbedtls Test Info accessors */ mbedtls_test_result_t mbedtls_test_get_result(void) { - return mbedtls_test_info.result; + mbedtls_test_result_t result; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + result = mbedtls_test_info.result; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return result; } void mbedtls_test_set_result(mbedtls_test_result_t result, const char *test, int line_no, const char *filename) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + mbedtls_test_info.result = result; mbedtls_test_info.test = test; mbedtls_test_info.line_no = line_no; mbedtls_test_info.filename = filename; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } const char *mbedtls_test_get_test(void) { - return mbedtls_test_info.test; + const char *test; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + test = mbedtls_test_info.test; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return test; } const char *mbedtls_get_test_filename(void) { - return mbedtls_test_info.filename; + const char *filename; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + /* It should be ok just to pass back the pointer here, as it is going to + * be a pointer into non changing data. */ + filename = mbedtls_test_info.filename; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return filename; } int mbedtls_test_get_line_no(void) { - return mbedtls_test_info.line_no; + int line_no; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + line_no = mbedtls_test_info.line_no; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return line_no; } void mbedtls_test_increment_step(void) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + ++mbedtls_test_info.step; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } unsigned long mbedtls_test_get_step(void) { - return mbedtls_test_info.step; + unsigned long step; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + step = mbedtls_test_info.step; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return step; } -void mbedtls_test_set_step(unsigned long step) { - mbedtls_test_info.step = step; -} - -const char *mbedtls_test_get_line1(void) +void mbedtls_test_set_step(unsigned long step) { - return mbedtls_test_info.line1; +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + mbedtls_test_info.step = step; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ +} + +void mbedtls_test_get_line1(char *line) +{ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + memcpy(line, mbedtls_test_info.line1, MBEDTLS_TEST_LINE_LENGTH); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_set_line1(const char *line) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + if (line == NULL) { - memset(mbedtls_test_info.line1, 0, sizeof(mbedtls_test_info.line1)); + memset(mbedtls_test_info.line1, 0, MBEDTLS_TEST_LINE_LENGTH); } else { - strncpy(mbedtls_test_info.line1, line, sizeof(mbedtls_test_info.line1)); + memcpy(mbedtls_test_info.line1, line, MBEDTLS_TEST_LINE_LENGTH); } + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } -const char *mbedtls_test_get_line2(void) +void mbedtls_test_get_line2(char *line) { - return mbedtls_test_info.line2; +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + memcpy(line, mbedtls_test_info.line2, MBEDTLS_TEST_LINE_LENGTH); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } -void mbedtls_test_set_line2(const char *line) { +void mbedtls_test_set_line2(const char *line) +{ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + if (line == NULL) { - memset(mbedtls_test_info.line2, 0, sizeof(mbedtls_test_info.line2)); + memset(mbedtls_test_info.line2, 0, MBEDTLS_TEST_LINE_LENGTH); } else { - strncpy(mbedtls_test_info.line2, line, sizeof(mbedtls_test_info.line2)); + memcpy(mbedtls_test_info.line2, line, MBEDTLS_TEST_LINE_LENGTH); } + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } @@ -103,9 +231,17 @@ const char *mbedtls_test_get_mutex_usage_error(void) void mbedtls_test_set_mutex_usage_error(const char *msg) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + if (mbedtls_test_info.mutex_usage_error == NULL || msg == NULL) { mbedtls_test_info.mutex_usage_error = msg; } + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } #endif // #if defined(MBEDTLS_TEST_MUTEX_USAGE) @@ -113,17 +249,43 @@ void mbedtls_test_set_mutex_usage_error(const char *msg) unsigned mbedtls_test_get_case_uses_negative_0(void) { - return mbedtls_test_info.case_uses_negative_0; + unsigned test_case_uses_negative_0 = 0; +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + test_case_uses_negative_0 = mbedtls_test_info.case_uses_negative_0; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return test_case_uses_negative_0; } void mbedtls_test_set_case_uses_negative_0(unsigned uses) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + mbedtls_test_info.case_uses_negative_0 = uses; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_increment_case_uses_negative_0(void) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + ++mbedtls_test_info.case_uses_negative_0; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } #endif @@ -150,11 +312,19 @@ int mbedtls_test_platform_setup(void) ret = mbedtls_platform_setup(&platform_ctx); #endif /* MBEDTLS_PLATFORM_C */ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_init(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + return ret; } void mbedtls_test_platform_teardown(void) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_free(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + #if defined(MBEDTLS_PLATFORM_C) mbedtls_platform_teardown(&platform_ctx); #endif /* MBEDTLS_PLATFORM_C */ diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index 1ebaf46de..eb42a07eb 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -720,6 +720,8 @@ int execute_tests(int argc, const char **argv) mbedtls_fprintf(stdout, "----\n"); total_skipped++; } else { + char line_buffer[MBEDTLS_TEST_LINE_LENGTH]; + total_errors++; mbedtls_fprintf(stdout, "FAILED\n"); mbedtls_fprintf(stdout, " %s\n at ", @@ -731,13 +733,14 @@ int execute_tests(int argc, const char **argv) mbedtls_fprintf(stdout, "line %d, %s", mbedtls_test_get_line_no(), mbedtls_get_test_filename()); - if (mbedtls_test_get_line1()[0] != 0) { - mbedtls_fprintf(stdout, "\n %s", - mbedtls_test_get_line1()); + + mbedtls_test_get_line1(line_buffer); + if (line_buffer[0] != 0) { + mbedtls_fprintf(stdout, "\n %s", line_buffer); } - if (mbedtls_test_get_line2()[0] != 0) { - mbedtls_fprintf(stdout, "\n %s", - mbedtls_test_get_line2()); + mbedtls_test_get_line2(line_buffer); + if (line_buffer[0] != 0) { + mbedtls_fprintf(stdout, "\n %s", line_buffer); } } fflush(stdout); From 0710ac4ec88faa168876525e17e9b409ee13cd16 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 9 Jan 2024 17:20:58 +0000 Subject: [PATCH 019/166] Add ability to exclude mutex from tests We need to be able to exclude mbedtls_test_info_mutex() from the normal tests, as this mutex has to be locked to report mutex errors, and also reports as leaked, due to where it is initialised / free'd. Signed-off-by: Paul Elliott --- tests/src/threading_helpers.c | 137 ++++++++++++++++++++-------------- 1 file changed, 83 insertions(+), 54 deletions(-) diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c index 261d14175..0894700a3 100644 --- a/tests/src/threading_helpers.c +++ b/tests/src/threading_helpers.c @@ -117,40 +117,62 @@ static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex, * mbedtls_test_mutex_usage_check() will mark it as failed. */ } +extern mbedtls_threading_mutex_t mbedtls_test_info_mutex; + +static int mbedtls_test_mutex_can_test(mbedtls_threading_mutex_t *mutex) +{ + /* If we attempt to run tests on this mutex then we are going to run into a + * couple of problems: + * 1. If any test on this mutex fails, we are going to deadlock when + * reporting that failure, as we already hold the mutex at that point. + * 2. Given the 'global' position of the initialization and free of this + * mutex, it will be shown as leaked on the first test run. */ + if (mutex == &mbedtls_test_info_mutex) { + return 0; + } + + return 1; +} + static void mbedtls_test_wrap_mutex_init(mbedtls_threading_mutex_t *mutex) { mutex_functions.init(mutex); - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - mutex->state = MUTEX_IDLE; - ++live_mutexes; + if (mbedtls_test_mutex_can_test(mutex)) { + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + mutex->state = MUTEX_IDLE; + ++live_mutexes; - mutex_functions.unlock(&mbedtls_test_mutex_mutex); + mutex_functions.unlock(&mbedtls_test_mutex_mutex); + } } } static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex) { - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + if (mbedtls_test_mutex_can_test(mutex)) { + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->state) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "free without init or double free"); - break; - case MUTEX_IDLE: - mutex->state = MUTEX_FREED; - --live_mutexes; - break; - case MUTEX_LOCKED: - mbedtls_test_mutex_usage_error(mutex, "free without unlock"); - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; + switch (mutex->state) { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error(mutex, "free without init or double free"); + break; + case MUTEX_IDLE: + mutex->state = MUTEX_FREED; + --live_mutexes; + break; + case MUTEX_LOCKED: + mbedtls_test_mutex_usage_error(mutex, "free without unlock"); + break; + default: + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); + break; + } + + mutex_functions.unlock(&mbedtls_test_mutex_mutex); } - - mutex_functions.unlock(&mbedtls_test_mutex_mutex); } + mutex_functions.free(mutex); } @@ -160,26 +182,30 @@ static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex) * is to hold the passed in and internal mutex - otherwise we create a race * condition. */ int ret = mutex_functions.lock(mutex); - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->state) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "lock without init"); - break; - case MUTEX_IDLE: - if (ret == 0) { - mutex->state = MUTEX_LOCKED; - } - break; - case MUTEX_LOCKED: - mbedtls_test_mutex_usage_error(mutex, "double lock"); - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; - } - mutex_functions.unlock(&mbedtls_test_mutex_mutex); + if (mbedtls_test_mutex_can_test(mutex)) { + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + switch (mutex->state) { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error(mutex, "lock without init"); + break; + case MUTEX_IDLE: + if (ret == 0) { + mutex->state = MUTEX_LOCKED; + } + break; + case MUTEX_LOCKED: + mbedtls_test_mutex_usage_error(mutex, "double lock"); + break; + default: + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); + break; + } + + mutex_functions.unlock(&mbedtls_test_mutex_mutex); + } } + return ret; } @@ -188,23 +214,26 @@ static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex) /* Lock the internal mutex first and change state, so that the only way to * change the state is to hold the passed in and internal mutex - otherwise * we create a race condition. */ - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->state) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "unlock without init"); - break; - case MUTEX_IDLE: - mbedtls_test_mutex_usage_error(mutex, "unlock without lock"); - break; - case MUTEX_LOCKED: - mutex->state = MUTEX_IDLE; - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; + if (mbedtls_test_mutex_can_test(mutex)) { + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + switch (mutex->state) { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error(mutex, "unlock without init"); + break; + case MUTEX_IDLE: + mbedtls_test_mutex_usage_error(mutex, "unlock without lock"); + break; + case MUTEX_LOCKED: + mutex->state = MUTEX_IDLE; + break; + default: + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); + break; + } + mutex_functions.unlock(&mbedtls_test_mutex_mutex); } - mutex_functions.unlock(&mbedtls_test_mutex_mutex); } + return mutex_functions.unlock(mutex); } From 4cfd6a6bc6ca35f8debc069c2a1ff026756c303b Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 10 Jan 2024 19:15:45 +0000 Subject: [PATCH 020/166] Fix dependencies in pkcs5 aes-128-cbc tests These tests do not specify a hash function. This is an optional parameter with default value hmacWithSHA1, so these test cases are dependant on SHA-1 and not SHA-256 Signed-off-by: Ryan Everett --- tests/suites/test_suite_pkcs5.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index 3bd6b49f0..453ee231c 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -143,7 +143,7 @@ depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIP pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607" PBES2 Encrypt AES-128-CBC (OK) -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e" PBES2 Encrypt AES-192-CBC (OK) @@ -155,7 +155,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_ pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566" PBES2 Decrypt AES-128-CBC (OK) -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" PBES2 Decrypt AES-192-CBC (OK) From ae0b4bd04c10df2ca397844359c5a93f1c65e327 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 10 Jan 2024 19:19:10 +0000 Subject: [PATCH 021/166] Add more details to comments Signed-off-by: Ryan Everett --- include/mbedtls/oid.h | 4 +++- tests/suites/test_suite_pkcs5.data | 12 ++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 3a7f740c9..de8e4545e 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -300,7 +300,9 @@ #define MBEDTLS_OID_HMAC_RIPEMD160 MBEDTLS_OID_INTERNET "\x05\x05\x08\x01\x04" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) iso-identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1) hmacRIPEMD160(4)} */ /* - * Encryption algorithms + * Encryption algorithms, + * the following standardized object identifiers are specified at + * https://datatracker.ietf.org/doc/html/rfc8018#appendix-C. */ #define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG \ MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */ diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index 453ee231c..790a31ba0 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -142,27 +142,27 @@ PBES2 Decrypt (Invalid padding & PKCS7 padding enabled) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607" -PBES2 Encrypt AES-128-CBC (OK) +PBES2 Encrypt AES-128-CBC (OK, generated with OpenSSL) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e" -PBES2 Encrypt AES-192-CBC (OK) +PBES2 Encrypt AES-192-CBC (OK, generated with OpenSSL) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94" -PBES2 Encrypt AES-256-CBC (OK) +PBES2 Encrypt AES-256-CBC (OK, generated with OpenSSL) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566" -PBES2 Decrypt AES-128-CBC (OK) +PBES2 Decrypt AES-128-CBC (OK, generated with OpenSSL) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" -PBES2 Decrypt AES-192-CBC (OK) +PBES2 Decrypt AES-192-CBC (OK, generated with OpenSSL) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" -PBES2 Decrypt AES-256-CBC (OK) +PBES2 Decrypt AES-256-CBC (OK, generated with OpenSSL) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" From 1f935f50270f759c4223ef08dffb1f09312c516e Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 10 Jan 2024 19:26:19 +0000 Subject: [PATCH 022/166] Add AES tests to test_suite_pkparse Test data generated using openssl: openssl genpkey -algorithm rsa -out $OUT -$ALG Signed-off-by: Ryan Everett --- ..._pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem | 30 +++++++++++++++++++ ..._pkcs8_pbes2_pbkdf2_2048_aes192_sha256.pem | 30 +++++++++++++++++++ ..._pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem | 30 +++++++++++++++++++ tests/suites/test_suite_pkparse.data | 12 ++++++++ 4 files changed, 102 insertions(+) create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192_sha256.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem new file mode 100644 index 000000000..276c61313 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIV3y5ahakUYYCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBCcu2VAdIWUQawcrlhFDgV+BIIE +0JMB3FUnHGs5otXZJvxOkiIrliuQiDjy8AuctQdVNhArYeTfTxW6wZZxacDOAJT/ +JvxbpKRANBSCp+TOf5jMAHl11L8Pr7Z22HumPjJXyuTwntG/lYpWzHKLo+V2GGFo +8E5Q0uya0A+4sL80JQMKa6G4BZGdnOwD1krUPxrxsNXVRbsHcsewUc1nKshPlj0X +1A4Fe6IqgichLPODluJcJo6tWCrhKdDxyDzCdZ0ZiJpUgH7SPo3XZ6GO68nlSKz6 +vwChjrkUsmgDbeGr8yFP4kuaagRngMovGQXcYyNBDWZQYKM7uMqz6zuh4VJuvAJk +h/d8WDkFz6fJAEpqYYDBqVj5vGH3Xq0e4LzErJ0s8jQuOy66noiQIXF5U9V6sLvk +irbIyEVcBUWUIs2QCgEVbKRTNAzo3+V690etqVYx5mW8m3CenJ4TrrtsQJwOZlF5 +tz6a+RNjj5EZKRx5WoOQ/ZyQK77+dg4lO0MbaUptBawsLifCQANmJ7hOIl/aG8ae +8ZnBUFYR4Cmomkcb/OjabGv5iyizZ3esf5kfmhvaRDQN+V7Vx7Dy6lzzpJ3vhxoo ++VRCFAVIS+XPvGLynUvawHiSWlzYFKeX6t9ZriIDomVxZE/+zFbw6iQmE4pM6jS7 +mgwuVeKFeD0zVOI3I3pXN0NBZYZgkO3gdly6QbmETxkZB2ccv+Bqe/DdAi4Zq/JO +prW8x4o5wogfn5heVGB++Kh8l9jXxqqh8f8txNwfR0oli/TQdT78FgXcaWbQh+e+ +vFtIAIHlGK+u+FGPJm4DuyW5LY+lYE0aJMD9Bre8yWVy3aF4IZ9KQz4gxObQS/mu +CXHqPCiuwnjaiGFwf6IuTvX3hD+9j9XvGKZn8Y7U42iwzKdYD6qRAXn4+v1G9KIV +cPB1XBCpnEk8E+whjaht5EnAk2I/vesT3akfemgRxEegKS1Ziu/bwTId5mFLx3oV +ql0Nb8dAlIkpDTwxGK7FgRhUwutml6HvvYKtG10OqvrFV026pyQnkVMBGCUMRKvO +ddNAKOr8Mz0qrme0osCxVBdLxnVjvIwsiPBsX2INV86xW7DUe50u+mbCxu4eXCsA +zIJps5WP+ol4z04oZEUp9DEFxILO65MBmWd8y43UqRaaAOXYU+IZ5Tyx0wPcSAbb +iLMFwZ5uA3rIXSvzesgdiX5oJOY1+Y4hpBB6148u2YmKQsNLC0FLodEdXrrDacS4 +jJbc/Zlw2Q2u+YXBzec9hLGsA63qGybc8gmrYYoutwv4fYwSFx8N5AiENFYughBv +EyYXx/gjsSUJOZpI7VDcTS5YiqxRy8VBGXM/ewcvsNxjLTiyQz2Dv8PvGdCzJHbE +CelmFM+RKa/NzkIv/SwM5hXKCO8wpXT5HApXiTxCjonX/f4Uqu0JxiHYqvV7ih3p +k+9kE2eo3GzXWPG4DvcKpDd8pz0aAV02+AGZatRceg0wpOVzo+EC7c8V0SU4De9V +gLyYzY53HLbeqhPm3Yb0yt6fIBfcRxLi7A86K9c2+Na4BFLJPvf7pMQLmLlcdp1M +wKQhQw8DFxxstrup98H29r2n+XzPukhZawQfTEJwfx8y1Kp1UvJOeg/wL1PayyNv +0CQRRMZ0UEb3o6GjSyb3j98oGNe1LAvoykqc8QsBlP6f +-----END ENCRYPTED PRIVATE KEY----- \ No newline at end of file diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192_sha256.pem new file mode 100644 index 000000000..06bcd2802 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192_sha256.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIw3sKoAeJu8kCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEWBBB/MRVI6fUEUiqwEb+tcClNBIIE +0JH3R2rIt9cTB0FcsWjoHKFtVy1DTtHZUwk5FlHXm00ngB46gIDzAbTdow6WpspV +H3wJgwU//AAE4bwuZ/AcQlRz2M+OuO3GT47EhjKvXiS3OjrIvkXp24LCS3lSbFV+ +dGc6A2CXlSHF9c/umrKlRtVpSXsnBlVhggVyI/1RidBmCeF2i2205bt/Z2mjODo3 +SlSZjZ8GeFOnm/0zSBxgltbemgfsNMo1QOFRTXblzRE9Ldc5DCPgyCNDHOVUugO3 +lrf9Wyak2oiUtCG5cApaeDTedQv61YK+Zt/ptJmXps/N0nskb3X40ngs+buDuAVP +7uUTxP8ZkvQdVcWD/FNweAPssAGxDcWhacVxeuXdDb+ktjZuHnYJ06lC5nTdJAi3 +zRuvXpYNPQNBfU2MwYV4P4g67ltqdtfZcOiqMIqtb0rWu+dfS0cVPUZHBhHATFbA +Tvo0GtUKuhLzGP4Zr6RSJVlxkjbNtfrE3lS1b5HwaE04F6iagRdH1b6f00FfFXAr +oTFz4/ykkY9q7w3yTLfX/8B5EUbcXLzJBZrAWA1RmsV6aiAvgh94587QprRrL6dD +gcCTjLeVIFw4QNQvzkroErWQbEsZ33cAFB/qJDSEd1FgEMh4LsbHwGP8M/iQNaV1 +WWgh43j3XjwAC2f17okd/+1WxhwpugEJ8EeSfY3oONtyE8sAXRhPLpR1eouRqTmY +5032TNhf9hzNIvJ1eYwehCZfZkvuqJxGe6rXbV579qSThzUpfz6BYylS+xcf6nJP +JniG1RodX/AkkicmKja4fNcp7JDDsmBPU9pLOfr8SodUlimGEQ8PGNNYIrOjKbHe +BICi0ZDSxgt+pPUfjeF9VIcYHF7vUj15ovbd7uJSshmEIIxdX2YDzOjoJHYevsyZ +uZm2ONA90R9szgJMWP2ChKXaNF0UySaG3hueWDRa7GJMPRjpCvcwhAw29YHSvNOq +MbQmyyjFDAk07BFXvXSahSXODe0HPVTbyT8eP2SO7VMPuOWdxH9+adOl8KPCx0L7 +kwiPgnRhAGaevOZs8M80EEOC6JLR9hM9LVCHWnXD41NvGgCSmu8SwzKzKB3KBVas +aSb8XW7IuNFZh2o6FfmDKUp0uXoifWVWe96ertJrHckRbTd4ZpjK2bWChh3WxE9s +0EYG8PAu/NSW7ARPgXZ43f/nYieSQd01zty8Vj4io2gVpQDm0YtZrv/a+gW3HSQj +mBmdDOsQmpP9gfCnOJOILlE/+ouVYiGeSMFbKc1tde1FBtwt0RGQVM7KoRb7itNe +AntBerIDERzq83iXvalzYdB2qw9yzZwvf5hGvNn+rDCD3aZTrr6if9QrrVeDYcTd +TTOVeQx2RgtXv4xdiV4epS8e7xOgLZphC52E4WTRoBz1qEJRHGj1HX8REJ7Q47HK +cZr5IZdLuIulvPPWcY/KLw437h7njAMM2rT0HqL5yZA5Bcnpj/SCQGRHew7OacSK +p1WKw2C/R6MTGDFplefr/f3NUT4quWybfHQG3L3zqjSbKBS0pVPlA4SPwhSgev3P +v+sShYuWwLTiVfzep/nBRcz2W3CHtHI2oahjEI9Vm/7WSdjxl7tSrHlsy7JbVuOA +3PF6QbG2JWgnyfmmgtK86iTchMlxBgWe5S5lz6kZNUXN +-----END ENCRYPTED PRIVATE KEY----- \ No newline at end of file diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem new file mode 100644 index 000000000..eb2ee1456 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIcVlPn8HF5kcCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBA6UHwbVfKyYQwiCmyTPE/QBIIE +0Na0hdMyQvJvRUKDvR9Gds0VrwRjHq+WBCDcHfJJRS5RiSCWnOCifZHA/zYoYZ4j +rHnuzmheOuGZWjUkdZQ8kVKFGGCKQjHKHTlfDhVv/SQzwYYWVRyaubDC2SKYORKf +zCFzLjr8RCwBo0ubh9q+QvPrmvy/jZYHYruU7vGseS4vKnWwnXey0ii8L2qD71Fo +uH6WAMRc6xHzm1W2WSnFZvZFLwCmGg/LlHc34TdCgXyX8dhJsIAwlwuCStFWs194 +A5h5ZrLiDdpGCThn47H0jx8kzVcoY+dwuJXgNfzAbzDgbRyzCpQx7Fulzf36iyPO +fq1OrF0+DUSrEv1GJTXT4/1xlpaZgR2RT7in7jCSE7XyATBLRrL9nKAQCmLAARnb +ITLWUPMmxJJDLLn9faBt7ZpyRzLRqGMT6nRNBouAg8DWqqcRvBLfi3TxoQ/KS2BJ +HMtyTfSQpghAsUUqraquSfyLoA1+b47gO+H/grQIMMnfThGiUx9MLOGFAvQ3Um8R +aoTm8X8RuAH3BALA0m9isRww/yA/dw/03jtByDYMeQ/NAHAgL1proXqsojHIYN5v +6vesHcATHGiFnPY0kqKVyIN1G8n5Gji5P875GPq00WN2kPMLiBG9woq9yZ+l5HYu +ofpdtpQRgJJSmEBJgpvwxoJKTUa9mYN29klYiv97AwWj2D2VsJvjG+IlfVybUB26 +mkenc3Hve2V2JueYh8Oijl1j+plc61tYJ0WQloZHQWHSqCJkXEMqUX6DZZyxREix +8kUuWabSkxSq1uRxf7iG442oaer5mhktpbEMWyA22mJLfXBwNaULqlhZGdeqKz4N +zwE0vg1rug1ooLX/s85n6h0FMD+ANbbNU18hQaxmjiCETPp0txAVWpaGAQZsYkW2 +ff+Aj5Mer/qB/K/TBh+7c5PkwcpTTCF/HQ2XF3B30lsBhFmsbXBkvxThhgZkGHfO +EQrxsgc9pwQrM3WT70ZI3uMrN5DfK7Dp+AVwIIBlEeai6FEMpZkg/4tPYK4GkwWP +ZEzSBoUETO9up3NwKuYWS3VOAmsOO8qRXw9bynV2WxMZ8NTWDmSKX+MqYz28ejjK +/5EYX3uW1NVjz608QbzT3XxNtX9B/FTPT9OlK8IxeiOjfDG2fqe3k7bYBZGVC2/M +aCaVPTND8xHsodxIoYbEbF29YSV/FLtw1eQ3LpwDN5OCzXpiZ65A4PxnB3iPHoNl +8o76h2dcksN+NKsdjnRH95b9V8CVlc8QwLBSCWk5bkfTXLeSkDM14jpJ0+BCuAyD +bdCo+R32ItDlke/L6d+CtVbyhDJigdl9w9XKBJ3f9XKw6Q4RnuCNQf3fqo1h+vVs +Ia4Mau6XSKyyZtEH5F0mO0iwpYBxPz6S9u36WnI6ot2Ep8AlfjBTRbH0g/luPjaz +9Jiah0i9p79L3wMNJHfqkdkUvJyLKu0rTy23L0sw3Eg9rx2TErrlIWugoAi0peia +36sC82X78xIzOCq1XwaIojnyB0fqxJDn93BI9dKhnBzWP54oY/ckq+ixb1oBQ0Kx +sLWcOwbT/yprpo36ZMy1DcxjjVyEfRmzwJJ65qFk48XJ4JIswdmaFfYbZ8yQyRiy +coJGwITg1bspV4krBAspArmqN3D4LviHXojUMxD6Sx8R +-----END ENCRYPTED PRIVATE KEY----- \ No newline at end of file diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index f82dcb5e2..67723c91f 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -890,6 +890,18 @@ Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +Parse RSA Key #99.3 (Generated with OpenSSL, PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA256, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem":"PolarSSLTest":0 + +Parse RSA Key #99.4 (Generated with OpenSSL, PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA256, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192_sha256.pem":"PolarSSLTest":0 + +Parse RSA Key #99.5 (Generated with OpenSSL, PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA256, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem":"PolarSSLTest":0 + Parse Public RSA Key #1 (PKCS#8 wrapped) depends_on:MBEDTLS_PEM_PARSE_C pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs8_2048_public.pem":0 From d00a138075dd2032faeabb6a40b8196053b97a89 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 11 Jan 2024 17:23:15 +0000 Subject: [PATCH 023/166] Change test data for pkparse aes Test data generated using openSSL with: openssl pkcs8 -topk8 -v2 $ENC -v2prf hmacWithSHA384 -inform PEM -in $IN -outform PEM -out $OUT -passout "pass:PolarSSLTest" Signed-off-by: Ryan Everett --- tests/data_files/Makefile | 24 ++++++++ ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem | 56 +++++++++--------- ..._pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem | 30 ---------- ...cs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der | Bin 0 -> 1329 bytes ...cs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem | 30 ++++++++++ ..._pkcs8_pbes2_pbkdf2_2048_aes192_sha256.pem | 30 ---------- ...cs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der | Bin 0 -> 1329 bytes ...cs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem | 30 ++++++++++ ..._pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem | 30 ---------- ...cs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der | Bin 0 -> 1329 bytes ...cs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem | 30 ++++++++++ tests/suites/test_suite_pkparse.data | 30 +++++++--- 12 files changed, 163 insertions(+), 127 deletions(-) delete mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem delete mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192_sha256.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem delete mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 21ca489c1..cb4a683f7 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1045,6 +1045,30 @@ rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem +rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 aes-128-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der +rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 aes-128-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem +keys_rsa_enc_pkcs8_v2_2048_aes128cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem + +rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 aes-192-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der +rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 aes-192-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem +keys_rsa_enc_pkcs8_v2_2048_aes192cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem + +rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der +rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem +keys_rsa_enc_pkcs8_v2_2048_aes256cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem + rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem index 0d1b587f5..f917af2a4 100644 --- a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem @@ -1,30 +1,30 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIYFcs8Uhn2poCAggA -MAwGCCqGSIb3DQIKBQAwFAYIKoZIhvcNAwcECKCBLl+C+3nCBIIEyEnIPlXdh1e3 -+cnyhX7dCRzR/NsygcRBJUPdwRUMAaOo/t+oZxFmHnblchxQ+pFoHrI9GVwg8uID -meEHlzSSKt8kOTvJ3C148jRFJy61YH6k5GEN+z5ihS9uTszaXRUlEsGfP1/SzWY9 -ME+pX+0kwJ4az87mYKyNUwK4U5d65Ic30pvRJc4unvFtRz6wtwqU+EV283pXHfyc -VNgQFjb1IPHEz/PSuE9p94mQvdIbVmuK2dRiMag/HcABvVhxzLldKyEHHhrHR0pa -gc41+3HVjz0b6RPE24zNrxA9bU+1URGwlkIlh7Jpc/ZuYRj6LQ33xUdYZcMZw0b4 -pSFJcUgX+GUXLyWLqhIxxc+GIeL2Vt5G0ea5KEqxOvSj2bJV2/JA0KtmrcIjX5Kz -d/9bAvxatcqIikVNVkQpUc1glKiIBfVrmyJ4XUlX9i5F3cgl18zrYUI4zPSBn8o5 -yxSfCuIMx+3zS4BiyugGNOclIbpLMjQuMrXxrt7S+QlXfdbXvyNfxa3qfqf7/P2k -ykxl0z1bjvkck6XoFGXdb13isUEtY2NjujZKZe55BLGqr7FsIIQSTAHilwMpK+CV -fA1EL4ck1+7FV+l8fJ0nN1Li1xOnDeAFuO2m91uibNMYPvRSoX9c+HQKXCdGfiuk -5tfNaq8bbXeIJ/P8wTjMZqI2l6HZRuXvvmRHN2zZ4BSsT3+61xtvSTISEimDSm5T -hYY583LG5lpFoOC0Y4EUw/ltmQpKW7AGkLg7SyC9oKvoeWM4c2t8HrL3iKPXtkwd -A/iEfZTxzmR57u+ZMlbws0evPiZQml8voJnuT6qwbos7g7V/Pc3Rj+b84JZcI2Jz -D89/VudIHfFDTXC/gcSRG4bd0glILJHT9FOCAlX5TEuRyeWasoVOV+m3Pi8vQM1u -tCsjE9UdoIdhoI5j94VhzHApdD4fePcQW9DysYa2R10gWIZKUvhUHH3FWLR2X2gK -Wiz5YkhEGXBRtDHd4cx8EM1bJMKwFyYXjXTPGfGlGiPt8b9u4F++IlsKcgGgPIvh -2rIm4jHuN3LRRlFkJ5B0kuOOxZ6GBfxasS+Ix4DZoIfqZsGNI5Wu2ikGZOKxX7Ij -G9RvcdpVV8C2Y+M9qI2+x93WAtQ+NRJo4/+gJ0O9bVUhjjAmIHu2bMtbvr9aPJhd -OpB9VQxB3c5mEXkNOV52oOGnIGVjbJMb4e3/MRpWtTFVcX6r200Gn6Hn3MnWZXdd -H7pOpAowTcTlFcbJ0WWjfZygj5HKKUOFzPYNnXKizjzQhF6yK0mphKFY+8tpFQqB -mV/1HlWJTSsAmh/FN21B2qq+KRiwMdpzKIEKC47mK+dzzo1mrTqmExvbiaLG8upr -KMb/lEnSCasiZKTh71J3+5vUE+Nw73rYNZcdh7fj+GBK9KJ3hdKwYc/9yyQx1Lua -4aXnUM6vQAsV+OLYNQE8vXMRtuftbPbV9sqiBLPIc/0P2EJ9mbEye8FM+koHUCKo -xtJe5SK36DMwAas6tjimouVgWTcAdbq9r8jQlCJ1WxXPUcCJdv6pFQUGKQ+34TMK -uWOhErUNRdqel9DthU5ig5dZs2DqlzbRzWYosZc1B6Q4/nua2JiBi8IeqtPILr2a -JYJ9DNzxn07lcFHiVgrJuA== +MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI11AY9mDsg8QCAggA +MAwGCCqGSIb3DQIKBQAwFAYIKoZIhvcNAwcECDzvZWW4smTrBIIEyG/U2B5LazZZ +rzLUN7V38xI1ZR6rcBJreOk0QmVOSk9QMh+Kq+LmFwnY2NY+xikAfRJKWUsjk+h4 +DzCWn+nsrvU2wK582XThWYwJ79BIwkweUWV9l1Nfw0vyx/FkcTHE+eGPdABBL4BO +o4uajZso7tYY2+jyPobqSn18j2TInKbHR7lB5l6OAX9FsV0pGKYBgKxa9LTj7ufD +70G5WLHJAfnTX/6+wWktDOMMCPTXij3qA0fyu835shMUWQ+KUx0Dyp2A6qeprV1Z +nklRzevWsA4pbNMe+GG3WrRj52YRVuwDJjgTeq5rIfyoyLGv0ZUZsa/KEP/oToe9 +CmFPHWA2RDpK4zD8lscsjsOj+B0UREcSw9CdL91rFZkr++PuI3A1/T+3M8DkjLiB +CvSVziZLyZaqUVd0UdXrHyGeFxIMAx8xfYGiLi/EEay2zEScGbQ2kU+N1Vpuyu39 +PoEmqNOchoEkLeMVTYTQDfK3LgYQXpvdLCQQG76AqRIbuY+ZfYYw8eWyJhm78Qwx +fAenH4i5AjgJcV/5xiLpj+1trdefaCSp0Z8XY7ng/xyNCOOdSbBOPl4JnD6snYaT +06dtpowP7gcN3bZQo/r2XsH8F1VPvjG2wZ38R7aHlF8vjCZ1gUtCuraoM9AAdVoW +zWiptA4Lc5CAp+kDa2Nf5gyL0lvN/IbWYE23/OMTECmwG+O/HNtvltmdmYB8Ze6A +pdlkftjf/NvFsHloJS76SreR0tpWM8rGnSqQdecWLutgWP7HiK6C77UYv3b71SVj +ga5uv2l67UAj9EPTizZvLJjn0ubylfCW4eaPkEJBaYW4uG/3BcWzpLRnGyq6csMC +/tly2Y1L9dBqyZMIMW/ZFm8/64K8IRaSu/8mMGxjQ7VHeU6JSDk3G4by8jdYjLA2 +Y3tWYaelX8oE02jrwv47PPFWft/P+3Gjwo8lFq0zQTAk2C1vHs44jLzsOxfizo6s +mzmGh54JFsdE1tlYoa515Id2I27vjCvK6XbbgguinHaIsRgaRnCyyqEjO22z2zP3 +RpJD7FdugvZDepLfII1H8+JlbyBEd2zByMIPehIeM/HWWN0ukAgIz6yardrCYiuU +hXTqTz6bzaZMRJauPt/gpSvAx8kTKr9nXH2VRiToUs3ABjT9DN1/mQ1RlA0NmK1i +qfsMRXWzckaKgmJ8fglxEY7UR6fOqt3325yVQ/x49AKBxBDO9wmfpHEO3aQY7+H5 +hP/5tuc81226VFbyTERtTaEb/I+7iiImcWtVW4bB/1DgCu1NTlay6XaHOoclxcEE +N+d/3wDjSrsUhAKcK42wNPa74eSZy9ElJ+33xC56tqxhvo6YdG7VFu3S8qnhaXf1 +ijcRCw7vr2ShGMAhnloz4T+IX3ZGrzkVSXQG+rpaFag0b1QxeS6w/V7F8u+wljnq +1BzIfEjnE3lpR1eiZ8Ygu/n4kb7n5gHZqd1C8QiFZOGczX3uKFbH3/HOS20A+/6R +3rkjCQ+Uyxl3+wVdyOSpUCqtLfJBx69CM/6lDBPrliQ6DE94xKFrNEogG3IE36rW +oSCJcveg3cdbrHSqc+3m36FbQl2YKy8hgBwhrym2xHZ/ZS+acUQsN/V3VvEym3N6 +QXFLn3yqnmpr1g+yqXfQwA== -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem deleted file mode 100644 index 276c61313..000000000 --- a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIV3y5ahakUYYCAggA -MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBCcu2VAdIWUQawcrlhFDgV+BIIE -0JMB3FUnHGs5otXZJvxOkiIrliuQiDjy8AuctQdVNhArYeTfTxW6wZZxacDOAJT/ -JvxbpKRANBSCp+TOf5jMAHl11L8Pr7Z22HumPjJXyuTwntG/lYpWzHKLo+V2GGFo -8E5Q0uya0A+4sL80JQMKa6G4BZGdnOwD1krUPxrxsNXVRbsHcsewUc1nKshPlj0X -1A4Fe6IqgichLPODluJcJo6tWCrhKdDxyDzCdZ0ZiJpUgH7SPo3XZ6GO68nlSKz6 -vwChjrkUsmgDbeGr8yFP4kuaagRngMovGQXcYyNBDWZQYKM7uMqz6zuh4VJuvAJk -h/d8WDkFz6fJAEpqYYDBqVj5vGH3Xq0e4LzErJ0s8jQuOy66noiQIXF5U9V6sLvk -irbIyEVcBUWUIs2QCgEVbKRTNAzo3+V690etqVYx5mW8m3CenJ4TrrtsQJwOZlF5 -tz6a+RNjj5EZKRx5WoOQ/ZyQK77+dg4lO0MbaUptBawsLifCQANmJ7hOIl/aG8ae -8ZnBUFYR4Cmomkcb/OjabGv5iyizZ3esf5kfmhvaRDQN+V7Vx7Dy6lzzpJ3vhxoo -+VRCFAVIS+XPvGLynUvawHiSWlzYFKeX6t9ZriIDomVxZE/+zFbw6iQmE4pM6jS7 -mgwuVeKFeD0zVOI3I3pXN0NBZYZgkO3gdly6QbmETxkZB2ccv+Bqe/DdAi4Zq/JO -prW8x4o5wogfn5heVGB++Kh8l9jXxqqh8f8txNwfR0oli/TQdT78FgXcaWbQh+e+ -vFtIAIHlGK+u+FGPJm4DuyW5LY+lYE0aJMD9Bre8yWVy3aF4IZ9KQz4gxObQS/mu -CXHqPCiuwnjaiGFwf6IuTvX3hD+9j9XvGKZn8Y7U42iwzKdYD6qRAXn4+v1G9KIV -cPB1XBCpnEk8E+whjaht5EnAk2I/vesT3akfemgRxEegKS1Ziu/bwTId5mFLx3oV -ql0Nb8dAlIkpDTwxGK7FgRhUwutml6HvvYKtG10OqvrFV026pyQnkVMBGCUMRKvO -ddNAKOr8Mz0qrme0osCxVBdLxnVjvIwsiPBsX2INV86xW7DUe50u+mbCxu4eXCsA -zIJps5WP+ol4z04oZEUp9DEFxILO65MBmWd8y43UqRaaAOXYU+IZ5Tyx0wPcSAbb -iLMFwZ5uA3rIXSvzesgdiX5oJOY1+Y4hpBB6148u2YmKQsNLC0FLodEdXrrDacS4 -jJbc/Zlw2Q2u+YXBzec9hLGsA63qGybc8gmrYYoutwv4fYwSFx8N5AiENFYughBv -EyYXx/gjsSUJOZpI7VDcTS5YiqxRy8VBGXM/ewcvsNxjLTiyQz2Dv8PvGdCzJHbE -CelmFM+RKa/NzkIv/SwM5hXKCO8wpXT5HApXiTxCjonX/f4Uqu0JxiHYqvV7ih3p -k+9kE2eo3GzXWPG4DvcKpDd8pz0aAV02+AGZatRceg0wpOVzo+EC7c8V0SU4De9V -gLyYzY53HLbeqhPm3Yb0yt6fIBfcRxLi7A86K9c2+Na4BFLJPvf7pMQLmLlcdp1M -wKQhQw8DFxxstrup98H29r2n+XzPukhZawQfTEJwfx8y1Kp1UvJOeg/wL1PayyNv -0CQRRMZ0UEb3o6GjSyb3j98oGNe1LAvoykqc8QsBlP6f ------END ENCRYPTED PRIVATE KEY----- \ No newline at end of file diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der new file mode 100644 index 0000000000000000000000000000000000000000..00519400f2d3cc307206e207be2db90425a243dc GIT binary patch literal 1329 zcmV-11&LNQU&90Ul2Eo)JX--{dq z0tf&w3%ZY%eeqoARu;zjI@zJdnPpVp`i6rrw6Hoo8hZmKj(m zyO@1y#MGL4Q-xXe8ko%;AYVaFr9V=^YL05@I{bO-!^an{7_E(znO-lBbWfJl1%@tT zI>K<8U6T@2DS2w`Z8$|llZW7X4G}`TbUP3Nu_gAogQ_PQE<49}g0j&`M@gIY`&Bn| zrOKWZ8KeW?L4DRbV}FN{Z;lY&-aNqgN#x050n0b>cfU zd_&Krpp&lTGtP}tnAzXPTq&GKLa+`^!7NB}31JQ_0_=`SyR=s{gf?T8J2XM zASB2SiODzW97Ed2sfNzBR__T)hz;z^m@Sg^#Nu}GBo9$olPNY_qkWPS<;6DM2c+7L z#2#?#s6KFQa(8*(9xIVtI#|_YyJWcJxMTsMG%=17BpjF7J5cIaNfn&9XW45uc*EO! z$FZYW*Pnj7aEpzk??XJSfWJaO$+D#>V&IZA{k`wro-3{J-0&S2n7k3-#TjCnn;@2F zA(9Vx4vtGHAnJ2r-@BxS@Mds$2X%u7*3F}l2o4aePmr@O?phM}m6b3CrKW|*X*yQn ziYIJQ1vZOZ3&AAmzWQ|Z6Bt=~?z360evrKOrkTd+q{j}bm_SbCZ?^NH*E1qA-kY?cMD>wTO{K0B`Tpx=eIz_$?h3HN< z19JMlnuz7Ko9zxxadF8Prnq6Oi)i(r4VJ#hIs|6*=&{j1x{L4t^DGw&g>W-!)rA`b z578x{>`88E4*yx%U$9{GlpWt7LIFa?)71lwB)T{pO^sU3RAzWI zxfh3FGuzx|4HsExNO=XQ9Ug9+>OrhqwSV??Lvb0Vkpfh*?f25}ok-OlQgg|81R=9k zoqgjG^MMAx>t9FQc49CKTjomOI{4$UdG|MehhZ6l;{5>-URnmjf8?x$Su(jcJ@${_On|eFeC(;Q@>Kr8CEn zQ(W0dmSJaEx`Ln;`}I#C9$mh7q7bY148WmiqHp5345b#-t3qL0*~~tCY6`dPgNX`Z zWqnxO14QH+Gi)^UBNx)iEa7T;x)K1MO!u@BB8OqX#Q8#}-VK!t8yIehpfHqW^Y3(K z({<<7=6imND`5{JXz&R=dWSPPxI)KRuSG!}InsW^4JHY4h}_3i1jKv6;K^(d9gFjk nMO~mF7aa(U$AS9&{!Wj~?w6I4+#BDS`nq#=?~*tQPhcl(&LNQU&90UkDqAt z0tf&w3s=)T1cC(6 zw1rOHCLzruT3Ix3J_9NIrY7AGr$y*Qzw;EXj z<&j5hSL_w*-o13>$vVmQI;Cp#Ok!Ph`r4$Ql#*>^ojHksgxQRr0XZz$!{2_l8_(+I zr7uv^4_*~vS!;QIqN$-6f3=a#H^6MhBg?%oCde1CEVZ-N=$Ac0;dDjOQv#6rZ)2K@ zGlO3-jMQl(Ysh0DQTUiSkvjjS6iyw?PoBHUlYv&&X-|@HM4E0H7+cV(lHw!Q!84c% zyo_9oDfuCuz*69T9071$1Y1(rdv^)8CEmfRk75kkg>^URz&fuXQqtqfj7mZvy1zN& z(_CZuXcu929yaIpB`aKsh9*45cklI9lLOR7aL}152K@>IVGL+NOg6xd${4J5$F%r z^5PZh|KWE~R#Q6dm8ZV%IO&@U_-^1DTa>C^^`41X!+8!wXBKw2qq?wiK|p1i%{t$7^ZBus*7`?3R>BKd9nzx!s_U zrwu9U>Y@PKa31p)iNITu5y3gV$JZFx$c0kuqh~nZEF)DkwR#8UoQ1{1Qxo?UVslo~!) z$QD*JnmrdD$K&U6K|pGdDIqYy^00{Wqa6@$?5u+fkh_9Ob{t`kXbCx{5dy-8K>7W- z-qd{JgAmDY2r2g^oZJC+iu*(ZVbsetqdAhUaFgnY1aux2h$G$Wl1gKuW*dWQ%T$;y&8Aa(Ogt20+!tSs^UjvYeAWL9NRyiUppyk2HbZW=(3n zYfj~ebCIe=SkfC>8Xin;?qHi-UI@_ey-35pa^HvfLfGCZPHr|WhLvAC0I`u0BAL2+ zdFLtO5-6TbB|6I7kiA^WrjtKCWd`e~hIu(BwW&nRE0I+wMh=_2n~RYu_<_DYkZg{#%}D1{ieTo8$L7)EnlvXhoCLH(Vo zi_3;~>=ZS+aZARUkotfCa4rxgua1Y>W7$|;j4-`m|E@xuI3Q_Ie-(xX#5Vl$)KG`q z6c;pI`0GL?cbpq;BL!%+tH2AMWLWliX{SnjSx3$`W@$MRuuo*h@q(#BCjo93Cd}fK zUOPg&oYK)RXX@(LuRPpcuRb9C8{GtVPMR^8bzN$N;R65di{z%Ob%Nxcg2%;#9mTIM ns%=zS6I21S<3ME|Frcv4-lguEO{pvGT=rW>2CCR71B_Rj1p{}Z literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem new file mode 100644 index 000000000..0a36a716d --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI8i+OtR0wbD0CAggA +MAwGCCqGSIb3DQIKBQAwHQYJYIZIAWUDBAEWBBBHvOq1294P18bekzyYVp4QBIIE +0AJnZHjPZcPYKdSNaNfPfc2s+UmTgYeLCun5sd+9KIYyozJ2ljZTijsdp/hItWTu +DmHrfLTLV8mtL/OFJ83u0rDoHVfSrDLwFMAy/nmbtlLYPFEfU9MQ8s2OtvKuobmI +b3x7b+MrTlG5ConptsQQw5tl3dza9DZGfHUnO2EzXorytSMLFCGeQskzbN7Y/Sbf +2+IL5yoifcfPddTbKDyTa77K2516tK2+WTU/VUfv2r5d5SiivZLuMjIYrbneHYoq +hW30BZozCqJKJ5G2jwNjLUjPirA6qtS0Y1tIb5rRjZ0pSy1X5oIQL2laZLrDo9gP +/Ud8m1k2nv9Uv9HPM+G4xCMSiJVaptYPyzFQACcSdA/BVUdBC0EwzIj2nbaoAlM0 ++sZ2Asbohnds/AsDz+/b6MaMKg9Onoort0zF/HtpSII6+WSmvGOaV2469JEIvZlU +JIn1YugpDPIe6/B35J9sYfvVNKVsvJntCKxmcz6Nw2VvPKXC3o/bseBqAhLKDMZZ +Hr3id3O7bN2ng3lKuGofmQeMYnW4zb4coXytdc/XCvf63xE0NsUEBFuRMpc9iocC +2RMBEzNyE4tnigI61T/zkpwgBic1p/isGoXMdPWl+Z+IAIYgyxOVwO9g78yVW9tp +1xF9WzJrGHKNT9RLmINyo3jt/wRj8Q+T0EG45cDQcHwpyXdNS614hUCIaeTvQcR9 +8F+f4D8IvL+GJt2EtbqL+D687X/hptNehpFf+uxGiHQfrtOvYS/ArNrewa1ts9nq +SMAE7Hb7MzFdnhDqRFBa+//H1jvNkDx3qXfb1/MNE8pR6vjcueKKQ0BzlrNX1O2C +oz0OCMeDfXZhWdYmNjLNcdbonrvq5Z9nOUEdw2lNWELT4lOAmqgA/xBFdQa4glCx +WS1r6DyjgTdGlPbcGugRuTcYXNx6iikWzoS1369maz+WV9qW7r8kA1Fs7WUiYnOb +I1E06yQKVANe+t2SQYN2jPK3EsFFOBxG9tlcXbZVxvx9m6XJR7f7YnLPN+b0f1qF +cT2c5IhK5pKRiZds82lWBnk+eli+qUXILIBbDvBmY4PyPk+kyewAHI1HWBfoSH/3 +aLIV6JPgwjAJKnr0++jUqETID/yGyLHNNy1u4ALyAfbFVU//RGmwAxhrBNPdVVGb +rBfKL+VL8Hu/m5XWXez0nHKyD8J1i/XO1OutBsXYxEn6Xnu9rJn8F6nJ+XB3zt6K +QdkUp85t3GM0wyizuPRWJrSVfYyjV41yEBXqe2lgqTT9dpvpgIRtvUeq83e8PD/3 +6qKoeTv+3cppCFZ3vLArGvsvRTcbfc3YEzXxz6gc/1HTzd8UpCnA/9+jepG3IzRL +1bLs8QVzIBAT/UpuC6QWUdAR/JZMEFLU5FnRh6oXuh2Zys66Ot7LyNhnGlSEPlXI +polURx0bew+QigBGiH7NpyMgRi9Wh+1HOA/wsAp4X7O+DhaX6vdiDbQoilN1LclU +TRFShpuaxwRA1ek2Jz3JLn7wCsGaVXrd2v/CgrxofCWzGjR2RWj9hAkV4eoJ3G6A +x3DhMRrqXc/O3ON9TyhKBZP1g35In5bZmBUv/o+7eYV7KDETxPwsD3A+dCqUJObU +kyZehu2DsfyZFI98SnecRpb0M0vi6ZZueCykOVec6xkX +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem deleted file mode 100644 index eb2ee1456..000000000 --- a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIcVlPn8HF5kcCAggA -MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBA6UHwbVfKyYQwiCmyTPE/QBIIE -0Na0hdMyQvJvRUKDvR9Gds0VrwRjHq+WBCDcHfJJRS5RiSCWnOCifZHA/zYoYZ4j -rHnuzmheOuGZWjUkdZQ8kVKFGGCKQjHKHTlfDhVv/SQzwYYWVRyaubDC2SKYORKf -zCFzLjr8RCwBo0ubh9q+QvPrmvy/jZYHYruU7vGseS4vKnWwnXey0ii8L2qD71Fo -uH6WAMRc6xHzm1W2WSnFZvZFLwCmGg/LlHc34TdCgXyX8dhJsIAwlwuCStFWs194 -A5h5ZrLiDdpGCThn47H0jx8kzVcoY+dwuJXgNfzAbzDgbRyzCpQx7Fulzf36iyPO -fq1OrF0+DUSrEv1GJTXT4/1xlpaZgR2RT7in7jCSE7XyATBLRrL9nKAQCmLAARnb -ITLWUPMmxJJDLLn9faBt7ZpyRzLRqGMT6nRNBouAg8DWqqcRvBLfi3TxoQ/KS2BJ -HMtyTfSQpghAsUUqraquSfyLoA1+b47gO+H/grQIMMnfThGiUx9MLOGFAvQ3Um8R -aoTm8X8RuAH3BALA0m9isRww/yA/dw/03jtByDYMeQ/NAHAgL1proXqsojHIYN5v -6vesHcATHGiFnPY0kqKVyIN1G8n5Gji5P875GPq00WN2kPMLiBG9woq9yZ+l5HYu -ofpdtpQRgJJSmEBJgpvwxoJKTUa9mYN29klYiv97AwWj2D2VsJvjG+IlfVybUB26 -mkenc3Hve2V2JueYh8Oijl1j+plc61tYJ0WQloZHQWHSqCJkXEMqUX6DZZyxREix -8kUuWabSkxSq1uRxf7iG442oaer5mhktpbEMWyA22mJLfXBwNaULqlhZGdeqKz4N -zwE0vg1rug1ooLX/s85n6h0FMD+ANbbNU18hQaxmjiCETPp0txAVWpaGAQZsYkW2 -ff+Aj5Mer/qB/K/TBh+7c5PkwcpTTCF/HQ2XF3B30lsBhFmsbXBkvxThhgZkGHfO -EQrxsgc9pwQrM3WT70ZI3uMrN5DfK7Dp+AVwIIBlEeai6FEMpZkg/4tPYK4GkwWP -ZEzSBoUETO9up3NwKuYWS3VOAmsOO8qRXw9bynV2WxMZ8NTWDmSKX+MqYz28ejjK -/5EYX3uW1NVjz608QbzT3XxNtX9B/FTPT9OlK8IxeiOjfDG2fqe3k7bYBZGVC2/M -aCaVPTND8xHsodxIoYbEbF29YSV/FLtw1eQ3LpwDN5OCzXpiZ65A4PxnB3iPHoNl -8o76h2dcksN+NKsdjnRH95b9V8CVlc8QwLBSCWk5bkfTXLeSkDM14jpJ0+BCuAyD -bdCo+R32ItDlke/L6d+CtVbyhDJigdl9w9XKBJ3f9XKw6Q4RnuCNQf3fqo1h+vVs -Ia4Mau6XSKyyZtEH5F0mO0iwpYBxPz6S9u36WnI6ot2Ep8AlfjBTRbH0g/luPjaz -9Jiah0i9p79L3wMNJHfqkdkUvJyLKu0rTy23L0sw3Eg9rx2TErrlIWugoAi0peia -36sC82X78xIzOCq1XwaIojnyB0fqxJDn93BI9dKhnBzWP54oY/ckq+ixb1oBQ0Kx -sLWcOwbT/yprpo36ZMy1DcxjjVyEfRmzwJJ65qFk48XJ4JIswdmaFfYbZ8yQyRiy -coJGwITg1bspV4krBAspArmqN3D4LviHXojUMxD6Sx8R ------END ENCRYPTED PRIVATE KEY----- \ No newline at end of file diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der new file mode 100644 index 0000000000000000000000000000000000000000..136cfb95e32e5143abc65618e79f96451fd28030 GIT binary patch literal 1329 zcmV-11&LNQU&90UlPFNBb^`2A)A z0tf&w3kOAoM$#BWCe;yF90r!C6437^Gmkxb z6=IPvb6A~Dmmx@3E=cXmLHrw}eg&2zHndfJC0t%@gyF4xb`}?B_i(Mdw^FRcKTBte zU*^b607){JM%gpYJEWzju79RR@x(2k^puv&OD_abvLlZlHE%T@#)9A%W6t*UAh>gGbdPAQYC6!JHqky;<0Ozm zolz-jLW#XtT3yqU$}^8NX((*G`uSr|4He97P`5l!pS$@n+|^%0B0O|Pstw=ptbF)m zO=)eFvX`~?7l#Hj^6b@LO{;8$)uH;vgy6g=+4;`=u<(G|aZ8T~|vk&bbbZw=0Z=KK!GM}$bLL7B4q+U7JW5#^L{^*1Tz zEcd~DlUlMIhZOQkm%Yo**$rIb6XtGpfMC5ezcUG3)BsBFgKSnSq0| z0foW^wRcq&z+&WteMR29r$iI*T9fg= zGtMxK*XXNIDFBgJvnx~X8Wrgl*YL)#n6^gGMRu)8nN=Bd0T8avR+NDc}rqJpooRY#SgEDxX1o z!;iFYe$AG(HF5a8|@-Zb*}RGQ)caSspz0vV9o*h#L$UPkcRc!F6o&lseF zE{@cQp227{jt)>|s|5?gQ(<~wqwT^HqDKmwjRjH0Ve4Wi6K;Jn`bAXZf1Z|I66?PN ze@)7^ZlIL6hgLWP83ndXIO!d=PKCSe54!iX7^$*&$t%iYONE5yji<;@4fyli!;u2v zsMu6C-IQ1;+ogM2O-#w@)$LS}bXFLBRRz+C2p@MaVv`M`-lf?bnlg{`km nxyhPoC#DQYb>O3IxZu#v);EsqKdk4Z(g8)DM}S@RkHrM!rGa_o literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem new file mode 100644 index 000000000..da2e90f79 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIhWg0Xe90dAcCAggA +MAwGCCqGSIb3DQIKBQAwHQYJYIZIAWUDBAEqBBCRE60k0URZBki+hlzaxgZgBIIE +0Hffn1sg3qNNUkFDHdbvU9E3+aaMJKWqDS4bUqGguT7Tz36TPM1drUZSFyWvPgNY +dXonxu+2h6jzRny0clPyp3kCbJEqgvyj0laKNAfV1fmJRVkIFiCMs0iBLQnyjAJb +IJ8hGxsnotdvmL3oTvHq0YawPXRXVDC4qeO+PzcDjSZ62E+Bz1bE2/tLif1BKd0k +QbccsD9pCyF8pauCAxgN2AWWdus3IzH+hWUf4DTT7AhCdYNijY+ZmBgKGkJoJWwl +aIZrPGJ7tNIDecQt86xLffKifI/b2dO5e3Q1NgNzHM77ncoeLr9nFSlsc2W3qA/A +gEDcuGj1ujchKK70Phfz50HMfnP3pCqLk8jDI78/TSvHDiblF68hsUbAsvbtHNu6 ++AXlDdSU2bcRyQRsjvaf2lMLt+qkUX+P640SKnXIYa1o9dv4+alE4XTZaimmOnao +DjYm6bTHAYcE//DW/LXt7V+q1KCPqpoHMR140vyjIRN8uEcPXyTka6lU34ypIhUb +N7ggLrXrCjh3nJo+nCtXOIMf9O9eD9I/0i8dktZFuTRj1sO/z9J/xFxHTdBG/BB5 +1MEmwriRubrw5Ud+uXnRq+lg5rW3n4+5TBvwYq/GLfyj36ojegbE8OdMfJJqCdd4 +zywMXwYiMi76gYAwEL60DWRn+3vud02QwY8hBXfiOPq2kxazvZM5SWy/1bPgStkn +fG9uzE8n/ABZA0XWuV8hNAcxYlS+0s3IguvvHogQtQMYTTg/D3OODpc0f/+y3O8N +qI5Iym1SrWpnF8vVFZsMblMDr+tbeCvYQ+HuaTc0L5cpAozoY7iCzuqwDHFrYTzC +rSZ70V+FQ956m4xkCBu6TrzqzhA8zfDFs3z9LfV62v9zLgUS8uCKSKWxznM0IdiE +ZnNrwaE1xsO5QN8LfvlO4NVVxN/ATie5tmlLndS4c2ZkswcR3WM6cW1buVaIPsz7 +lU7sbd/I9pWpzd3eZNkVrWpyWxvFQxBUNNC5IXcgRBZsGgVGRw35LBlWXKluKrVi +Z/FAf23dt3n2S4dtJ+Fd2+YL/YiK0lqtrm+GkSjmMvVQ57PJn8QvW359e4QsxDyN +wv6iEQDUqZcQ89ggdGdoSFFgBtFACc9iCKsu5AjTJl+Tql/A3FV7SwYDfZwQuT4e +gc4dZPuSSVd8cttUeFUmtrPCMx2nP7ZDVYFrZyK07eAIL89gv3bYWu8R/wMKNvzr +g0Ao0+AnfLJg11C8pAhJea1dxwu7g6LSpA+oCZov4RpqUnLKMCpPbypyFhSizZtF +evDMf+5aUAbe0+ZsCjUT+RftpzYCPV9uGhYhLMIFRP/7FCcHMrDn7CbAektm063U +EwP2O1rUrMhPWqRztx71cGBloeVPE8Ddwnsorr4M7EXihZcvNsLfz3N9NUopkU3M +sM2fEAnq2KMyrrwVGRSHvm70gUDpJeFanRBsI9z1Tr4r3utHIIQ+0u9pFPbQln0Q +4X4U7KbKC4leTYGMPMFOPXihiMTazNcs232stAYUYe6/DmVX/p2dJHvHux5qBGIW +Rbv7OuwazOsDqNfrqZTesENIGl/KPoNXiolp/YtG3DHQ1vDjEj/XTOVWWkBDXVgP +ut4Pi20hvFBwvEBtypAgi1VLcad5+dlrEwryewlLLw5h +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 67723c91f..a8d6536e9 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -890,17 +890,29 @@ Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Parse RSA Key #99.3 (Generated with OpenSSL, PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA256, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem":"PolarSSLTest":0 +Parse RSA Key #99.3 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem":"PolarSSLTest":0 -Parse RSA Key #99.4 (Generated with OpenSSL, PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA256, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192_sha256.pem":"PolarSSLTest":0 +Parse RSA Key #99.4 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem":"PolarSSLTest":0 -Parse RSA Key #99.5 (Generated with OpenSSL, PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA256, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem":"PolarSSLTest":0 +Parse RSA Key #99.5 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem":"PolarSSLTest":0 + +Parse RSA Key #99.6 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384 DER, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der":"PolarSSLTest":0 + +Parse RSA Key #99.7 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384 DER, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der":"PolarSSLTest":0 + +Parse RSA Key #99.8 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384 DER, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der":"PolarSSLTest":0 Parse Public RSA Key #1 (PKCS#8 wrapped) depends_on:MBEDTLS_PEM_PARSE_C From a90378c425a56af060f29ee1c9bdb6788e174ba6 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 12 Jan 2024 10:24:00 +0000 Subject: [PATCH 024/166] Restore previous version of rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem Signed-off-by: Ryan Everett --- ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem | 56 +++++++++---------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem index f917af2a4..0d1b587f5 100644 --- a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem @@ -1,30 +1,30 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI11AY9mDsg8QCAggA -MAwGCCqGSIb3DQIKBQAwFAYIKoZIhvcNAwcECDzvZWW4smTrBIIEyG/U2B5LazZZ -rzLUN7V38xI1ZR6rcBJreOk0QmVOSk9QMh+Kq+LmFwnY2NY+xikAfRJKWUsjk+h4 -DzCWn+nsrvU2wK582XThWYwJ79BIwkweUWV9l1Nfw0vyx/FkcTHE+eGPdABBL4BO -o4uajZso7tYY2+jyPobqSn18j2TInKbHR7lB5l6OAX9FsV0pGKYBgKxa9LTj7ufD -70G5WLHJAfnTX/6+wWktDOMMCPTXij3qA0fyu835shMUWQ+KUx0Dyp2A6qeprV1Z -nklRzevWsA4pbNMe+GG3WrRj52YRVuwDJjgTeq5rIfyoyLGv0ZUZsa/KEP/oToe9 -CmFPHWA2RDpK4zD8lscsjsOj+B0UREcSw9CdL91rFZkr++PuI3A1/T+3M8DkjLiB -CvSVziZLyZaqUVd0UdXrHyGeFxIMAx8xfYGiLi/EEay2zEScGbQ2kU+N1Vpuyu39 -PoEmqNOchoEkLeMVTYTQDfK3LgYQXpvdLCQQG76AqRIbuY+ZfYYw8eWyJhm78Qwx -fAenH4i5AjgJcV/5xiLpj+1trdefaCSp0Z8XY7ng/xyNCOOdSbBOPl4JnD6snYaT -06dtpowP7gcN3bZQo/r2XsH8F1VPvjG2wZ38R7aHlF8vjCZ1gUtCuraoM9AAdVoW -zWiptA4Lc5CAp+kDa2Nf5gyL0lvN/IbWYE23/OMTECmwG+O/HNtvltmdmYB8Ze6A -pdlkftjf/NvFsHloJS76SreR0tpWM8rGnSqQdecWLutgWP7HiK6C77UYv3b71SVj -ga5uv2l67UAj9EPTizZvLJjn0ubylfCW4eaPkEJBaYW4uG/3BcWzpLRnGyq6csMC -/tly2Y1L9dBqyZMIMW/ZFm8/64K8IRaSu/8mMGxjQ7VHeU6JSDk3G4by8jdYjLA2 -Y3tWYaelX8oE02jrwv47PPFWft/P+3Gjwo8lFq0zQTAk2C1vHs44jLzsOxfizo6s -mzmGh54JFsdE1tlYoa515Id2I27vjCvK6XbbgguinHaIsRgaRnCyyqEjO22z2zP3 -RpJD7FdugvZDepLfII1H8+JlbyBEd2zByMIPehIeM/HWWN0ukAgIz6yardrCYiuU -hXTqTz6bzaZMRJauPt/gpSvAx8kTKr9nXH2VRiToUs3ABjT9DN1/mQ1RlA0NmK1i -qfsMRXWzckaKgmJ8fglxEY7UR6fOqt3325yVQ/x49AKBxBDO9wmfpHEO3aQY7+H5 -hP/5tuc81226VFbyTERtTaEb/I+7iiImcWtVW4bB/1DgCu1NTlay6XaHOoclxcEE -N+d/3wDjSrsUhAKcK42wNPa74eSZy9ElJ+33xC56tqxhvo6YdG7VFu3S8qnhaXf1 -ijcRCw7vr2ShGMAhnloz4T+IX3ZGrzkVSXQG+rpaFag0b1QxeS6w/V7F8u+wljnq -1BzIfEjnE3lpR1eiZ8Ygu/n4kb7n5gHZqd1C8QiFZOGczX3uKFbH3/HOS20A+/6R -3rkjCQ+Uyxl3+wVdyOSpUCqtLfJBx69CM/6lDBPrliQ6DE94xKFrNEogG3IE36rW -oSCJcveg3cdbrHSqc+3m36FbQl2YKy8hgBwhrym2xHZ/ZS+acUQsN/V3VvEym3N6 -QXFLn3yqnmpr1g+yqXfQwA== +MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIYFcs8Uhn2poCAggA +MAwGCCqGSIb3DQIKBQAwFAYIKoZIhvcNAwcECKCBLl+C+3nCBIIEyEnIPlXdh1e3 ++cnyhX7dCRzR/NsygcRBJUPdwRUMAaOo/t+oZxFmHnblchxQ+pFoHrI9GVwg8uID +meEHlzSSKt8kOTvJ3C148jRFJy61YH6k5GEN+z5ihS9uTszaXRUlEsGfP1/SzWY9 +ME+pX+0kwJ4az87mYKyNUwK4U5d65Ic30pvRJc4unvFtRz6wtwqU+EV283pXHfyc +VNgQFjb1IPHEz/PSuE9p94mQvdIbVmuK2dRiMag/HcABvVhxzLldKyEHHhrHR0pa +gc41+3HVjz0b6RPE24zNrxA9bU+1URGwlkIlh7Jpc/ZuYRj6LQ33xUdYZcMZw0b4 +pSFJcUgX+GUXLyWLqhIxxc+GIeL2Vt5G0ea5KEqxOvSj2bJV2/JA0KtmrcIjX5Kz +d/9bAvxatcqIikVNVkQpUc1glKiIBfVrmyJ4XUlX9i5F3cgl18zrYUI4zPSBn8o5 +yxSfCuIMx+3zS4BiyugGNOclIbpLMjQuMrXxrt7S+QlXfdbXvyNfxa3qfqf7/P2k +ykxl0z1bjvkck6XoFGXdb13isUEtY2NjujZKZe55BLGqr7FsIIQSTAHilwMpK+CV +fA1EL4ck1+7FV+l8fJ0nN1Li1xOnDeAFuO2m91uibNMYPvRSoX9c+HQKXCdGfiuk +5tfNaq8bbXeIJ/P8wTjMZqI2l6HZRuXvvmRHN2zZ4BSsT3+61xtvSTISEimDSm5T +hYY583LG5lpFoOC0Y4EUw/ltmQpKW7AGkLg7SyC9oKvoeWM4c2t8HrL3iKPXtkwd +A/iEfZTxzmR57u+ZMlbws0evPiZQml8voJnuT6qwbos7g7V/Pc3Rj+b84JZcI2Jz +D89/VudIHfFDTXC/gcSRG4bd0glILJHT9FOCAlX5TEuRyeWasoVOV+m3Pi8vQM1u +tCsjE9UdoIdhoI5j94VhzHApdD4fePcQW9DysYa2R10gWIZKUvhUHH3FWLR2X2gK +Wiz5YkhEGXBRtDHd4cx8EM1bJMKwFyYXjXTPGfGlGiPt8b9u4F++IlsKcgGgPIvh +2rIm4jHuN3LRRlFkJ5B0kuOOxZ6GBfxasS+Ix4DZoIfqZsGNI5Wu2ikGZOKxX7Ij +G9RvcdpVV8C2Y+M9qI2+x93WAtQ+NRJo4/+gJ0O9bVUhjjAmIHu2bMtbvr9aPJhd +OpB9VQxB3c5mEXkNOV52oOGnIGVjbJMb4e3/MRpWtTFVcX6r200Gn6Hn3MnWZXdd +H7pOpAowTcTlFcbJ0WWjfZygj5HKKUOFzPYNnXKizjzQhF6yK0mphKFY+8tpFQqB +mV/1HlWJTSsAmh/FN21B2qq+KRiwMdpzKIEKC47mK+dzzo1mrTqmExvbiaLG8upr +KMb/lEnSCasiZKTh71J3+5vUE+Nw73rYNZcdh7fj+GBK9KJ3hdKwYc/9yyQx1Lua +4aXnUM6vQAsV+OLYNQE8vXMRtuftbPbV9sqiBLPIc/0P2EJ9mbEye8FM+koHUCKo +xtJe5SK36DMwAas6tjimouVgWTcAdbq9r8jQlCJ1WxXPUcCJdv6pFQUGKQ+34TMK +uWOhErUNRdqel9DthU5ig5dZs2DqlzbRzWYosZc1B6Q4/nua2JiBi8IeqtPILr2a +JYJ9DNzxn07lcFHiVgrJuA== -----END ENCRYPTED PRIVATE KEY----- From 86d5347930557f2d0de6d30292d100a08968e757 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 12 Jan 2024 10:31:31 +0000 Subject: [PATCH 025/166] Mention PK parse in changelog Signed-off-by: Ryan Everett --- ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt b/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt index e00c1e0a6..7f0fbc7e9 100644 --- a/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt +++ b/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt @@ -1,3 +1,3 @@ Features * Add support for using AES-CBC 128, 192, and 256 bit schemes - with PKCS#5 PBES2. + with PKCS#5 PBES2. Keys encrypted this way can now be parsed by PK parse. From 85ea3e623b0f9f9d84928cc3b191f345dfdf0e66 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 19 Jan 2024 15:57:22 +0000 Subject: [PATCH 026/166] Set preferences before finding Threads in CMake Signed-off-by: Paul Elliott --- programs/aes/CMakeLists.txt | 2 ++ programs/cipher/CMakeLists.txt | 2 ++ programs/fuzz/CMakeLists.txt | 2 ++ programs/hash/CMakeLists.txt | 2 ++ programs/pkey/CMakeLists.txt | 2 ++ programs/psa/CMakeLists.txt | 2 ++ programs/random/CMakeLists.txt | 2 ++ programs/ssl/CMakeLists.txt | 2 ++ programs/test/CMakeLists.txt | 2 ++ programs/test/cmake_subproject/CMakeLists.txt | 2 ++ programs/util/CMakeLists.txt | 2 ++ programs/x509/CMakeLists.txt | 2 ++ tests/CMakeLists.txt | 2 ++ 13 files changed, 26 insertions(+) diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt index 457a0fc26..81741020f 100644 --- a/programs/aes/CMakeLists.txt +++ b/programs/aes/CMakeLists.txt @@ -1,3 +1,5 @@ +set(CMAKE_THREAD_PREFER_PTHREAD TRUE) +set(THREADS_PREFER_PTHREAD_FLAG TRUE) find_package(Threads) set(executables diff --git a/programs/cipher/CMakeLists.txt b/programs/cipher/CMakeLists.txt index c047dd69e..b497e8a48 100644 --- a/programs/cipher/CMakeLists.txt +++ b/programs/cipher/CMakeLists.txt @@ -1,3 +1,5 @@ +set(CMAKE_THREAD_PREFER_PTHREAD TRUE) +set(THREADS_PREFER_PTHREAD_FLAG TRUE) find_package(Threads) set(executables diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index a0eba0fd0..97b8fd2eb 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -1,3 +1,5 @@ +set(CMAKE_THREAD_PREFER_PTHREAD TRUE) +set(THREADS_PREFER_PTHREAD_FLAG TRUE) find_package(Threads) set(libs diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt index 3d6989cca..504a4052f 100644 --- a/programs/hash/CMakeLists.txt +++ b/programs/hash/CMakeLists.txt @@ -1,3 +1,5 @@ +set(CMAKE_THREAD_PREFER_PTHREAD TRUE) +set(THREADS_PREFER_PTHREAD_FLAG TRUE) find_package(Threads) set(executables diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt index e2fb40402..2f55c6122 100644 --- a/programs/pkey/CMakeLists.txt +++ b/programs/pkey/CMakeLists.txt @@ -1,3 +1,5 @@ +set(CMAKE_THREAD_PREFER_PTHREAD TRUE) +set(THREADS_PREFER_PTHREAD_FLAG TRUE) find_package(Threads) set(executables_mbedtls diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt index d86f29e2c..dd1b1a2a8 100644 --- a/programs/psa/CMakeLists.txt +++ b/programs/psa/CMakeLists.txt @@ -1,3 +1,5 @@ +set(CMAKE_THREAD_PREFER_PTHREAD TRUE) +set(THREADS_PREFER_PTHREAD_FLAG TRUE) find_package(Threads) set(executables diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt index a4c99f561..c1184d118 100644 --- a/programs/random/CMakeLists.txt +++ b/programs/random/CMakeLists.txt @@ -1,3 +1,5 @@ +set(CMAKE_THREAD_PREFER_PTHREAD TRUE) +set(THREADS_PREFER_PTHREAD_FLAG TRUE) find_package(Threads) set(executables diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index 8ffa85464..8047b9f15 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -1,4 +1,6 @@ set(THREADS_USE_PTHREADS_WIN32 true) +set(CMAKE_THREAD_PREFER_PTHREAD TRUE) +set(THREADS_PREFER_PTHREAD_FLAG TRUE) find_package(Threads) set(libs diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index a7260452f..3709276f5 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -1,3 +1,5 @@ +set(CMAKE_THREAD_PREFER_PTHREAD TRUE) +set(THREADS_PREFER_PTHREAD_FLAG TRUE) find_package(Threads) set(libs diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt index dd23d6165..2f8ab2a3a 100644 --- a/programs/test/cmake_subproject/CMakeLists.txt +++ b/programs/test/cmake_subproject/CMakeLists.txt @@ -1,5 +1,7 @@ cmake_minimum_required(VERSION 3.5.1) +set(CMAKE_THREAD_PREFER_PTHREAD TRUE) +set(THREADS_PREFER_PTHREAD_FLAG TRUE) find_package(Threads) # Test the target renaming support by adding a prefix to the targets built diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt index 920f69e88..6a8659e9b 100644 --- a/programs/util/CMakeLists.txt +++ b/programs/util/CMakeLists.txt @@ -1,3 +1,5 @@ +set(CMAKE_THREAD_PREFER_PTHREAD TRUE) +set(THREADS_PREFER_PTHREAD_FLAG TRUE) find_package(Threads) set(libs diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt index c507de2a7..e41b4069e 100644 --- a/programs/x509/CMakeLists.txt +++ b/programs/x509/CMakeLists.txt @@ -1,3 +1,5 @@ +set(CMAKE_THREAD_PREFER_PTHREAD TRUE) +set(THREADS_PREFER_PTHREAD_FLAG TRUE) find_package(Threads) set(libs diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 68bc57f5a..cb54ea408 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -1,3 +1,5 @@ +set(CMAKE_THREAD_PREFER_PTHREAD TRUE) +set(THREADS_PREFER_PTHREAD_FLAG TRUE) find_package(Threads) set(libs From a8f6192f9a382d93b8418be29bfccef1ec9bd6f8 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 19 Jan 2024 16:41:05 +0000 Subject: [PATCH 027/166] Remove unneeded lines from fuzz/Makefile Signed-off-by: Paul Elliott --- programs/fuzz/Makefile | 3 --- 1 file changed, 3 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index afe80b7d5..828e5184a 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -1,11 +1,8 @@ MBEDTLS_TEST_PATH:=../../tests -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../../tests/include -I../../include -D_FILE_OFFSET_BITS=64 MBEDTLS_PATH := ../.. include ../../scripts/common.make -LOCAL_CFLAGS += $(patsubst -I../%,-I../../%,$(THIRDPARTY_INCLUDES)) - DEP=${MBEDLIBS} ifdef FUZZINGENGINE From ed3ba3cc8e23c0776ca23293a25d747b7183e10e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 19 Jan 2024 16:44:23 +0000 Subject: [PATCH 028/166] Fix documentation typos. Signed-off-by: Paul Elliott --- tests/include/test/threading_helpers.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/include/test/threading_helpers.h b/tests/include/test/threading_helpers.h index 9b7ced519..ba965c877 100644 --- a/tests/include/test/threading_helpers.h +++ b/tests/include/test/threading_helpers.h @@ -40,16 +40,16 @@ typedef struct mbedtls_test_thread_t { /** * \brief Set your alternate threading implementation - * function pointers fgr test threads. If used, - * this function must be called once in the main thread + * function pointers for test threads. If used, this + * function must be called once in the main thread * before any other MbedTLS function is called. * * \note These functions are part of the testing API only and * thus not considered part of the public API of * MbedTLS and thus may change without notice. * - * \param thread_create The thread create function implementation - * \param thread_join The thread join function implementation + * \param thread_create The thread create function implementation. + * \param thread_join The thread join function implementation. */ void mbedtls_test_thread_set_alt(int (*thread_create)(mbedtls_test_thread_t *thread, From e2f66620211cc16f54183d5b230c90ada22330ad Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 19 Jan 2024 20:22:24 +0000 Subject: [PATCH 029/166] Make test data static now it has accessors Signed-off-by: Paul Elliott --- tests/src/helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 1bad819ac..724fb59de 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -24,7 +24,7 @@ static mbedtls_platform_context platform_ctx; #endif -mbedtls_test_info_t mbedtls_test_info; +static mbedtls_test_info_t mbedtls_test_info; #ifdef MBEDTLS_THREADING_C mbedtls_threading_mutex_t mbedtls_test_info_mutex; From 3d2db89d5cd878d59be8edaab87e177f11e0ac00 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 19 Jan 2024 20:42:56 +0000 Subject: [PATCH 030/166] Access the test data mutex via accessor Remove the use of extern and instead use an accessor to get the address of the test info mutex (defined only if MBEDTLS_TEST_MUTEX_USAGE is defined, to hopefully stop more general usage) Signed-off-by: Paul Elliott --- tests/include/test/helpers.h | 16 +++++++++++++++- tests/src/helpers.c | 10 +++++++++- tests/src/threading_helpers.c | 4 +--- 3 files changed, 25 insertions(+), 5 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 73459d992..f2fb62d93 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -37,6 +37,7 @@ #if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \ defined(MBEDTLS_TEST_HOOKS) +#include "mbedtls/threading.h" #define MBEDTLS_TEST_MUTEX_USAGE #endif @@ -230,8 +231,21 @@ void mbedtls_test_set_step(unsigned long step); */ void mbedtls_test_info_reset(void); +#ifdef MBEDTLS_TEST_MUTEX_USAGE /** - * \brief Record the current test case as a failure if two integers + * \brief Get the test info data mutex. + * + * \note This is designed only to be used by threading_helpers to avoid a + * deadlock, not for general access to this mutex. + * + * \return The test info data mutex. + */ +mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void); + +#endif /* MBEDTLS_TEST_MUTEX_USAGE */ + +/** + * \brief Record the current test case as a failure if two integers * have a different value. * * This function is usually called via the macro diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 724fb59de..d0c75b08d 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -288,7 +288,15 @@ void mbedtls_test_increment_case_uses_negative_0(void) #endif /* MBEDTLS_THREADING_C */ } -#endif +#endif /* MBEDTLS_BIGNUM_C */ + +#ifdef MBEDTLS_TEST_MUTEX_USAGE +mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void) +{ + return &mbedtls_test_info_mutex; +} + +#endif /* MBEDTLS_TEST_MUTEX_USAGE */ /*----------------------------------------------------------------------------*/ /* Helper Functions */ diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c index 0894700a3..165e3508b 100644 --- a/tests/src/threading_helpers.c +++ b/tests/src/threading_helpers.c @@ -117,8 +117,6 @@ static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex, * mbedtls_test_mutex_usage_check() will mark it as failed. */ } -extern mbedtls_threading_mutex_t mbedtls_test_info_mutex; - static int mbedtls_test_mutex_can_test(mbedtls_threading_mutex_t *mutex) { /* If we attempt to run tests on this mutex then we are going to run into a @@ -127,7 +125,7 @@ static int mbedtls_test_mutex_can_test(mbedtls_threading_mutex_t *mutex) * reporting that failure, as we already hold the mutex at that point. * 2. Given the 'global' position of the initialization and free of this * mutex, it will be shown as leaked on the first test run. */ - if (mutex == &mbedtls_test_info_mutex) { + if (mutex == mbedtls_test_get_info_mutex()) { return 0; } From fd49a46a36dff40be6ceff28bc500d6d541a532f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 23 Jan 2024 08:35:11 +0100 Subject: [PATCH 031/166] pkparse: rename RSA key and pubkey parsing functions Signed-off-by: Valerio Setti --- library/pkparse.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 5f95545af..4dd327640 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -764,9 +764,9 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, * publicExponent INTEGER -- e * } */ -static int pk_get_rsapubkey(unsigned char **p, - const unsigned char *end, - mbedtls_rsa_context *rsa) +static int mbedtls_rsa_pubkey_parse(mbedtls_rsa_context *rsa, + unsigned char **p, + const unsigned char *end) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -911,7 +911,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, #if defined(MBEDTLS_RSA_C) if (pk_alg == MBEDTLS_PK_RSA) { - ret = pk_get_rsapubkey(p, end, mbedtls_pk_rsa(*pk)); + ret = mbedtls_rsa_pubkey_parse(mbedtls_pk_rsa(*pk), p, end); } else #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) @@ -976,9 +976,9 @@ static int asn1_get_nonzero_mpi(unsigned char **p, /* * Parse a PKCS#1 encoded private RSA key */ -static int pk_parse_key_pkcs1_der(mbedtls_rsa_context *rsa, - const unsigned char *key, - size_t keylen) +static int mbedtls_rsa_key_parse(mbedtls_rsa_context *rsa, + const unsigned char *key, + size_t keylen) { int ret, version; size_t len; @@ -1348,7 +1348,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( #if defined(MBEDTLS_RSA_C) if (pk_alg == MBEDTLS_PK_RSA) { - if ((ret = pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), p, len)) != 0) { + if ((ret = mbedtls_rsa_key_parse(mbedtls_pk_rsa(*pk), p, len)) != 0) { mbedtls_pk_free(pk); return ret; } @@ -1538,8 +1538,8 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, if (ret == 0) { pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA); if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 || - (ret = pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), - pem.buf, pem.buflen)) != 0) { + (ret = mbedtls_rsa_key_parse(mbedtls_pk_rsa(*pk), + pem.buf, pem.buflen)) != 0) { mbedtls_pk_free(pk); } @@ -1679,7 +1679,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA); if (mbedtls_pk_setup(pk, pk_info) == 0 && - pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), key, keylen) == 0) { + mbedtls_rsa_key_parse(mbedtls_pk_rsa(*pk), key, keylen) == 0) { return 0; } @@ -1754,7 +1754,7 @@ int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx, return ret; } - if ((ret = pk_get_rsapubkey(&p, p + pem.buflen, mbedtls_pk_rsa(*ctx))) != 0) { + if ((ret = mbedtls_rsa_pubkey_parse(mbedtls_pk_rsa(*ctx), &p, p + pem.buflen)) != 0) { mbedtls_pk_free(ctx); } @@ -1801,7 +1801,7 @@ int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx, } p = (unsigned char *) key; - ret = pk_get_rsapubkey(&p, p + keylen, mbedtls_pk_rsa(*ctx)); + ret = mbedtls_rsa_pubkey_parse(mbedtls_pk_rsa(*ctx), &p, p + keylen); if (ret == 0) { return ret; } From 429cd50ac8ce62351e26da900f7f610005fd929f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 23 Jan 2024 09:10:22 +0100 Subject: [PATCH 032/166] pkwrite: split pk_write_rsa_der() with a dedicated function for non-opaque RSA key Signed-off-by: Valerio Setti --- library/pkwrite.c | 185 +++++++++++++++++++++++----------------------- 1 file changed, 92 insertions(+), 93 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 1f0d3990e..89305250e 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -62,13 +62,12 @@ * publicExponent INTEGER -- e * } */ -static int pk_write_rsa_pubkey(unsigned char **p, unsigned char *start, - const mbedtls_pk_context *pk) +static int mbedtls_rsa_pubkey_write(unsigned char **p, unsigned char *start, + const mbedtls_rsa_context *rsa) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; mbedtls_mpi T; - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); mbedtls_mpi_init(&T); @@ -100,16 +99,99 @@ end_of_export: return (int) len; } -static int pk_write_rsa_der(unsigned char **p, unsigned char *buf, - const mbedtls_pk_context *pk) +static int mbedtls_rsa_key_write(unsigned char **p, unsigned char *start, + const mbedtls_rsa_context *rsa) { size_t len = 0; int ret; + mbedtls_mpi T; /* Temporary holding the exported parameters */ + + /* + * Export the parameters one after another to avoid simultaneous copies. + */ + + mbedtls_mpi_init(&T); + + /* Export QP */ + if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export DQ */ + if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export DP */ + if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export Q */ + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, &T, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export P */ + if ((ret = mbedtls_rsa_export(rsa, NULL, &T, NULL, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export D */ + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, &T, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export E */ + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export N */ + if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + +end_of_export: + + mbedtls_mpi_free(&T); + if (ret < 0) { + return ret; + } + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, start, 0)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + + return (int) len; +} + +static int pk_write_rsa_der(unsigned char **p, unsigned char *buf, + const mbedtls_pk_context *pk) +{ #if defined(MBEDTLS_USE_PSA_CRYPTO) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { uint8_t tmp[PSA_EXPORT_KEY_PAIR_MAX_SIZE]; - size_t tmp_len = 0; + size_t len = 0, tmp_len = 0; if (psa_export_key(pk->priv_id, tmp, sizeof(tmp), &tmp_len) != PSA_SUCCESS) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; @@ -118,94 +200,11 @@ static int pk_write_rsa_der(unsigned char **p, unsigned char *buf, memcpy(*p, tmp, tmp_len); len += tmp_len; mbedtls_platform_zeroize(tmp, sizeof(tmp)); - } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - { - mbedtls_mpi T; /* Temporary holding the exported parameters */ - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); - /* - * Export the parameters one after another to avoid simultaneous copies. - */ - - mbedtls_mpi_init(&T); - - /* Export QP */ - if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export DQ */ - if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export DP */ - if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export Q */ - if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, - &T, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export P */ - if ((ret = mbedtls_rsa_export(rsa, NULL, &T, - NULL, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export D */ - if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, - NULL, &T, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export E */ - if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, - NULL, NULL, &T)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export N */ - if ((ret = mbedtls_rsa_export(rsa, &T, NULL, - NULL, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - -end_of_export: - - mbedtls_mpi_free(&T); - if (ret < 0) { - return ret; - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 0)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, - buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); + return (int) len; } - - return (int) len; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + return mbedtls_rsa_key_write(p, buf, mbedtls_pk_rsa(*pk)); } #endif /* MBEDTLS_RSA_C */ @@ -543,7 +542,7 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, #if defined(MBEDTLS_RSA_C) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) { - MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, key)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_rsa_pubkey_write(p, start, mbedtls_pk_rsa(*key))); } else #endif #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) From b328c449329e92fe4bbc92890f81dbc363c01ad4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 23 Jan 2024 10:48:45 +0100 Subject: [PATCH 033/166] pk/rsa: move RSA parse/write private/public key functions to rsa module These functions are meant to be used internally, so their prototype declaration is kept into rsa_internal.h. Signed-off-by: Valerio Setti --- library/pkparse.c | 252 +--------------------------- library/pkwrite.c | 136 +-------------- library/rsa.c | 373 +++++++++++++++++++++++++++++++++++++++++ library/rsa_internal.h | 43 +++++ 4 files changed, 422 insertions(+), 382 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 4dd327640..2708c8c75 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -28,6 +28,7 @@ /* Key types */ #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" +#include "rsa_internal.h" #endif /* Extended formats */ @@ -757,68 +758,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ -#if defined(MBEDTLS_RSA_C) -/* - * RSAPublicKey ::= SEQUENCE { - * modulus INTEGER, -- n - * publicExponent INTEGER -- e - * } - */ -static int mbedtls_rsa_pubkey_parse(mbedtls_rsa_context *rsa, - unsigned char **p, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); - } - - if (*p + len != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* Import N */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); - } - - if ((ret = mbedtls_rsa_import_raw(rsa, *p, len, NULL, 0, NULL, 0, - NULL, 0, NULL, 0)) != 0) { - return MBEDTLS_ERR_PK_INVALID_PUBKEY; - } - - *p += len; - - /* Import E */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); - } - - if ((ret = mbedtls_rsa_import_raw(rsa, NULL, 0, NULL, 0, NULL, 0, - NULL, 0, *p, len)) != 0) { - return MBEDTLS_ERR_PK_INVALID_PUBKEY; - } - - *p += len; - - if (mbedtls_rsa_complete(rsa) != 0 || - mbedtls_rsa_check_pubkey(rsa) != 0) { - return MBEDTLS_ERR_PK_INVALID_PUBKEY; - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} -#endif /* MBEDTLS_RSA_C */ - /* Get a PK algorithm identifier * * AlgorithmIdentifier ::= SEQUENCE { @@ -944,195 +883,6 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, return ret; } -#if defined(MBEDTLS_RSA_C) -/* - * Wrapper around mbedtls_asn1_get_mpi() that rejects zero. - * - * The value zero is: - * - never a valid value for an RSA parameter - * - interpreted as "omitted, please reconstruct" by mbedtls_rsa_complete(). - * - * Since values can't be omitted in PKCS#1, passing a zero value to - * rsa_complete() would be incorrect, so reject zero values early. - */ -static int asn1_get_nonzero_mpi(unsigned char **p, - const unsigned char *end, - mbedtls_mpi *X) -{ - int ret; - - ret = mbedtls_asn1_get_mpi(p, end, X); - if (ret != 0) { - return ret; - } - - if (mbedtls_mpi_cmp_int(X, 0) == 0) { - return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; - } - - return 0; -} - -/* - * Parse a PKCS#1 encoded private RSA key - */ -static int mbedtls_rsa_key_parse(mbedtls_rsa_context *rsa, - const unsigned char *key, - size_t keylen) -{ - int ret, version; - size_t len; - unsigned char *p, *end; - - mbedtls_mpi T; - mbedtls_mpi_init(&T); - - p = (unsigned char *) key; - end = p + keylen; - - /* - * This function parses the RSAPrivateKey (PKCS#1) - * - * RSAPrivateKey ::= SEQUENCE { - * version Version, - * modulus INTEGER, -- n - * publicExponent INTEGER, -- e - * privateExponent INTEGER, -- d - * prime1 INTEGER, -- p - * prime2 INTEGER, -- q - * exponent1 INTEGER, -- d mod (p-1) - * exponent2 INTEGER, -- d mod (q-1) - * coefficient INTEGER, -- (inverse of q) mod p - * otherPrimeInfos OtherPrimeInfos OPTIONAL - * } - */ - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); - } - - end = p + len; - - if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); - } - - if (version != 0) { - return MBEDTLS_ERR_PK_KEY_INVALID_VERSION; - } - - /* Import N */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_rsa_import(rsa, &T, NULL, NULL, - NULL, NULL)) != 0) { - goto cleanup; - } - - /* Import E */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL, - NULL, &T)) != 0) { - goto cleanup; - } - - /* Import D */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL, - &T, NULL)) != 0) { - goto cleanup; - } - - /* Import P */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_rsa_import(rsa, NULL, &T, NULL, - NULL, NULL)) != 0) { - goto cleanup; - } - - /* Import Q */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_rsa_import(rsa, NULL, NULL, &T, - NULL, NULL)) != 0) { - goto cleanup; - } - -#if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT) - /* - * The RSA CRT parameters DP, DQ and QP are nominally redundant, in - * that they can be easily recomputed from D, P and Q. However by - * parsing them from the PKCS1 structure it is possible to avoid - * recalculating them which both reduces the overhead of loading - * RSA private keys into memory and also avoids side channels which - * can arise when computing those values, since all of D, P, and Q - * are secret. See https://eprint.iacr.org/2020/055 for a - * description of one such attack. - */ - - /* Import DP */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_mpi_copy(&rsa->DP, &T)) != 0) { - goto cleanup; - } - - /* Import DQ */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_mpi_copy(&rsa->DQ, &T)) != 0) { - goto cleanup; - } - - /* Import QP */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_mpi_copy(&rsa->QP, &T)) != 0) { - goto cleanup; - } - -#else - /* Verify existence of the CRT params */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0) { - goto cleanup; - } -#endif - - /* rsa_complete() doesn't complete anything with the default - * implementation but is still called: - * - for the benefit of alternative implementation that may want to - * pre-compute stuff beyond what's provided (eg Montgomery factors) - * - as is also sanity-checks the key - * - * Furthermore, we also check the public part for consistency with - * mbedtls_pk_parse_pubkey(), as it includes size minima for example. - */ - if ((ret = mbedtls_rsa_complete(rsa)) != 0 || - (ret = mbedtls_rsa_check_pubkey(rsa)) != 0) { - goto cleanup; - } - - if (p != end) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - -cleanup: - - mbedtls_mpi_free(&T); - - if (ret != 0) { - /* Wrap error code if it's coming from a lower level */ - if ((ret & 0xff80) == 0) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); - } else { - ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; - } - - mbedtls_rsa_free(rsa); - } - - return ret; -} -#endif /* MBEDTLS_RSA_C */ - #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* * Parse a SEC1 encoded private EC key diff --git a/library/pkwrite.c b/library/pkwrite.c index 89305250e..91529eb75 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -32,6 +32,9 @@ #if defined(MBEDTLS_PEM_WRITE_C) #include "mbedtls/pem.h" #endif +#if defined(MBEDTLS_RSA_C) +#include "rsa_internal.h" +#endif #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" @@ -56,135 +59,6 @@ * Internal functions for RSA keys. ******************************************************************************/ #if defined(MBEDTLS_RSA_C) -/* - * RSAPublicKey ::= SEQUENCE { - * modulus INTEGER, -- n - * publicExponent INTEGER -- e - * } - */ -static int mbedtls_rsa_pubkey_write(unsigned char **p, unsigned char *start, - const mbedtls_rsa_context *rsa) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - mbedtls_mpi T; - - mbedtls_mpi_init(&T); - - /* Export E */ - if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export N */ - if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - -end_of_export: - - mbedtls_mpi_free(&T); - if (ret < 0) { - return ret; - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - return (int) len; -} - -static int mbedtls_rsa_key_write(unsigned char **p, unsigned char *start, - const mbedtls_rsa_context *rsa) -{ - size_t len = 0; - int ret; - - mbedtls_mpi T; /* Temporary holding the exported parameters */ - - /* - * Export the parameters one after another to avoid simultaneous copies. - */ - - mbedtls_mpi_init(&T); - - /* Export QP */ - if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export DQ */ - if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export DP */ - if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export Q */ - if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, &T, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export P */ - if ((ret = mbedtls_rsa_export(rsa, NULL, &T, NULL, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export D */ - if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, &T, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export E */ - if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export N */ - if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - -end_of_export: - - mbedtls_mpi_free(&T); - if (ret < 0) { - return ret; - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, start, 0)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - return (int) len; -} - static int pk_write_rsa_der(unsigned char **p, unsigned char *buf, const mbedtls_pk_context *pk) { @@ -204,7 +78,7 @@ static int pk_write_rsa_der(unsigned char **p, unsigned char *buf, return (int) len; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - return mbedtls_rsa_key_write(p, buf, mbedtls_pk_rsa(*pk)); + return mbedtls_rsa_key_write(mbedtls_pk_rsa(*pk), buf, p); } #endif /* MBEDTLS_RSA_C */ @@ -542,7 +416,7 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, #if defined(MBEDTLS_RSA_C) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) { - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_rsa_pubkey_write(p, start, mbedtls_pk_rsa(*key))); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_rsa_pubkey_write(mbedtls_pk_rsa(*key), start, p)); } else #endif #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) diff --git a/library/rsa.c b/library/rsa.c index 2b9f85b73..a18c4b1b0 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -31,6 +31,7 @@ #include "rsa_alt_helpers.h" #include "rsa_internal.h" #include "mbedtls/oid.h" +#include "mbedtls/asn1write.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" #include "constant_time_internal.h" @@ -659,6 +660,378 @@ size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx) return ctx->len; } +/* + * Wrapper around mbedtls_asn1_get_mpi() that rejects zero. + * + * The value zero is: + * - never a valid value for an RSA parameter + * - interpreted as "omitted, please reconstruct" by mbedtls_rsa_complete(). + * + * Since values can't be omitted in PKCS#1, passing a zero value to + * rsa_complete() would be incorrect, so reject zero values early. + */ +static int asn1_get_nonzero_mpi(unsigned char **p, + const unsigned char *end, + mbedtls_mpi *X) +{ + int ret; + + ret = mbedtls_asn1_get_mpi(p, end, X); + if (ret != 0) { + return ret; + } + + if (mbedtls_mpi_cmp_int(X, 0) == 0) { + return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; + } + + return 0; +} + +/* + * Parse a PKCS#1 encoded private RSA key + */ +int mbedtls_rsa_key_parse(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen) +{ + int ret, version; + size_t len; + unsigned char *p, *end; + + mbedtls_mpi T; + mbedtls_mpi_init(&T); + + p = (unsigned char *) key; + end = p + keylen; + + /* + * This function parses the RSAPrivateKey (PKCS#1) + * + * RSAPrivateKey ::= SEQUENCE { + * version Version, + * modulus INTEGER, -- n + * publicExponent INTEGER, -- e + * privateExponent INTEGER, -- d + * prime1 INTEGER, -- p + * prime2 INTEGER, -- q + * exponent1 INTEGER, -- d mod (p-1) + * exponent2 INTEGER, -- d mod (q-1) + * coefficient INTEGER, -- (inverse of q) mod p + * otherPrimeInfos OtherPrimeInfos OPTIONAL + * } + */ + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + } + + end = p + len; + + if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + } + + if (version != 0) { + return MBEDTLS_ERR_PK_KEY_INVALID_VERSION; + } + + /* Import N */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, &T, NULL, NULL, + NULL, NULL)) != 0) { + goto cleanup; + } + + /* Import E */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL, + NULL, &T)) != 0) { + goto cleanup; + } + + /* Import D */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL, + &T, NULL)) != 0) { + goto cleanup; + } + + /* Import P */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, &T, NULL, + NULL, NULL)) != 0) { + goto cleanup; + } + + /* Import Q */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, NULL, &T, + NULL, NULL)) != 0) { + goto cleanup; + } + +#if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT) + /* + * The RSA CRT parameters DP, DQ and QP are nominally redundant, in + * that they can be easily recomputed from D, P and Q. However by + * parsing them from the PKCS1 structure it is possible to avoid + * recalculating them which both reduces the overhead of loading + * RSA private keys into memory and also avoids side channels which + * can arise when computing those values, since all of D, P, and Q + * are secret. See https://eprint.iacr.org/2020/055 for a + * description of one such attack. + */ + + /* Import DP */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_mpi_copy(&rsa->DP, &T)) != 0) { + goto cleanup; + } + + /* Import DQ */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_mpi_copy(&rsa->DQ, &T)) != 0) { + goto cleanup; + } + + /* Import QP */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_mpi_copy(&rsa->QP, &T)) != 0) { + goto cleanup; + } + +#else + /* Verify existence of the CRT params */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0) { + goto cleanup; + } +#endif + + /* rsa_complete() doesn't complete anything with the default + * implementation but is still called: + * - for the benefit of alternative implementation that may want to + * pre-compute stuff beyond what's provided (eg Montgomery factors) + * - as is also sanity-checks the key + * + * Furthermore, we also check the public part for consistency with + * mbedtls_pk_parse_pubkey(), as it includes size minima for example. + */ + if ((ret = mbedtls_rsa_complete(rsa)) != 0 || + (ret = mbedtls_rsa_check_pubkey(rsa)) != 0) { + goto cleanup; + } + + if (p != end) { + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } + +cleanup: + + mbedtls_mpi_free(&T); + + if (ret != 0) { + /* Wrap error code if it's coming from a lower level */ + if ((ret & 0xff80) == 0) { + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + } else { + ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; + } + + mbedtls_rsa_free(rsa); + } + + return ret; +} + +/* + * RSAPublicKey ::= SEQUENCE { + * modulus INTEGER, -- n + * publicExponent INTEGER -- e + * } + */ +int mbedtls_rsa_pubkey_parse(mbedtls_rsa_context *rsa, unsigned char **p, + const unsigned char *end) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t len; + + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); + } + + if (*p + len != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } + + /* Import N */ + if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); + } + + if ((ret = mbedtls_rsa_import_raw(rsa, *p, len, NULL, 0, NULL, 0, + NULL, 0, NULL, 0)) != 0) { + return MBEDTLS_ERR_PK_INVALID_PUBKEY; + } + + *p += len; + + /* Import E */ + if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); + } + + if ((ret = mbedtls_rsa_import_raw(rsa, NULL, 0, NULL, 0, NULL, 0, + NULL, 0, *p, len)) != 0) { + return MBEDTLS_ERR_PK_INVALID_PUBKEY; + } + + *p += len; + + if (mbedtls_rsa_complete(rsa) != 0 || + mbedtls_rsa_check_pubkey(rsa) != 0) { + return MBEDTLS_ERR_PK_INVALID_PUBKEY; + } + + if (*p != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } + + return 0; +} + +int mbedtls_rsa_key_write(const mbedtls_rsa_context *rsa, unsigned char *start, + unsigned char **p) +{ + size_t len = 0; + int ret; + + mbedtls_mpi T; /* Temporary holding the exported parameters */ + + /* + * Export the parameters one after another to avoid simultaneous copies. + */ + + mbedtls_mpi_init(&T); + + /* Export QP */ + if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export DQ */ + if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export DP */ + if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export Q */ + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, &T, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export P */ + if ((ret = mbedtls_rsa_export(rsa, NULL, &T, NULL, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export D */ + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, &T, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export E */ + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export N */ + if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + +end_of_export: + + mbedtls_mpi_free(&T); + if (ret < 0) { + return ret; + } + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, start, 0)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + + return (int) len; +} + +/* + * RSAPublicKey ::= SEQUENCE { + * modulus INTEGER, -- n + * publicExponent INTEGER -- e + * } + */ +int mbedtls_rsa_pubkey_write(const mbedtls_rsa_context *rsa, unsigned char *start, + unsigned char **p) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t len = 0; + mbedtls_mpi T; + + mbedtls_mpi_init(&T); + + /* Export E */ + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export N */ + if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + +end_of_export: + + mbedtls_mpi_free(&T); + if (ret < 0) { + return ret; + } + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + + return (int) len; +} #if defined(MBEDTLS_GENPRIME) diff --git a/library/rsa_internal.h b/library/rsa_internal.h index 4081ac639..dee787f33 100644 --- a/library/rsa_internal.h +++ b/library/rsa_internal.h @@ -16,6 +16,49 @@ #include "mbedtls/rsa.h" +/** + * \brief + * + * \param rsa + * \param key + * \param keylen + * \return int + */ +int mbedtls_rsa_key_parse(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen); + +/** + * \brief + * + * \param rsa + * \param p + * \param end + * \return int + */ +int mbedtls_rsa_pubkey_parse(mbedtls_rsa_context *rsa, unsigned char **p, + const unsigned char *end); + +/** + * \brief + * + * \param p + * \param start + * \param rsa + * \return int + */ +int mbedtls_rsa_key_write(const mbedtls_rsa_context *rsa, unsigned char *start, + unsigned char **p); + +/** + * \brief + * + * \param p + * \param start + * \param rsa + * \return int + */ +int mbedtls_rsa_pubkey_write(const mbedtls_rsa_context *rsa, unsigned char *start, + unsigned char **p); + #if defined(MBEDTLS_PKCS1_V21) /** * \brief This function is analogue to \c mbedtls_rsa_rsassa_pss_sign(). From 8e6093dd9f54f1278ee4df1472376ef2e5d01386 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 23 Jan 2024 15:19:07 +0100 Subject: [PATCH 034/166] test_suite_rsa: add some basic testing of new parse/write priv/pub keys Signed-off-by: Valerio Setti --- tests/suites/test_suite_rsa.data | 12 +++++++++++ tests/suites/test_suite_rsa.function | 31 ++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 0a60f314e..de5e5699a 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -615,3 +615,15 @@ rsa_pkcs1_encrypt_bad_rng:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V1 RSA Selftest depends_on:MBEDTLS_SELF_TEST rsa_selftest: + +RSA parse/write PKCS#1 private key - 1024 bits +rsa_import_pkcs1_key:0:"3082025d020100028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb702030100010281801e97247066217ff6303881341a259c4bcd3e147f87f1a714045e80a06b541847e2ce54a78801d21b302fd33f616d6ed7cfa8a262ef5e23257a1642b5fc5a61577f7dba2324e687a10b25751c78996e72d5a8c3bc4e33e4a2a96b2b44b6685e85c37200a34381269250b59f65468ea4288713c4ae3e0e064e524a53a5d7e1ec91024100cbd11d9aad72bfb8db4e6bc7c6910661b3f38fbfa368d6dba0cd6c9aa3a716c03fa374bf8b2e7ba73a216d6ded9468fbaa3d130ee376190cc41ef30419a7da1d024100c7c0e189209483f36ee00a67474960c6ddf0d3a63ca0c76955fe9f358435a5e5318c35397c4245042e0dfabf8decedfd36e4d211349b8ecc4c1baac83f30d4e3024008e692f2644cb48eb01516a3dcca0c8b4bbe81328f424ecfbc8ffc042ccd6932f014854eb017519315f8cbbc973979f4339503360d3ce50f27a96a576d7f65090241009c9b4ef74870c7a6b215ba7250446a385fc6b0d8d30da669a23f172948f71a923f2f528738316894a75ad46d1be3568ec05bd38a23b995d1fc1570e6c00c13cb0241008716c9fa7d2295f34f5849b7c593d1adcec72556ed1044cd79c868c890620b143874a8208a65b7c5e235ccaae4c2492107af513fb2cbb682a3e8119af028f7a8" + +RSA parse/write PKCS#1 public key - 1024 bits +rsa_import_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001" + +RSA parse/write PKCS#1 private key - 2048 bits +rsa_import_pkcs1_key:0:"308204a40201000282010100dcabfd25f3b7d67155e5c2520518570e95754ef883a973f94b2b0fb2d7ad733a3b0976c6314770eaf728304ee61e0dfe91811fc4a8219fbc3687cb3cfca54b58804d1ed4de985dc827374cb31b7b23225e130858d6b812dee6a356a8f8d211ba0930d0ec38193cee0a186f4a760cc3aa40e1d04fe4a14506ed279a9080aedd2676a4026bcb1ee24b2c00853bffcc04b5fb3e542626c2b2c54a62f3d6e01df95544fdf85c22cc0846275cb9cdfe73876e94e532ced0bca9876de74ff1edc9c8ac89aa8586aa34ca6f44c972d1e73aaddae168a5e67ec69cd14f206155e6e1161e7aa6754e947d5d26ee5f8789598a79ea4ff0263e2b8bf90641320771955007d102030100010282010100d25c964f769d3aad0210ac04da5c90a9136b27e41a47108a86d0beff6341330640bf4dddb39e82134b97a12da58ae3165988f94ad4687148cfc6f5c4e6a7804316d3eddf496f807f4c7b17ffe9e3a1e3a2408c857bf32ff2137584284242a7a96c1780229f7bd7aca82d10f2afc48d4620e1e35e35fa52be3e97b16dad6e84dbdfab4e7e21c7c2e5e5cd1c936f6c221e806bd14afa77b3eefc62e984aa2d391da408aaec0dbd2eade3023ebac77e3416cd67491d60053d317c6c8665be5c33961c379309d37d0a653d1859a6abfe195644d474739dbc44f62e623505f9460d9d8defafb12f4149d5baaf798f1345f565430cd7c096c24ca8d02d13fe90c20c5102818100f116cfdbfc0d5b3528cbfada1b21d4292ff188d41a4b22e658a9e29f610adf5fcb3329b0f567ba5029195fd648d06cc2174638f2f18ff0e0251e283e0a0b1f792751925efb617af3405083245c673dae77edc811fd668769d28ac1bee36261658a32f56a5e1b9b9e4f4fa7da55adeeb08c92f1de89f6186bd9c6d1e721638d2d02818100ea51e8798225e4ee77aa08e2f5ee0f8b847edd4c34d9bf7b8cf339b61d5bd22d504c5ab5f17572850f39018736474a449186e783dfda35da95902c8eaaec4bebb8ab6c057c678f37cd53fc1a12e5ace83d2a44d72195d565b3e8c12f89f2523fe37e52adbafde783be361fcd1f021aaaabf860febd8c5726c7089622ccca73b50281807d8248b7d76204a78a13970650b5adc3bb67dcb9beee7abebc4dc4e3001c2ee9a9d97accdb1523137431f78890e3a09af28ee63ae3b2f1cd5ec57261c9ccbc97cff651630d2f5458aa94bf910061e6e49b1eb8d754ba39a8c7a8e0f04564041c5e73e4fb78fe9a673216dfe57451563fa70f20c79fbef43bc166160463877609028180693b0fa44206b2a145ac5f014e60f32a3cfe9c73b4e8754e0f26cc2c35531f38aa6f1fedc5da70ebc0c261255003041f771b96ad6ac29c9ce5be31c4808e4e2a366d05be10f89121065d49428c6a0914e32330774ce5f5480f5be02671551a0b07279c09d9885d8894cbc9cc5cb89d3138b9fb156c1ab2a8ff89a3a34d453e6102818100aff57dd813fd064d8d1a5e8c7ea7e534dff6963a9b5b1c4da12219268c0500288901bbd36edb8071679bcd9d0d8deacfaa52e4b3659f4a69a5c5322f104524f83eb4b94bf6f02b5ad7c2ccd9bc5688f4e18ff2a70ae7638a83f2f87d8ecc9e0eebf2283f809670c8a0b79e1a576a6c9c04d4d71b75647c818a23873cdc0d77bf" + +RSA parse/write PKCS#1 public key - 2048 bits +rsa_import_pkcs1_key:1:"3082010a0282010100dcabfd25f3b7d67155e5c2520518570e95754ef883a973f94b2b0fb2d7ad733a3b0976c6314770eaf728304ee61e0dfe91811fc4a8219fbc3687cb3cfca54b58804d1ed4de985dc827374cb31b7b23225e130858d6b812dee6a356a8f8d211ba0930d0ec38193cee0a186f4a760cc3aa40e1d04fe4a14506ed279a9080aedd2676a4026bcb1ee24b2c00853bffcc04b5fb3e542626c2b2c54a62f3d6e01df95544fdf85c22cc0846275cb9cdfe73876e94e532ced0bca9876de74ff1edc9c8ac89aa8586aa34ca6f44c972d1e73aaddae168a5e67ec69cd14f206155e6e1161e7aa6754e947d5d26ee5f8789598a79ea4ff0263e2b8bf90641320771955007d10203010001" diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 37bed6dcd..315d4f6bb 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1,6 +1,7 @@ /* BEGIN_HEADER */ #include "mbedtls/rsa.h" #include "rsa_alt_helpers.h" +#include "rsa_internal.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -1371,6 +1372,36 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void rsa_import_pkcs1_key(int is_public, data_t *input) +{ + mbedtls_rsa_context rsa_ctx; + unsigned char *input_start = input->x; + unsigned char *input_end = input->x + input->len; + unsigned char *output_buf = NULL; + unsigned char *output_start; + unsigned char *output_end; + + TEST_CALLOC(output_buf, input->len); + output_start = output_buf; + output_end = output_buf + input->len; + + mbedtls_rsa_init(&rsa_ctx); + + if (is_public) { + TEST_EQUAL(mbedtls_rsa_pubkey_parse(&rsa_ctx, &input_start, input_end), 0); + TEST_EQUAL(mbedtls_rsa_pubkey_write(&rsa_ctx, output_start, &output_end), input->len); + } else { + TEST_EQUAL(mbedtls_rsa_key_parse(&rsa_ctx, input->x, input->len), 0); + TEST_EQUAL(mbedtls_rsa_key_write(&rsa_ctx, output_start, &output_end), input->len); + } + +exit: + mbedtls_free(output_buf); + mbedtls_rsa_free(&rsa_ctx); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void rsa_selftest() { From b054e449c9fa3af059cac13f5028855d401e9a3c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 23 Jan 2024 16:12:27 +0100 Subject: [PATCH 035/166] test_suite_psa_crypto: remove tests for importing an RSA key in PEM format This feature was an unofficial extension which was never documented. Now that we are removing the PK dependency in order to use only functions from RSA module, PEM support is unavailable. Therefore we explicitly remove it. Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.data | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index eda6f5d8c..45cb83980 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -496,16 +496,6 @@ PSA import/export RSA keypair: policy forbids export (sign), opaque depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_ERROR_NOT_PERMITTED:1 -# Test PEM import. Note that this is not a PSA feature, it's an Mbed TLS -# extension which we may drop in the future. -PSA import/export RSA public key: import PEM -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C -import_export:"2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d4947664d413047435371475349623344514542415155414134474e4144434269514b4267514376425830356275685074312f6274634b7850482f6c706c53710a69714a4843315165346636777353306c7835635255784a4a34524b574b41517475376242494e46454e5354765441357548596c57377249486576456a536433750a355553447641624378686c497a514b7941756557727232553036664c2b466e43775947634d6b79344b357a545474346d4f69712f2f6b637a384865476e6f5a670a3939614454615539615137336d46397277774944415141420a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d0a00":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:0 - -PSA import/export RSA keypair: import PEM -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PEM_PARSE_C -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:0 - PSA import/export FFDH RFC7919 2048 key pair: good depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1 From 7b7ffd3bb9cf91d944b00d13d75cd69dd357452d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 23 Jan 2024 16:14:18 +0100 Subject: [PATCH 036/166] psa_crypt_rsa: remove dependency from the PK module Use new functions from the RSA module to parse and write private and public keys in PKCS#1 format. Signed-off-by: Valerio Setti --- library/psa_crypto_rsa.c | 48 ++++++++++++++-------------------------- 1 file changed, 16 insertions(+), 32 deletions(-) diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 7b58ea22a..7da6012c9 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -24,8 +24,7 @@ #include #include -#include -#include "pk_wrap.h" +#include "rsa_internal.h" #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ @@ -62,50 +61,40 @@ psa_status_t mbedtls_psa_rsa_load_representation( mbedtls_rsa_context **p_rsa) { psa_status_t status; - mbedtls_pk_context ctx; size_t bits; - mbedtls_pk_init(&ctx); + + *p_rsa = mbedtls_calloc(1, sizeof(mbedtls_rsa_context)); + if (*p_rsa == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + mbedtls_rsa_init(*p_rsa); /* Parse the data. */ if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) { - status = mbedtls_to_psa_error( - mbedtls_pk_parse_key(&ctx, data, data_length, NULL, 0, - mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE)); + status = mbedtls_to_psa_error(mbedtls_rsa_key_parse(*p_rsa, data, data_length)); } else { - status = mbedtls_to_psa_error( - mbedtls_pk_parse_public_key(&ctx, data, data_length)); + unsigned char *p = (unsigned char *) data; + unsigned char *end = (unsigned char *) (data + data_length); + status = mbedtls_to_psa_error(mbedtls_rsa_pubkey_parse(*p_rsa, &p, end)); } if (status != PSA_SUCCESS) { goto exit; } - /* We have something that the pkparse module recognizes. If it is a - * valid RSA key, store it. */ - if (mbedtls_pk_get_type(&ctx) != MBEDTLS_PK_RSA) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - /* The size of an RSA key doesn't have to be a multiple of 8. Mbed TLS * supports non-byte-aligned key sizes, but not well. For example, * mbedtls_rsa_get_len() returns the key size in bytes, not in bits. */ - bits = PSA_BYTES_TO_BITS(mbedtls_rsa_get_len(mbedtls_pk_rsa(ctx))); + bits = PSA_BYTES_TO_BITS(mbedtls_rsa_get_len(*p_rsa)); if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; } - status = psa_check_rsa_key_byte_aligned(mbedtls_pk_rsa(ctx)); + status = psa_check_rsa_key_byte_aligned(*p_rsa); if (status != PSA_SUCCESS) { goto exit; } - /* Copy out the pointer to the RSA context, and reset the PK context - * such that pk_free doesn't free the RSA context we just grabbed. */ - *p_rsa = mbedtls_pk_rsa(ctx); - ctx.pk_info = NULL; - exit: - mbedtls_pk_free(&ctx); return status; } #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || @@ -168,20 +157,15 @@ psa_status_t mbedtls_psa_rsa_export_key(psa_key_type_t type, size_t *data_length) { int ret; - mbedtls_pk_context pk; - uint8_t *pos = data + data_size; - - mbedtls_pk_init(&pk); - pk.pk_info = &mbedtls_rsa_info; - pk.pk_ctx = rsa; + uint8_t *end = data + data_size; /* PSA Crypto API defines the format of an RSA key as a DER-encoded * representation of the non-encrypted PKCS#1 RSAPrivateKey for a * private key and of the RFC3279 RSAPublicKey for a public key. */ if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) { - ret = mbedtls_pk_write_key_der(&pk, data, data_size); + ret = mbedtls_rsa_key_write(rsa, data, &end); } else { - ret = mbedtls_pk_write_pubkey(&pos, data, &pk); + ret = mbedtls_rsa_pubkey_write(rsa, data, &end); } if (ret < 0) { From dccfd3612dece912f4e0d7c59add685642154fae Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 23 Jan 2024 17:07:59 +0100 Subject: [PATCH 037/166] rsa: update return values of priv/pub parse/write functions The goal is to remove usage of PK return values in order to completely eliminate that dependency. This commit also updates pkparse and test_suite_x509parse to align with this change in return values. Signed-off-by: Valerio Setti --- library/pkparse.c | 3 +- library/rsa.c | 36 ++++++++-------------- tests/suites/test_suite_x509parse.data | 10 +++--- tests/suites/test_suite_x509parse.function | 1 + 4 files changed, 20 insertions(+), 30 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 2708c8c75..17df101f0 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1556,8 +1556,7 @@ int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx, return ret; } mbedtls_pk_free(ctx); - if (ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG))) { + if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { return ret; } #endif /* MBEDTLS_RSA_C */ diff --git a/library/rsa.c b/library/rsa.c index a18c4b1b0..4ff7afacf 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -682,7 +682,7 @@ static int asn1_get_nonzero_mpi(unsigned char **p, } if (mbedtls_mpi_cmp_int(X, 0) == 0) { - return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } return 0; @@ -721,17 +721,17 @@ int mbedtls_rsa_key_parse(mbedtls_rsa_context *rsa, const unsigned char *key, si */ if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + return ret; } end = p + len; if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + return ret; } if (version != 0) { - return MBEDTLS_ERR_PK_KEY_INVALID_VERSION; + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } /* Import N */ @@ -823,8 +823,7 @@ int mbedtls_rsa_key_parse(mbedtls_rsa_context *rsa, const unsigned char *key, si } if (p != end) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; } cleanup: @@ -832,13 +831,6 @@ cleanup: mbedtls_mpi_free(&T); if (ret != 0) { - /* Wrap error code if it's coming from a lower level */ - if ((ret & 0xff80) == 0) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); - } else { - ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; - } - mbedtls_rsa_free(rsa); } @@ -859,46 +851,44 @@ int mbedtls_rsa_pubkey_parse(mbedtls_rsa_context *rsa, unsigned char **p, if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); + return ret; } if (*p + len != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; } /* Import N */ if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); + return ret; } if ((ret = mbedtls_rsa_import_raw(rsa, *p, len, NULL, 0, NULL, 0, NULL, 0, NULL, 0)) != 0) { - return MBEDTLS_ERR_PK_INVALID_PUBKEY; + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } *p += len; /* Import E */ if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); + return ret; } if ((ret = mbedtls_rsa_import_raw(rsa, NULL, 0, NULL, 0, NULL, 0, NULL, 0, *p, len)) != 0) { - return MBEDTLS_ERR_PK_INVALID_PUBKEY; + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } *p += len; if (mbedtls_rsa_complete(rsa) != 0 || mbedtls_rsa_check_pubkey(rsa) != 0) { - return MBEDTLS_ERR_PK_INVALID_PUBKEY; + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; } return 0; diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 261c220ee..6e201259c 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1774,15 +1774,15 @@ x509parse_crt:"307d3068a0030201008204deadbeef300d06092a864886f70d01010b0500300c3 X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring length) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring tag) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv RSA modulus) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT ASN1 (TBS, inv SubPubKeyInfo, total length mismatch) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 @@ -1790,11 +1790,11 @@ x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300 X509 CRT ASN1 (TBS, inv SubPubKeyInfo, check failed) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY +x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_RSA_BAD_INPUT_DATA X509 CRT ASN1 (TBS, inv SubPubKeyInfo, check failed, expanded length notation) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_RSA_BAD_INPUT_DATA # We expect an extension parsing error here because the IssuerID is optional. # Hence, if we find an ASN.1 tag doesn't match the IssuerID, we assume the diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index c2a2f556d..a54c165e1 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -9,6 +9,7 @@ #include "mbedtls/base64.h" #include "mbedtls/error.h" #include "mbedtls/pk.h" +#include "mbedtls/rsa.h" #include "string.h" #if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19 From 2ddabb34d60a4e5b674db573fb68228bd81ec913 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 23 Jan 2024 17:11:44 +0100 Subject: [PATCH 038/166] config_adjust_legacy: do not auto-enable PK when RSA is enabled in PSA Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_legacy_crypto.h | 9 --------- include/mbedtls/config_adjust_legacy_from_psa.h | 3 --- 2 files changed, 12 deletions(-) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 696266c6f..818a8c644 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -324,15 +324,6 @@ #define MBEDTLS_PSA_CRYPTO_CLIENT #endif /* MBEDTLS_PSA_CRYPTO_C */ -/* The PK wrappers need pk_write/pk_parse functions to format RSA key objects - * when they are dispatching to the PSA API. This happens under MBEDTLS_USE_PSA_CRYPTO, - * and even under just MBEDTLS_PSA_CRYPTO_C in psa_crypto_rsa.c. */ -#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C) -#define MBEDTLS_PK_C -#define MBEDTLS_PK_WRITE_C -#define MBEDTLS_PK_PARSE_C -#endif - /* Helpers to state that each key is supported either on the builtin or PSA side. */ #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521) #define MBEDTLS_ECP_HAVE_SECP521R1 diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h index 691fed6e5..e3980e95c 100644 --- a/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/include/mbedtls/config_adjust_legacy_from_psa.h @@ -671,9 +671,6 @@ #define MBEDTLS_RSA_C #define MBEDTLS_BIGNUM_C #define MBEDTLS_OID_C -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_PK_WRITE_C -#define MBEDTLS_PK_C #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */ From c6d7f53adca48df0ca4e3894d09c89874cf30dc9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 23 Jan 2024 17:12:35 +0100 Subject: [PATCH 039/166] all.sh: update common_test_psa_crypto_config_accel_ecc_some_curves() Do not disable RSA_C and related modules because now it does not automatically re-enable PK module. Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 44930d28b..f0a0058c9 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2752,12 +2752,6 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { scripts/config.py unset MBEDTLS_PK_C scripts/config.py unset MBEDTLS_PK_PARSE_C scripts/config.py unset MBEDTLS_PK_WRITE_C - # We need to disable RSA too or PK will be re-enabled. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*" - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*" - scripts/config.py unset MBEDTLS_RSA_C - scripts/config.py unset MBEDTLS_PKCS1_V15 - scripts/config.py unset MBEDTLS_PKCS1_V21 # Disable modules that are accelerated - some will be re-enabled scripts/config.py unset MBEDTLS_ECDSA_C From 18dd00052e37f315f865e04861521c89e2b502bb Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 23 Jan 2024 17:59:10 +0100 Subject: [PATCH 040/166] pk_wrap: use RSA module functions to write priv/pub key in RSA wrappers Signed-off-by: Valerio Setti --- library/pk_wrap.c | 36 +++++++++++------------------------- 1 file changed, 11 insertions(+), 25 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index c23265022..ff8eeb14c 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -32,6 +32,7 @@ #if defined(MBEDTLS_RSA_C) #include "pkwrite.h" +#include "rsa_internal.h" #endif #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) @@ -69,9 +70,9 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; - mbedtls_pk_context key; int key_len; unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES]; + unsigned char *p = buf + sizeof(buf); psa_algorithm_t psa_alg_md = PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg)); size_t rsa_len = mbedtls_rsa_get_len(rsa); @@ -86,11 +87,7 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, return MBEDTLS_ERR_RSA_VERIFY_FAILED; } - /* mbedtls_pk_write_pubkey_der() expects a full PK context; - * re-construct one to make it happy */ - key.pk_info = &mbedtls_rsa_info; - key.pk_ctx = rsa; - key_len = mbedtls_pk_write_pubkey_der(&key, buf, sizeof(buf)); + key_len = mbedtls_rsa_pubkey_write(rsa, buf, &p); if (key_len <= 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } @@ -172,14 +169,15 @@ int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; - mbedtls_pk_context key; int key_len; unsigned char *buf = NULL; + unsigned char *p; + buf = mbedtls_calloc(1, MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES); if (buf == NULL) { return MBEDTLS_ERR_PK_ALLOC_FAILED; } - mbedtls_pk_info_t pk_info = mbedtls_rsa_info; + p = buf + MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES; *sig_len = mbedtls_rsa_get_len(rsa_ctx); if (sig_size < *sig_len) { @@ -187,11 +185,7 @@ int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg, return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; } - /* mbedtls_pk_write_key_der() expects a full PK context; - * re-construct one to make it happy */ - key.pk_info = &pk_info; - key.pk_ctx = rsa_ctx; - key_len = mbedtls_pk_write_key_der(&key, buf, MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES); + key_len = mbedtls_rsa_key_write(rsa_ctx, buf, &p); if (key_len <= 0) { mbedtls_free(buf); return MBEDTLS_ERR_PK_BAD_INPUT_DATA; @@ -282,9 +276,9 @@ static int rsa_decrypt_wrap(mbedtls_pk_context *pk, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; - mbedtls_pk_context key; int key_len; unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES]; + unsigned char *p = buf + sizeof(buf); ((void) f_rng); ((void) p_rng); @@ -299,11 +293,7 @@ static int rsa_decrypt_wrap(mbedtls_pk_context *pk, return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - /* mbedtls_pk_write_key_der() expects a full PK context; - * re-construct one to make it happy */ - key.pk_info = &mbedtls_rsa_info; - key.pk_ctx = rsa; - key_len = mbedtls_pk_write_key_der(&key, buf, sizeof(buf)); + key_len = mbedtls_rsa_key_write(rsa, buf, &p); if (key_len <= 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } @@ -368,9 +358,9 @@ static int rsa_encrypt_wrap(mbedtls_pk_context *pk, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; - mbedtls_pk_context key; int key_len; unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES]; + unsigned char *p = buf + sizeof(buf); ((void) f_rng); ((void) p_rng); @@ -385,11 +375,7 @@ static int rsa_encrypt_wrap(mbedtls_pk_context *pk, return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE; } - /* mbedtls_pk_write_pubkey_der() expects a full PK context; - * re-construct one to make it happy */ - key.pk_info = &mbedtls_rsa_info; - key.pk_ctx = rsa; - key_len = mbedtls_pk_write_pubkey_der(&key, buf, sizeof(buf)); + key_len = mbedtls_rsa_pubkey_write(rsa, buf, &p); if (key_len <= 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } From a5f36fcaae40c0b2b3723781cbde77095b485284 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 24 Jan 2024 10:49:02 +0100 Subject: [PATCH 041/166] rsa: write documentation of new functions for parse/writing RSA priv/pub keys Signed-off-by: Valerio Setti --- library/rsa.c | 16 ++++----- library/rsa_internal.h | 73 ++++++++++++++++++++++++++++++------------ 2 files changed, 60 insertions(+), 29 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 4ff7afacf..e0c38c3bc 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -688,9 +688,6 @@ static int asn1_get_nonzero_mpi(unsigned char **p, return 0; } -/* - * Parse a PKCS#1 encoded private RSA key - */ int mbedtls_rsa_key_parse(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen) { int ret, version; @@ -837,18 +834,19 @@ cleanup: return ret; } -/* - * RSAPublicKey ::= SEQUENCE { - * modulus INTEGER, -- n - * publicExponent INTEGER -- e - * } - */ int mbedtls_rsa_pubkey_parse(mbedtls_rsa_context *rsa, unsigned char **p, const unsigned char *end) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; + /* + * RSAPublicKey ::= SEQUENCE { + * modulus INTEGER, -- n + * publicExponent INTEGER -- e + * } + */ + if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { return ret; diff --git a/library/rsa_internal.h b/library/rsa_internal.h index dee787f33..62972c634 100644 --- a/library/rsa_internal.h +++ b/library/rsa_internal.h @@ -17,44 +17,77 @@ #include "mbedtls/rsa.h" /** - * \brief + * \brief Parse a PKCS#1 (ASN.1) encoded private RSA key. * - * \param rsa - * \param key - * \param keylen - * \return int + * \param rsa The RSA context where parsed data will be stored. + * \param key The buffer that contains the key. + * \param keylen The length of the key buffer in bytes. + * + * \return 0 in success + * \return MBEDTLS_ERR_ASN1_xxx in case of ASN.1 parsing errors. + * \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA in case of invalid version. */ int mbedtls_rsa_key_parse(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen); /** - * \brief + * \brief Parse a PKCS#1 (ASN.1) encoded public RSA key. * - * \param rsa - * \param p - * \param end - * \return int + * \param rsa The RSA context where parsed data will be stored. + * \param p Beginning of the buffer containing the key to be parsed. + * On successful return, the referenced pointer will be + * updated in order to point to the end of the parsed data. + * \param end End of the buffer containing the key to be parsed. + * + * \return 0 on success. + * \return MBEDTLS_ERR_ASN1_xxx in case of ASN.1 parsing errors. + * \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA in case of importing or + * priv/pub validation errors. */ int mbedtls_rsa_pubkey_parse(mbedtls_rsa_context *rsa, unsigned char **p, const unsigned char *end); /** - * \brief + * \brief Write a PKCS#1 (ASN.1) encoded private RSA key. * - * \param p - * \param start - * \param rsa - * \return int + * \param rsa The RSA context which contains the data to be written. + * \param start Beginning of the buffer that will be filled with the + * private key. + * \param p End of the buffer that will be filled with the private key. + * On successful return, the referenced pointer will be + * updated in order to point to the beginning of written data. + * + * \return On success, the number of bytes written to the output buffer + * (i.e. a value > 0). + * \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA is the RSA context does not + * cointain valid. + * \return MBEDTLS_ERR_ASN1_xxx in case of failure while writing to the + * output buffer. + * + * \note The output buffer is filled backward, i.e. starting from its + * end and moving toward its start. */ int mbedtls_rsa_key_write(const mbedtls_rsa_context *rsa, unsigned char *start, unsigned char **p); /** - * \brief + * \brief Parse a PKCS#1 (ASN.1) encoded public RSA key. * - * \param p - * \param start - * \param rsa - * \return int + * \param rsa The RSA context which contains the data to be written. + * \param start Beginning of the buffer that will be filled with the + * private key. + * \param p End of the buffer that will be filled with the private key. + * On successful return, the referenced pointer will be + * updated in order to point to the beginning of written data. + * + * \return On success, the number of bytes written to the output buffer + * (i.e. a value > 0). + * \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA is the RSA context does not + * cointain valid. + * \return MBEDTLS_ERR_ASN1_xxx in case of failure while writing to the + * output buffer. + * + * \note The output buffer is filled backward, i.e. starting from its + * end and moving toward its start. */ int mbedtls_rsa_pubkey_write(const mbedtls_rsa_context *rsa, unsigned char *start, unsigned char **p); From 75501f5ede68cbcc9651ed17c5eaee2bf31d6a00 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 8 Jan 2024 16:49:17 +0100 Subject: [PATCH 042/166] psa_util: add raw<->DER ECDSA conversion functions Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 36 +++++++ library/psa_util.c | 205 +++++++++++++++++++++++++++++++++++++ 2 files changed, 241 insertions(+) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 47724c633..912179ba8 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -176,6 +176,42 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK); } +#if defined(MBEDTLS_ASN1_WRITE_C) +/** Convert an ECDSA signature from raw format to DER ASN.1 one. + * + * \param raw Buffer that contains the signature in raw format. + * \param raw_len Length of raw buffer in bytes + * \param[out] der Buffer that will be filled with the converted DER + * output. It can overlap with raw buffer. + * \param der_size Size of the output der buffer in bytes. + * \param[out] der_len On success it contains the amount of valid data + * (in bytes) written to der buffer. It's undefined + * in case of failure. + * \param bits Size of each raw coordinate in bits. + */ +int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len, + unsigned char *der, size_t der_size, size_t *der_len, + size_t bits); +#endif /* MBEDTLS_ASN1_WRITE_C */ + +#if defined(MBEDTLS_ASN1_PARSE_C) +/** Convert an ECDSA signature from DER ASN.1 format to raw. + * + * \param der Buffer that contains the signature in DER format. + * \param der_len Size of the der buffer in bytes. + * \param[out] raw Buffer that will be filled with the converted raw + * signature. It can overlap with der buffer. + * \param raw_size Size of the raw buffer in bytes. + * \param[out] raw_len On success it is updated with the amount of valid + * data (in bytes) written to raw buffer. It's undefined + * in case of failure. + * \param bits Size of each raw coordinate in bits. + */ +int mbedtls_ecdsa_der_to_raw(const unsigned char *der, size_t der_len, + unsigned char *raw, size_t raw_size, size_t *raw_len, + size_t bits); +#endif /* MBEDTLS_ASN1_PARSE_C */ + /**@}*/ #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_util.c b/library/psa_util.c index 41586e262..2c35db010 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -40,6 +40,10 @@ #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) #include #endif +#if defined(MBEDTLS_ASN1_WRITE_C) +#include +#include +#endif /* PSA_SUCCESS is kept at the top of each error table since * it's the most common status when everything functions properly. */ @@ -330,4 +334,205 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family, } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +#if defined(MBEDTLS_ASN1_WRITE_C) +/* + * Convert a single raw coordinate to DER ASN.1 format. + * Note: this function is similar to mbedtls_asn1_write_mpi(), but it doesn't + * depend on BIGNUM_C. + * Note: this function fills der_buf backward. + */ +static int convert_raw_to_der_single_int(const unsigned char *raw_buf, size_t raw_len, + unsigned char *der_buf_start, + unsigned char *der_buf_end) +{ + unsigned char *p = der_buf_end; + int len = raw_len; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + /* Copy the raw coordinate to the end of der_buf. */ + if ((p - der_buf_start) < len) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + p -= len; + memcpy(p, raw_buf, len); + + /* ASN.1 DER encoding requires minimal length, so skip leading 0s. + * Provided input MPIs should not be 0, but as a failsafe measure, still + * detect that and return error in case. */ + while (*p == 0x00) { + ++p; + --len; + if (len == 0) { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + } + + /* If MSb is 1, ASN.1 requires that we prepend a 0. */ + if (*p & 0x80) { + if ((p - der_buf_start) < 1) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + --p; + *p = 0x00; + ++len; + } + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, der_buf_start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, der_buf_start, MBEDTLS_ASN1_INTEGER)); + + return len; +} + +int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len, + unsigned char *der, size_t der_size, size_t *der_len, + size_t bits) +{ + unsigned char r[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; + unsigned char s[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; + const size_t coordinate_len = PSA_BITS_TO_BYTES(bits); + size_t len = 0; + unsigned char *p = der + der_size; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + if (raw_len < 2 * coordinate_len) { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + + /* Since raw and der buffers might overlap, dump r and s before starting + * the conversion. */ + memset(r, 0, sizeof(r)); + memcpy(r, raw, coordinate_len); + memset(s, 0, sizeof(s)); + memcpy(s, raw + coordinate_len, coordinate_len); + + /* der buffer will initially be written starting from its end so we pick s + * first and then r. */ + ret = convert_raw_to_der_single_int(s, coordinate_len, der, p); + if (ret < 0) { + return ret; + } + p -= ret; + len += ret; + + ret = convert_raw_to_der_single_int(r, coordinate_len, der, p); + if (ret < 0) { + return ret; + } + p -= ret; + len += ret; + + /* Add ASN.1 header (len + tag). */ + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, der, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, der, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + + /* memmove the content of der buffer to its beginnig. */ + memmove(der, p, len); + *der_len = len; + + return 0; +} +#endif /* MBEDTLS_ASN1_WRITE_C */ + +#if defined(MBEDTLS_ASN1_PARSE_C) +/* + * Convert a single integer from ASN.1 DER format to raw. + * Note: der and raw buffers are not overlapping here. + */ +static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len, + unsigned char *raw, size_t raw_len, + size_t coordinate_size) +{ + unsigned char *p = der; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t unpadded_len, padding_len = 0; + + /* Get the length of ASN.1 element (i.e. the integer we need to parse). */ + ret = mbedtls_asn1_get_tag(&p, p + der_len, &unpadded_len, + MBEDTLS_ASN1_INTEGER); + if (ret != 0) { + return ret; + } + + /* Skip leading zeros */ + while (*p == 0x00) { + p++; + unpadded_len--; + /* It should never happen that the input number is all zeros. */ + if (unpadded_len == 0) { + return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + } + } + + if (raw_len < coordinate_size) { + return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + } + + if (unpadded_len < coordinate_size) { + padding_len = coordinate_size - unpadded_len; + memset(raw, 0x00, padding_len); + } + memcpy(raw + padding_len, p, unpadded_len); + p += unpadded_len; + + return (int) (p - der); +} + +int mbedtls_ecdsa_der_to_raw(const unsigned char *der, size_t der_len, + unsigned char *raw, size_t raw_size, size_t *raw_len, + size_t bits) +{ + unsigned char raw_tmp[PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE]; + unsigned char *p = (unsigned char *) der; + size_t data_len; + size_t coordinate_size = PSA_BITS_TO_BYTES(bits); + int ret; + + /* The output raw buffer should be at least twice the size of a raw + * coordinate in order to store r and s. */ + if (raw_size < coordinate_size * 2) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + + /* Check that the provided input DER buffer has the right header. */ + ret = mbedtls_asn1_get_tag(&p, der + der_len, &data_len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); + if (ret != 0) { + return ret; + } + + memset(raw_tmp, 0, sizeof(raw_tmp)); + + /* Extract r */ + ret = convert_der_to_raw_single_int(p, data_len, raw_tmp, sizeof(raw_tmp), + coordinate_size); + if (ret < 0) { + return ret; + } + p += ret; + data_len -= ret; + + /* Extract s */ + ret = convert_der_to_raw_single_int(p, data_len, raw_tmp + coordinate_size, + sizeof(raw_tmp) - coordinate_size, + coordinate_size); + if (ret < 0) { + return ret; + } + p += ret; + data_len -= ret; + + /* Check that we consumed all the input der data. */ + if ((p - der) != (int) der_len) { + return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + } + + memcpy(raw, raw_tmp, 2 * coordinate_size); + *raw_len = 2 * coordinate_size; + + return 0; +} +#endif /* MBEDTLS_ASN1_PARSE_C */ + #endif /* MBEDTLS_PSA_CRYPTO_C */ From bd5b9c61fec431c305416cf851d2ac31ac69df6d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 8 Jan 2024 16:49:48 +0100 Subject: [PATCH 043/166] pk_wrap: use PSA util functions for ECDSA conversion instead of PK ones Signed-off-by: Valerio Setti --- library/pk_wrap.c | 175 ++++++---------------------------------------- 1 file changed, 21 insertions(+), 154 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index c23265022..9a29d929e 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -29,6 +29,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa_util_internal.h" #include "psa/crypto.h" +#include "mbedtls/psa_util.h" #if defined(MBEDTLS_RSA_C) #include "pkwrite.h" @@ -536,66 +537,6 @@ static size_t eckey_get_bitlen(mbedtls_pk_context *pk) #if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) #if defined(MBEDTLS_USE_PSA_CRYPTO) -/* - * An ASN.1 encoded signature is a sequence of two ASN.1 integers. Parse one of - * those integers and convert it to the fixed-length encoding expected by PSA. - */ -static int extract_ecdsa_sig_int(unsigned char **from, const unsigned char *end, - unsigned char *to, size_t to_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t unpadded_len, padding_len; - - if ((ret = mbedtls_asn1_get_tag(from, end, &unpadded_len, - MBEDTLS_ASN1_INTEGER)) != 0) { - return ret; - } - - while (unpadded_len > 0 && **from == 0x00) { - (*from)++; - unpadded_len--; - } - - if (unpadded_len > to_len || unpadded_len == 0) { - return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; - } - - padding_len = to_len - unpadded_len; - memset(to, 0x00, padding_len); - memcpy(to + padding_len, *from, unpadded_len); - (*from) += unpadded_len; - - return 0; -} - -/* - * Convert a signature from an ASN.1 sequence of two integers - * to a raw {r,s} buffer. Note: the provided sig buffer must be at least - * twice as big as int_size. - */ -static int extract_ecdsa_sig(unsigned char **p, const unsigned char *end, - unsigned char *sig, size_t int_size) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t tmp_size; - - if ((ret = mbedtls_asn1_get_tag(p, end, &tmp_size, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return ret; - } - - /* Extract r */ - if ((ret = extract_ecdsa_sig_int(p, end, sig, int_size)) != 0) { - return ret; - } - /* Extract s */ - if ((ret = extract_ecdsa_sig_int(p, end, sig + int_size, int_size)) != 0) { - return ret; - } - - return 0; -} - /* Common helper for ECDSA verify using PSA functions. */ static int ecdsa_verify_psa(unsigned char *key, size_t key_len, psa_ecc_family_t curve, size_t curve_bits, @@ -607,6 +548,7 @@ static int ecdsa_verify_psa(unsigned char *key, size_t key_len, mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY; size_t signature_len = PSA_ECDSA_SIGNATURE_SIZE(curve_bits); + size_t converted_sig_len; unsigned char extracted_sig[PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE]; unsigned char *p; psa_status_t status; @@ -631,11 +573,15 @@ static int ecdsa_verify_psa(unsigned char *key, size_t key_len, } p = (unsigned char *) sig; - /* extract_ecdsa_sig's last parameter is the size - * of each integer to be parsed, so it's actually half - * the size of the signature. */ - if ((ret = extract_ecdsa_sig(&p, sig + sig_len, extracted_sig, - signature_len/2)) != 0) { + ret = mbedtls_ecdsa_der_to_raw(p, sig_len, extracted_sig, + sizeof(extracted_sig), &converted_sig_len, + curve_bits); + if (ret != 0) { + goto cleanup; + } + + if (converted_sig_len != signature_len) { + ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; goto cleanup; } @@ -646,10 +592,6 @@ static int ecdsa_verify_psa(unsigned char *key, size_t key_len, goto cleanup; } - if (p != sig + sig_len) { - ret = MBEDTLS_ERR_PK_SIG_LEN_MISMATCH; - goto cleanup; - } ret = 0; cleanup: @@ -751,90 +693,6 @@ static int ecdsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) #if defined(MBEDTLS_USE_PSA_CRYPTO) -/* - * Simultaneously convert and move raw MPI from the beginning of a buffer - * to an ASN.1 MPI at the end of the buffer. - * See also mbedtls_asn1_write_mpi(). - * - * p: pointer to the end of the output buffer - * start: start of the output buffer, and also of the mpi to write at the end - * n_len: length of the mpi to read from start - */ -static int asn1_write_mpibuf(unsigned char **p, unsigned char *start, - size_t n_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - - if ((size_t) (*p - start) < n_len) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - - len = n_len; - *p -= len; - memmove(*p, start, len); - - /* ASN.1 DER encoding requires minimal length, so skip leading 0s. - * Neither r nor s should be 0, but as a failsafe measure, still detect - * that rather than overflowing the buffer in case of a PSA error. */ - while (len > 0 && **p == 0x00) { - ++(*p); - --len; - } - - /* this is only reached if the signature was invalid */ - if (len == 0) { - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } - - /* if the msb is 1, ASN.1 requires that we prepend a 0. - * Neither r nor s can be 0, so we can assume len > 0 at all times. */ - if (**p & 0x80) { - if (*p - start < 1) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - - *--(*p) = 0x00; - len += 1; - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, - MBEDTLS_ASN1_INTEGER)); - - return (int) len; -} - -/* Transcode signature from PSA format to ASN.1 sequence. - * See ecdsa_signature_to_asn1 in ecdsa.c, but with byte buffers instead of - * MPIs, and in-place. - * - * [in/out] sig: the signature pre- and post-transcoding - * [in/out] sig_len: signature length pre- and post-transcoding - * [int] buf_len: the available size the in/out buffer - */ -static int pk_ecdsa_sig_asn1_from_psa(unsigned char *sig, size_t *sig_len, - size_t buf_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - const size_t rs_len = *sig_len / 2; - unsigned char *p = sig + buf_len; - - MBEDTLS_ASN1_CHK_ADD(len, asn1_write_mpibuf(&p, sig + rs_len, rs_len)); - MBEDTLS_ASN1_CHK_ADD(len, asn1_write_mpibuf(&p, sig, rs_len)); - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, sig, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, sig, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - memmove(sig, p, len); - *sig_len = len; - - return 0; -} - /* Common helper for ECDSA sign using PSA functions. * Instead of extracting key's properties in order to check which kind of ECDSA * signature it supports, we try both deterministic and non-deterministic. @@ -845,6 +703,15 @@ static int ecdsa_sign_psa(mbedtls_svc_key_id_t key_id, mbedtls_md_type_t md_alg, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + size_t key_bits = 0; + + status = psa_get_key_attributes(key_id, &key_attr); + if (status != PSA_SUCCESS) { + return PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); + } + key_bits = psa_get_key_bits(&key_attr); + psa_reset_key_attributes(&key_attr); status = psa_sign_hash(key_id, PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)), @@ -863,7 +730,7 @@ static int ecdsa_sign_psa(mbedtls_svc_key_id_t key_id, mbedtls_md_type_t md_alg, } done: - ret = pk_ecdsa_sig_asn1_from_psa(sig, sig_len, sig_size); + ret = mbedtls_ecdsa_raw_to_der(sig, sig_size, sig, sig_size, sig_len, key_bits); return ret; } From aed21640bdc3a6a4c3ddbbfe7bbb24e60544ee8d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 8 Jan 2024 16:50:30 +0100 Subject: [PATCH 044/166] test_suite_psa_crypto_util: add test function and data for ECDSA conversion functions Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_util.data | 71 +++++++++++++++++++ .../test_suite_psa_crypto_util.function | 44 ++++++++++++ 2 files changed, 115 insertions(+) create mode 100644 tests/suites/test_suite_psa_crypto_util.data create mode 100644 tests/suites/test_suite_psa_crypto_util.function diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data new file mode 100644 index 000000000..ce942c841 --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -0,0 +1,71 @@ +ECDSA Raw -> DER, 192bit, Success +depends_on:PSA_WANT_ECC_SECP_R1_192 +ecdsa_raw_to_der:ECDSA_RAW_TO_DER:192:"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":"303402180101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":0 + +ECDSA Raw -> DER, 192bit, Raw data too short +depends_on:PSA_WANT_ECC_SECP_R1_192 +ecdsa_raw_to_der:ECDSA_RAW_TO_DER:192:"0101010101010101010101010101010101010101010101010202020202020202020202020202020202020202020202":"303402180101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA Raw -> DER, 192bit, DER buffer too small +depends_on:PSA_WANT_ECC_SECP_R1_192 +ecdsa_raw_to_der:ECDSA_RAW_TO_DER:192:"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":"30340218010101010101010101010101010101010101010101010101":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL + +ECDSA Raw -> DER, 192bit, Null r +depends_on:PSA_WANT_ECC_SECP_R1_192 +ecdsa_raw_to_der:ECDSA_RAW_TO_DER:192:"000000000000000000000000000000000000000000000000020202020202020202020202020202020202020202020202":"303402180101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA Raw -> DER, 192bit, Null s +depends_on:PSA_WANT_ECC_SECP_R1_192 +ecdsa_raw_to_der:ECDSA_RAW_TO_DER:192:"010101010101010101010101010101010101010101010101000000000000000000000000000000000000000000000000":"303402180101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA Raw -> DER, 192bit, r with MSb set +depends_on:PSA_WANT_ECC_SECP_R1_192 +ecdsa_raw_to_der:ECDSA_RAW_TO_DER:192:"810101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":"30350219008101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":0 + +ECDSA Raw -> DER, 192bit, s with MSb set +depends_on:PSA_WANT_ECC_SECP_R1_192 +ecdsa_raw_to_der:ECDSA_RAW_TO_DER:192:"010101010101010101010101010101010101010101010101820202020202020202020202020202020202020202020202":"30350218010101010101010101010101010101010101010101010101021900820202020202020202020202020202020202020202020202":0 + +ECDSA DER -> Raw, 192bit, Success +depends_on:PSA_WANT_ECC_SECP_R1_192 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:192:"303402180101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":0 + +ECDSA DER -> Raw, 192bit, Raw buffer too small +depends_on:PSA_WANT_ECC_SECP_R1_192 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:192:"303402180101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":"0101010101010101010101010101010101010101010101010202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL + +ECDSA DER -> Raw, 192bit, Wrong sequence tag +depends_on:PSA_WANT_ECC_SECP_R1_192 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:192:"403402180101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +ECDSA DER -> Raw, 192bit, Invalid sequence length +depends_on:PSA_WANT_ECC_SECP_R1_192 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:192:"30FF02180101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_INVALID_LENGTH + +ECDSA DER -> Raw, 192bit, Wrong integer tag +depends_on:PSA_WANT_ECC_SECP_R1_192 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:192:"303401180101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +ECDSA DER -> Raw, 192bit, Wrong r integer length (too small) +depends_on:PSA_WANT_ECC_SECP_R1_192 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:192:"303402170101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +ECDSA DER -> Raw, 192bit, Wrong r integer length (too large) +depends_on:PSA_WANT_ECC_SECP_R1_192 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:192:"303402190101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +ECDSA DER -> Raw, 192bit, Wrong s integer length (too small) +depends_on:PSA_WANT_ECC_SECP_R1_192 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:192:"303402180101010101010101010101010101010101010101010101010217020202020202020202020202020202020202020202020202":"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH + +ECDSA DER -> Raw, 192bit, Wrong s integer length (too large) +depends_on:PSA_WANT_ECC_SECP_R1_192 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:192:"303402180101010101010101010101010101010101010101010101010219020202020202020202020202020202020202020202020202":"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_OUT_OF_DATA + +ECDSA Raw -> DER, 256bit, Success +depends_on:PSA_WANT_ECC_SECP_R1_256 +ecdsa_raw_to_der:ECDSA_RAW_TO_DER:256:"01010101010101010101010101010101010101010101010101010101010101010202020202020202020202020202020202020202020202020202020202020202":"30440220010101010101010101010101010101010101010101010101010101010101010102200202020202020202020202020202020202020202020202020202020202020202":0 + +ECDSA DER -> Raw, 256bit, Success +depends_on:PSA_WANT_ECC_SECP_R1_256 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"30440220010101010101010101010101010101010101010101010101010101010101010102200202020202020202020202020202020202020202020202020202020202020202":"01010101010101010101010101010101010101010101010101010101010101010202020202020202020202020202020202020202020202020202020202020202":0 diff --git a/tests/suites/test_suite_psa_crypto_util.function b/tests/suites/test_suite_psa_crypto_util.function new file mode 100644 index 000000000..2a990733f --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_util.function @@ -0,0 +1,44 @@ +/* BEGIN_HEADER */ +#include +#include +#include +#include + +enum { + ECDSA_RAW_TO_DER = 0, + ECDSA_DER_TO_RAW, +}; +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_ASN1_WRITE_C:MBEDTLS_ASN1_PARSE_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE */ +void ecdsa_raw_to_der(int direction, int key_bits, data_t *input, data_t *exp_result, int exp_ret) +{ + unsigned char *tmp_buf = NULL; + size_t tmp_buf_len = exp_result->len; + size_t ret_len; + + TEST_CALLOC(tmp_buf, tmp_buf_len); + + if (direction == ECDSA_RAW_TO_DER) { + TEST_EQUAL(mbedtls_ecdsa_raw_to_der(input->x, input->len, + tmp_buf, tmp_buf_len, &ret_len, + key_bits), exp_ret); + } else { + TEST_EQUAL(mbedtls_ecdsa_der_to_raw(input->x, input->len, + tmp_buf, tmp_buf_len, &ret_len, + key_bits), exp_ret); + } + + if (exp_ret == 0) { + ASSERT_COMPARE(exp_result->x, exp_result->len, tmp_buf, ret_len); + } + +exit: + mbedtls_free(tmp_buf); +} +/* END_CASE */ From 84890c9be29e58bc3b7b9d3ed187bc64fa56e450 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 9 Jan 2024 14:20:23 +0100 Subject: [PATCH 045/166] psa_util: improve description for ECDSA conversion functions Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 6 +++-- library/psa_util.c | 51 +++++++++++++++++++++++++++++++------- 2 files changed, 46 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 912179ba8..ea0d5bb0d 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -177,7 +177,8 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa } #if defined(MBEDTLS_ASN1_WRITE_C) -/** Convert an ECDSA signature from raw format to DER ASN.1 one. +/** Convert an ECDSA signature from raw format (used by PSA APIs) to DER ASN.1 + * format (used by legacy crypto APIs). * * \param raw Buffer that contains the signature in raw format. * \param raw_len Length of raw buffer in bytes @@ -195,7 +196,8 @@ int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len, #endif /* MBEDTLS_ASN1_WRITE_C */ #if defined(MBEDTLS_ASN1_PARSE_C) -/** Convert an ECDSA signature from DER ASN.1 format to raw. +/** Convert an ECDSA signature from DER ASN.1 format (used by legacy crypto + * APIs) to raw format (used by PSA APIs). * * \param der Buffer that contains the signature in DER format. * \param der_len Size of the der buffer in bytes. diff --git a/library/psa_util.c b/library/psa_util.c index 2c35db010..e16971bc5 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -335,11 +335,25 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family, #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ #if defined(MBEDTLS_ASN1_WRITE_C) -/* - * Convert a single raw coordinate to DER ASN.1 format. - * Note: this function is similar to mbedtls_asn1_write_mpi(), but it doesn't - * depend on BIGNUM_C. - * Note: this function fills der_buf backward. +/** + * \brief Convert a single raw coordinate to DER ASN.1 format. The output der + * buffer is filled backward (i.e. starting from its end). + * + * \param raw_buf Buffer containing the raw coordinate to be + * converted. + * \param raw_len Length of raw_buf in bytes. + * \param der_buf_start Pointer to the beginning of the buffer which + * will be filled with the DER converted data. + * \param der_buf_end End of the buffer used to store the DER output. + * + * \return On success, the amount of data (in bytes) written to + * the DER buffer. + * \return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if the provided der + * buffer is too small to contain all the converted data. + * \return MBEDTLS_ERR_ASN1_INVALID_DATA if the input raw + * coordinate is null (i.e. all zeros). + * + * \warning Raw and der buffer must not be overlapping. */ static int convert_raw_to_der_single_int(const unsigned char *raw_buf, size_t raw_len, unsigned char *der_buf_start, @@ -436,9 +450,28 @@ int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len, #endif /* MBEDTLS_ASN1_WRITE_C */ #if defined(MBEDTLS_ASN1_PARSE_C) -/* - * Convert a single integer from ASN.1 DER format to raw. - * Note: der and raw buffers are not overlapping here. +/** + * \brief Convert a single integer from ASN.1 DER format to raw. + * + * \param der Buffer containing the DER integer value to be + * converted. + * \param der_len Length of the der buffer in bytes. + * \param raw Output buffer that will be filled with the + * converted data. This should be at least + * coordinate_size bytes. + * \param raw_len Size (in bytes) of the output raw buffer. + * \param coordinate_size Size (in bytes) of a single coordinate in raw + * format. + * + * \return On success, the amount of DER data parsed from the + * provided der buffer. + * \return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the integer tag + * is missing in the der buffer. + * \return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the integer + * is null (i.e. all zeros) or if the output raw buffer + * is too small to contain the converted raw value. + * + * \warning Der and raw buffers must not be overlapping. */ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len, unsigned char *raw, size_t raw_len, @@ -466,7 +499,7 @@ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len, } if (raw_len < coordinate_size) { - return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + return ERR_ASN1_BUF_TOO_SMALL; } if (unpadded_len < coordinate_size) { From 5713c8a5ac38990dc3747dc10b50a3b54a35a0c6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 9 Jan 2024 15:48:37 +0100 Subject: [PATCH 046/166] psa_util: minor code improvements Signed-off-by: Valerio Setti --- library/psa_util.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/library/psa_util.c b/library/psa_util.c index e16971bc5..c257d7593 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -414,9 +414,7 @@ int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len, /* Since raw and der buffers might overlap, dump r and s before starting * the conversion. */ - memset(r, 0, sizeof(r)); memcpy(r, raw, coordinate_len); - memset(s, 0, sizeof(s)); memcpy(s, raw + coordinate_len, coordinate_len); /* der buffer will initially be written starting from its end so we pick s @@ -481,6 +479,10 @@ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t unpadded_len, padding_len = 0; + if (raw_len < coordinate_size) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + /* Get the length of ASN.1 element (i.e. the integer we need to parse). */ ret = mbedtls_asn1_get_tag(&p, p + der_len, &unpadded_len, MBEDTLS_ASN1_INTEGER); @@ -498,10 +500,6 @@ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len, } } - if (raw_len < coordinate_size) { - return ERR_ASN1_BUF_TOO_SMALL; - } - if (unpadded_len < coordinate_size) { padding_len = coordinate_size - unpadded_len; memset(raw, 0x00, padding_len); @@ -557,7 +555,7 @@ int mbedtls_ecdsa_der_to_raw(const unsigned char *der, size_t der_len, data_len -= ret; /* Check that we consumed all the input der data. */ - if ((p - der) != (int) der_len) { + if ((size_t) (p - der) != der_len) { return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; } From bda440f82da4fe20b7e3bfc0f0d9ae66fe8a9442 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 10 Jan 2024 08:16:50 +0100 Subject: [PATCH 047/166] test_suite_psa_crypto_util: increase the size of tested integers - Replace 192 case with 256 - Replace 256 case with 512 - Add 521 case Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_util.data | 142 ++++++++++--------- 1 file changed, 76 insertions(+), 66 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index ce942c841..8598a4ef1 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -1,71 +1,81 @@ -ECDSA Raw -> DER, 192bit, Success -depends_on:PSA_WANT_ECC_SECP_R1_192 -ecdsa_raw_to_der:ECDSA_RAW_TO_DER:192:"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":"303402180101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":0 - -ECDSA Raw -> DER, 192bit, Raw data too short -depends_on:PSA_WANT_ECC_SECP_R1_192 -ecdsa_raw_to_der:ECDSA_RAW_TO_DER:192:"0101010101010101010101010101010101010101010101010202020202020202020202020202020202020202020202":"303402180101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_INVALID_DATA - -ECDSA Raw -> DER, 192bit, DER buffer too small -depends_on:PSA_WANT_ECC_SECP_R1_192 -ecdsa_raw_to_der:ECDSA_RAW_TO_DER:192:"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":"30340218010101010101010101010101010101010101010101010101":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL - -ECDSA Raw -> DER, 192bit, Null r -depends_on:PSA_WANT_ECC_SECP_R1_192 -ecdsa_raw_to_der:ECDSA_RAW_TO_DER:192:"000000000000000000000000000000000000000000000000020202020202020202020202020202020202020202020202":"303402180101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_INVALID_DATA - -ECDSA Raw -> DER, 192bit, Null s -depends_on:PSA_WANT_ECC_SECP_R1_192 -ecdsa_raw_to_der:ECDSA_RAW_TO_DER:192:"010101010101010101010101010101010101010101010101000000000000000000000000000000000000000000000000":"303402180101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_INVALID_DATA - -ECDSA Raw -> DER, 192bit, r with MSb set -depends_on:PSA_WANT_ECC_SECP_R1_192 -ecdsa_raw_to_der:ECDSA_RAW_TO_DER:192:"810101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":"30350219008101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":0 - -ECDSA Raw -> DER, 192bit, s with MSb set -depends_on:PSA_WANT_ECC_SECP_R1_192 -ecdsa_raw_to_der:ECDSA_RAW_TO_DER:192:"010101010101010101010101010101010101010101010101820202020202020202020202020202020202020202020202":"30350218010101010101010101010101010101010101010101010101021900820202020202020202020202020202020202020202020202":0 - -ECDSA DER -> Raw, 192bit, Success -depends_on:PSA_WANT_ECC_SECP_R1_192 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:192:"303402180101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":0 - -ECDSA DER -> Raw, 192bit, Raw buffer too small -depends_on:PSA_WANT_ECC_SECP_R1_192 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:192:"303402180101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":"0101010101010101010101010101010101010101010101010202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL - -ECDSA DER -> Raw, 192bit, Wrong sequence tag -depends_on:PSA_WANT_ECC_SECP_R1_192 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:192:"403402180101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG - -ECDSA DER -> Raw, 192bit, Invalid sequence length -depends_on:PSA_WANT_ECC_SECP_R1_192 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:192:"30FF02180101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_INVALID_LENGTH - -ECDSA DER -> Raw, 192bit, Wrong integer tag -depends_on:PSA_WANT_ECC_SECP_R1_192 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:192:"303401180101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG - -ECDSA DER -> Raw, 192bit, Wrong r integer length (too small) -depends_on:PSA_WANT_ECC_SECP_R1_192 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:192:"303402170101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG - -ECDSA DER -> Raw, 192bit, Wrong r integer length (too large) -depends_on:PSA_WANT_ECC_SECP_R1_192 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:192:"303402190101010101010101010101010101010101010101010101010218020202020202020202020202020202020202020202020202":"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG - -ECDSA DER -> Raw, 192bit, Wrong s integer length (too small) -depends_on:PSA_WANT_ECC_SECP_R1_192 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:192:"303402180101010101010101010101010101010101010101010101010217020202020202020202020202020202020202020202020202":"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH - -ECDSA DER -> Raw, 192bit, Wrong s integer length (too large) -depends_on:PSA_WANT_ECC_SECP_R1_192 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:192:"303402180101010101010101010101010101010101010101010101010219020202020202020202020202020202020202020202020202":"010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202":MBEDTLS_ERR_ASN1_OUT_OF_DATA - ECDSA Raw -> DER, 256bit, Success depends_on:PSA_WANT_ECC_SECP_R1_256 -ecdsa_raw_to_der:ECDSA_RAW_TO_DER:256:"01010101010101010101010101010101010101010101010101010101010101010202020202020202020202020202020202020202020202020202020202020202":"30440220010101010101010101010101010101010101010101010101010101010101010102200202020202020202020202020202020202020202020202020202020202020202":0 +ecdsa_raw_to_der:ECDSA_RAW_TO_DER:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0 + +ECDSA Raw -> DER, 256bit, Raw data too short +depends_on:PSA_WANT_ECC_SECP_R1_256 +ecdsa_raw_to_der:ECDSA_RAW_TO_DER:256:"111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA Raw -> DER, 256bit, DER buffer too small +depends_on:PSA_WANT_ECC_SECP_R1_256 +ecdsa_raw_to_der:ECDSA_RAW_TO_DER:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"304402201111111111111111111111111111111111111111111111111111111111111111022022222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL + +ECDSA Raw -> DER, 256bit, Null r +depends_on:PSA_WANT_ECC_SECP_R1_256 +ecdsa_raw_to_der:ECDSA_RAW_TO_DER:256:"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA Raw -> DER, 256bit, Null s +depends_on:PSA_WANT_ECC_SECP_R1_256 +ecdsa_raw_to_der:ECDSA_RAW_TO_DER:256:"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA Raw -> DER, 256bit, r with MSb set +depends_on:PSA_WANT_ECC_SECP_R1_256 +ecdsa_raw_to_der:ECDSA_RAW_TO_DER:256:"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0 + +ECDSA Raw -> DER, 256bit, s with MSb set +depends_on:PSA_WANT_ECC_SECP_R1_256 +ecdsa_raw_to_der:ECDSA_RAW_TO_DER:256:"1111111111111111111111111111111111111111111111111111111111111111A222222222222222222222222222222222222222222222222222222222222222":"304502201111111111111111111111111111111111111111111111111111111111111111022100A222222222222222222222222222222222222222222222222222222222222222":0 ECDSA DER -> Raw, 256bit, Success depends_on:PSA_WANT_ECC_SECP_R1_256 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"30440220010101010101010101010101010101010101010101010101010101010101010102200202020202020202020202020202020202020202020202020202020202020202":"01010101010101010101010101010101010101010101010101010101010101010202020202020202020202020202020202020202020202020202020202020202":0 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0 + +ECDSA DER -> Raw, 256bit, Raw buffer too small +depends_on:PSA_WANT_ECC_SECP_R1_256 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL + +ECDSA DER -> Raw, 256bit, Wrong sequence tag +depends_on:PSA_WANT_ECC_SECP_R1_256 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"40440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +ECDSA DER -> Raw, 256bit, Invalid sequence length +depends_on:PSA_WANT_ECC_SECP_R1_256 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"30ff0220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_LENGTH + +ECDSA DER -> Raw, 256bit, Wrong integer tag +depends_on:PSA_WANT_ECC_SECP_R1_256 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"30440120111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +ECDSA DER -> Raw, 256bit, Wrong r integer length (too small) +depends_on:PSA_WANT_ECC_SECP_R1_256 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"30440219111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +ECDSA DER -> Raw, 256bit, Wrong r integer length (too large) +depends_on:PSA_WANT_ECC_SECP_R1_256 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"30440221111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +ECDSA DER -> Raw, 256bit, Wrong s integer length (too small) +depends_on:PSA_WANT_ECC_SECP_R1_256 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"30440220111111111111111111111111111111111111111111111111111111111111111102192222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH + +ECDSA DER -> Raw, 256bit, Wrong s integer length (too large) +depends_on:PSA_WANT_ECC_SECP_R1_256 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"30440220111111111111111111111111111111111111111111111111111111111111111102212222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_OUT_OF_DATA + +ECDSA Raw -> DER, 512bit, Success +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +ecdsa_raw_to_der:ECDSA_RAW_TO_DER:512:"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"308184024011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024022222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 + +ECDSA DER -> Raw, 512bit, Success +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:512:"308184024011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024022222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 + +# Bit length is rounded up to 528 to be multiple of 8 +ECDSA Raw -> DER, 521bit, Success +depends_on:PSA_WANT_ECC_SECP_R1_521 +ecdsa_raw_to_der:ECDSA_RAW_TO_DER:528:"111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818802421111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 + +# Bit length is rounded up to 528 to be multiple of 8 +ECDSA DER -> Raw, 521bit, Success +depends_on:PSA_WANT_ECC_SECP_R1_521 +ecdsa_raw_to_der:ECDSA_DER_TO_RAW:528:"30818802421111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 From 99c0369d314ca613d4b721f96c8987560a60c220 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 10 Jan 2024 08:21:10 +0100 Subject: [PATCH 048/166] psa_util: add include asn1write.h in public header This is mandatory to have support for the error codes defined in the asn1write.h header file. Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 5 +++++ tests/suites/test_suite_psa_crypto_util.function | 2 -- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index ea0d5bb0d..87787f1e0 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -16,6 +16,11 @@ #include "psa/crypto.h" +/* ASN1 defines used in the ECDSA conversion functions. */ +#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_ASN1_PARSE_C) +#include +#endif + #if defined(MBEDTLS_PSA_CRYPTO_C) /* Expose whatever RNG the PSA subsystem uses to applications using the diff --git a/tests/suites/test_suite_psa_crypto_util.function b/tests/suites/test_suite_psa_crypto_util.function index 2a990733f..bf1f88d8b 100644 --- a/tests/suites/test_suite_psa_crypto_util.function +++ b/tests/suites/test_suite_psa_crypto_util.function @@ -1,8 +1,6 @@ /* BEGIN_HEADER */ -#include #include #include -#include enum { ECDSA_RAW_TO_DER = 0, From c22e3ce8efd8a6f6c804ac1b28c17b0ea3bb4080 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 10 Jan 2024 08:46:59 +0100 Subject: [PATCH 049/166] psa_util: remove CRYPTO_C guard from ECDSA conversion functions Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 8 +++---- library/psa_util.c | 22 ++++++++++--------- .../test_suite_psa_crypto_util.function | 7 +----- 3 files changed, 17 insertions(+), 20 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 87787f1e0..93fb38d73 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -16,10 +16,10 @@ #include "psa/crypto.h" -/* ASN1 defines used in the ECDSA conversion functions. */ -#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_ASN1_PARSE_C) +/* ASN1 defines used in the ECDSA conversion functions. + * Note: intentionally not adding MBEDTLS_ASN1_[PARSE|WRITE]_C guards here + * otherwise error codes would be unknown in test_suite_psa_crypto_util.data.*/ #include -#endif #if defined(MBEDTLS_PSA_CRYPTO_C) @@ -180,6 +180,7 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa { return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK); } +#endif /* MBEDTLS_PSA_CRYPTO_C */ #if defined(MBEDTLS_ASN1_WRITE_C) /** Convert an ECDSA signature from raw format (used by PSA APIs) to DER ASN.1 @@ -221,5 +222,4 @@ int mbedtls_ecdsa_der_to_raw(const unsigned char *der, size_t der_len, /**@}*/ -#endif /* MBEDTLS_PSA_CRYPTO_C */ #endif /* MBEDTLS_PSA_UTIL_H */ diff --git a/library/psa_util.c b/library/psa_util.c index c257d7593..ad5c9fb12 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -8,14 +8,20 @@ #include "common.h" +/* This is needed for MBEDTLS_ERR_XXX macros */ +#include + +#if defined(MBEDTLS_ASN1_WRITE_C) +#include +#include +#endif + +#include "psa_util_internal.h" + #if defined(MBEDTLS_PSA_CRYPTO_C) #include -#include "psa_util_internal.h" - -/* The following includes are needed for MBEDTLS_ERR_XXX macros */ -#include #if defined(MBEDTLS_MD_LIGHT) #include #endif @@ -40,10 +46,6 @@ #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) #include #endif -#if defined(MBEDTLS_ASN1_WRITE_C) -#include -#include -#endif /* PSA_SUCCESS is kept at the top of each error table since * it's the most common status when everything functions properly. */ @@ -334,6 +336,8 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family, } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +#endif /* MBEDTLS_PSA_CRYPTO_C */ + #if defined(MBEDTLS_ASN1_WRITE_C) /** * \brief Convert a single raw coordinate to DER ASN.1 format. The output der @@ -565,5 +569,3 @@ int mbedtls_ecdsa_der_to_raw(const unsigned char *der, size_t der_len, return 0; } #endif /* MBEDTLS_ASN1_PARSE_C */ - -#endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/tests/suites/test_suite_psa_crypto_util.function b/tests/suites/test_suite_psa_crypto_util.function index bf1f88d8b..57cda0945 100644 --- a/tests/suites/test_suite_psa_crypto_util.function +++ b/tests/suites/test_suite_psa_crypto_util.function @@ -8,12 +8,7 @@ enum { }; /* END_HEADER */ -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_ASN1_WRITE_C:MBEDTLS_ASN1_PARSE_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ASN1_WRITE_C:MBEDTLS_ASN1_PARSE_C */ void ecdsa_raw_to_der(int direction, int key_bits, data_t *input, data_t *exp_result, int exp_ret) { unsigned char *tmp_buf = NULL; From 3f0809a99d3464ca105c75d75093a8e6cd9fffd8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 10 Jan 2024 09:00:55 +0100 Subject: [PATCH 050/166] test_suite_psa_crypto_util: split ECDSA test function in two Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_util.data | 40 ++++++++--------- .../test_suite_psa_crypto_util.function | 43 ++++++++++++------- 2 files changed, 47 insertions(+), 36 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index 8598a4ef1..a8d34581c 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -1,81 +1,81 @@ ECDSA Raw -> DER, 256bit, Success depends_on:PSA_WANT_ECC_SECP_R1_256 -ecdsa_raw_to_der:ECDSA_RAW_TO_DER:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0 +ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0 ECDSA Raw -> DER, 256bit, Raw data too short depends_on:PSA_WANT_ECC_SECP_R1_256 -ecdsa_raw_to_der:ECDSA_RAW_TO_DER:256:"111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA +ecdsa_raw_to_der:256:"111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA ECDSA Raw -> DER, 256bit, DER buffer too small depends_on:PSA_WANT_ECC_SECP_R1_256 -ecdsa_raw_to_der:ECDSA_RAW_TO_DER:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"304402201111111111111111111111111111111111111111111111111111111111111111022022222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL +ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"304402201111111111111111111111111111111111111111111111111111111111111111022022222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ECDSA Raw -> DER, 256bit, Null r depends_on:PSA_WANT_ECC_SECP_R1_256 -ecdsa_raw_to_der:ECDSA_RAW_TO_DER:256:"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA +ecdsa_raw_to_der:256:"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA ECDSA Raw -> DER, 256bit, Null s depends_on:PSA_WANT_ECC_SECP_R1_256 -ecdsa_raw_to_der:ECDSA_RAW_TO_DER:256:"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA +ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA ECDSA Raw -> DER, 256bit, r with MSb set depends_on:PSA_WANT_ECC_SECP_R1_256 -ecdsa_raw_to_der:ECDSA_RAW_TO_DER:256:"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0 +ecdsa_raw_to_der:256:"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0 ECDSA Raw -> DER, 256bit, s with MSb set depends_on:PSA_WANT_ECC_SECP_R1_256 -ecdsa_raw_to_der:ECDSA_RAW_TO_DER:256:"1111111111111111111111111111111111111111111111111111111111111111A222222222222222222222222222222222222222222222222222222222222222":"304502201111111111111111111111111111111111111111111111111111111111111111022100A222222222222222222222222222222222222222222222222222222222222222":0 +ecdsa_raw_to_der:256:"1111111111111111111111111111111111111111111111111111111111111111A222222222222222222222222222222222222222222222222222222222222222":"304502201111111111111111111111111111111111111111111111111111111111111111022100A222222222222222222222222222222222222222222222222222222222222222":0 ECDSA DER -> Raw, 256bit, Success depends_on:PSA_WANT_ECC_SECP_R1_256 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0 +ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0 ECDSA DER -> Raw, 256bit, Raw buffer too small depends_on:PSA_WANT_ECC_SECP_R1_256 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL +ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ECDSA DER -> Raw, 256bit, Wrong sequence tag depends_on:PSA_WANT_ECC_SECP_R1_256 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"40440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +ecdsa_der_to_raw:256:"40440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ECDSA DER -> Raw, 256bit, Invalid sequence length depends_on:PSA_WANT_ECC_SECP_R1_256 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"30ff0220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_LENGTH +ecdsa_der_to_raw:256:"30ff0220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_LENGTH ECDSA DER -> Raw, 256bit, Wrong integer tag depends_on:PSA_WANT_ECC_SECP_R1_256 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"30440120111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +ecdsa_der_to_raw:256:"30440120111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ECDSA DER -> Raw, 256bit, Wrong r integer length (too small) depends_on:PSA_WANT_ECC_SECP_R1_256 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"30440219111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +ecdsa_der_to_raw:256:"30440219111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ECDSA DER -> Raw, 256bit, Wrong r integer length (too large) depends_on:PSA_WANT_ECC_SECP_R1_256 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"30440221111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +ecdsa_der_to_raw:256:"30440221111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ECDSA DER -> Raw, 256bit, Wrong s integer length (too small) depends_on:PSA_WANT_ECC_SECP_R1_256 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"30440220111111111111111111111111111111111111111111111111111111111111111102192222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102192222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ECDSA DER -> Raw, 256bit, Wrong s integer length (too large) depends_on:PSA_WANT_ECC_SECP_R1_256 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:256:"30440220111111111111111111111111111111111111111111111111111111111111111102212222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_OUT_OF_DATA +ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102212222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_OUT_OF_DATA ECDSA Raw -> DER, 512bit, Success depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 -ecdsa_raw_to_der:ECDSA_RAW_TO_DER:512:"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"308184024011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024022222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 +ecdsa_raw_to_der:512:"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"308184024011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024022222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 ECDSA DER -> Raw, 512bit, Success depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:512:"308184024011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024022222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 +ecdsa_der_to_raw:512:"308184024011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024022222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 # Bit length is rounded up to 528 to be multiple of 8 ECDSA Raw -> DER, 521bit, Success depends_on:PSA_WANT_ECC_SECP_R1_521 -ecdsa_raw_to_der:ECDSA_RAW_TO_DER:528:"111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818802421111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 +ecdsa_raw_to_der:528:"111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818802421111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 # Bit length is rounded up to 528 to be multiple of 8 ECDSA DER -> Raw, 521bit, Success depends_on:PSA_WANT_ECC_SECP_R1_521 -ecdsa_raw_to_der:ECDSA_DER_TO_RAW:528:"30818802421111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 +ecdsa_der_to_raw:528:"30818802421111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 diff --git a/tests/suites/test_suite_psa_crypto_util.function b/tests/suites/test_suite_psa_crypto_util.function index 57cda0945..3c4976607 100644 --- a/tests/suites/test_suite_psa_crypto_util.function +++ b/tests/suites/test_suite_psa_crypto_util.function @@ -1,15 +1,10 @@ /* BEGIN_HEADER */ #include #include - -enum { - ECDSA_RAW_TO_DER = 0, - ECDSA_DER_TO_RAW, -}; /* END_HEADER */ -/* BEGIN_CASE depends_on:MBEDTLS_ASN1_WRITE_C:MBEDTLS_ASN1_PARSE_C */ -void ecdsa_raw_to_der(int direction, int key_bits, data_t *input, data_t *exp_result, int exp_ret) +/* BEGIN_CASE depends_on:MBEDTLS_ASN1_WRITE_C */ +void ecdsa_raw_to_der(int key_bits, data_t *input, data_t *exp_result, int exp_ret) { unsigned char *tmp_buf = NULL; size_t tmp_buf_len = exp_result->len; @@ -17,15 +12,31 @@ void ecdsa_raw_to_der(int direction, int key_bits, data_t *input, data_t *exp_re TEST_CALLOC(tmp_buf, tmp_buf_len); - if (direction == ECDSA_RAW_TO_DER) { - TEST_EQUAL(mbedtls_ecdsa_raw_to_der(input->x, input->len, - tmp_buf, tmp_buf_len, &ret_len, - key_bits), exp_ret); - } else { - TEST_EQUAL(mbedtls_ecdsa_der_to_raw(input->x, input->len, - tmp_buf, tmp_buf_len, &ret_len, - key_bits), exp_ret); - } + TEST_EQUAL(mbedtls_ecdsa_raw_to_der(input->x, input->len, + tmp_buf, tmp_buf_len, &ret_len, + key_bits), exp_ret); + + if (exp_ret == 0) { + ASSERT_COMPARE(exp_result->x, exp_result->len, tmp_buf, ret_len); + } + +exit: + mbedtls_free(tmp_buf); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */ +void ecdsa_der_to_raw(int key_bits, data_t *input, data_t *exp_result, int exp_ret) +{ + unsigned char *tmp_buf = NULL; + size_t tmp_buf_len = exp_result->len; + size_t ret_len; + + TEST_CALLOC(tmp_buf, tmp_buf_len); + + TEST_EQUAL(mbedtls_ecdsa_der_to_raw(input->x, input->len, + tmp_buf, tmp_buf_len, &ret_len, + key_bits), exp_ret); if (exp_ret == 0) { ASSERT_COMPARE(exp_result->x, exp_result->len, tmp_buf, ret_len); From 3ccb2b54236a096c6757521ecce458b5e84f4abe Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 10 Jan 2024 10:51:24 +0100 Subject: [PATCH 051/166] all.sh: add exception for ASN1_PARSE_C in check_test_dependencies There is no PSA equivalent to ASN1 legacy symbols. Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 44930d28b..41faaee47 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1059,11 +1059,16 @@ component_check_test_dependencies () { echo "!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" >> $expected # No PSA equivalent - used to skip decryption tests in PSA-ECB, CBC/XTS/NIST_KW/DES echo "!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT" >> $expected - # This is used by import_rsa_made_up() in test_suite_psa_crypto in order - # to build a fake RSA key of the wanted size based on + # MBEDTLS_ASN1_WRITE_C is used by import_rsa_made_up() in test_suite_psa_crypto + # in order to build a fake RSA key of the wanted size based on # PSA_VENDOR_RSA_MAX_KEY_BITS. The legacy module is only used by # the test code and that's probably the most convenient way of achieving # the test's goal. + # + # Both MBEDTLS_ASN1_[PARSE|WRITE]_C are used in ECDSA conversion functions + # (in psa_util module) and, therefore, also in test_suite_psa_crypto_util. + # There is no PSA equivalent for these ASN1 symbols in PSA. + echo "MBEDTLS_ASN1_PARSE_C" >> $expected echo "MBEDTLS_ASN1_WRITE_C" >> $expected # No PSA equivalent - we should probably have one in the future. echo "MBEDTLS_ECP_RESTARTABLE" >> $expected From 86bae52c5500509d9837fff6f0d40e2cff980e2a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 10 Jan 2024 11:12:31 +0100 Subject: [PATCH 052/166] psa_util: skip leading zeros in der format with "if" instead of "while" This is possible because we know that DER format can have at most 1 leading zero. Signed-off-by: Valerio Setti --- library/psa_util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_util.c b/library/psa_util.c index ad5c9fb12..e69ff6bb6 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -494,8 +494,8 @@ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len, return ret; } - /* Skip leading zeros */ - while (*p == 0x00) { + /* Skip possible leading zero */ + if (*p == 0x00) { p++; unpadded_len--; /* It should never happen that the input number is all zeros. */ From a7b83a04ee9142f876c4703fbbdb5ee56c6566a9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 10 Jan 2024 16:07:29 +0100 Subject: [PATCH 053/166] psa_util: add variable casting in convert_raw_to_der_single_int() Signed-off-by: Valerio Setti --- library/psa_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_util.c b/library/psa_util.c index e69ff6bb6..ef9aff172 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -364,7 +364,7 @@ static int convert_raw_to_der_single_int(const unsigned char *raw_buf, size_t ra unsigned char *der_buf_end) { unsigned char *p = der_buf_end; - int len = raw_len; + int len = (int) raw_len; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Copy the raw coordinate to the end of der_buf. */ From 31657ed70c80303d980c0d88ba5d0f1cca15fd4e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 11 Jan 2024 07:01:30 +0100 Subject: [PATCH 054/166] test_suite_psa_crypto_util: change curve type for 256bits tests Tests with 256 bits curve simply depends on any curve of that size, but they don't really care about which family is enabled. Here I replaced PSA_WANT_ECC_SECP_R1_256 with PSA_WANT_ECC_SECP_K1_256 because otherwise there were test disparities in the "analyze_driver_vs_reference_tfm_config" component of "analyze_outcomes.py". It looked simpler to change the curve type in the test suite's data rather than adding proper exceptions in "analyze_outcomes.py" Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_util.data | 32 ++++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index a8d34581c..49848615c 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -1,65 +1,65 @@ ECDSA Raw -> DER, 256bit, Success -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0 ECDSA Raw -> DER, 256bit, Raw data too short -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_raw_to_der:256:"111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA ECDSA Raw -> DER, 256bit, DER buffer too small -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"304402201111111111111111111111111111111111111111111111111111111111111111022022222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ECDSA Raw -> DER, 256bit, Null r -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_raw_to_der:256:"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA ECDSA Raw -> DER, 256bit, Null s -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA ECDSA Raw -> DER, 256bit, r with MSb set -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_raw_to_der:256:"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0 ECDSA Raw -> DER, 256bit, s with MSb set -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_raw_to_der:256:"1111111111111111111111111111111111111111111111111111111111111111A222222222222222222222222222222222222222222222222222222222222222":"304502201111111111111111111111111111111111111111111111111111111111111111022100A222222222222222222222222222222222222222222222222222222222222222":0 ECDSA DER -> Raw, 256bit, Success -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0 ECDSA DER -> Raw, 256bit, Raw buffer too small -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ECDSA DER -> Raw, 256bit, Wrong sequence tag -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_der_to_raw:256:"40440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ECDSA DER -> Raw, 256bit, Invalid sequence length -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_der_to_raw:256:"30ff0220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_LENGTH ECDSA DER -> Raw, 256bit, Wrong integer tag -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_der_to_raw:256:"30440120111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ECDSA DER -> Raw, 256bit, Wrong r integer length (too small) -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_der_to_raw:256:"30440219111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ECDSA DER -> Raw, 256bit, Wrong r integer length (too large) -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_der_to_raw:256:"30440221111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ECDSA DER -> Raw, 256bit, Wrong s integer length (too small) -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102192222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ECDSA DER -> Raw, 256bit, Wrong s integer length (too large) -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102212222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_OUT_OF_DATA ECDSA Raw -> DER, 512bit, Success From 17105df3e776a79b2668c2fb960ef1f4dcb8171a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 11 Jan 2024 10:41:59 +0100 Subject: [PATCH 055/166] test_suite_psa_crypto_util: add comments to 512/521 bit size test cases Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_util.data | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index 49848615c..45a3cb565 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -62,20 +62,24 @@ ECDSA DER -> Raw, 256bit, Wrong s integer length (too large) depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102212222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_OUT_OF_DATA +# 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. ECDSA Raw -> DER, 512bit, Success depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 ecdsa_raw_to_der:512:"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"308184024011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024022222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 +# 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. ECDSA DER -> Raw, 512bit, Success depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 ecdsa_der_to_raw:512:"308184024011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024022222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 -# Bit length is rounded up to 528 to be multiple of 8 +# 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. +# Bit length is rounded up to 528 to be multiple of 8. ECDSA Raw -> DER, 521bit, Success depends_on:PSA_WANT_ECC_SECP_R1_521 ecdsa_raw_to_der:528:"111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818802421111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 -# Bit length is rounded up to 528 to be multiple of 8 +# 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. +# Bit length is rounded up to 528 to be multiple of 8. ECDSA DER -> Raw, 521bit, Success depends_on:PSA_WANT_ECC_SECP_R1_521 ecdsa_der_to_raw:528:"30818802421111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 From f4d2dc2d772cef1baa7367996c45e9a0ae7e1be1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Jan 2024 10:57:48 +0100 Subject: [PATCH 056/166] psa_util: guard ECDSA conversion functions with proper (internal) symbol Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_legacy_crypto.h | 7 +++++++ include/mbedtls/psa_util.h | 4 ++++ library/psa_util.c | 4 ++++ tests/suites/test_suite_psa_crypto_util.function | 4 ++-- 4 files changed, 17 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 696266c6f..833f15268 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -400,6 +400,13 @@ #define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY #endif +/* psa_util file features some ECDSA conversion functions, to convert between + * legacy's ASN.1 DER format and PSA's raw one. */ +#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_PSA_CRYPTO_C) && \ + (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)) +#define MBEDTLS_PSA_UTIL_HAVE_ECDSA +#endif + /* Some internal helpers to determine which keys are availble. */ #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES)) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 93fb38d73..3bf05d183 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -182,6 +182,8 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa } #endif /* MBEDTLS_PSA_CRYPTO_C */ +#if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) + #if defined(MBEDTLS_ASN1_WRITE_C) /** Convert an ECDSA signature from raw format (used by PSA APIs) to DER ASN.1 * format (used by legacy crypto APIs). @@ -220,6 +222,8 @@ int mbedtls_ecdsa_der_to_raw(const unsigned char *der, size_t der_len, size_t bits); #endif /* MBEDTLS_ASN1_PARSE_C */ +#endif /* MBEDTLS_PSA_UTIL_HAVE_ECDSA */ + /**@}*/ #endif /* MBEDTLS_PSA_UTIL_H */ diff --git a/library/psa_util.c b/library/psa_util.c index ef9aff172..c78b6035d 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -338,6 +338,8 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family, #endif /* MBEDTLS_PSA_CRYPTO_C */ +#if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) + #if defined(MBEDTLS_ASN1_WRITE_C) /** * \brief Convert a single raw coordinate to DER ASN.1 format. The output der @@ -569,3 +571,5 @@ int mbedtls_ecdsa_der_to_raw(const unsigned char *der, size_t der_len, return 0; } #endif /* MBEDTLS_ASN1_PARSE_C */ + +#endif /* MBEDTLS_PSA_UTIL_HAVE_ECDSA */ diff --git a/tests/suites/test_suite_psa_crypto_util.function b/tests/suites/test_suite_psa_crypto_util.function index 3c4976607..bfdafa7b3 100644 --- a/tests/suites/test_suite_psa_crypto_util.function +++ b/tests/suites/test_suite_psa_crypto_util.function @@ -3,7 +3,7 @@ #include /* END_HEADER */ -/* BEGIN_CASE depends_on:MBEDTLS_ASN1_WRITE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_UTIL_HAVE_ECDSA:MBEDTLS_ASN1_WRITE_C */ void ecdsa_raw_to_der(int key_bits, data_t *input, data_t *exp_result, int exp_ret) { unsigned char *tmp_buf = NULL; @@ -25,7 +25,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_UTIL_HAVE_ECDSA:MBEDTLS_ASN1_PARSE_C */ void ecdsa_der_to_raw(int key_bits, data_t *input, data_t *exp_result, int exp_ret) { unsigned char *tmp_buf = NULL; From 688f795cb38b86995051c3033b7aeb73f573ddf8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Jan 2024 09:18:40 +0100 Subject: [PATCH 057/166] asn1: use the new symbol to guard dependencies of ECDSA conversion functions Signed-off-by: Valerio Setti --- include/mbedtls/asn1.h | 5 +++-- include/mbedtls/asn1write.h | 5 +++-- include/mbedtls/psa_util.h | 4 ---- library/asn1parse.c | 5 +++-- library/asn1write.c | 5 +++-- library/psa_util.c | 4 ---- tests/suites/test_suite_psa_crypto_util.function | 4 ++-- 7 files changed, 14 insertions(+), 18 deletions(-) diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 3c3bfad9d..ff019f432 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -197,7 +197,8 @@ typedef struct mbedtls_asn1_named_data { } mbedtls_asn1_named_data; -#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) +#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) || \ + defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) /** * \brief Get the length of an ASN.1 element. * Updates the pointer to immediately behind the length. @@ -244,7 +245,7 @@ int mbedtls_asn1_get_len(unsigned char **p, int mbedtls_asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag); -#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C */ +#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA */ #if defined(MBEDTLS_ASN1_PARSE_C) /** diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h index 7af4aba41..0c5a85ac2 100644 --- a/include/mbedtls/asn1write.h +++ b/include/mbedtls/asn1write.h @@ -36,7 +36,8 @@ extern "C" { #endif -#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C) +#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C) || \ + defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) /** * \brief Write a length field in ASN.1 format. * @@ -65,7 +66,7 @@ int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, */ int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsigned char tag); -#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C */ +#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA*/ #if defined(MBEDTLS_ASN1_WRITE_C) /** diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 3bf05d183..15e92e36f 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -184,7 +184,6 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa #if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) -#if defined(MBEDTLS_ASN1_WRITE_C) /** Convert an ECDSA signature from raw format (used by PSA APIs) to DER ASN.1 * format (used by legacy crypto APIs). * @@ -201,9 +200,7 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len, unsigned char *der, size_t der_size, size_t *der_len, size_t bits); -#endif /* MBEDTLS_ASN1_WRITE_C */ -#if defined(MBEDTLS_ASN1_PARSE_C) /** Convert an ECDSA signature from DER ASN.1 format (used by legacy crypto * APIs) to raw format (used by PSA APIs). * @@ -220,7 +217,6 @@ int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len, int mbedtls_ecdsa_der_to_raw(const unsigned char *der, size_t der_len, unsigned char *raw, size_t raw_size, size_t *raw_len, size_t bits); -#endif /* MBEDTLS_ASN1_PARSE_C */ #endif /* MBEDTLS_PSA_UTIL_HAVE_ECDSA */ diff --git a/library/asn1parse.c b/library/asn1parse.c index c02b233ec..e33fdf71d 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -7,7 +7,8 @@ #include "common.h" -#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) +#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) || \ + defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) #include "mbedtls/asn1.h" #include "mbedtls/platform_util.h" @@ -73,7 +74,7 @@ int mbedtls_asn1_get_tag(unsigned char **p, return mbedtls_asn1_get_len(p, end, len); } -#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C */ +#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA */ #if defined(MBEDTLS_ASN1_PARSE_C) int mbedtls_asn1_get_bool(unsigned char **p, diff --git a/library/asn1write.c b/library/asn1write.c index 114091d63..775a9ef53 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -7,7 +7,8 @@ #include "common.h" -#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C) +#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C) || \ + defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) #include "mbedtls/asn1write.h" #include "mbedtls/error.h" @@ -62,7 +63,7 @@ int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsign return 1; } -#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C */ +#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA */ #if defined(MBEDTLS_ASN1_WRITE_C) static int mbedtls_asn1_write_len_and_tag(unsigned char **p, diff --git a/library/psa_util.c b/library/psa_util.c index c78b6035d..9e21602f6 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -340,7 +340,6 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family, #if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) -#if defined(MBEDTLS_ASN1_WRITE_C) /** * \brief Convert a single raw coordinate to DER ASN.1 format. The output der * buffer is filled backward (i.e. starting from its end). @@ -451,9 +450,7 @@ int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len, return 0; } -#endif /* MBEDTLS_ASN1_WRITE_C */ -#if defined(MBEDTLS_ASN1_PARSE_C) /** * \brief Convert a single integer from ASN.1 DER format to raw. * @@ -570,6 +567,5 @@ int mbedtls_ecdsa_der_to_raw(const unsigned char *der, size_t der_len, return 0; } -#endif /* MBEDTLS_ASN1_PARSE_C */ #endif /* MBEDTLS_PSA_UTIL_HAVE_ECDSA */ diff --git a/tests/suites/test_suite_psa_crypto_util.function b/tests/suites/test_suite_psa_crypto_util.function index bfdafa7b3..8f0dd6cfc 100644 --- a/tests/suites/test_suite_psa_crypto_util.function +++ b/tests/suites/test_suite_psa_crypto_util.function @@ -3,7 +3,7 @@ #include /* END_HEADER */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_UTIL_HAVE_ECDSA:MBEDTLS_ASN1_WRITE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_UTIL_HAVE_ECDSA */ void ecdsa_raw_to_der(int key_bits, data_t *input, data_t *exp_result, int exp_ret) { unsigned char *tmp_buf = NULL; @@ -25,7 +25,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_UTIL_HAVE_ECDSA:MBEDTLS_ASN1_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_UTIL_HAVE_ECDSA */ void ecdsa_der_to_raw(int key_bits, data_t *input, data_t *exp_result, int exp_ret) { unsigned char *tmp_buf = NULL; From 448377bec7c7d1a063c7bc6a0adeb8053659e97b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Jan 2024 16:24:07 +0100 Subject: [PATCH 058/166] all.sh: remove MBEDTLS_ASN1_PARSE_C exception from check_test_dependencies() Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 41faaee47..fddcc0153 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1065,10 +1065,9 @@ component_check_test_dependencies () { # the test code and that's probably the most convenient way of achieving # the test's goal. # - # Both MBEDTLS_ASN1_[PARSE|WRITE]_C are used in ECDSA conversion functions + # MBEDTLS_ASN1_WRITE_C is also used in ECDSA conversion functions # (in psa_util module) and, therefore, also in test_suite_psa_crypto_util. - # There is no PSA equivalent for these ASN1 symbols in PSA. - echo "MBEDTLS_ASN1_PARSE_C" >> $expected + # There is no PSA equivalent for this ASN1 symbols in PSA. echo "MBEDTLS_ASN1_WRITE_C" >> $expected # No PSA equivalent - we should probably have one in the future. echo "MBEDTLS_ECP_RESTARTABLE" >> $expected From 1533c3f660e009b333c9f1f47b4866769f3edde6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 24 Jan 2024 11:24:20 +0100 Subject: [PATCH 059/166] test_suite_rsa: improve rsa_parse_write_pkcs1_key() adding more checks Signed-off-by: Valerio Setti --- tests/suites/test_suite_rsa.data | 8 ++++---- tests/suites/test_suite_rsa.function | 10 +++++++++- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index de5e5699a..92209c46f 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -617,13 +617,13 @@ depends_on:MBEDTLS_SELF_TEST rsa_selftest: RSA parse/write PKCS#1 private key - 1024 bits -rsa_import_pkcs1_key:0:"3082025d020100028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb702030100010281801e97247066217ff6303881341a259c4bcd3e147f87f1a714045e80a06b541847e2ce54a78801d21b302fd33f616d6ed7cfa8a262ef5e23257a1642b5fc5a61577f7dba2324e687a10b25751c78996e72d5a8c3bc4e33e4a2a96b2b44b6685e85c37200a34381269250b59f65468ea4288713c4ae3e0e064e524a53a5d7e1ec91024100cbd11d9aad72bfb8db4e6bc7c6910661b3f38fbfa368d6dba0cd6c9aa3a716c03fa374bf8b2e7ba73a216d6ded9468fbaa3d130ee376190cc41ef30419a7da1d024100c7c0e189209483f36ee00a67474960c6ddf0d3a63ca0c76955fe9f358435a5e5318c35397c4245042e0dfabf8decedfd36e4d211349b8ecc4c1baac83f30d4e3024008e692f2644cb48eb01516a3dcca0c8b4bbe81328f424ecfbc8ffc042ccd6932f014854eb017519315f8cbbc973979f4339503360d3ce50f27a96a576d7f65090241009c9b4ef74870c7a6b215ba7250446a385fc6b0d8d30da669a23f172948f71a923f2f528738316894a75ad46d1be3568ec05bd38a23b995d1fc1570e6c00c13cb0241008716c9fa7d2295f34f5849b7c593d1adcec72556ed1044cd79c868c890620b143874a8208a65b7c5e235ccaae4c2492107af513fb2cbb682a3e8119af028f7a8" +rsa_parse_write_pkcs1_key:0:"3082025d020100028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb702030100010281801e97247066217ff6303881341a259c4bcd3e147f87f1a714045e80a06b541847e2ce54a78801d21b302fd33f616d6ed7cfa8a262ef5e23257a1642b5fc5a61577f7dba2324e687a10b25751c78996e72d5a8c3bc4e33e4a2a96b2b44b6685e85c37200a34381269250b59f65468ea4288713c4ae3e0e064e524a53a5d7e1ec91024100cbd11d9aad72bfb8db4e6bc7c6910661b3f38fbfa368d6dba0cd6c9aa3a716c03fa374bf8b2e7ba73a216d6ded9468fbaa3d130ee376190cc41ef30419a7da1d024100c7c0e189209483f36ee00a67474960c6ddf0d3a63ca0c76955fe9f358435a5e5318c35397c4245042e0dfabf8decedfd36e4d211349b8ecc4c1baac83f30d4e3024008e692f2644cb48eb01516a3dcca0c8b4bbe81328f424ecfbc8ffc042ccd6932f014854eb017519315f8cbbc973979f4339503360d3ce50f27a96a576d7f65090241009c9b4ef74870c7a6b215ba7250446a385fc6b0d8d30da669a23f172948f71a923f2f528738316894a75ad46d1be3568ec05bd38a23b995d1fc1570e6c00c13cb0241008716c9fa7d2295f34f5849b7c593d1adcec72556ed1044cd79c868c890620b143874a8208a65b7c5e235ccaae4c2492107af513fb2cbb682a3e8119af028f7a8" RSA parse/write PKCS#1 public key - 1024 bits -rsa_import_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001" +rsa_parse_write_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001" RSA parse/write PKCS#1 private key - 2048 bits -rsa_import_pkcs1_key:0:"308204a40201000282010100dcabfd25f3b7d67155e5c2520518570e95754ef883a973f94b2b0fb2d7ad733a3b0976c6314770eaf728304ee61e0dfe91811fc4a8219fbc3687cb3cfca54b58804d1ed4de985dc827374cb31b7b23225e130858d6b812dee6a356a8f8d211ba0930d0ec38193cee0a186f4a760cc3aa40e1d04fe4a14506ed279a9080aedd2676a4026bcb1ee24b2c00853bffcc04b5fb3e542626c2b2c54a62f3d6e01df95544fdf85c22cc0846275cb9cdfe73876e94e532ced0bca9876de74ff1edc9c8ac89aa8586aa34ca6f44c972d1e73aaddae168a5e67ec69cd14f206155e6e1161e7aa6754e947d5d26ee5f8789598a79ea4ff0263e2b8bf90641320771955007d102030100010282010100d25c964f769d3aad0210ac04da5c90a9136b27e41a47108a86d0beff6341330640bf4dddb39e82134b97a12da58ae3165988f94ad4687148cfc6f5c4e6a7804316d3eddf496f807f4c7b17ffe9e3a1e3a2408c857bf32ff2137584284242a7a96c1780229f7bd7aca82d10f2afc48d4620e1e35e35fa52be3e97b16dad6e84dbdfab4e7e21c7c2e5e5cd1c936f6c221e806bd14afa77b3eefc62e984aa2d391da408aaec0dbd2eade3023ebac77e3416cd67491d60053d317c6c8665be5c33961c379309d37d0a653d1859a6abfe195644d474739dbc44f62e623505f9460d9d8defafb12f4149d5baaf798f1345f565430cd7c096c24ca8d02d13fe90c20c5102818100f116cfdbfc0d5b3528cbfada1b21d4292ff188d41a4b22e658a9e29f610adf5fcb3329b0f567ba5029195fd648d06cc2174638f2f18ff0e0251e283e0a0b1f792751925efb617af3405083245c673dae77edc811fd668769d28ac1bee36261658a32f56a5e1b9b9e4f4fa7da55adeeb08c92f1de89f6186bd9c6d1e721638d2d02818100ea51e8798225e4ee77aa08e2f5ee0f8b847edd4c34d9bf7b8cf339b61d5bd22d504c5ab5f17572850f39018736474a449186e783dfda35da95902c8eaaec4bebb8ab6c057c678f37cd53fc1a12e5ace83d2a44d72195d565b3e8c12f89f2523fe37e52adbafde783be361fcd1f021aaaabf860febd8c5726c7089622ccca73b50281807d8248b7d76204a78a13970650b5adc3bb67dcb9beee7abebc4dc4e3001c2ee9a9d97accdb1523137431f78890e3a09af28ee63ae3b2f1cd5ec57261c9ccbc97cff651630d2f5458aa94bf910061e6e49b1eb8d754ba39a8c7a8e0f04564041c5e73e4fb78fe9a673216dfe57451563fa70f20c79fbef43bc166160463877609028180693b0fa44206b2a145ac5f014e60f32a3cfe9c73b4e8754e0f26cc2c35531f38aa6f1fedc5da70ebc0c261255003041f771b96ad6ac29c9ce5be31c4808e4e2a366d05be10f89121065d49428c6a0914e32330774ce5f5480f5be02671551a0b07279c09d9885d8894cbc9cc5cb89d3138b9fb156c1ab2a8ff89a3a34d453e6102818100aff57dd813fd064d8d1a5e8c7ea7e534dff6963a9b5b1c4da12219268c0500288901bbd36edb8071679bcd9d0d8deacfaa52e4b3659f4a69a5c5322f104524f83eb4b94bf6f02b5ad7c2ccd9bc5688f4e18ff2a70ae7638a83f2f87d8ecc9e0eebf2283f809670c8a0b79e1a576a6c9c04d4d71b75647c818a23873cdc0d77bf" +rsa_parse_write_pkcs1_key:0:"308204a40201000282010100dcabfd25f3b7d67155e5c2520518570e95754ef883a973f94b2b0fb2d7ad733a3b0976c6314770eaf728304ee61e0dfe91811fc4a8219fbc3687cb3cfca54b58804d1ed4de985dc827374cb31b7b23225e130858d6b812dee6a356a8f8d211ba0930d0ec38193cee0a186f4a760cc3aa40e1d04fe4a14506ed279a9080aedd2676a4026bcb1ee24b2c00853bffcc04b5fb3e542626c2b2c54a62f3d6e01df95544fdf85c22cc0846275cb9cdfe73876e94e532ced0bca9876de74ff1edc9c8ac89aa8586aa34ca6f44c972d1e73aaddae168a5e67ec69cd14f206155e6e1161e7aa6754e947d5d26ee5f8789598a79ea4ff0263e2b8bf90641320771955007d102030100010282010100d25c964f769d3aad0210ac04da5c90a9136b27e41a47108a86d0beff6341330640bf4dddb39e82134b97a12da58ae3165988f94ad4687148cfc6f5c4e6a7804316d3eddf496f807f4c7b17ffe9e3a1e3a2408c857bf32ff2137584284242a7a96c1780229f7bd7aca82d10f2afc48d4620e1e35e35fa52be3e97b16dad6e84dbdfab4e7e21c7c2e5e5cd1c936f6c221e806bd14afa77b3eefc62e984aa2d391da408aaec0dbd2eade3023ebac77e3416cd67491d60053d317c6c8665be5c33961c379309d37d0a653d1859a6abfe195644d474739dbc44f62e623505f9460d9d8defafb12f4149d5baaf798f1345f565430cd7c096c24ca8d02d13fe90c20c5102818100f116cfdbfc0d5b3528cbfada1b21d4292ff188d41a4b22e658a9e29f610adf5fcb3329b0f567ba5029195fd648d06cc2174638f2f18ff0e0251e283e0a0b1f792751925efb617af3405083245c673dae77edc811fd668769d28ac1bee36261658a32f56a5e1b9b9e4f4fa7da55adeeb08c92f1de89f6186bd9c6d1e721638d2d02818100ea51e8798225e4ee77aa08e2f5ee0f8b847edd4c34d9bf7b8cf339b61d5bd22d504c5ab5f17572850f39018736474a449186e783dfda35da95902c8eaaec4bebb8ab6c057c678f37cd53fc1a12e5ace83d2a44d72195d565b3e8c12f89f2523fe37e52adbafde783be361fcd1f021aaaabf860febd8c5726c7089622ccca73b50281807d8248b7d76204a78a13970650b5adc3bb67dcb9beee7abebc4dc4e3001c2ee9a9d97accdb1523137431f78890e3a09af28ee63ae3b2f1cd5ec57261c9ccbc97cff651630d2f5458aa94bf910061e6e49b1eb8d754ba39a8c7a8e0f04564041c5e73e4fb78fe9a673216dfe57451563fa70f20c79fbef43bc166160463877609028180693b0fa44206b2a145ac5f014e60f32a3cfe9c73b4e8754e0f26cc2c35531f38aa6f1fedc5da70ebc0c261255003041f771b96ad6ac29c9ce5be31c4808e4e2a366d05be10f89121065d49428c6a0914e32330774ce5f5480f5be02671551a0b07279c09d9885d8894cbc9cc5cb89d3138b9fb156c1ab2a8ff89a3a34d453e6102818100aff57dd813fd064d8d1a5e8c7ea7e534dff6963a9b5b1c4da12219268c0500288901bbd36edb8071679bcd9d0d8deacfaa52e4b3659f4a69a5c5322f104524f83eb4b94bf6f02b5ad7c2ccd9bc5688f4e18ff2a70ae7638a83f2f87d8ecc9e0eebf2283f809670c8a0b79e1a576a6c9c04d4d71b75647c818a23873cdc0d77bf" RSA parse/write PKCS#1 public key - 2048 bits -rsa_import_pkcs1_key:1:"3082010a0282010100dcabfd25f3b7d67155e5c2520518570e95754ef883a973f94b2b0fb2d7ad733a3b0976c6314770eaf728304ee61e0dfe91811fc4a8219fbc3687cb3cfca54b58804d1ed4de985dc827374cb31b7b23225e130858d6b812dee6a356a8f8d211ba0930d0ec38193cee0a186f4a760cc3aa40e1d04fe4a14506ed279a9080aedd2676a4026bcb1ee24b2c00853bffcc04b5fb3e542626c2b2c54a62f3d6e01df95544fdf85c22cc0846275cb9cdfe73876e94e532ced0bca9876de74ff1edc9c8ac89aa8586aa34ca6f44c972d1e73aaddae168a5e67ec69cd14f206155e6e1161e7aa6754e947d5d26ee5f8789598a79ea4ff0263e2b8bf90641320771955007d10203010001" +rsa_parse_write_pkcs1_key:1:"3082010a0282010100dcabfd25f3b7d67155e5c2520518570e95754ef883a973f94b2b0fb2d7ad733a3b0976c6314770eaf728304ee61e0dfe91811fc4a8219fbc3687cb3cfca54b58804d1ed4de985dc827374cb31b7b23225e130858d6b812dee6a356a8f8d211ba0930d0ec38193cee0a186f4a760cc3aa40e1d04fe4a14506ed279a9080aedd2676a4026bcb1ee24b2c00853bffcc04b5fb3e542626c2b2c54a62f3d6e01df95544fdf85c22cc0846275cb9cdfe73876e94e532ced0bca9876de74ff1edc9c8ac89aa8586aa34ca6f44c972d1e73aaddae168a5e67ec69cd14f206155e6e1161e7aa6754e947d5d26ee5f8789598a79ea4ff0263e2b8bf90641320771955007d10203010001" diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 315d4f6bb..62f593e03 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1373,7 +1373,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void rsa_import_pkcs1_key(int is_public, data_t *input) +void rsa_parse_write_pkcs1_key(int is_public, data_t *input) { mbedtls_rsa_context rsa_ctx; unsigned char *input_start = input->x; @@ -1388,13 +1388,21 @@ void rsa_import_pkcs1_key(int is_public, data_t *input) mbedtls_rsa_init(&rsa_ctx); + /* Parse the key and write it back to output_buf. */ if (is_public) { TEST_EQUAL(mbedtls_rsa_pubkey_parse(&rsa_ctx, &input_start, input_end), 0); + TEST_ASSERT(input_start == input_end); TEST_EQUAL(mbedtls_rsa_pubkey_write(&rsa_ctx, output_start, &output_end), input->len); } else { TEST_EQUAL(mbedtls_rsa_key_parse(&rsa_ctx, input->x, input->len), 0); TEST_EQUAL(mbedtls_rsa_key_write(&rsa_ctx, output_start, &output_end), input->len); } + /* This check holds because we alloacated an output buffer which is exactly + * large enough to contain the written data. */ + TEST_ASSERT(output_end == output_start); + + /* Check that the written key matches with the one provided in input. */ + TEST_MEMORY_COMPARE(output_buf, input->len, input->x, input->len); exit: mbedtls_free(output_buf); From 6def24ce73fb90d5706b290cce675f7bd0a0f4ba Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 24 Jan 2024 12:33:04 +0100 Subject: [PATCH 060/166] test_suite_[pkparse/rsa]: move RSA private key parsing tests Signed-off-by: Valerio Setti --- library/rsa_internal.h | 1 + tests/suites/test_suite_pkparse.data | 72 ---------------------------- tests/suites/test_suite_rsa.data | 54 +++++++++++++++++++++ tests/suites/test_suite_rsa.function | 13 +++++ 4 files changed, 68 insertions(+), 72 deletions(-) diff --git a/library/rsa_internal.h b/library/rsa_internal.h index 62972c634..6046850fc 100644 --- a/library/rsa_internal.h +++ b/library/rsa_internal.h @@ -15,6 +15,7 @@ #define MBEDTLS_RSA_INTERNAL_H #include "mbedtls/rsa.h" +#include "mbedtls/asn1.h" /** * \brief Parse a PKCS#1 (ASN.1) encoded private RSA key. diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 638773587..762fd52a2 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -1120,78 +1120,6 @@ pk_parse_key:"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (First tag not Sequence) pk_parse_key:"020100":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Key ASN1 (RSAPrivateKey, incorrect version tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"300100":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, version tag missing) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, invalid version) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3003020101":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct version, incorrect tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"300402010000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct format+values, minimal modulus size (128 bit)) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":0 - -Key ASN1 (RSAPrivateKey, correct format, modulus too small (127 bit)) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"30630201000211007c8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct format, modulus even) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857002030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct format, d == 0) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"30630201000211007c8ab070369ede72920e5a51523c8571020301000102110000000000000000000000000000000000020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct format, d == p == q == 0) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c8571020301000102110000000000000000000000000000000000020900000000000000000002090000000000000000000209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct values, trailing garbage) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3064020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c00":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct values, n wrong tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100FF1100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct values, e wrong tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c8571FF030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct values, d wrong tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c85710203010001FF11009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct values, p wrong tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201FF0900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct values, q wrong tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61FF0900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct values, dp wrong tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a211FF09009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct values, dq wrong tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401FF0813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct values, qp wrong tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b7221FF08052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - Key ASN1 (ECPrivateKey, empty parameters) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 92209c46f..5d816104a 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -627,3 +627,57 @@ rsa_parse_write_pkcs1_key:0:"308204a40201000282010100dcabfd25f3b7d67155e5c252051 RSA parse/write PKCS#1 public key - 2048 bits rsa_parse_write_pkcs1_key:1:"3082010a0282010100dcabfd25f3b7d67155e5c2520518570e95754ef883a973f94b2b0fb2d7ad733a3b0976c6314770eaf728304ee61e0dfe91811fc4a8219fbc3687cb3cfca54b58804d1ed4de985dc827374cb31b7b23225e130858d6b812dee6a356a8f8d211ba0930d0ec38193cee0a186f4a760cc3aa40e1d04fe4a14506ed279a9080aedd2676a4026bcb1ee24b2c00853bffcc04b5fb3e542626c2b2c54a62f3d6e01df95544fdf85c22cc0846275cb9cdfe73876e94e532ced0bca9876de74ff1edc9c8ac89aa8586aa34ca6f44c972d1e73aaddae168a5e67ec69cd14f206155e6e1161e7aa6754e947d5d26ee5f8789598a79ea4ff0263e2b8bf90641320771955007d10203010001" + +RSA parse private key - incorrect version tag +rsa_parse_pkcs1_key:"300100":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse private key - version tag missing +rsa_parse_pkcs1_key:"3000":MBEDTLS_ERR_ASN1_OUT_OF_DATA + +RSA parse private key - invalid version +rsa_parse_pkcs1_key:"3003020101":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA parse private key - correct version, incorrect tag +rsa_parse_pkcs1_key:"300402010000":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse private key - correct format+values, minimal modulus size (128 bit) +rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":0 + +RSA parse private key - correct format, modulus too small (127 bit) +rsa_parse_pkcs1_key:"30630201000211007c8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED + +RSA parse private key - correct format, modulus even +rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c857002030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA parse private key - correct format, d == 0 +rsa_parse_pkcs1_key:"30630201000211007c8ab070369ede72920e5a51523c8571020301000102110000000000000000000000000000000000020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA parse private key - correct format, d == p == q == 0 +rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c8571020301000102110000000000000000000000000000000000020900000000000000000002090000000000000000000209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA parse private key - correct values, trailing garbage +rsa_parse_pkcs1_key:"3064020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c00":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH + +RSA parse private key - correct values, n wrong tag +rsa_parse_pkcs1_key:"3063020100FF1100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse private key - correct values, e wrong tag +rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c8571FF030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse private key - correct values, d wrong tag +rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c85710203010001FF11009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse private key - correct values, p wrong tag +rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201FF0900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse private key - correct values, q wrong tag +rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61FF0900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse private key - correct values, dp wrong tag +rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a211FF09009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse private key - correct values, dq wrong tag +rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401FF0813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse private key - correct values, qp wrong tag +rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b7221FF08052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 62f593e03..4fe15dd6b 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1372,6 +1372,19 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void rsa_parse_pkcs1_key(data_t *input, int exp_ret_val) +{ + mbedtls_rsa_context rsa_ctx; + mbedtls_rsa_init(&rsa_ctx); + + TEST_EQUAL(mbedtls_rsa_key_parse(&rsa_ctx, input->x, input->len), exp_ret_val); + +exit: + mbedtls_rsa_free(&rsa_ctx); +} +/* END_CASE */ + /* BEGIN_CASE */ void rsa_parse_write_pkcs1_key(int is_public, data_t *input) { From 6d597f1967cb140686724f6cd1d69a988d801bc7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 24 Jan 2024 13:44:41 +0100 Subject: [PATCH 061/166] test_suite_rsa: extend rsa_parse_pkcs1_key adding tests for public key Signed-off-by: Valerio Setti --- tests/suites/test_suite_rsa.data | 66 ++++++++++++++++++++-------- tests/suites/test_suite_rsa.function | 11 ++++- 2 files changed, 57 insertions(+), 20 deletions(-) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 5d816104a..bd286814d 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -629,55 +629,85 @@ RSA parse/write PKCS#1 public key - 2048 bits rsa_parse_write_pkcs1_key:1:"3082010a0282010100dcabfd25f3b7d67155e5c2520518570e95754ef883a973f94b2b0fb2d7ad733a3b0976c6314770eaf728304ee61e0dfe91811fc4a8219fbc3687cb3cfca54b58804d1ed4de985dc827374cb31b7b23225e130858d6b812dee6a356a8f8d211ba0930d0ec38193cee0a186f4a760cc3aa40e1d04fe4a14506ed279a9080aedd2676a4026bcb1ee24b2c00853bffcc04b5fb3e542626c2b2c54a62f3d6e01df95544fdf85c22cc0846275cb9cdfe73876e94e532ced0bca9876de74ff1edc9c8ac89aa8586aa34ca6f44c972d1e73aaddae168a5e67ec69cd14f206155e6e1161e7aa6754e947d5d26ee5f8789598a79ea4ff0263e2b8bf90641320771955007d10203010001" RSA parse private key - incorrect version tag -rsa_parse_pkcs1_key:"300100":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +rsa_parse_pkcs1_key:0:"300100":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG RSA parse private key - version tag missing -rsa_parse_pkcs1_key:"3000":MBEDTLS_ERR_ASN1_OUT_OF_DATA +rsa_parse_pkcs1_key:0:"3000":MBEDTLS_ERR_ASN1_OUT_OF_DATA RSA parse private key - invalid version -rsa_parse_pkcs1_key:"3003020101":MBEDTLS_ERR_RSA_BAD_INPUT_DATA +rsa_parse_pkcs1_key:0:"3003020101":MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA parse private key - correct version, incorrect tag -rsa_parse_pkcs1_key:"300402010000":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +rsa_parse_pkcs1_key:0:"300402010000":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG RSA parse private key - correct format+values, minimal modulus size (128 bit) -rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":0 +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":0 RSA parse private key - correct format, modulus too small (127 bit) -rsa_parse_pkcs1_key:"30630201000211007c8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED +rsa_parse_pkcs1_key:0:"30630201000211007c8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED RSA parse private key - correct format, modulus even -rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c857002030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_BAD_INPUT_DATA +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857002030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA parse private key - correct format, d == 0 -rsa_parse_pkcs1_key:"30630201000211007c8ab070369ede72920e5a51523c8571020301000102110000000000000000000000000000000000020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_BAD_INPUT_DATA +rsa_parse_pkcs1_key:0:"30630201000211007c8ab070369ede72920e5a51523c8571020301000102110000000000000000000000000000000000020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA parse private key - correct format, d == p == q == 0 -rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c8571020301000102110000000000000000000000000000000000020900000000000000000002090000000000000000000209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_BAD_INPUT_DATA +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c8571020301000102110000000000000000000000000000000000020900000000000000000002090000000000000000000209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA parse private key - correct values, trailing garbage -rsa_parse_pkcs1_key:"3064020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c00":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +rsa_parse_pkcs1_key:0:"3064020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c00":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH RSA parse private key - correct values, n wrong tag -rsa_parse_pkcs1_key:"3063020100FF1100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +rsa_parse_pkcs1_key:0:"3063020100FF1100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG RSA parse private key - correct values, e wrong tag -rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c8571FF030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c8571FF030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG RSA parse private key - correct values, d wrong tag -rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c85710203010001FF11009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c85710203010001FF11009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG RSA parse private key - correct values, p wrong tag -rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201FF0900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201FF0900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG RSA parse private key - correct values, q wrong tag -rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61FF0900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61FF0900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG RSA parse private key - correct values, dp wrong tag -rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a211FF09009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a211FF09009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG RSA parse private key - correct values, dq wrong tag -rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401FF0813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401FF0813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG RSA parse private key - correct values, qp wrong tag -rsa_parse_pkcs1_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b7221FF08052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b7221FF08052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse public key - wrong initial tag +rsa_parse_pkcs1_key:1:"318189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse public key - wrong modulus tag +rsa_parse_pkcs1_key:1:"308189038181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse public key - wrong public exponent tag +rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70303010001":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse public key - modulus 0 +rsa_parse_pkcs1_key:1:"3081890281810000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000203010001":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA parse public key - public exponent 0 +rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203000000":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA parse public key - wrong sequence length +rsa_parse_pkcs1_key:1:"308188028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH + +RSA parse public key - wrong modulus length +rsa_parse_pkcs1_key:1:"308189028180009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse public key - wrong public exponent length +rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70202010001":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA parse public key - missing modulus +rsa_parse_pkcs1_key:1:"30050203010001":MBEDTLS_ERR_ASN1_OUT_OF_DATA + +RSA parse public key - missing public exponent +rsa_parse_pkcs1_key:1:"308184028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb7":MBEDTLS_ERR_ASN1_OUT_OF_DATA diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 4fe15dd6b..71ca2b9ac 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1373,12 +1373,19 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void rsa_parse_pkcs1_key(data_t *input, int exp_ret_val) +void rsa_parse_pkcs1_key(int is_public, data_t *input, int exp_ret_val) { mbedtls_rsa_context rsa_ctx; + unsigned char *start = input->x; + unsigned char *end = input->x + input->len; + mbedtls_rsa_init(&rsa_ctx); - TEST_EQUAL(mbedtls_rsa_key_parse(&rsa_ctx, input->x, input->len), exp_ret_val); + if (is_public) { + TEST_EQUAL(mbedtls_rsa_pubkey_parse(&rsa_ctx, &start, end), exp_ret_val); + } else { + TEST_EQUAL(mbedtls_rsa_key_parse(&rsa_ctx, input->x, input->len), exp_ret_val); + } exit: mbedtls_rsa_free(&rsa_ctx); From ea986472828ad935dddaa9fe481bcc7d9b482df6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 24 Jan 2024 13:55:56 +0100 Subject: [PATCH 062/166] changelog: document RSA parse/write improvements Signed-off-by: Valerio Setti --- ChangeLog.d/8647.txt | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 ChangeLog.d/8647.txt diff --git a/ChangeLog.d/8647.txt b/ChangeLog.d/8647.txt new file mode 100644 index 000000000..cfd3a4b9f --- /dev/null +++ b/ChangeLog.d/8647.txt @@ -0,0 +1,7 @@ +Default behavior changes + * Importing of RSA keys in PEM format in PSA is officially unsupported + (this was previously undocumented). + +Features + * It is possible to enable RSA support in PSA (MBEDTLS_PSA_CRYPTO_C + + RSA_C) without enabling PK module (MBEDTLS_[PK|PK_WRITE|PK_PARSE]_C). From 7fd162ec262408e4700f95bfe90638dca5247967 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 24 Jan 2024 18:05:53 +0000 Subject: [PATCH 063/166] Refactor common PThreads CMake code Move the flags and find of Threads to root CMakeLists.txt, rather than duplicate these everywhere. Make explicit linking of library with PThreads use the same mechanism. Signed-off-by: Paul Elliott --- CMakeLists.txt | 5 +++++ library/CMakeLists.txt | 2 +- programs/aes/CMakeLists.txt | 4 ---- programs/cipher/CMakeLists.txt | 4 ---- programs/fuzz/CMakeLists.txt | 4 ---- programs/hash/CMakeLists.txt | 4 ---- programs/pkey/CMakeLists.txt | 4 ---- programs/psa/CMakeLists.txt | 4 ---- programs/random/CMakeLists.txt | 4 ---- programs/ssl/CMakeLists.txt | 3 --- programs/test/CMakeLists.txt | 4 ---- programs/test/cmake_subproject/CMakeLists.txt | 4 ---- programs/util/CMakeLists.txt | 4 ---- programs/x509/CMakeLists.txt | 4 ---- tests/CMakeLists.txt | 4 ---- 15 files changed, 6 insertions(+), 52 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index ad056466a..68dfcb03d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -114,6 +114,11 @@ if(MBEDTLS_PYTHON_EXECUTABLE) endif() +# We now potentially need to link all executables against PThreads, if available +set(CMAKE_THREAD_PREFER_PTHREAD TRUE) +set(THREADS_PREFER_PTHREAD_FLAG TRUE) +find_package(Threads) + # If this is the root project add longer list of available CMAKE_BUILD_TYPE values if(CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR) set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE} diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 5c297e0a1..49803416d 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -231,7 +231,7 @@ if(HAIKU) endif(HAIKU) if(LINK_WITH_PTHREAD) - set(libs ${libs} pthread) + set(libs ${libs} ${CMAKE_THREAD_LIBS_INIT}) endif() if(LINK_WITH_TRUSTED_STORAGE) diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt index 81741020f..ccb8db564 100644 --- a/programs/aes/CMakeLists.txt +++ b/programs/aes/CMakeLists.txt @@ -1,7 +1,3 @@ -set(CMAKE_THREAD_PREFER_PTHREAD TRUE) -set(THREADS_PREFER_PTHREAD_FLAG TRUE) -find_package(Threads) - set(executables crypt_and_hash ) diff --git a/programs/cipher/CMakeLists.txt b/programs/cipher/CMakeLists.txt index b497e8a48..e925524f6 100644 --- a/programs/cipher/CMakeLists.txt +++ b/programs/cipher/CMakeLists.txt @@ -1,7 +1,3 @@ -set(CMAKE_THREAD_PREFER_PTHREAD TRUE) -set(THREADS_PREFER_PTHREAD_FLAG TRUE) -find_package(Threads) - set(executables cipher_aead_demo ) diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 97b8fd2eb..c389029bc 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -1,7 +1,3 @@ -set(CMAKE_THREAD_PREFER_PTHREAD TRUE) -set(THREADS_PREFER_PTHREAD_FLAG TRUE) -find_package(Threads) - set(libs ${mbedtls_target} ${CMAKE_THREAD_LIBS_INIT} diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt index 504a4052f..fcacf3ba4 100644 --- a/programs/hash/CMakeLists.txt +++ b/programs/hash/CMakeLists.txt @@ -1,7 +1,3 @@ -set(CMAKE_THREAD_PREFER_PTHREAD TRUE) -set(THREADS_PREFER_PTHREAD_FLAG TRUE) -find_package(Threads) - set(executables generic_sum hello diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt index 2f55c6122..cd0387a88 100644 --- a/programs/pkey/CMakeLists.txt +++ b/programs/pkey/CMakeLists.txt @@ -1,7 +1,3 @@ -set(CMAKE_THREAD_PREFER_PTHREAD TRUE) -set(THREADS_PREFER_PTHREAD_FLAG TRUE) -find_package(Threads) - set(executables_mbedtls dh_client dh_server diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt index dd1b1a2a8..a8e4b0e37 100644 --- a/programs/psa/CMakeLists.txt +++ b/programs/psa/CMakeLists.txt @@ -1,7 +1,3 @@ -set(CMAKE_THREAD_PREFER_PTHREAD TRUE) -set(THREADS_PREFER_PTHREAD_FLAG TRUE) -find_package(Threads) - set(executables aead_demo crypto_examples diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt index c1184d118..594039535 100644 --- a/programs/random/CMakeLists.txt +++ b/programs/random/CMakeLists.txt @@ -1,7 +1,3 @@ -set(CMAKE_THREAD_PREFER_PTHREAD TRUE) -set(THREADS_PREFER_PTHREAD_FLAG TRUE) -find_package(Threads) - set(executables gen_entropy gen_random_ctr_drbg diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index 8047b9f15..ec2c86fb4 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -1,6 +1,3 @@ -set(THREADS_USE_PTHREADS_WIN32 true) -set(CMAKE_THREAD_PREFER_PTHREAD TRUE) -set(THREADS_PREFER_PTHREAD_FLAG TRUE) find_package(Threads) set(libs diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 3709276f5..f91f786b9 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -1,7 +1,3 @@ -set(CMAKE_THREAD_PREFER_PTHREAD TRUE) -set(THREADS_PREFER_PTHREAD_FLAG TRUE) -find_package(Threads) - set(libs ${mbedtls_target} ) diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt index 2f8ab2a3a..78bd5e792 100644 --- a/programs/test/cmake_subproject/CMakeLists.txt +++ b/programs/test/cmake_subproject/CMakeLists.txt @@ -1,9 +1,5 @@ cmake_minimum_required(VERSION 3.5.1) -set(CMAKE_THREAD_PREFER_PTHREAD TRUE) -set(THREADS_PREFER_PTHREAD_FLAG TRUE) -find_package(Threads) - # Test the target renaming support by adding a prefix to the targets built set(MBEDTLS_TARGET_PREFIX subproject_test_) diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt index 6a8659e9b..cb6bc3d2d 100644 --- a/programs/util/CMakeLists.txt +++ b/programs/util/CMakeLists.txt @@ -1,7 +1,3 @@ -set(CMAKE_THREAD_PREFER_PTHREAD TRUE) -set(THREADS_PREFER_PTHREAD_FLAG TRUE) -find_package(Threads) - set(libs ${mbedcrypto_target} ) diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt index e41b4069e..43437f070 100644 --- a/programs/x509/CMakeLists.txt +++ b/programs/x509/CMakeLists.txt @@ -1,7 +1,3 @@ -set(CMAKE_THREAD_PREFER_PTHREAD TRUE) -set(THREADS_PREFER_PTHREAD_FLAG TRUE) -find_package(Threads) - set(libs ${mbedx509_target} ) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index cb54ea408..70f5bc929 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -1,7 +1,3 @@ -set(CMAKE_THREAD_PREFER_PTHREAD TRUE) -set(THREADS_PREFER_PTHREAD_FLAG TRUE) -find_package(Threads) - set(libs ${mbedtls_target} ${CMAKE_THREAD_LIBS_INIT} From 0c847bcbe79c11a74b5b1d1fec687d75888dfab5 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 24 Jan 2024 19:08:31 +0000 Subject: [PATCH 064/166] Fix Make issues with Everest enabled Apply Gilles suggestion to fix the problem with make on the CI when everest is enabled, i.e. use $(THIRDPARTY_DIR) instead of a fuzz specific hack involving $(THIRDPARTY_INCLUDES) Signed-off-by: Paul Elliott --- 3rdparty/everest/Makefile.inc | 8 ++++---- 3rdparty/p256-m/Makefile.inc | 6 +++--- programs/Makefile | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/3rdparty/everest/Makefile.inc b/3rdparty/everest/Makefile.inc index 77a6b4965..8055ce950 100644 --- a/3rdparty/everest/Makefile.inc +++ b/3rdparty/everest/Makefile.inc @@ -1,6 +1,6 @@ -THIRDPARTY_INCLUDES+=-I../3rdparty/everest/include -I../3rdparty/everest/include/everest -I../3rdparty/everest/include/everest/kremlib +THIRDPARTY_INCLUDES+=-I$(THIRDPARTY_DIR)/everest/include -I$(THIRDPARTY_DIR)/everest/include/everest -I$(THIRDPARTY_DIR)/everest/include/everest/kremlib THIRDPARTY_CRYPTO_OBJECTS+= \ - ../3rdparty/everest/library/everest.o \ - ../3rdparty/everest/library/x25519.o \ - ../3rdparty/everest/library/Hacl_Curve25519_joined.o + $(THIRDPARTY_DIR)/everest/library/everest.o \ + $(THIRDPARTY_DIR)/everest/library/x25519.o \ + $(THIRDPARTY_DIR)/everest/library/Hacl_Curve25519_joined.o diff --git a/3rdparty/p256-m/Makefile.inc b/3rdparty/p256-m/Makefile.inc index fc8f73bf8..53bb55b54 100644 --- a/3rdparty/p256-m/Makefile.inc +++ b/3rdparty/p256-m/Makefile.inc @@ -1,5 +1,5 @@ -THIRDPARTY_INCLUDES+=-I../3rdparty/p256-m/p256-m/include -I../3rdparty/p256-m/p256-m/include/p256-m -I../3rdparty/p256-m/p256-m_driver_interface +THIRDPARTY_INCLUDES+=-I$(THIRDPARTY_DIR)/p256-m/p256-m/include -I$(THIRDPARTY_DIR)/p256-m/p256-m/include/p256-m -I$(THIRDPARTY_DIR)/p256-m/p256-m_driver_interface THIRDPARTY_CRYPTO_OBJECTS+= \ - ../3rdparty/p256-m//p256-m_driver_entrypoints.o \ - ../3rdparty/p256-m//p256-m/p256-m.o + $(THIRDPARTY_DIR)/p256-m//p256-m_driver_entrypoints.o \ + $(THIRDPARTY_DIR)/p256-m//p256-m/p256-m.o diff --git a/programs/Makefile b/programs/Makefile index 82c856996..6baf4651a 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -114,7 +114,7 @@ all: fuzz endif fuzz: ${MBEDTLS_TEST_OBJS} - $(MAKE) -C fuzz THIRDPARTY_INCLUDES=$(THIRDPARTY_INCLUDES) + $(MAKE) -C fuzz ${MBEDTLS_TEST_OBJS}: $(MAKE) -C ../tests mbedtls_test From 80edec5f847a2baaaa3173bd849cc8dac1a0b8d4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 25 Jan 2024 09:33:48 +0100 Subject: [PATCH 065/166] all.sh: remove MBEDTLS_PEM_PARSE_C exception from check_test_dependencies() Since we officially disabled support for importing of PEM formatted keys into PSA we removed dedicated tests from test_suite_psa_crypto. As a consequence MBEDTLS_PEM_PARSE_C is no more an exception for component_check_test_dependencies(). Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f0a0058c9..318df378a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1069,9 +1069,6 @@ component_check_test_dependencies () { echo "MBEDTLS_ECP_RESTARTABLE" >> $expected # No PSA equivalent - needed by some init tests echo "MBEDTLS_ENTROPY_NV_SEED" >> $expected - # Used by two tests that are about an extension to the PSA standard; - # as such, no PSA equivalent. - echo "MBEDTLS_PEM_PARSE_C" >> $expected # Compare reality with expectation. # We want an exact match, to ensure the above list remains up-to-date. From bcf0fc5119115a2d6502d3acd3121c7813a51b02 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 26 Jan 2024 14:53:28 +0100 Subject: [PATCH 066/166] adjust_legacy_crypto: add parenthesis to improve clarity Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_legacy_crypto.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 833f15268..eb52d3f23 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -402,8 +402,8 @@ /* psa_util file features some ECDSA conversion functions, to convert between * legacy's ASN.1 DER format and PSA's raw one. */ -#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_PSA_CRYPTO_C) && \ - (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)) +#if defined(MBEDTLS_ECDSA_C) || (defined(MBEDTLS_PSA_CRYPTO_C) && \ + (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA))) #define MBEDTLS_PSA_UTIL_HAVE_ECDSA #endif From f8ce457fb606309c87ba5c2595eeb9d5a9ce6cf2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 26 Jan 2024 14:55:14 +0100 Subject: [PATCH 067/166] all.sh: fix comment in check_test_dependencies() MBEDTLS_ASN1_WRITE_C is no more required for ECDSA conversion functions. Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fddcc0153..c4982b6cc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1064,10 +1064,6 @@ component_check_test_dependencies () { # PSA_VENDOR_RSA_MAX_KEY_BITS. The legacy module is only used by # the test code and that's probably the most convenient way of achieving # the test's goal. - # - # MBEDTLS_ASN1_WRITE_C is also used in ECDSA conversion functions - # (in psa_util module) and, therefore, also in test_suite_psa_crypto_util. - # There is no PSA equivalent for this ASN1 symbols in PSA. echo "MBEDTLS_ASN1_WRITE_C" >> $expected # No PSA equivalent - we should probably have one in the future. echo "MBEDTLS_ECP_RESTARTABLE" >> $expected From e29c868ca498a45976e60b0b6be416f71badb2fc Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 12 Jan 2024 16:24:44 +0000 Subject: [PATCH 068/166] programs_dh_server: Updated to use `mbedtls_dhm_set_group()` & `mbedtls_dhm_get_len()`. Signed-off-by: Minos Galanakis --- programs/pkey/dh_server.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 91bac0ef4..1ae5651ba 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -66,7 +66,7 @@ int main(void) mbedtls_dhm_context dhm; mbedtls_aes_context aes; - mbedtls_mpi N, P, Q, D, E; + mbedtls_mpi N, P, Q, D, E, dhm_P, dhm_G; mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); @@ -75,8 +75,8 @@ int main(void) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); - + mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&dhm_P); + mbedtls_mpi_init(&dhm_G); /* * 1. Setup the RNG */ @@ -141,8 +141,9 @@ int main(void) goto exit; } - if (mbedtls_mpi_read_file(&dhm.MBEDTLS_PRIVATE(P), 16, f) != 0 || - mbedtls_mpi_read_file(&dhm.MBEDTLS_PRIVATE(G), 16, f) != 0) { + if ((ret = mbedtls_mpi_read_file(&dhm_P, 16, f)) != 0 || + (ret = mbedtls_mpi_read_file(&dhm_G, 16, f)) != 0 || + (ret = mbedtls_dhm_set_group(&dhm, &dhm_P, &dhm_G) != 0)) { mbedtls_printf(" failed\n ! Invalid DH parameter file\n\n"); fclose(f); goto exit; @@ -176,7 +177,7 @@ int main(void) memset(buf, 0, sizeof(buf)); if ((ret = - mbedtls_dhm_make_params(&dhm, (int) mbedtls_mpi_size(&dhm.MBEDTLS_PRIVATE(P)), buf, &n, + mbedtls_dhm_make_params(&dhm, (int) mbedtls_dhm_get_len(&dhm), buf, &n, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { mbedtls_printf(" failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret); goto exit; @@ -286,7 +287,8 @@ int main(void) exit: mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); + mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&dhm_P); + mbedtls_mpi_free(&dhm_G); mbedtls_net_free(&client_fd); mbedtls_net_free(&listen_fd); From 97489dc7e5f9c161395144b0397fb65a5fbfc29b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 12 Jan 2024 16:47:52 +0000 Subject: [PATCH 069/166] programs_benchmark: Updated to use `mbedtls_dhm_set_group()` & `mbedtls_dhm_get_len()` Signed-off-by: Minos Galanakis --- programs/test/benchmark.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 6f7f69bda..895b1488f 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -1089,18 +1089,21 @@ int main(int argc, char *argv[]) mbedtls_dhm_context dhm; size_t olen; size_t n; + mbedtls_mpi P, G; + mbedtls_mpi_init(&P); mbedtls_mpi_init(&G); for (i = 0; (size_t) i < sizeof(dhm_sizes) / sizeof(dhm_sizes[0]); i++) { mbedtls_dhm_init(&dhm); - if (mbedtls_mpi_read_binary(&dhm.MBEDTLS_PRIVATE(P), dhm_P[i], + if (mbedtls_mpi_read_binary(&P, dhm_P[i], dhm_P_size[i]) != 0 || - mbedtls_mpi_read_binary(&dhm.MBEDTLS_PRIVATE(G), dhm_G[i], - dhm_G_size[i]) != 0) { + mbedtls_mpi_read_binary(&G, dhm_G[i], + dhm_G_size[i]) != 0 || + mbedtls_dhm_set_group(&dhm, &P, &G) != 0) { mbedtls_exit(1); } - n = mbedtls_mpi_size(&dhm.MBEDTLS_PRIVATE(P)); + n = mbedtls_dhm_get_len(&dhm); mbedtls_dhm_make_public(&dhm, (int) n, buf, n, myrand, NULL); if (mbedtls_mpi_copy(&dhm.MBEDTLS_PRIVATE(GY), &dhm.MBEDTLS_PRIVATE(GX)) != 0) { mbedtls_exit(1); @@ -1119,6 +1122,7 @@ int main(int argc, char *argv[]) mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &olen, myrand, NULL)); mbedtls_dhm_free(&dhm); + mbedtls_mpi_free(&P), mbedtls_mpi_free(&G); } } #endif From 8ee1b5f46ec60b3bd67706d083116c6d2373918b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 15 Jan 2024 15:54:19 +0000 Subject: [PATCH 070/166] programs_benchmark: Updated to use `mbedtls_dhm_read_public()`. Signed-off-by: Minos Galanakis --- programs/test/benchmark.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 895b1488f..8fa5d6298 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -1105,7 +1105,8 @@ int main(int argc, char *argv[]) n = mbedtls_dhm_get_len(&dhm); mbedtls_dhm_make_public(&dhm, (int) n, buf, n, myrand, NULL); - if (mbedtls_mpi_copy(&dhm.MBEDTLS_PRIVATE(GY), &dhm.MBEDTLS_PRIVATE(GX)) != 0) { + + if (mbedtls_dhm_read_public(&dhm, buf, n) != 0) { mbedtls_exit(1); } From 41f8f733a13fee5797d305a8196eedd404abd000 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 29 Jan 2024 11:44:40 +0100 Subject: [PATCH 071/166] test_psa_compliance: add exception for tests using wrong RSA pub key format Signed-off-by: Valerio Setti --- tests/scripts/test_psa_compliance.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 0d56ddfd9..ed36befee 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -30,7 +30,12 @@ from mbedtls_dev import build_tree EXPECTED_FAILURES = { # psa_hash_suspend() and psa_hash_resume() are not supported. # - Tracked in issue #3274 - 262, 263 + 262, 263, + # PSA standard format for RSA public keys is a sequence of just n (modulus) + # and e (public exponent). However following tests rely on a format which + # also includes some metadata to identify the key as an RSA key, but this + # is not compliant with PSA standard. + 239, 240, 241, 242, 250, 251, } # We currently use a fork of ARM-software/psa-arch-tests, with a couple of downstream patches From f23336e0406e719fe5d736e2b464e22468ca0f3b Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 24 Jan 2024 11:39:21 +0000 Subject: [PATCH 072/166] Make psa_close_key thread safe There are two mutex locks here, the one performed in get_and_lock.. and the one performed outside. Linearizes at the final unlock. (This function is deprecated) Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 47ace359d..3bb2691c6 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -536,11 +536,22 @@ psa_status_t psa_close_key(psa_key_handle_t handle) return status; } + +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_lock( + &mbedtls_threading_key_slot_mutex)); +#endif if (slot->registered_readers == 1) { - return psa_wipe_key_slot(slot); + status = psa_wipe_key_slot(slot); } else { - return psa_unregister_read(slot); + status = psa_unregister_read(slot); } +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif + + return status; } psa_status_t psa_purge_key(mbedtls_svc_key_id_t key) From b0821959ae4a742de79d834bd71bc3cd1952fb86 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 24 Jan 2024 11:42:32 +0000 Subject: [PATCH 073/166] Make psa_purge_key thread safe Relies on get_and_lock_X being thread safe. There are two mutex locks here, one in psa_get_and_lock... Linearization point is the final unlock (or first lock on failure). Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 3bb2691c6..e8813b901 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -564,12 +564,22 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key) return status; } +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_lock( + &mbedtls_threading_key_slot_mutex)); +#endif if ((!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) && (slot->registered_readers == 1)) { - return psa_wipe_key_slot(slot); + status = psa_wipe_key_slot(slot); } else { - return psa_unregister_read(slot); + status = psa_unregister_read(slot); } +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif + + return status; } void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats) From 16abd59a62522852423a35c2b96a087676e6a7ad Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 24 Jan 2024 17:37:46 +0000 Subject: [PATCH 074/166] Update psa_wipe_all_key_slots and document non-thread safety This function, and mbedtls_psa_crypto_free, are not thread safe as they wipe slots regardless of state. They are not part of the PSA Crypto API, untrusted applications cannot call these functions in a crypto service. In a service intergration, mbedtls_psa_crypto_free on the client cuts the communication with the crypto service. Signed-off-by: Ryan Everett --- include/psa/crypto_extra.h | 2 ++ library/psa_crypto_slot_management.c | 6 ++++++ library/psa_crypto_slot_management.h | 2 ++ 3 files changed, 10 insertions(+) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index fc9bf4f0f..18dccae0a 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -198,6 +198,8 @@ psa_status_t mbedtls_psa_register_se_key( * * This function clears all data associated with the PSA layer, * including the whole key store. + * This function is not thread safe, it wipes every key slot regardless of + * state and reader count. It should only be called when no slot is in use. * * This is an Mbed TLS extension. */ diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index e8813b901..599cc363b 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -144,6 +144,9 @@ void psa_wipe_all_key_slots(void) { size_t slot_idx; +#if defined(MBEDTLS_THREADING_C) + mbedtls_mutex_lock(&mbedtls_threading_key_slot_mutex); +#endif for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) { psa_key_slot_t *slot = &global_data.key_slots[slot_idx]; slot->registered_readers = 1; @@ -151,6 +154,9 @@ void psa_wipe_all_key_slots(void) (void) psa_wipe_key_slot(slot); } global_data.key_slots_initialized = 0; +#if defined(MBEDTLS_THREADING_C) + mbedtls_mutex_unlock(&mbedtls_threading_key_slot_mutex); +#endif } psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 002429b93..18a914496 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -92,6 +92,8 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, psa_status_t psa_initialize_key_slots(void); /** Delete all data from key slots in memory. + * This function is not thread safe, it wipes every key slot regardless of + * state and reader count. It should only be called when no slot is in use. * * This does not affect persistent storage. */ void psa_wipe_all_key_slots(void); From 9b9b5a52d95c476a66e441706a38e98631c6990e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 29 Jan 2024 16:53:03 +0100 Subject: [PATCH 075/166] psa_util: some code improvement to convert_der_to_raw_single_int() This commit also fixes test_suite_psa_crypto_util.data due to the change in one of the return values. Signed-off-by: Valerio Setti --- library/psa_util.c | 10 +++++++--- tests/suites/test_suite_psa_crypto_util.data | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/library/psa_util.c b/library/psa_util.c index 9e21602f6..034987312 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -494,7 +494,7 @@ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len, } /* Skip possible leading zero */ - if (*p == 0x00) { + if ((*p == 0x00) && (unpadded_len > 0)) { p++; unpadded_len--; /* It should never happen that the input number is all zeros. */ @@ -503,9 +503,13 @@ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len, } } - if (unpadded_len < coordinate_size) { + if (unpadded_len > coordinate_size) { + /* Parsed number is longer than the maximum expected value. */ + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } else { padding_len = coordinate_size - unpadded_len; - memset(raw, 0x00, padding_len); + /* raw buffer was already zeroed in mbedtls_ecdsa_der_to_raw() so + * zero-padding operation is skipped here. */ } memcpy(raw + padding_len, p, unpadded_len); p += unpadded_len; diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index 45a3cb565..40f639160 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -52,7 +52,7 @@ ecdsa_der_to_raw:256:"3044021911111111111111111111111111111111111111111111111111 ECDSA DER -> Raw, 256bit, Wrong r integer length (too large) depends_on:PSA_WANT_ECC_SECP_K1_256 -ecdsa_der_to_raw:256:"30440221111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +ecdsa_der_to_raw:256:"30440221111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA ECDSA DER -> Raw, 256bit, Wrong s integer length (too small) depends_on:PSA_WANT_ECC_SECP_K1_256 From ee5238fcf4c25f046cd54a00680118e3da65f2b5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 29 Jan 2024 17:34:07 +0100 Subject: [PATCH 076/166] suite_psa_crypto_util: add more testing for mbedtls_ecdsa_raw_to_der() A new test function is added, ecdsa_raw_to_der_incremental, that tests incremental output DER buffer sizes checking that only the correct one (tested at last) works correctly. Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_util.data | 12 ++++++++++ .../test_suite_psa_crypto_util.function | 24 +++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index 40f639160..4bb2044a5 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -83,3 +83,15 @@ ecdsa_raw_to_der:528:"1111111111111111111111111111111111111111111111111111111111 ECDSA DER -> Raw, 521bit, Success depends_on:PSA_WANT_ECC_SECP_R1_521 ecdsa_der_to_raw:528:"30818802421111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 + +ECDSA Raw -> DER, 256bit, Incremental DER buffer sizes +depends_on:PSA_WANT_ECC_SECP_K1_256 +ecdsa_raw_to_der_incremental:256:"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222" + +ECDSA Raw -> DER, 512bit, Incremental DER buffer sizes +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +ecdsa_raw_to_der_incremental:512:"9111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818502410091111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024022222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222" + +ECDSA Raw -> DER, 521bit, Incremental DER buffer sizes +depends_on:PSA_WANT_ECC_SECP_R1_521 +ecdsa_raw_to_der_incremental:528:"911111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"3081890243009111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222" diff --git a/tests/suites/test_suite_psa_crypto_util.function b/tests/suites/test_suite_psa_crypto_util.function index 8f0dd6cfc..d1647d4b3 100644 --- a/tests/suites/test_suite_psa_crypto_util.function +++ b/tests/suites/test_suite_psa_crypto_util.function @@ -25,6 +25,30 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_UTIL_HAVE_ECDSA */ +void ecdsa_raw_to_der_incremental(int key_bits, data_t *input, data_t *exp_result) +{ + unsigned char *tmp_buf = NULL; + size_t tmp_buf_len = exp_result->len; + size_t ret_len; + size_t i; + + TEST_CALLOC(tmp_buf, tmp_buf_len); + + for (i = 0; i < tmp_buf_len; i++) { + TEST_ASSERT(mbedtls_ecdsa_raw_to_der(input->x, input->len, + tmp_buf, i, &ret_len, + key_bits) != 0); + } + TEST_EQUAL(mbedtls_ecdsa_raw_to_der(input->x, input->len, + tmp_buf, i, &ret_len, + key_bits), 0); + +exit: + mbedtls_free(tmp_buf); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_PSA_UTIL_HAVE_ECDSA */ void ecdsa_der_to_raw(int key_bits, data_t *input, data_t *exp_result, int exp_ret) { From 122c94fd269a0c0f3c047a1a9f7ca03489ab292b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 29 Jan 2024 18:02:03 +0100 Subject: [PATCH 077/166] psa_util: remove raw_len param from convert_der_to_raw_single_int() Signed-off-by: Valerio Setti --- library/psa_util.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/library/psa_util.c b/library/psa_util.c index 034987312..0c603b704 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -460,7 +460,6 @@ int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len, * \param raw Output buffer that will be filled with the * converted data. This should be at least * coordinate_size bytes. - * \param raw_len Size (in bytes) of the output raw buffer. * \param coordinate_size Size (in bytes) of a single coordinate in raw * format. * @@ -475,17 +474,12 @@ int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len, * \warning Der and raw buffers must not be overlapping. */ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len, - unsigned char *raw, size_t raw_len, - size_t coordinate_size) + unsigned char *raw, size_t coordinate_size) { unsigned char *p = der; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t unpadded_len, padding_len = 0; - if (raw_len < coordinate_size) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - /* Get the length of ASN.1 element (i.e. the integer we need to parse). */ ret = mbedtls_asn1_get_tag(&p, p + der_len, &unpadded_len, MBEDTLS_ASN1_INTEGER); @@ -543,8 +537,7 @@ int mbedtls_ecdsa_der_to_raw(const unsigned char *der, size_t der_len, memset(raw_tmp, 0, sizeof(raw_tmp)); /* Extract r */ - ret = convert_der_to_raw_single_int(p, data_len, raw_tmp, sizeof(raw_tmp), - coordinate_size); + ret = convert_der_to_raw_single_int(p, data_len, raw_tmp, coordinate_size); if (ret < 0) { return ret; } @@ -553,7 +546,6 @@ int mbedtls_ecdsa_der_to_raw(const unsigned char *der, size_t der_len, /* Extract s */ ret = convert_der_to_raw_single_int(p, data_len, raw_tmp + coordinate_size, - sizeof(raw_tmp) - coordinate_size, coordinate_size); if (ret < 0) { return ret; From c053d968f2b90926a6c69b079fc35d25713005fb Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 25 Jan 2024 17:56:32 +0000 Subject: [PATCH 078/166] Make psa_destroy_key threadsafe We do not require linearizability in the case of destroying a key in use. Using a key and destroying it simultaneously will not cause any issues as the user will only use the copy of the key in the slot. Two simulatenous deletion calls to one key cannot interfere, the first caller sets the slot's state to PENDING_DELETION, the second caller will back off. Remove outdated comment about one key being in multiple slots, psa_open_key does not put the key into a new slot. Signed-off-by: Ryan Everett --- library/psa_crypto.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e6d3851ba..c81666818 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1071,6 +1071,10 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) return status; } +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_lock( + &mbedtls_threading_key_slot_mutex)); +#endif /* Set the key slot containing the key description's state to * PENDING_DELETION. This stops new operations from registering * to read the slot. Current readers can safely continue to access @@ -1079,7 +1083,12 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) * If the key is persistent, we can now delete the copy of the key * from memory. If the key is opaque, we require the driver to * deal with the deletion. */ - slot->state = PSA_SLOT_PENDING_DELETION; + status = psa_key_slot_state_transition(slot, PSA_SLOT_FULL, + PSA_SLOT_PENDING_DELETION); + + if (status != PSA_SUCCESS) { + goto exit; + } if (PSA_KEY_LIFETIME_IS_READ_ONLY(slot->attr.lifetime)) { /* Refuse the destruction of a read-only key (which may or may not work @@ -1134,11 +1143,6 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) if (overall_status == PSA_SUCCESS) { overall_status = status; } - - /* TODO: other slots may have a copy of the same key. We should - * invalidate them. - * https://github.com/ARMmbed/mbed-crypto/issues/214 - */ } #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ @@ -1159,8 +1163,14 @@ exit: /* Unregister from reading the slot. If we are the last active reader * then this will wipe the slot. */ status = psa_unregister_read(slot); - /* Prioritize CORRUPTION_DETECTED from unregistering over - * a storage error. */ + +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif + + /* Prioritize CORRUPTION_DETECTED from unregistering or + * SERVICE_FAILURE from unlocking over a storage error. */ if (status != PSA_SUCCESS) { overall_status = status; } From 7a795fd9515a27dd1d7e5cc4fe319526c46842b9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 29 Jan 2024 18:08:42 +0100 Subject: [PATCH 079/166] suite_psa_crypto_util: add more test cases for DER->RAW - r with MSb set - Invalid r (only 1 zero byte) Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_util.data | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index 4bb2044a5..49b491954 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -62,6 +62,14 @@ ECDSA DER -> Raw, 256bit, Wrong s integer length (too large) depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102212222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_OUT_OF_DATA +ECDSA DER -> Raw, 256bit, r with MSb set +depends_on:PSA_WANT_ECC_SECP_K1_256 +ecdsa_der_to_raw:256:"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0 + +ECDSA DER -> Raw, 256bit, Invalid r (only 1 zero byte) +depends_on:PSA_WANT_ECC_SECP_K1_256 +ecdsa_der_to_raw:256:"302502010002202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH + # 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. ECDSA Raw -> DER, 512bit, Success depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 From 763971f32ec317c5c8c6248f39d2f30cee3a93b5 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 29 Jan 2024 17:13:36 +0000 Subject: [PATCH 080/166] Comment on locking strategy in psa_destroy_key Signed-off-by: Ryan Everett --- library/psa_crypto.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c81666818..9d7b72f87 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1072,6 +1072,10 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) } #if defined(MBEDTLS_THREADING_C) + /* We cannot unlock between setting the state to PENDING_DELETION + * and destroying the key in storage, as otherwise another thread + * could load the key into a new slot and the key will not be + * fully destroyed. */ PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_lock( &mbedtls_threading_key_slot_mutex)); #endif From 307ce2cff5fa44decd481cd334c9206ad8e3725a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 30 Jan 2024 08:05:20 +0100 Subject: [PATCH 081/166] test_psa_compliance: use the last upstream release of psa-arch-tests Release: v23.06_API1.5_ADAC_EAC This fixes all the issues that were previously added as exceptions. Signed-off-by: Valerio Setti --- tests/scripts/test_psa_compliance.py | 23 +++-------------------- 1 file changed, 3 insertions(+), 20 deletions(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index ed36befee..8d70cbca3 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -27,27 +27,10 @@ from mbedtls_dev import build_tree # The test numbers correspond to the numbers used by the console output of the test suite. # Test number 2xx corresponds to the files in the folder # psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx -EXPECTED_FAILURES = { - # psa_hash_suspend() and psa_hash_resume() are not supported. - # - Tracked in issue #3274 - 262, 263, - # PSA standard format for RSA public keys is a sequence of just n (modulus) - # and e (public exponent). However following tests rely on a format which - # also includes some metadata to identify the key as an RSA key, but this - # is not compliant with PSA standard. - 239, 240, 241, 242, 250, 251, -} +EXPECTED_FAILURES = {} # type: dict -# We currently use a fork of ARM-software/psa-arch-tests, with a couple of downstream patches -# that allow it to build with Mbed TLS 3, and fixes a couple of issues in the compliance test suite. -# These fixes allow the tests numbered 216, 248 and 249 to complete successfully. -# -# Once all the fixes are upstreamed, this fork should be replaced with an upstream commit/tag. -# - Tracked in issue #5145 -# -# Web URL: https://github.com/bensze01/psa-arch-tests/tree/fixes-for-mbedtls-3 -PSA_ARCH_TESTS_REPO = 'https://github.com/bensze01/psa-arch-tests.git' -PSA_ARCH_TESTS_REF = 'fix-pr-5736' +PSA_ARCH_TESTS_REPO = 'https://github.com/ARM-software/psa-arch-tests.git' +PSA_ARCH_TESTS_REF = 'v23.06_API1.5_ADAC_EAC' #pylint: disable=too-many-branches,too-many-statements,too-many-locals def main(library_build_dir: str): From 78da7468ca64838cfd3405a819f59b970b2da3b2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 30 Jan 2024 15:08:40 +0100 Subject: [PATCH 082/166] psa_util: minor improvements to convert_der_to_raw_single_int() Signed-off-by: Valerio Setti --- library/psa_util.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/psa_util.c b/library/psa_util.c index 0c603b704..dfea36b90 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -459,7 +459,8 @@ int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len, * \param der_len Length of the der buffer in bytes. * \param raw Output buffer that will be filled with the * converted data. This should be at least - * coordinate_size bytes. + * coordinate_size bytes and it must be zeroed before + * calling this function. * \param coordinate_size Size (in bytes) of a single coordinate in raw * format. * @@ -500,11 +501,10 @@ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len, if (unpadded_len > coordinate_size) { /* Parsed number is longer than the maximum expected value. */ return MBEDTLS_ERR_ASN1_INVALID_DATA; - } else { - padding_len = coordinate_size - unpadded_len; - /* raw buffer was already zeroed in mbedtls_ecdsa_der_to_raw() so - * zero-padding operation is skipped here. */ } + padding_len = coordinate_size - unpadded_len; + /* raw buffer was already zeroed by the calling function so zero-padding + * operation is skipped here. */ memcpy(raw + padding_len, p, unpadded_len); p += unpadded_len; From 98e1931a0a7486a147ae64877ea1542690d99582 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 30 Jan 2024 15:46:02 +0100 Subject: [PATCH 083/166] test_suite_psa_crypto_util: alloc/free buffer inside loop in ecdsa_raw_to_der_incremental() Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_util.function | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_util.function b/tests/suites/test_suite_psa_crypto_util.function index d1647d4b3..9dc95b659 100644 --- a/tests/suites/test_suite_psa_crypto_util.function +++ b/tests/suites/test_suite_psa_crypto_util.function @@ -33,17 +33,19 @@ void ecdsa_raw_to_der_incremental(int key_bits, data_t *input, data_t *exp_resul size_t ret_len; size_t i; - TEST_CALLOC(tmp_buf, tmp_buf_len); - - for (i = 0; i < tmp_buf_len; i++) { + for (i = 1; i < tmp_buf_len; i++) { + TEST_CALLOC(tmp_buf, i); TEST_ASSERT(mbedtls_ecdsa_raw_to_der(input->x, input->len, tmp_buf, i, &ret_len, key_bits) != 0); + mbedtls_free(tmp_buf); + tmp_buf = NULL; } + + TEST_CALLOC(tmp_buf, i); TEST_EQUAL(mbedtls_ecdsa_raw_to_der(input->x, input->len, tmp_buf, i, &ret_len, key_bits), 0); - exit: mbedtls_free(tmp_buf); } From 252311d41e1e13de76c1a71875b3553f54210fbd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 30 Jan 2024 15:50:28 +0100 Subject: [PATCH 084/166] test_suite_psa_crypto_util: add test with 0-length for r Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_util.data | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index 49b491954..78f048ade 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -70,6 +70,10 @@ ECDSA DER -> Raw, 256bit, Invalid r (only 1 zero byte) depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_der_to_raw:256:"302502010002202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +ECDSA DER -> Raw, 256bit, Invalid r (0-length) +depends_on:PSA_WANT_ECC_SECP_K1_256 +ecdsa_der_to_raw:256:"3025020002202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_OUT_OF_DATA + # 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. ECDSA Raw -> DER, 512bit, Success depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 From 91372f5549ac16438993913d5a2a52373b33f3e8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 30 Jan 2024 17:01:15 +0100 Subject: [PATCH 085/166] test_suite_rsa: add more test cases for RSA key parsing Signed-off-by: Valerio Setti --- tests/suites/test_suite_rsa.data | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index bd286814d..545e7ff4e 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -643,6 +643,9 @@ rsa_parse_pkcs1_key:0:"300402010000":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG RSA parse private key - correct format+values, minimal modulus size (128 bit) rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":0 +RSA parse private key - missing SEQUENCE +rsa_parse_pkcs1_key:0:"020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + RSA parse private key - correct format, modulus too small (127 bit) rsa_parse_pkcs1_key:0:"30630201000211007c8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED @@ -682,6 +685,9 @@ rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c8571020301000 RSA parse private key - correct values, qp wrong tag rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b7221FF08052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +RSA parse public key - missing SEQUENCE +rsa_parse_pkcs1_key:1:"028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + RSA parse public key - wrong initial tag rsa_parse_pkcs1_key:1:"318189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG @@ -711,3 +717,6 @@ rsa_parse_pkcs1_key:1:"30050203010001":MBEDTLS_ERR_ASN1_OUT_OF_DATA RSA parse public key - missing public exponent rsa_parse_pkcs1_key:1:"308184028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb7":MBEDTLS_ERR_ASN1_OUT_OF_DATA + +RSA parse public key - correct values, trailing garbage +rsa_parse_pkcs1_key:1:"30818a028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb7020301000100":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH From 3af9bc18f3be7a3e3cc52aa5f08dd4c7b92ddcb6 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 30 Jan 2024 17:21:57 +0000 Subject: [PATCH 086/166] Wrap get_and_lock_key_slot_in_memory calls in mutex It is useful to do this for the call in get_and_lock_key_slot. Documenting that get_and_lock_key_slot_in_memory requires the mutex is not part of this PR Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 31 +++++++++++++++++----------- 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 599cc363b..f4c6ee005 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -527,26 +527,29 @@ psa_status_t psa_open_key(mbedtls_svc_key_id_t key, psa_key_handle_t *handle) psa_status_t psa_close_key(psa_key_handle_t handle) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; if (psa_key_handle_is_null(handle)) { return PSA_SUCCESS; } +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_lock( + &mbedtls_threading_key_slot_mutex)); +#endif status = psa_get_and_lock_key_slot_in_memory(handle, &slot); if (status != PSA_SUCCESS) { if (status == PSA_ERROR_DOES_NOT_EXIST) { status = PSA_ERROR_INVALID_HANDLE; } - +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif return status; } -#if defined(MBEDTLS_THREADING_C) - PSA_THREADING_CHK_RET(mbedtls_mutex_lock( - &mbedtls_threading_key_slot_mutex)); -#endif if (slot->registered_readers == 1) { status = psa_wipe_key_slot(slot); } else { @@ -562,18 +565,22 @@ psa_status_t psa_close_key(psa_key_handle_t handle) psa_status_t psa_purge_key(mbedtls_svc_key_id_t key) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - status = psa_get_and_lock_key_slot_in_memory(key, &slot); - if (status != PSA_SUCCESS) { - return status; - } - #if defined(MBEDTLS_THREADING_C) PSA_THREADING_CHK_RET(mbedtls_mutex_lock( &mbedtls_threading_key_slot_mutex)); #endif + status = psa_get_and_lock_key_slot_in_memory(key, &slot); + if (status != PSA_SUCCESS) { +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif + return status; + } + if ((!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) && (slot->registered_readers == 1)) { status = psa_wipe_key_slot(slot); From fad978b2321551d91c51ce4a3ff76fea1a9ef34e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 30 Jan 2024 18:00:26 +0000 Subject: [PATCH 087/166] Fix race condition with test comparison functions Make sure we hold the mutex whilst making several changes at the same time, to prevent race condition on writing connected bits of data. Signed-off-by: Paul Elliott --- tests/src/helpers.c | 185 +++++++++++++++++++++++++------------------- 1 file changed, 107 insertions(+), 78 deletions(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index d0c75b08d..85345d8cf 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -53,18 +53,13 @@ mbedtls_test_result_t mbedtls_test_get_result(void) void mbedtls_test_set_result(mbedtls_test_result_t result, const char *test, int line_no, const char *filename) { -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ mbedtls_test_info.result = result; mbedtls_test_info.test = test; mbedtls_test_info.line_no = line_no; mbedtls_test_info.filename = filename; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ } const char *mbedtls_test_get_test(void) @@ -151,15 +146,10 @@ unsigned long mbedtls_test_get_step(void) void mbedtls_test_set_step(unsigned long step) { -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ mbedtls_test_info.step = step; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_get_line1(char *line) @@ -177,19 +167,14 @@ void mbedtls_test_get_line1(char *line) void mbedtls_test_set_line1(const char *line) { -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ if (line == NULL) { memset(mbedtls_test_info.line1, 0, MBEDTLS_TEST_LINE_LENGTH); } else { memcpy(mbedtls_test_info.line1, line, MBEDTLS_TEST_LINE_LENGTH); } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_get_line2(char *line) @@ -207,19 +192,14 @@ void mbedtls_test_get_line2(char *line) void mbedtls_test_set_line2(const char *line) { -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ if (line == NULL) { memset(mbedtls_test_info.line2, 0, MBEDTLS_TEST_LINE_LENGTH); } else { memcpy(mbedtls_test_info.line2, line, MBEDTLS_TEST_LINE_LENGTH); } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ } @@ -264,15 +244,10 @@ unsigned mbedtls_test_get_case_uses_negative_0(void) void mbedtls_test_set_case_uses_negative_0(unsigned uses) { -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ mbedtls_test_info.case_uses_negative_0 = uses; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_increment_case_uses_negative_0(void) @@ -355,21 +330,41 @@ int mbedtls_test_ascii2uc(const char c, unsigned char *uc) void mbedtls_test_fail(const char *test, int line_no, const char *filename) { - if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { - /* We've already recorded the test as having failed. Don't +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + /* Don't use accessor, we already hold mutex. */ + if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { + /* If we have already recorded the test as having failed then don't * overwrite any previous information about the failure. */ - return; + mbedtls_test_set_result(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename); } - mbedtls_test_set_result(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_skip(const char *test, int line_no, const char *filename) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SKIPPED, test, line_no, filename); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_info_reset(void) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0); mbedtls_test_set_step((unsigned long) (-1)); mbedtls_test_set_line1(NULL); @@ -378,6 +373,10 @@ void mbedtls_test_info_reset(void) #if defined(MBEDTLS_BIGNUM_C) mbedtls_test_set_case_uses_negative_0(0); #endif + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } int mbedtls_test_equal(const char *test, int line_no, const char *filename, @@ -390,21 +389,31 @@ int mbedtls_test_equal(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { - /* We've already recorded the test as having failed. Don't +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + /* Don't use accessor, as we already hold mutex. */ + if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { + /* If we've already recorded the test as having failed then don't * overwrite any previous information about the failure. */ - return 0; + + char buf[MBEDTLS_TEST_LINE_LENGTH]; + mbedtls_test_fail(test, line_no, filename); + (void) mbedtls_snprintf(buf, sizeof(buf), + "lhs = 0x%016llx = %lld", + value1, (long long) value1); + mbedtls_test_set_line1(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), + "rhs = 0x%016llx = %lld", + value2, (long long) value2); + mbedtls_test_set_line2(buf); } - char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(buf, sizeof(buf), - "lhs = 0x%016llx = %lld", - value1, (long long) value1); - mbedtls_test_set_line1(buf); - (void) mbedtls_snprintf(buf, sizeof(buf), - "rhs = 0x%016llx = %lld", - value2, (long long) value2); - mbedtls_test_set_line2(buf); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + return 0; } @@ -418,21 +427,31 @@ int mbedtls_test_le_u(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { - /* We've already recorded the test as having failed. Don't +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + /* Don't use accessor, we already hold mutex. */ + if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { + /* If we've already recorded the test as having failed then don't * overwrite any previous information about the failure. */ - return 0; + + char buf[MBEDTLS_TEST_LINE_LENGTH]; + mbedtls_test_fail(test, line_no, filename); + (void) mbedtls_snprintf(buf, sizeof(buf), + "lhs = 0x%016llx = %llu", + value1, value1); + mbedtls_test_set_line1(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), + "rhs = 0x%016llx = %llu", + value2, value2); + mbedtls_test_set_line2(buf); } - char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(buf, sizeof(buf), - "lhs = 0x%016llx = %llu", - value1, value1); - mbedtls_test_set_line1(buf); - (void) mbedtls_snprintf(buf, sizeof(buf), - "rhs = 0x%016llx = %llu", - value2, value2); - mbedtls_test_set_line2(buf); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + return 0; } @@ -446,21 +465,31 @@ int mbedtls_test_le_s(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { - /* We've already recorded the test as having failed. Don't +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + /* Don't use accessor, we already hold mutex. */ + if (mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_FAILED) { + /* If we've already recorded the test as having failed then don't * overwrite any previous information about the failure. */ - return 0; + + char buf[MBEDTLS_TEST_LINE_LENGTH]; + mbedtls_test_fail(test, line_no, filename); + (void) mbedtls_snprintf(buf, sizeof(buf), + "lhs = 0x%016llx = %lld", + (unsigned long long) value1, value1); + mbedtls_test_set_line1(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), + "rhs = 0x%016llx = %lld", + (unsigned long long) value2, value2); + mbedtls_test_set_line2(buf); } - char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(buf, sizeof(buf), - "lhs = 0x%016llx = %lld", - (unsigned long long) value1, value1); - mbedtls_test_set_line1(buf); - (void) mbedtls_snprintf(buf, sizeof(buf), - "rhs = 0x%016llx = %lld", - (unsigned long long) value2, value2); - mbedtls_test_set_line2(buf); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + return 0; } From a888645bb8f5ec8e43179d355243483205e501f7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 30 Jan 2024 17:35:49 +0100 Subject: [PATCH 088/166] test_suite_rsa: add test for key write with incremental output size Signed-off-by: Valerio Setti --- tests/suites/test_suite_rsa.data | 6 ++++ tests/suites/test_suite_rsa.function | 50 ++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 545e7ff4e..8a224d5ef 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -720,3 +720,9 @@ rsa_parse_pkcs1_key:1:"308184028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6 RSA parse public key - correct values, trailing garbage rsa_parse_pkcs1_key:1:"30818a028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb7020301000100":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH + +RSA priv key write - incremental output buffer size +rsa_key_write_incremental:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c" + +RSA priv public key write - incremental output buffer size +rsa_key_write_incremental:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001" diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 71ca2b9ac..44caacd6e 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1430,6 +1430,56 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void rsa_key_write_incremental(int is_public, data_t *input) +{ + mbedtls_rsa_context rsa_ctx; + unsigned char *buf = NULL, *start, *end; + size_t i; + + mbedtls_rsa_init(&rsa_ctx); + + /* This is supposed to succeed as the real target of this test are the + * write attempt below. */ + if (is_public) { + start = input->x; + end = input->x + input->len; + TEST_EQUAL(mbedtls_rsa_pubkey_parse(&rsa_ctx, &start, end), 0); + } else { + TEST_EQUAL(mbedtls_rsa_key_parse(&rsa_ctx, input->x, input->len), 0); + } + + for (i = 1; i < input->len; i++) { + TEST_CALLOC(buf, i); + end = buf + i; + /* We don't care much about the return value as long as it fails. */ + if (is_public) { + TEST_ASSERT(mbedtls_rsa_pubkey_write(&rsa_ctx, buf, &end) != 0); + } else { + TEST_ASSERT(mbedtls_rsa_key_write(&rsa_ctx, buf, &end) != 0); + } + mbedtls_free(buf); + buf = NULL; + } + + /* Ensure with the correct output buffer size everything works as expected. */ + TEST_CALLOC(buf, i); + end = buf + i; + + if (is_public) { + TEST_ASSERT(mbedtls_rsa_pubkey_write(&rsa_ctx, buf, &end) != 0); + } else { + TEST_ASSERT(mbedtls_rsa_key_write(&rsa_ctx, buf, &end) > 0); + } + +exit: + if (buf != NULL) { + mbedtls_free(buf); + } + mbedtls_rsa_free(&rsa_ctx); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void rsa_selftest() { From efcc55500265c7a1a39a507cfbb0220aebefd689 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 31 Jan 2024 11:15:37 +0100 Subject: [PATCH 089/166] test_suite_psa_crypto_util: add test with 0-length s Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_util.data | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index 78f048ade..46af1f16f 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -74,6 +74,10 @@ ECDSA DER -> Raw, 256bit, Invalid r (0-length) depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_der_to_raw:256:"3025020002202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_OUT_OF_DATA +ECDSA DER -> Raw, 256bit, Invalid s (0-length) +depends_on:PSA_WANT_ECC_SECP_K1_256 +ecdsa_der_to_raw:256:"3044022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_OUT_OF_DATA + # 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. ECDSA Raw -> DER, 512bit, Success depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 From 3122f4da50b401cc56374ad8891bfd782a506483 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 31 Jan 2024 11:16:46 +0100 Subject: [PATCH 090/166] psa_util: invert check order for leading zeros in convert_der_to_raw_single_int() Signed-off-by: Valerio Setti --- library/psa_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_util.c b/library/psa_util.c index dfea36b90..be257e72e 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -489,7 +489,7 @@ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len, } /* Skip possible leading zero */ - if ((*p == 0x00) && (unpadded_len > 0)) { + if ((unpadded_len > 0) && (*p == 0x00)) { p++; unpadded_len--; /* It should never happen that the input number is all zeros. */ From 9efc60298ffbc09c43c837cbf7565023a312666e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 31 Jan 2024 15:33:23 +0000 Subject: [PATCH 091/166] Fix code style issues Signed-off-by: Paul Elliott --- tests/src/helpers.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 85345d8cf..49a7df298 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -147,7 +147,7 @@ unsigned long mbedtls_test_get_step(void) void mbedtls_test_set_step(unsigned long step) { /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ + * to calling this function. */ mbedtls_test_info.step = step; } @@ -168,7 +168,7 @@ void mbedtls_test_get_line1(char *line) void mbedtls_test_set_line1(const char *line) { /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ + * to calling this function. */ if (line == NULL) { memset(mbedtls_test_info.line1, 0, MBEDTLS_TEST_LINE_LENGTH); @@ -193,7 +193,7 @@ void mbedtls_test_get_line2(char *line) void mbedtls_test_set_line2(const char *line) { /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ + * to calling this function. */ if (line == NULL) { memset(mbedtls_test_info.line2, 0, MBEDTLS_TEST_LINE_LENGTH); @@ -245,7 +245,7 @@ unsigned mbedtls_test_get_case_uses_negative_0(void) void mbedtls_test_set_case_uses_negative_0(unsigned uses) { /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ + * to calling this function. */ mbedtls_test_info.case_uses_negative_0 = uses; } From 24e9a32c83ac07c08260060e62eba432ae1fb4c1 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 1 Feb 2024 12:26:23 +0000 Subject: [PATCH 092/166] Refactor to help future other implementations Improve the definition of mbedtls_test_thread_t to assist adding future threading implementations, when they happen. Signed-off-by: Paul Elliott --- tests/include/test/threading_helpers.h | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/tests/include/test/threading_helpers.h b/tests/include/test/threading_helpers.h index ba965c877..0054358ea 100644 --- a/tests/include/test/threading_helpers.h +++ b/tests/include/test/threading_helpers.h @@ -27,11 +27,6 @@ #if defined(MBEDTLS_THREADING_PTHREAD) #include - -typedef struct mbedtls_test_thread_t { - pthread_t MBEDTLS_PRIVATE(thread); -} mbedtls_test_thread_t; - #endif /* MBEDTLS_THREADING_PTHREAD */ #if defined(MBEDTLS_THREADING_ALT) @@ -58,17 +53,30 @@ void mbedtls_test_thread_set_alt(int (*thread_create)(mbedtls_test_thread_t *thr void *thread_data), int (*thread_join)(mbedtls_test_thread_t *thread)); +#else /* MBEDTLS_THREADING_ALT*/ + +typedef struct mbedtls_test_thread_t { + +#if defined(MBEDTLS_THREADING_PTHREAD) + pthread_t MBEDTLS_PRIVATE(thread); +#else /* MBEDTLS_THREADING_PTHREAD */ + /* Make sure this struct is always non-empty */ + unsigned dummy; +#endif + +} mbedtls_test_thread_t; + #endif /* MBEDTLS_THREADING_ALT*/ /** - * \brief The function pointers for thread create and thread + * \brief The function pointers for thread create and thread * join. * - * \note These functions are part of the testing API only and + * \note These functions are part of the testing API only and * thus not considered part of the public API of * MbedTLS and thus may change without notice. * - * \note All these functions are expected to work or + * \note All these functions are expected to work or * the result will be undefined. */ extern int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, From ae942ece478f7909f679699f08109556ac40c44c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 1 Feb 2024 12:44:01 +0000 Subject: [PATCH 093/166] Fix style issues Signed-off-by: Paul Elliott --- tests/include/test/threading_helpers.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/include/test/threading_helpers.h b/tests/include/test/threading_helpers.h index 0054358ea..79bc6c0de 100644 --- a/tests/include/test/threading_helpers.h +++ b/tests/include/test/threading_helpers.h @@ -69,14 +69,14 @@ typedef struct mbedtls_test_thread_t { #endif /* MBEDTLS_THREADING_ALT*/ /** - * \brief The function pointers for thread create and thread + * \brief The function pointers for thread create and thread * join. * - * \note These functions are part of the testing API only and - * thus not considered part of the public API of + * \note These functions are part of the testing API only + * and thus not considered part of the public API of * MbedTLS and thus may change without notice. * - * \note All these functions are expected to work or + * \note All these functions are expected to work or * the result will be undefined. */ extern int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, From 0b2835d1fde5739bd728e8b805ca76c22f90e9e2 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 1 Feb 2024 13:27:04 +0000 Subject: [PATCH 094/166] Fix accidental copy paste mistake Signed-off-by: Paul Elliott --- tests/src/helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 49a7df298..936da066f 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -375,7 +375,7 @@ void mbedtls_test_info_reset(void) #endif #ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); #endif /* MBEDTLS_THREADING_C */ } From 2d73baf171560d27afef869cc960172b717ea7db Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 1 Feb 2024 15:25:17 +0100 Subject: [PATCH 095/166] psa_util: convert_der_to_raw_single_int: ensure the input DER integers have valid length Signed-off-by: Valerio Setti --- library/psa_util.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/psa_util.c b/library/psa_util.c index be257e72e..b13d83d47 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -492,10 +492,10 @@ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len, if ((unpadded_len > 0) && (*p == 0x00)) { p++; unpadded_len--; - /* It should never happen that the input number is all zeros. */ - if (unpadded_len == 0) { - return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; - } + } + /* It should never happen that the input number has 0 length. */ + if (unpadded_len == 0) { + return MBEDTLS_ERR_ASN1_INVALID_DATA; } if (unpadded_len > coordinate_size) { From 3ecb395fb93626e6250ee693b6eb0ce3eba0fe44 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 1 Feb 2024 15:26:24 +0100 Subject: [PATCH 096/166] test_suite_psa_crypto_util: fix tests for 0-length and one 0x00 byte for r and s Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_util.data | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index 46af1f16f..9368d7939 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -68,15 +68,19 @@ ecdsa_der_to_raw:256:"3045022100911111111111111111111111111111111111111111111111 ECDSA DER -> Raw, 256bit, Invalid r (only 1 zero byte) depends_on:PSA_WANT_ECC_SECP_K1_256 -ecdsa_der_to_raw:256:"302502010002202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +ecdsa_der_to_raw:256:"302502010002202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA DER -> Raw, 256bit, Invalid s (only 1 zero byte) +depends_on:PSA_WANT_ECC_SECP_K1_256 +ecdsa_der_to_raw:256:"302502201111111111111111111111111111111111111111111111111111111111111111020100":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA ECDSA DER -> Raw, 256bit, Invalid r (0-length) depends_on:PSA_WANT_ECC_SECP_K1_256 -ecdsa_der_to_raw:256:"3025020002202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_OUT_OF_DATA +ecdsa_der_to_raw:256:"3024020002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA -ECDSA DER -> Raw, 256bit, Invalid s (0-length) +ECDSA DER -> Raw, 256bit,Invalid s (0-length) depends_on:PSA_WANT_ECC_SECP_K1_256 -ecdsa_der_to_raw:256:"3044022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_OUT_OF_DATA +ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA # 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. ECDSA Raw -> DER, 512bit, Success @@ -110,4 +114,4 @@ ecdsa_raw_to_der_incremental:512:"9111111111111111111111111111111111111111111111 ECDSA Raw -> DER, 521bit, Incremental DER buffer sizes depends_on:PSA_WANT_ECC_SECP_R1_521 -ecdsa_raw_to_der_incremental:528:"911111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"3081890243009111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222" +ecdsa_raw_to_der_incremental:528:"911111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"3081890243009111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222" \ No newline at end of file From 9e520f7ea952b7c815c66f93e8743b45772abd12 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 1 Feb 2024 15:50:44 +0100 Subject: [PATCH 097/166] changelog: improve descriptions Signed-off-by: Valerio Setti --- ChangeLog.d/8647.txt | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/ChangeLog.d/8647.txt b/ChangeLog.d/8647.txt index cfd3a4b9f..44007e2c2 100644 --- a/ChangeLog.d/8647.txt +++ b/ChangeLog.d/8647.txt @@ -1,7 +1,10 @@ Default behavior changes - * Importing of RSA keys in PEM format in PSA is officially unsupported - (this was previously undocumented). + * psa_import_key() now only accepts RSA keys in the PSA standard formats. + The undocumented ability to import other formats (PKCS#8, SubjectPublicKey, + PEM) accepted by the pkparse module has been removed. Applications that + need these format can call mbedtls_pk_parse_{public,}key() followed by + mbedtls_pk_import_into_psa(). -Features - * It is possible to enable RSA support in PSA (MBEDTLS_PSA_CRYPTO_C + - RSA_C) without enabling PK module (MBEDTLS_[PK|PK_WRITE|PK_PARSE]_C). +Changes + * RSA support in PSA no longer auto-enables the pkparse and pkwrite modules, + saving code size when those are not otherwise enabled. From 52ed54b9490745b3daae5bc9acb99b5455654c34 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 1 Feb 2024 16:29:01 +0100 Subject: [PATCH 098/166] psa_crypto_rsa: remove unnecessary casting Signed-off-by: Valerio Setti --- library/psa_crypto_rsa.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 7da6012c9..cfa2da619 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -73,8 +73,8 @@ psa_status_t mbedtls_psa_rsa_load_representation( if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) { status = mbedtls_to_psa_error(mbedtls_rsa_key_parse(*p_rsa, data, data_length)); } else { - unsigned char *p = (unsigned char *) data; - unsigned char *end = (unsigned char *) (data + data_length); + unsigned char *p = data; + unsigned char *end = (data + data_length); status = mbedtls_to_psa_error(mbedtls_rsa_pubkey_parse(*p_rsa, &p, end)); } if (status != PSA_SUCCESS) { From 44ff9506ddb315d06f2c33ccf5fe3f0a2ee60014 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 1 Feb 2024 16:51:05 +0100 Subject: [PATCH 099/166] rsa: set parse/write functions out of !RSA_ALT guard Signed-off-by: Valerio Setti --- library/rsa.c | 665 +++++++++++++++++++++++++------------------------- 1 file changed, 332 insertions(+), 333 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index e0c38c3bc..b81039ceb 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -46,6 +46,338 @@ #include "mbedtls/platform.h" +int mbedtls_rsa_key_parse(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen) +{ + int ret, version; + size_t len; + unsigned char *p, *end; + + mbedtls_mpi T; + mbedtls_mpi_init(&T); + + p = (unsigned char *) key; + end = p + keylen; + + /* + * This function parses the RSAPrivateKey (PKCS#1) + * + * RSAPrivateKey ::= SEQUENCE { + * version Version, + * modulus INTEGER, -- n + * publicExponent INTEGER, -- e + * privateExponent INTEGER, -- d + * prime1 INTEGER, -- p + * prime2 INTEGER, -- q + * exponent1 INTEGER, -- d mod (p-1) + * exponent2 INTEGER, -- d mod (q-1) + * coefficient INTEGER, -- (inverse of q) mod p + * otherPrimeInfos OtherPrimeInfos OPTIONAL + * } + */ + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return ret; + } + + end = p + len; + + if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) { + return ret; + } + + if (version != 0) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } + + /* Import N */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, &T, NULL, NULL, + NULL, NULL)) != 0) { + goto cleanup; + } + + /* Import E */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL, + NULL, &T)) != 0) { + goto cleanup; + } + + /* Import D */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL, + &T, NULL)) != 0) { + goto cleanup; + } + + /* Import P */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, &T, NULL, + NULL, NULL)) != 0) { + goto cleanup; + } + + /* Import Q */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, NULL, &T, + NULL, NULL)) != 0) { + goto cleanup; + } + +#if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT) + /* + * The RSA CRT parameters DP, DQ and QP are nominally redundant, in + * that they can be easily recomputed from D, P and Q. However by + * parsing them from the PKCS1 structure it is possible to avoid + * recalculating them which both reduces the overhead of loading + * RSA private keys into memory and also avoids side channels which + * can arise when computing those values, since all of D, P, and Q + * are secret. See https://eprint.iacr.org/2020/055 for a + * description of one such attack. + */ + + /* Import DP */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_mpi_copy(&rsa->DP, &T)) != 0) { + goto cleanup; + } + + /* Import DQ */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_mpi_copy(&rsa->DQ, &T)) != 0) { + goto cleanup; + } + + /* Import QP */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_mpi_copy(&rsa->QP, &T)) != 0) { + goto cleanup; + } + +#else + /* Verify existence of the CRT params */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0) { + goto cleanup; + } +#endif + + /* rsa_complete() doesn't complete anything with the default + * implementation but is still called: + * - for the benefit of alternative implementation that may want to + * pre-compute stuff beyond what's provided (eg Montgomery factors) + * - as is also sanity-checks the key + * + * Furthermore, we also check the public part for consistency with + * mbedtls_pk_parse_pubkey(), as it includes size minima for example. + */ + if ((ret = mbedtls_rsa_complete(rsa)) != 0 || + (ret = mbedtls_rsa_check_pubkey(rsa)) != 0) { + goto cleanup; + } + + if (p != end) { + ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + } + +cleanup: + + mbedtls_mpi_free(&T); + + if (ret != 0) { + mbedtls_rsa_free(rsa); + } + + return ret; +} + +int mbedtls_rsa_pubkey_parse(mbedtls_rsa_context *rsa, unsigned char **p, + const unsigned char *end) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t len; + + /* + * RSAPublicKey ::= SEQUENCE { + * modulus INTEGER, -- n + * publicExponent INTEGER -- e + * } + */ + + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return ret; + } + + if (*p + len != end) { + return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + } + + /* Import N */ + if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { + return ret; + } + + if ((ret = mbedtls_rsa_import_raw(rsa, *p, len, NULL, 0, NULL, 0, + NULL, 0, NULL, 0)) != 0) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } + + *p += len; + + /* Import E */ + if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { + return ret; + } + + if ((ret = mbedtls_rsa_import_raw(rsa, NULL, 0, NULL, 0, NULL, 0, + NULL, 0, *p, len)) != 0) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } + + *p += len; + + if (mbedtls_rsa_complete(rsa) != 0 || + mbedtls_rsa_check_pubkey(rsa) != 0) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } + + if (*p != end) { + return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + } + + return 0; +} + +int mbedtls_rsa_key_write(const mbedtls_rsa_context *rsa, unsigned char *start, + unsigned char **p) +{ + size_t len = 0; + int ret; + + mbedtls_mpi T; /* Temporary holding the exported parameters */ + + /* + * Export the parameters one after another to avoid simultaneous copies. + */ + + mbedtls_mpi_init(&T); + + /* Export QP */ + if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export DQ */ + if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export DP */ + if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export Q */ + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, &T, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export P */ + if ((ret = mbedtls_rsa_export(rsa, NULL, &T, NULL, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export D */ + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, &T, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export E */ + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export N */ + if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + +end_of_export: + + mbedtls_mpi_free(&T); + if (ret < 0) { + return ret; + } + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, start, 0)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + + return (int) len; +} + +/* + * RSAPublicKey ::= SEQUENCE { + * modulus INTEGER, -- n + * publicExponent INTEGER -- e + * } + */ +int mbedtls_rsa_pubkey_write(const mbedtls_rsa_context *rsa, unsigned char *start, + unsigned char **p) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t len = 0; + mbedtls_mpi T; + + mbedtls_mpi_init(&T); + + /* Export E */ + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export N */ + if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + +end_of_export: + + mbedtls_mpi_free(&T); + if (ret < 0) { + return ret; + } + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + + return (int) len; +} #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) @@ -688,339 +1020,6 @@ static int asn1_get_nonzero_mpi(unsigned char **p, return 0; } -int mbedtls_rsa_key_parse(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen) -{ - int ret, version; - size_t len; - unsigned char *p, *end; - - mbedtls_mpi T; - mbedtls_mpi_init(&T); - - p = (unsigned char *) key; - end = p + keylen; - - /* - * This function parses the RSAPrivateKey (PKCS#1) - * - * RSAPrivateKey ::= SEQUENCE { - * version Version, - * modulus INTEGER, -- n - * publicExponent INTEGER, -- e - * privateExponent INTEGER, -- d - * prime1 INTEGER, -- p - * prime2 INTEGER, -- q - * exponent1 INTEGER, -- d mod (p-1) - * exponent2 INTEGER, -- d mod (q-1) - * coefficient INTEGER, -- (inverse of q) mod p - * otherPrimeInfos OtherPrimeInfos OPTIONAL - * } - */ - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return ret; - } - - end = p + len; - - if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) { - return ret; - } - - if (version != 0) { - return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; - } - - /* Import N */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_rsa_import(rsa, &T, NULL, NULL, - NULL, NULL)) != 0) { - goto cleanup; - } - - /* Import E */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL, - NULL, &T)) != 0) { - goto cleanup; - } - - /* Import D */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL, - &T, NULL)) != 0) { - goto cleanup; - } - - /* Import P */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_rsa_import(rsa, NULL, &T, NULL, - NULL, NULL)) != 0) { - goto cleanup; - } - - /* Import Q */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_rsa_import(rsa, NULL, NULL, &T, - NULL, NULL)) != 0) { - goto cleanup; - } - -#if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT) - /* - * The RSA CRT parameters DP, DQ and QP are nominally redundant, in - * that they can be easily recomputed from D, P and Q. However by - * parsing them from the PKCS1 structure it is possible to avoid - * recalculating them which both reduces the overhead of loading - * RSA private keys into memory and also avoids side channels which - * can arise when computing those values, since all of D, P, and Q - * are secret. See https://eprint.iacr.org/2020/055 for a - * description of one such attack. - */ - - /* Import DP */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_mpi_copy(&rsa->DP, &T)) != 0) { - goto cleanup; - } - - /* Import DQ */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_mpi_copy(&rsa->DQ, &T)) != 0) { - goto cleanup; - } - - /* Import QP */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_mpi_copy(&rsa->QP, &T)) != 0) { - goto cleanup; - } - -#else - /* Verify existence of the CRT params */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0) { - goto cleanup; - } -#endif - - /* rsa_complete() doesn't complete anything with the default - * implementation but is still called: - * - for the benefit of alternative implementation that may want to - * pre-compute stuff beyond what's provided (eg Montgomery factors) - * - as is also sanity-checks the key - * - * Furthermore, we also check the public part for consistency with - * mbedtls_pk_parse_pubkey(), as it includes size minima for example. - */ - if ((ret = mbedtls_rsa_complete(rsa)) != 0 || - (ret = mbedtls_rsa_check_pubkey(rsa)) != 0) { - goto cleanup; - } - - if (p != end) { - ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; - } - -cleanup: - - mbedtls_mpi_free(&T); - - if (ret != 0) { - mbedtls_rsa_free(rsa); - } - - return ret; -} - -int mbedtls_rsa_pubkey_parse(mbedtls_rsa_context *rsa, unsigned char **p, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - - /* - * RSAPublicKey ::= SEQUENCE { - * modulus INTEGER, -- n - * publicExponent INTEGER -- e - * } - */ - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return ret; - } - - if (*p + len != end) { - return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; - } - - /* Import N */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { - return ret; - } - - if ((ret = mbedtls_rsa_import_raw(rsa, *p, len, NULL, 0, NULL, 0, - NULL, 0, NULL, 0)) != 0) { - return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; - } - - *p += len; - - /* Import E */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { - return ret; - } - - if ((ret = mbedtls_rsa_import_raw(rsa, NULL, 0, NULL, 0, NULL, 0, - NULL, 0, *p, len)) != 0) { - return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; - } - - *p += len; - - if (mbedtls_rsa_complete(rsa) != 0 || - mbedtls_rsa_check_pubkey(rsa) != 0) { - return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; - } - - if (*p != end) { - return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; - } - - return 0; -} - -int mbedtls_rsa_key_write(const mbedtls_rsa_context *rsa, unsigned char *start, - unsigned char **p) -{ - size_t len = 0; - int ret; - - mbedtls_mpi T; /* Temporary holding the exported parameters */ - - /* - * Export the parameters one after another to avoid simultaneous copies. - */ - - mbedtls_mpi_init(&T); - - /* Export QP */ - if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export DQ */ - if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export DP */ - if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export Q */ - if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, &T, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export P */ - if ((ret = mbedtls_rsa_export(rsa, NULL, &T, NULL, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export D */ - if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, &T, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export E */ - if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export N */ - if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - -end_of_export: - - mbedtls_mpi_free(&T); - if (ret < 0) { - return ret; - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, start, 0)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - return (int) len; -} - -/* - * RSAPublicKey ::= SEQUENCE { - * modulus INTEGER, -- n - * publicExponent INTEGER -- e - * } - */ -int mbedtls_rsa_pubkey_write(const mbedtls_rsa_context *rsa, unsigned char *start, - unsigned char **p) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - mbedtls_mpi T; - - mbedtls_mpi_init(&T); - - /* Export E */ - if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export N */ - if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - -end_of_export: - - mbedtls_mpi_free(&T); - if (ret < 0) { - return ret; - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - return (int) len; -} - #if defined(MBEDTLS_GENPRIME) /* From 135ebde273d57f23932650efc60a17af00a1b328 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 1 Feb 2024 17:00:29 +0100 Subject: [PATCH 100/166] rsa: rename parse/write functions in order to follow the standard format Signed-off-by: Valerio Setti --- library/pk_wrap.c | 8 ++++---- library/pkparse.c | 12 ++++++------ library/pkwrite.c | 4 ++-- library/psa_crypto_rsa.c | 8 ++++---- library/rsa.c | 8 ++++---- library/rsa_internal.h | 8 ++++---- tests/suites/test_suite_rsa.function | 24 ++++++++++++------------ 7 files changed, 36 insertions(+), 36 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index ff8eeb14c..f8ce09995 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -87,7 +87,7 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, return MBEDTLS_ERR_RSA_VERIFY_FAILED; } - key_len = mbedtls_rsa_pubkey_write(rsa, buf, &p); + key_len = mbedtls_rsa_write_pubkey(rsa, buf, &p); if (key_len <= 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } @@ -185,7 +185,7 @@ int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg, return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; } - key_len = mbedtls_rsa_key_write(rsa_ctx, buf, &p); + key_len = mbedtls_rsa_write_key(rsa_ctx, buf, &p); if (key_len <= 0) { mbedtls_free(buf); return MBEDTLS_ERR_PK_BAD_INPUT_DATA; @@ -293,7 +293,7 @@ static int rsa_decrypt_wrap(mbedtls_pk_context *pk, return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - key_len = mbedtls_rsa_key_write(rsa, buf, &p); + key_len = mbedtls_rsa_write_key(rsa, buf, &p); if (key_len <= 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } @@ -375,7 +375,7 @@ static int rsa_encrypt_wrap(mbedtls_pk_context *pk, return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE; } - key_len = mbedtls_rsa_pubkey_write(rsa, buf, &p); + key_len = mbedtls_rsa_write_pubkey(rsa, buf, &p); if (key_len <= 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } diff --git a/library/pkparse.c b/library/pkparse.c index 17df101f0..b2127b2e5 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -850,7 +850,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, #if defined(MBEDTLS_RSA_C) if (pk_alg == MBEDTLS_PK_RSA) { - ret = mbedtls_rsa_pubkey_parse(mbedtls_pk_rsa(*pk), p, end); + ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*pk), p, end); } else #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) @@ -1098,7 +1098,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( #if defined(MBEDTLS_RSA_C) if (pk_alg == MBEDTLS_PK_RSA) { - if ((ret = mbedtls_rsa_key_parse(mbedtls_pk_rsa(*pk), p, len)) != 0) { + if ((ret = mbedtls_rsa_parse_key(mbedtls_pk_rsa(*pk), p, len)) != 0) { mbedtls_pk_free(pk); return ret; } @@ -1288,7 +1288,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, if (ret == 0) { pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA); if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 || - (ret = mbedtls_rsa_key_parse(mbedtls_pk_rsa(*pk), + (ret = mbedtls_rsa_parse_key(mbedtls_pk_rsa(*pk), pem.buf, pem.buflen)) != 0) { mbedtls_pk_free(pk); } @@ -1429,7 +1429,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA); if (mbedtls_pk_setup(pk, pk_info) == 0 && - mbedtls_rsa_key_parse(mbedtls_pk_rsa(*pk), key, keylen) == 0) { + mbedtls_rsa_parse_key(mbedtls_pk_rsa(*pk), key, keylen) == 0) { return 0; } @@ -1504,7 +1504,7 @@ int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx, return ret; } - if ((ret = mbedtls_rsa_pubkey_parse(mbedtls_pk_rsa(*ctx), &p, p + pem.buflen)) != 0) { + if ((ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*ctx), &p, p + pem.buflen)) != 0) { mbedtls_pk_free(ctx); } @@ -1551,7 +1551,7 @@ int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx, } p = (unsigned char *) key; - ret = mbedtls_rsa_pubkey_parse(mbedtls_pk_rsa(*ctx), &p, p + keylen); + ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*ctx), &p, p + keylen); if (ret == 0) { return ret; } diff --git a/library/pkwrite.c b/library/pkwrite.c index 91529eb75..b9ddcf1d8 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -78,7 +78,7 @@ static int pk_write_rsa_der(unsigned char **p, unsigned char *buf, return (int) len; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - return mbedtls_rsa_key_write(mbedtls_pk_rsa(*pk), buf, p); + return mbedtls_rsa_write_key(mbedtls_pk_rsa(*pk), buf, p); } #endif /* MBEDTLS_RSA_C */ @@ -416,7 +416,7 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, #if defined(MBEDTLS_RSA_C) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) { - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_rsa_pubkey_write(mbedtls_pk_rsa(*key), start, p)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(*key), start, p)); } else #endif #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index cfa2da619..0047a26bf 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -71,11 +71,11 @@ psa_status_t mbedtls_psa_rsa_load_representation( /* Parse the data. */ if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) { - status = mbedtls_to_psa_error(mbedtls_rsa_key_parse(*p_rsa, data, data_length)); + status = mbedtls_to_psa_error(mbedtls_rsa_parse_key(*p_rsa, data, data_length)); } else { unsigned char *p = data; unsigned char *end = (data + data_length); - status = mbedtls_to_psa_error(mbedtls_rsa_pubkey_parse(*p_rsa, &p, end)); + status = mbedtls_to_psa_error(mbedtls_rsa_parse_pubkey(*p_rsa, &p, end)); } if (status != PSA_SUCCESS) { goto exit; @@ -163,9 +163,9 @@ psa_status_t mbedtls_psa_rsa_export_key(psa_key_type_t type, * representation of the non-encrypted PKCS#1 RSAPrivateKey for a * private key and of the RFC3279 RSAPublicKey for a public key. */ if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) { - ret = mbedtls_rsa_key_write(rsa, data, &end); + ret = mbedtls_rsa_write_key(rsa, data, &end); } else { - ret = mbedtls_rsa_pubkey_write(rsa, data, &end); + ret = mbedtls_rsa_write_pubkey(rsa, data, &end); } if (ret < 0) { diff --git a/library/rsa.c b/library/rsa.c index b81039ceb..62b56cd25 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -46,7 +46,7 @@ #include "mbedtls/platform.h" -int mbedtls_rsa_key_parse(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen) +int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen) { int ret, version; size_t len; @@ -192,7 +192,7 @@ cleanup: return ret; } -int mbedtls_rsa_pubkey_parse(mbedtls_rsa_context *rsa, unsigned char **p, +int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, unsigned char **p, const unsigned char *end) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -250,7 +250,7 @@ int mbedtls_rsa_pubkey_parse(mbedtls_rsa_context *rsa, unsigned char **p, return 0; } -int mbedtls_rsa_key_write(const mbedtls_rsa_context *rsa, unsigned char *start, +int mbedtls_rsa_write_key(const mbedtls_rsa_context *rsa, unsigned char *start, unsigned char **p) { size_t len = 0; @@ -342,7 +342,7 @@ end_of_export: * publicExponent INTEGER -- e * } */ -int mbedtls_rsa_pubkey_write(const mbedtls_rsa_context *rsa, unsigned char *start, +int mbedtls_rsa_write_pubkey(const mbedtls_rsa_context *rsa, unsigned char *start, unsigned char **p) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; diff --git a/library/rsa_internal.h b/library/rsa_internal.h index 6046850fc..7bbdc8c2b 100644 --- a/library/rsa_internal.h +++ b/library/rsa_internal.h @@ -28,7 +28,7 @@ * \return MBEDTLS_ERR_ASN1_xxx in case of ASN.1 parsing errors. * \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA in case of invalid version. */ -int mbedtls_rsa_key_parse(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen); +int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen); /** * \brief Parse a PKCS#1 (ASN.1) encoded public RSA key. @@ -44,7 +44,7 @@ int mbedtls_rsa_key_parse(mbedtls_rsa_context *rsa, const unsigned char *key, si * \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA in case of importing or * priv/pub validation errors. */ -int mbedtls_rsa_pubkey_parse(mbedtls_rsa_context *rsa, unsigned char **p, +int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, unsigned char **p, const unsigned char *end); /** @@ -67,7 +67,7 @@ int mbedtls_rsa_pubkey_parse(mbedtls_rsa_context *rsa, unsigned char **p, * \note The output buffer is filled backward, i.e. starting from its * end and moving toward its start. */ -int mbedtls_rsa_key_write(const mbedtls_rsa_context *rsa, unsigned char *start, +int mbedtls_rsa_write_key(const mbedtls_rsa_context *rsa, unsigned char *start, unsigned char **p); /** @@ -90,7 +90,7 @@ int mbedtls_rsa_key_write(const mbedtls_rsa_context *rsa, unsigned char *start, * \note The output buffer is filled backward, i.e. starting from its * end and moving toward its start. */ -int mbedtls_rsa_pubkey_write(const mbedtls_rsa_context *rsa, unsigned char *start, +int mbedtls_rsa_write_pubkey(const mbedtls_rsa_context *rsa, unsigned char *start, unsigned char **p); #if defined(MBEDTLS_PKCS1_V21) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 44caacd6e..2cc9fc17e 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1382,9 +1382,9 @@ void rsa_parse_pkcs1_key(int is_public, data_t *input, int exp_ret_val) mbedtls_rsa_init(&rsa_ctx); if (is_public) { - TEST_EQUAL(mbedtls_rsa_pubkey_parse(&rsa_ctx, &start, end), exp_ret_val); + TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, &start, end), exp_ret_val); } else { - TEST_EQUAL(mbedtls_rsa_key_parse(&rsa_ctx, input->x, input->len), exp_ret_val); + TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), exp_ret_val); } exit: @@ -1410,12 +1410,12 @@ void rsa_parse_write_pkcs1_key(int is_public, data_t *input) /* Parse the key and write it back to output_buf. */ if (is_public) { - TEST_EQUAL(mbedtls_rsa_pubkey_parse(&rsa_ctx, &input_start, input_end), 0); + TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, &input_start, input_end), 0); TEST_ASSERT(input_start == input_end); - TEST_EQUAL(mbedtls_rsa_pubkey_write(&rsa_ctx, output_start, &output_end), input->len); + TEST_EQUAL(mbedtls_rsa_write_pubkey(&rsa_ctx, output_start, &output_end), input->len); } else { - TEST_EQUAL(mbedtls_rsa_key_parse(&rsa_ctx, input->x, input->len), 0); - TEST_EQUAL(mbedtls_rsa_key_write(&rsa_ctx, output_start, &output_end), input->len); + TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), 0); + TEST_EQUAL(mbedtls_rsa_write_key(&rsa_ctx, output_start, &output_end), input->len); } /* This check holds because we alloacated an output buffer which is exactly * large enough to contain the written data. */ @@ -1444,9 +1444,9 @@ void rsa_key_write_incremental(int is_public, data_t *input) if (is_public) { start = input->x; end = input->x + input->len; - TEST_EQUAL(mbedtls_rsa_pubkey_parse(&rsa_ctx, &start, end), 0); + TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, &start, end), 0); } else { - TEST_EQUAL(mbedtls_rsa_key_parse(&rsa_ctx, input->x, input->len), 0); + TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), 0); } for (i = 1; i < input->len; i++) { @@ -1454,9 +1454,9 @@ void rsa_key_write_incremental(int is_public, data_t *input) end = buf + i; /* We don't care much about the return value as long as it fails. */ if (is_public) { - TEST_ASSERT(mbedtls_rsa_pubkey_write(&rsa_ctx, buf, &end) != 0); + TEST_ASSERT(mbedtls_rsa_write_pubkey(&rsa_ctx, buf, &end) != 0); } else { - TEST_ASSERT(mbedtls_rsa_key_write(&rsa_ctx, buf, &end) != 0); + TEST_ASSERT(mbedtls_rsa_write_key(&rsa_ctx, buf, &end) != 0); } mbedtls_free(buf); buf = NULL; @@ -1467,9 +1467,9 @@ void rsa_key_write_incremental(int is_public, data_t *input) end = buf + i; if (is_public) { - TEST_ASSERT(mbedtls_rsa_pubkey_write(&rsa_ctx, buf, &end) != 0); + TEST_ASSERT(mbedtls_rsa_write_pubkey(&rsa_ctx, buf, &end) != 0); } else { - TEST_ASSERT(mbedtls_rsa_key_write(&rsa_ctx, buf, &end) > 0); + TEST_ASSERT(mbedtls_rsa_write_key(&rsa_ctx, buf, &end) > 0); } exit: From 201e643509f7ddb4a30805f48446c4712bb49dbd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 1 Feb 2024 17:19:37 +0100 Subject: [PATCH 101/166] rsa: simplify mbedtls_rsa_parse_pubkey() input parameters In this way mbedtls_rsa_parse_pubkey() and mbedtls_rsa_parse_key() input parameter list is the same. Signed-off-by: Valerio Setti --- library/pkparse.c | 6 +-- library/psa_crypto_rsa.c | 4 +- library/rsa.c | 79 ++++++++++++++-------------- library/rsa_internal.h | 9 ++-- tests/suites/test_suite_rsa.function | 15 ++---- 5 files changed, 51 insertions(+), 62 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index b2127b2e5..a47815b84 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -850,7 +850,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, #if defined(MBEDTLS_RSA_C) if (pk_alg == MBEDTLS_PK_RSA) { - ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*pk), p, end); + ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*pk), *p, (size_t) (end - *p)); } else #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) @@ -1504,7 +1504,7 @@ int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx, return ret; } - if ((ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*ctx), &p, p + pem.buflen)) != 0) { + if ((ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*ctx), p, pem.buflen)) != 0) { mbedtls_pk_free(ctx); } @@ -1551,7 +1551,7 @@ int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx, } p = (unsigned char *) key; - ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*ctx), &p, p + keylen); + ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*ctx), p, keylen); if (ret == 0) { return ret; } diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 0047a26bf..4a574d1c7 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -73,9 +73,7 @@ psa_status_t mbedtls_psa_rsa_load_representation( if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) { status = mbedtls_to_psa_error(mbedtls_rsa_parse_key(*p_rsa, data, data_length)); } else { - unsigned char *p = data; - unsigned char *end = (data + data_length); - status = mbedtls_to_psa_error(mbedtls_rsa_parse_pubkey(*p_rsa, &p, end)); + status = mbedtls_to_psa_error(mbedtls_rsa_parse_pubkey(*p_rsa, data, data_length)); } if (status != PSA_SUCCESS) { goto exit; diff --git a/library/rsa.c b/library/rsa.c index 62b56cd25..f4add9173 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -46,6 +46,34 @@ #include "mbedtls/platform.h" +/* + * Wrapper around mbedtls_asn1_get_mpi() that rejects zero. + * + * The value zero is: + * - never a valid value for an RSA parameter + * - interpreted as "omitted, please reconstruct" by mbedtls_rsa_complete(). + * + * Since values can't be omitted in PKCS#1, passing a zero value to + * rsa_complete() would be incorrect, so reject zero values early. + */ +static int asn1_get_nonzero_mpi(unsigned char **p, + const unsigned char *end, + mbedtls_mpi *X) +{ + int ret; + + ret = mbedtls_asn1_get_mpi(p, end, X); + if (ret != 0) { + return ret; + } + + if (mbedtls_mpi_cmp_int(X, 0) == 0) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } + + return 0; +} + int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen) { int ret, version; @@ -192,9 +220,10 @@ cleanup: return ret; } -int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, unsigned char **p, - const unsigned char *end) +int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen) { + unsigned char *p = (unsigned char *) key; + unsigned char *end = (unsigned char *) (key + keylen); int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -205,45 +234,45 @@ int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, unsigned char **p, * } */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { return ret; } - if (*p + len != end) { + if (p + len != end) { return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; } /* Import N */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { return ret; } - if ((ret = mbedtls_rsa_import_raw(rsa, *p, len, NULL, 0, NULL, 0, + if ((ret = mbedtls_rsa_import_raw(rsa, p, len, NULL, 0, NULL, 0, NULL, 0, NULL, 0)) != 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - *p += len; + p += len; /* Import E */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { return ret; } if ((ret = mbedtls_rsa_import_raw(rsa, NULL, 0, NULL, 0, NULL, 0, - NULL, 0, *p, len)) != 0) { + NULL, 0, p, len)) != 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - *p += len; + p += len; if (mbedtls_rsa_complete(rsa) != 0 || mbedtls_rsa_check_pubkey(rsa) != 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - if (*p != end) { + if (p != end) { return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; } @@ -992,34 +1021,6 @@ size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx) return ctx->len; } -/* - * Wrapper around mbedtls_asn1_get_mpi() that rejects zero. - * - * The value zero is: - * - never a valid value for an RSA parameter - * - interpreted as "omitted, please reconstruct" by mbedtls_rsa_complete(). - * - * Since values can't be omitted in PKCS#1, passing a zero value to - * rsa_complete() would be incorrect, so reject zero values early. - */ -static int asn1_get_nonzero_mpi(unsigned char **p, - const unsigned char *end, - mbedtls_mpi *X) -{ - int ret; - - ret = mbedtls_asn1_get_mpi(p, end, X); - if (ret != 0) { - return ret; - } - - if (mbedtls_mpi_cmp_int(X, 0) == 0) { - return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; - } - - return 0; -} - #if defined(MBEDTLS_GENPRIME) /* diff --git a/library/rsa_internal.h b/library/rsa_internal.h index 7bbdc8c2b..acf14a2ff 100644 --- a/library/rsa_internal.h +++ b/library/rsa_internal.h @@ -34,18 +34,15 @@ int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, si * \brief Parse a PKCS#1 (ASN.1) encoded public RSA key. * * \param rsa The RSA context where parsed data will be stored. - * \param p Beginning of the buffer containing the key to be parsed. - * On successful return, the referenced pointer will be - * updated in order to point to the end of the parsed data. - * \param end End of the buffer containing the key to be parsed. + * \param key The buffer that contains the key. + * \param keylen The length of the key buffer in bytes. * * \return 0 on success. * \return MBEDTLS_ERR_ASN1_xxx in case of ASN.1 parsing errors. * \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA in case of importing or * priv/pub validation errors. */ -int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, unsigned char **p, - const unsigned char *end); +int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen); /** * \brief Write a PKCS#1 (ASN.1) encoded private RSA key. diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 2cc9fc17e..357c6edc2 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1376,13 +1376,11 @@ exit: void rsa_parse_pkcs1_key(int is_public, data_t *input, int exp_ret_val) { mbedtls_rsa_context rsa_ctx; - unsigned char *start = input->x; - unsigned char *end = input->x + input->len; mbedtls_rsa_init(&rsa_ctx); if (is_public) { - TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, &start, end), exp_ret_val); + TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), exp_ret_val); } else { TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), exp_ret_val); } @@ -1396,8 +1394,6 @@ exit: void rsa_parse_write_pkcs1_key(int is_public, data_t *input) { mbedtls_rsa_context rsa_ctx; - unsigned char *input_start = input->x; - unsigned char *input_end = input->x + input->len; unsigned char *output_buf = NULL; unsigned char *output_start; unsigned char *output_end; @@ -1410,8 +1406,7 @@ void rsa_parse_write_pkcs1_key(int is_public, data_t *input) /* Parse the key and write it back to output_buf. */ if (is_public) { - TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, &input_start, input_end), 0); - TEST_ASSERT(input_start == input_end); + TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), 0); TEST_EQUAL(mbedtls_rsa_write_pubkey(&rsa_ctx, output_start, &output_end), input->len); } else { TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), 0); @@ -1434,7 +1429,7 @@ exit: void rsa_key_write_incremental(int is_public, data_t *input) { mbedtls_rsa_context rsa_ctx; - unsigned char *buf = NULL, *start, *end; + unsigned char *buf = NULL, *end; size_t i; mbedtls_rsa_init(&rsa_ctx); @@ -1442,9 +1437,7 @@ void rsa_key_write_incremental(int is_public, data_t *input) /* This is supposed to succeed as the real target of this test are the * write attempt below. */ if (is_public) { - start = input->x; - end = input->x + input->len; - TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, &start, end), 0); + TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), 0); } else { TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), 0); } From 5fe9f6699bef38d3af95ecb4cd222de318993078 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 1 Feb 2024 17:35:56 +0100 Subject: [PATCH 102/166] rsa_internal: update documentation for parse/write functions Signed-off-by: Valerio Setti --- library/rsa_internal.h | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/library/rsa_internal.h b/library/rsa_internal.h index acf14a2ff..4cb564efa 100644 --- a/library/rsa_internal.h +++ b/library/rsa_internal.h @@ -24,9 +24,11 @@ * \param key The buffer that contains the key. * \param keylen The length of the key buffer in bytes. * - * \return 0 in success - * \return MBEDTLS_ERR_ASN1_xxx in case of ASN.1 parsing errors. - * \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA in case of invalid version. + * \return 0 on success. + * \return MBEDTLS_ERR_RSA_xxx in case of RSA internal failures while + * parsing data. + * \return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if validity checks on the + * provided key fail. */ int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen); @@ -39,8 +41,10 @@ int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, si * * \return 0 on success. * \return MBEDTLS_ERR_ASN1_xxx in case of ASN.1 parsing errors. - * \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA in case of importing or - * priv/pub validation errors. + * \return MBEDTLS_ERR_RSA_xxx in case of RSA internal failures while + * parsing data. + * \return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if validity checks on the + * provided key fail. */ int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen); @@ -56,8 +60,8 @@ int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key, * * \return On success, the number of bytes written to the output buffer * (i.e. a value > 0). - * \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA is the RSA context does not - * cointain valid. + * \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the RSA context does not + * contain a valid key pair. * \return MBEDTLS_ERR_ASN1_xxx in case of failure while writing to the * output buffer. * @@ -79,8 +83,8 @@ int mbedtls_rsa_write_key(const mbedtls_rsa_context *rsa, unsigned char *start, * * \return On success, the number of bytes written to the output buffer * (i.e. a value > 0). - * \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA is the RSA context does not - * cointain valid. + * \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the RSA context does not + * contain a valid public key. * \return MBEDTLS_ERR_ASN1_xxx in case of failure while writing to the * output buffer. * From 56cfe2fab6e5c529be54256fa15c657952502323 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 1 Feb 2024 17:53:26 +0100 Subject: [PATCH 103/166] test_suite_rsa: improve rsa_parse_write_pkcs1_key() and rsa_key_write_incremental() Signed-off-by: Valerio Setti --- tests/suites/test_suite_rsa.function | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 357c6edc2..6d1a0f03c 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1395,29 +1395,27 @@ void rsa_parse_write_pkcs1_key(int is_public, data_t *input) { mbedtls_rsa_context rsa_ctx; unsigned char *output_buf = NULL; - unsigned char *output_start; - unsigned char *output_end; - - TEST_CALLOC(output_buf, input->len); - output_start = output_buf; - output_end = output_buf + input->len; + unsigned char *output_end, *output_p; + size_t output_len; mbedtls_rsa_init(&rsa_ctx); + TEST_CALLOC(output_buf, input->len); + output_end = output_buf + input->len; + output_p = output_end; + /* Parse the key and write it back to output_buf. */ if (is_public) { TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), 0); - TEST_EQUAL(mbedtls_rsa_write_pubkey(&rsa_ctx, output_start, &output_end), input->len); + TEST_EQUAL(mbedtls_rsa_write_pubkey(&rsa_ctx, output_buf, &output_p), input->len); } else { TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), 0); - TEST_EQUAL(mbedtls_rsa_write_key(&rsa_ctx, output_start, &output_end), input->len); + TEST_EQUAL(mbedtls_rsa_write_key(&rsa_ctx, output_buf, &output_p), input->len); } - /* This check holds because we alloacated an output buffer which is exactly - * large enough to contain the written data. */ - TEST_ASSERT(output_end == output_start); + output_len = output_end - output_p; /* Check that the written key matches with the one provided in input. */ - TEST_MEMORY_COMPARE(output_buf, input->len, input->x, input->len); + TEST_MEMORY_COMPARE(output_p, output_len, input->x, input->len); exit: mbedtls_free(output_buf); @@ -1466,9 +1464,7 @@ void rsa_key_write_incremental(int is_public, data_t *input) } exit: - if (buf != NULL) { - mbedtls_free(buf); - } + mbedtls_free(buf); mbedtls_rsa_free(&rsa_ctx); } /* END_CASE */ From 5922cb9309ac0a22a066111b6183c5616b8fedd9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 2 Feb 2024 09:21:25 +0100 Subject: [PATCH 104/166] pkparse: keep legacy PK error codes when RSA key parsing fails This helps in reverting the changes to test_suite_x509parse.data when the RSA key parsing fails. Signed-off-by: Valerio Setti --- library/pkparse.c | 9 +++++++++ tests/suites/test_suite_x509parse.data | 10 +++++----- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index a47815b84..91d6eb59e 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -851,6 +851,15 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, #if defined(MBEDTLS_RSA_C) if (pk_alg == MBEDTLS_PK_RSA) { ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*pk), *p, (size_t) (end - *p)); + if (ret == 0) { + /* On success all the input has been consumed by the parsing function. */ + *p += end - *p; + } else if (ret & 0x7f) { + /* In case of ASN1 error codes add MBEDTLS_ERR_PK_INVALID_PUBKEY. */ + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); + } else { + ret = MBEDTLS_ERR_PK_INVALID_PUBKEY; + } } else #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 6e201259c..261c220ee 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1774,15 +1774,15 @@ x509parse_crt:"307d3068a0030201008204deadbeef300d06092a864886f70d01010b0500300c3 X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring length) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring tag) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv RSA modulus) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT ASN1 (TBS, inv SubPubKeyInfo, total length mismatch) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 @@ -1790,11 +1790,11 @@ x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300 X509 CRT ASN1 (TBS, inv SubPubKeyInfo, check failed) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_RSA_BAD_INPUT_DATA +x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY X509 CRT ASN1 (TBS, inv SubPubKeyInfo, check failed, expanded length notation) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_RSA_BAD_INPUT_DATA +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY # We expect an extension parsing error here because the IssuerID is optional. # Hence, if we find an ASN.1 tag doesn't match the IssuerID, we assume the From c701cb28350353d8ee293791368c411d372e0eff Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 2 Feb 2024 11:09:37 +0100 Subject: [PATCH 105/166] test_suite_rsa: improve rsa_key_write_incremental() Output buffer is tested from being 1 single byte up to twice what it is strictly required to contain the output data. Signed-off-by: Valerio Setti --- tests/suites/test_suite_rsa.function | 33 ++++++++++++++++++---------- 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 6d1a0f03c..2f700289a 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1427,8 +1427,8 @@ exit: void rsa_key_write_incremental(int is_public, data_t *input) { mbedtls_rsa_context rsa_ctx; - unsigned char *buf = NULL, *end; - size_t i; + unsigned char *buf = NULL, *end, *p; + size_t i, written_data; mbedtls_rsa_init(&rsa_ctx); @@ -1440,27 +1440,36 @@ void rsa_key_write_incremental(int is_public, data_t *input) TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), 0); } + /* Test with an output buffer smaller than required. */ for (i = 1; i < input->len; i++) { TEST_CALLOC(buf, i); end = buf + i; + p = end; /* We don't care much about the return value as long as it fails. */ if (is_public) { - TEST_ASSERT(mbedtls_rsa_write_pubkey(&rsa_ctx, buf, &end) != 0); + TEST_ASSERT(mbedtls_rsa_write_pubkey(&rsa_ctx, buf, &p) != 0); } else { - TEST_ASSERT(mbedtls_rsa_write_key(&rsa_ctx, buf, &end) != 0); + TEST_ASSERT(mbedtls_rsa_write_key(&rsa_ctx, buf, &p) != 0); } mbedtls_free(buf); buf = NULL; } - /* Ensure with the correct output buffer size everything works as expected. */ - TEST_CALLOC(buf, i); - end = buf + i; - - if (is_public) { - TEST_ASSERT(mbedtls_rsa_write_pubkey(&rsa_ctx, buf, &end) != 0); - } else { - TEST_ASSERT(mbedtls_rsa_write_key(&rsa_ctx, buf, &end) > 0); + /* Test with an output buffer equal or larger than what it is strictly required. */ + for (i = input->len; i < (2 * input->len); i++) { + TEST_CALLOC(buf, i); + end = buf + i; + p = end; + /* This time all write functions must succeed. */ + if (is_public) { + TEST_ASSERT(mbedtls_rsa_write_pubkey(&rsa_ctx, buf, &p) > 0); + } else { + TEST_ASSERT(mbedtls_rsa_write_key(&rsa_ctx, buf, &p) > 0); + } + written_data = (end - p); + TEST_MEMORY_COMPARE(p, written_data, input->x, input->len); + mbedtls_free(buf); + buf = NULL; } exit: From 684d78fcfa471109a3b9eeafbb18d8cdef8f8da2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 2 Feb 2024 12:30:16 +0100 Subject: [PATCH 106/166] test_suite_rsa: improve key parsing tests for extra data 2 scenarios are taken into account: - syntactically valid extra data inside the SEQUENCE - extra data outside the SEQUENCE A single integer is used as extra data in both cases. Signed-off-by: Valerio Setti --- tests/suites/test_suite_rsa.data | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 8a224d5ef..f4bd60a67 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -658,8 +658,11 @@ rsa_parse_pkcs1_key:0:"30630201000211007c8ab070369ede72920e5a51523c8571020301000 RSA parse private key - correct format, d == p == q == 0 rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c8571020301000102110000000000000000000000000000000000020900000000000000000002090000000000000000000209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_BAD_INPUT_DATA -RSA parse private key - correct values, trailing garbage -rsa_parse_pkcs1_key:0:"3064020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c00":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +RSA parse private key - correct values, extra integer inside the SEQUENCE +rsa_parse_pkcs1_key:0:"3066020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c020100":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH + +RSA parse private key - correct values, extra integer outside the SEQUENCE +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c020100":0 RSA parse private key - correct values, n wrong tag rsa_parse_pkcs1_key:0:"3063020100FF1100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG @@ -718,8 +721,11 @@ rsa_parse_pkcs1_key:1:"30050203010001":MBEDTLS_ERR_ASN1_OUT_OF_DATA RSA parse public key - missing public exponent rsa_parse_pkcs1_key:1:"308184028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb7":MBEDTLS_ERR_ASN1_OUT_OF_DATA -RSA parse public key - correct values, trailing garbage -rsa_parse_pkcs1_key:1:"30818a028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb7020301000100":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +RSA parse public key - correct values, extra integer inside the SEQUENCE +rsa_parse_pkcs1_key:1:"30818c028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001020100":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH + +RSA parse public key - correct values, extra integer outside the SEQUENCE +rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":0 RSA priv key write - incremental output buffer size rsa_key_write_incremental:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c" From c9dd8611f8f4d10ddbfe823dfc7615acd957536d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 2 Feb 2024 12:34:06 +0100 Subject: [PATCH 107/166] test_suite_psa_crypto_util: add missing new line at the end of file Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_util.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index 9368d7939..c92b5fcc1 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -114,4 +114,4 @@ ecdsa_raw_to_der_incremental:512:"9111111111111111111111111111111111111111111111 ECDSA Raw -> DER, 521bit, Incremental DER buffer sizes depends_on:PSA_WANT_ECC_SECP_R1_521 -ecdsa_raw_to_der_incremental:528:"911111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"3081890243009111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222" \ No newline at end of file +ecdsa_raw_to_der_incremental:528:"911111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"3081890243009111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222" From fc590dd3612466ab343db79490cc32355d5ec86a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 2 Feb 2024 13:46:02 +0100 Subject: [PATCH 108/166] changelog: fix typo Signed-off-by: Valerio Setti --- ChangeLog.d/8647.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/8647.txt b/ChangeLog.d/8647.txt index 44007e2c2..98326dc01 100644 --- a/ChangeLog.d/8647.txt +++ b/ChangeLog.d/8647.txt @@ -2,7 +2,7 @@ Default behavior changes * psa_import_key() now only accepts RSA keys in the PSA standard formats. The undocumented ability to import other formats (PKCS#8, SubjectPublicKey, PEM) accepted by the pkparse module has been removed. Applications that - need these format can call mbedtls_pk_parse_{public,}key() followed by + need these formats can call mbedtls_pk_parse_{public,}key() followed by mbedtls_pk_import_into_psa(). Changes From 5a198925286bf2a9ff849e5d23c930467e9c567f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 2 Feb 2024 13:59:51 +0100 Subject: [PATCH 109/166] pkparse: fix check for ASN1 errors in mbedtls_pk_parse_subpubkey() Signed-off-by: Valerio Setti --- library/pkparse.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index 91d6eb59e..5a3d3b259 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -854,7 +854,8 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, if (ret == 0) { /* On success all the input has been consumed by the parsing function. */ *p += end - *p; - } else if (ret & 0x7f) { + } else if ((ret <= MBEDTLS_ERR_ASN1_OUT_OF_DATA) && + (ret >= MBEDTLS_ERR_ASN1_BUF_TOO_SMALL)) { /* In case of ASN1 error codes add MBEDTLS_ERR_PK_INVALID_PUBKEY. */ ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); } else { From f15e13ead7dc00a21a58a0830a82f214c3e1a77b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 2 Feb 2024 14:00:53 +0100 Subject: [PATCH 110/166] test_suite_x509parse: remove useless include of rsa.h Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509parse.function | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index a54c165e1..c2a2f556d 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -9,7 +9,6 @@ #include "mbedtls/base64.h" #include "mbedtls/error.h" #include "mbedtls/pk.h" -#include "mbedtls/rsa.h" #include "string.h" #if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19 From ac61cee2fdcb4b24cc634ab90fa77f85e1dd8087 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 2 Feb 2024 17:53:38 +0000 Subject: [PATCH 111/166] Restore mutex lock for mbedtls_test_set_step() This function is called externally from several tests, so still requires a mutex lock. Add an internal function to reset the step, for use in functions where the mutex is already held. Signed-off-by: Paul Elliott --- tests/src/helpers.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 936da066f..ee87a61ee 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -144,12 +144,25 @@ unsigned long mbedtls_test_get_step(void) return step; } -void mbedtls_test_set_step(unsigned long step) +void mbedtls_test_reset_step(void) { /* Internal function only - mbedtls_test_info_mutex should be held prior * to calling this function. */ + mbedtls_test_info.step = (unsigned long) (-1); +} + +void mbedtls_test_set_step(unsigned long step) +{ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + mbedtls_test_info.step = step; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_get_line1(char *line) @@ -366,7 +379,7 @@ void mbedtls_test_info_reset(void) #endif /* MBEDTLS_THREADING_C */ mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0); - mbedtls_test_set_step((unsigned long) (-1)); + mbedtls_test_reset_step(); mbedtls_test_set_line1(NULL); mbedtls_test_set_line2(NULL); From 098e2d82cd4917cb03f5c385a449a6c83a1660e5 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 2 Feb 2024 17:59:26 +0000 Subject: [PATCH 112/166] Revert accidental formatting change Signed-off-by: Paul Elliott --- tests/include/test/bignum_helpers.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/include/test/bignum_helpers.h b/tests/include/test/bignum_helpers.h index cf175a3ac..a5e49cbe5 100644 --- a/tests/include/test/bignum_helpers.h +++ b/tests/include/test/bignum_helpers.h @@ -86,8 +86,8 @@ void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N); * the "0 (null)" and "0 (1 limb)" and "leading zeros" test cases do what they * claim. * - * \param[out] X The MPI object to populate. It must be initialized. - * \param[in] s The null-terminated hexadecimal string to read from. + * \param[out] X The MPI object to populate. It must be initialized. + * \param[in] s The null-terminated hexadecimal string to read from. * * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. */ From 13ab693c491b59d07436c6a26ce8ecf133646000 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 Feb 2024 08:48:39 +0100 Subject: [PATCH 113/166] rsa_internal: fix documentation for mbedtls_rsa_parse_key() Signed-off-by: Valerio Setti --- library/rsa_internal.h | 1 + 1 file changed, 1 insertion(+) diff --git a/library/rsa_internal.h b/library/rsa_internal.h index 4cb564efa..f79c3b712 100644 --- a/library/rsa_internal.h +++ b/library/rsa_internal.h @@ -25,6 +25,7 @@ * \param keylen The length of the key buffer in bytes. * * \return 0 on success. + * \return MBEDTLS_ERR_ASN1_xxx in case of ASN.1 parsing errors. * \return MBEDTLS_ERR_RSA_xxx in case of RSA internal failures while * parsing data. * \return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if validity checks on the From 45c33ed41ec2d89535aed1ac81d4345939e5c42a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 Feb 2024 09:04:10 +0100 Subject: [PATCH 114/166] test_suite_rsa: fix data for "extra integer outside the SEQUENCE" Signed-off-by: Valerio Setti --- tests/suites/test_suite_rsa.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index f4bd60a67..b404f00d2 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -725,7 +725,7 @@ RSA parse public key - correct values, extra integer inside the SEQUENCE rsa_parse_pkcs1_key:1:"30818c028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001020100":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH RSA parse public key - correct values, extra integer outside the SEQUENCE -rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":0 +rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001020100":0 RSA priv key write - incremental output buffer size rsa_key_write_incremental:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c" From 864519793777dd9bfd416c3a60a272f6d0622934 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 Feb 2024 09:50:20 +0100 Subject: [PATCH 115/166] psa_util: fix documentation of ECDSA conversion functions Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 15e92e36f..b7b710f65 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -184,35 +184,33 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa #if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) -/** Convert an ECDSA signature from raw format (used by PSA APIs) to DER ASN.1 - * format (used by legacy crypto APIs). +/** Convert an ECDSA signature from raw format to DER ASN.1 format. * * \param raw Buffer that contains the signature in raw format. - * \param raw_len Length of raw buffer in bytes + * \param raw_len Length of \p raw in bytes. * \param[out] der Buffer that will be filled with the converted DER * output. It can overlap with raw buffer. - * \param der_size Size of the output der buffer in bytes. + * \param der_size Size of \p der in bytes. * \param[out] der_len On success it contains the amount of valid data - * (in bytes) written to der buffer. It's undefined + * (in bytes) written to \p der. It's undefined * in case of failure. - * \param bits Size of each raw coordinate in bits. + * \param bits Size of each coordinate in bits. */ int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len, unsigned char *der, size_t der_size, size_t *der_len, size_t bits); -/** Convert an ECDSA signature from DER ASN.1 format (used by legacy crypto - * APIs) to raw format (used by PSA APIs). +/** Convert an ECDSA signature from DER ASN.1 format to raw format. * * \param der Buffer that contains the signature in DER format. - * \param der_len Size of the der buffer in bytes. + * \param der_len Size of \p der in bytes. * \param[out] raw Buffer that will be filled with the converted raw * signature. It can overlap with der buffer. - * \param raw_size Size of the raw buffer in bytes. + * \param raw_size Size of \p raw in bytes. * \param[out] raw_len On success it is updated with the amount of valid - * data (in bytes) written to raw buffer. It's undefined + * data (in bytes) written to \p raw. It's undefined * in case of failure. - * \param bits Size of each raw coordinate in bits. + * \param bits Size of each coordinate in bits. */ int mbedtls_ecdsa_der_to_raw(const unsigned char *der, size_t der_len, unsigned char *raw, size_t raw_size, size_t *raw_len, From 315e4afc0a6bc4e55340fe8de7891e076e277da5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 Feb 2024 10:09:15 +0100 Subject: [PATCH 116/166] psa_util: change parameters order in ECDSA conversion functions Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 14 ++++++------- library/pk_wrap.c | 7 +++---- library/psa_util.c | 10 ++++------ .../test_suite_psa_crypto_util.function | 20 ++++++++----------- 4 files changed, 21 insertions(+), 30 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index b7b710f65..06732d8c5 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -186,6 +186,7 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa /** Convert an ECDSA signature from raw format to DER ASN.1 format. * + * \param bits Size of each coordinate in bits. * \param raw Buffer that contains the signature in raw format. * \param raw_len Length of \p raw in bytes. * \param[out] der Buffer that will be filled with the converted DER @@ -194,14 +195,13 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa * \param[out] der_len On success it contains the amount of valid data * (in bytes) written to \p der. It's undefined * in case of failure. - * \param bits Size of each coordinate in bits. */ -int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len, - unsigned char *der, size_t der_size, size_t *der_len, - size_t bits); +int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_len, + unsigned char *der, size_t der_size, size_t *der_len); /** Convert an ECDSA signature from DER ASN.1 format to raw format. * + * \param bits Size of each coordinate in bits. * \param der Buffer that contains the signature in DER format. * \param der_len Size of \p der in bytes. * \param[out] raw Buffer that will be filled with the converted raw @@ -210,11 +210,9 @@ int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len, * \param[out] raw_len On success it is updated with the amount of valid * data (in bytes) written to \p raw. It's undefined * in case of failure. - * \param bits Size of each coordinate in bits. */ -int mbedtls_ecdsa_der_to_raw(const unsigned char *der, size_t der_len, - unsigned char *raw, size_t raw_size, size_t *raw_len, - size_t bits); +int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_len, + unsigned char *raw, size_t raw_size, size_t *raw_len); #endif /* MBEDTLS_PSA_UTIL_HAVE_ECDSA */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 9a29d929e..c45fbd436 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -573,9 +573,8 @@ static int ecdsa_verify_psa(unsigned char *key, size_t key_len, } p = (unsigned char *) sig; - ret = mbedtls_ecdsa_der_to_raw(p, sig_len, extracted_sig, - sizeof(extracted_sig), &converted_sig_len, - curve_bits); + ret = mbedtls_ecdsa_der_to_raw(curve_bits, p, sig_len, extracted_sig, + sizeof(extracted_sig), &converted_sig_len); if (ret != 0) { goto cleanup; } @@ -730,7 +729,7 @@ static int ecdsa_sign_psa(mbedtls_svc_key_id_t key_id, mbedtls_md_type_t md_alg, } done: - ret = mbedtls_ecdsa_raw_to_der(sig, sig_size, sig, sig_size, sig_len, key_bits); + ret = mbedtls_ecdsa_raw_to_der(key_bits, sig, sig_size, sig, sig_size, sig_len); return ret; } diff --git a/library/psa_util.c b/library/psa_util.c index b13d83d47..2491f2e45 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -402,9 +402,8 @@ static int convert_raw_to_der_single_int(const unsigned char *raw_buf, size_t ra return len; } -int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len, - unsigned char *der, size_t der_size, size_t *der_len, - size_t bits) +int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_len, + unsigned char *der, size_t der_size, size_t *der_len) { unsigned char r[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; unsigned char s[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; @@ -511,9 +510,8 @@ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len, return (int) (p - der); } -int mbedtls_ecdsa_der_to_raw(const unsigned char *der, size_t der_len, - unsigned char *raw, size_t raw_size, size_t *raw_len, - size_t bits) +int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_len, + unsigned char *raw, size_t raw_size, size_t *raw_len) { unsigned char raw_tmp[PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE]; unsigned char *p = (unsigned char *) der; diff --git a/tests/suites/test_suite_psa_crypto_util.function b/tests/suites/test_suite_psa_crypto_util.function index 9dc95b659..c102b0761 100644 --- a/tests/suites/test_suite_psa_crypto_util.function +++ b/tests/suites/test_suite_psa_crypto_util.function @@ -12,9 +12,8 @@ void ecdsa_raw_to_der(int key_bits, data_t *input, data_t *exp_result, int exp_r TEST_CALLOC(tmp_buf, tmp_buf_len); - TEST_EQUAL(mbedtls_ecdsa_raw_to_der(input->x, input->len, - tmp_buf, tmp_buf_len, &ret_len, - key_bits), exp_ret); + TEST_EQUAL(mbedtls_ecdsa_raw_to_der(key_bits, input->x, input->len, + tmp_buf, tmp_buf_len, &ret_len), exp_ret); if (exp_ret == 0) { ASSERT_COMPARE(exp_result->x, exp_result->len, tmp_buf, ret_len); @@ -35,17 +34,15 @@ void ecdsa_raw_to_der_incremental(int key_bits, data_t *input, data_t *exp_resul for (i = 1; i < tmp_buf_len; i++) { TEST_CALLOC(tmp_buf, i); - TEST_ASSERT(mbedtls_ecdsa_raw_to_der(input->x, input->len, - tmp_buf, i, &ret_len, - key_bits) != 0); + TEST_ASSERT(mbedtls_ecdsa_raw_to_der(key_bits, input->x, input->len, + tmp_buf, i, &ret_len) != 0); mbedtls_free(tmp_buf); tmp_buf = NULL; } TEST_CALLOC(tmp_buf, i); - TEST_EQUAL(mbedtls_ecdsa_raw_to_der(input->x, input->len, - tmp_buf, i, &ret_len, - key_bits), 0); + TEST_EQUAL(mbedtls_ecdsa_raw_to_der(key_bits, input->x, input->len, + tmp_buf, i, &ret_len), 0); exit: mbedtls_free(tmp_buf); } @@ -60,9 +57,8 @@ void ecdsa_der_to_raw(int key_bits, data_t *input, data_t *exp_result, int exp_r TEST_CALLOC(tmp_buf, tmp_buf_len); - TEST_EQUAL(mbedtls_ecdsa_der_to_raw(input->x, input->len, - tmp_buf, tmp_buf_len, &ret_len, - key_bits), exp_ret); + TEST_EQUAL(mbedtls_ecdsa_der_to_raw(key_bits, input->x, input->len, + tmp_buf, tmp_buf_len, &ret_len), exp_ret); if (exp_ret == 0) { ASSERT_COMPARE(exp_result->x, exp_result->len, tmp_buf, ret_len); From 954ef4bbd5727a92113732e51622af374d2f736f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 Feb 2024 12:06:46 +0100 Subject: [PATCH 117/166] psa_util: improve convert_raw_to_der_single_int() Allow the function to support DER buffers than what it is nominally required by the provided coordinates. In other words let's ignore padding zeros in the raw number. Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 7 +++++- library/psa_util.c | 25 ++++++++++--------- tests/suites/test_suite_psa_crypto_util.data | 4 +++ .../test_suite_psa_crypto_util.function | 13 +++++++--- 4 files changed, 33 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 06732d8c5..132c73f23 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -191,7 +191,12 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa * \param raw_len Length of \p raw in bytes. * \param[out] der Buffer that will be filled with the converted DER * output. It can overlap with raw buffer. - * \param der_size Size of \p der in bytes. + * \param der_size Size of \p der in bytes. Given \p bits parameter: + * * #MBEDTLS_ECDSA_MAX_SIG_LEN(\p bits) can be used + * to determine a large enough buffer for any + * \p raw input vector. + * * The minimum size might be smaller in case + * \p raw input vector contains padding zeros. * \param[out] der_len On success it contains the amount of valid data * (in bytes) written to \p der. It's undefined * in case of failure. diff --git a/library/psa_util.c b/library/psa_util.c index 2491f2e45..4e350c097 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -365,9 +365,21 @@ static int convert_raw_to_der_single_int(const unsigned char *raw_buf, size_t ra unsigned char *der_buf_end) { unsigned char *p = der_buf_end; - int len = (int) raw_len; + int len; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + /* ASN.1 DER encoding requires minimal length, so skip leading 0s. + * Provided input MPIs should not be 0, but as a failsafe measure, still + * detect that and return error in case. */ + while (*raw_buf == 0x00) { + ++raw_buf; + --raw_len; + if (raw_len == 0) { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + } + len = (int) raw_len; + /* Copy the raw coordinate to the end of der_buf. */ if ((p - der_buf_start) < len) { return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; @@ -375,17 +387,6 @@ static int convert_raw_to_der_single_int(const unsigned char *raw_buf, size_t ra p -= len; memcpy(p, raw_buf, len); - /* ASN.1 DER encoding requires minimal length, so skip leading 0s. - * Provided input MPIs should not be 0, but as a failsafe measure, still - * detect that and return error in case. */ - while (*p == 0x00) { - ++p; - --len; - if (len == 0) { - return MBEDTLS_ERR_ASN1_INVALID_DATA; - } - } - /* If MSb is 1, ASN.1 requires that we prepend a 0. */ if (*p & 0x80) { if ((p - der_buf_start) < 1) { diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index c92b5fcc1..606e56399 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -115,3 +115,7 @@ ecdsa_raw_to_der_incremental:512:"9111111111111111111111111111111111111111111111 ECDSA Raw -> DER, 521bit, Incremental DER buffer sizes depends_on:PSA_WANT_ECC_SECP_R1_521 ecdsa_raw_to_der_incremental:528:"911111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"3081890243009111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222" + +ECDSA Raw -> DER, 256bit, DER buffer of minimal length (1 byte per integer) +depends_on:PSA_WANT_ECC_SECP_K1_256 +ecdsa_raw_to_der_incremental:256:"00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002":"3006020101020102" diff --git a/tests/suites/test_suite_psa_crypto_util.function b/tests/suites/test_suite_psa_crypto_util.function index c102b0761..51f42a7bd 100644 --- a/tests/suites/test_suite_psa_crypto_util.function +++ b/tests/suites/test_suite_psa_crypto_util.function @@ -32,6 +32,7 @@ void ecdsa_raw_to_der_incremental(int key_bits, data_t *input, data_t *exp_resul size_t ret_len; size_t i; + /* Test with an output buffer smaller than required (expexted to fail). */ for (i = 1; i < tmp_buf_len; i++) { TEST_CALLOC(tmp_buf, i); TEST_ASSERT(mbedtls_ecdsa_raw_to_der(key_bits, input->x, input->len, @@ -39,10 +40,16 @@ void ecdsa_raw_to_der_incremental(int key_bits, data_t *input, data_t *exp_resul mbedtls_free(tmp_buf); tmp_buf = NULL; } + /* Test with an output buffer larger/equal than required (expexted to + * succeed). */ + for (i = tmp_buf_len; i < (2 * tmp_buf_len); i++) { + TEST_CALLOC(tmp_buf, i); + TEST_ASSERT(mbedtls_ecdsa_raw_to_der(key_bits, input->x, input->len, + tmp_buf, i, &ret_len) == 0); + mbedtls_free(tmp_buf); + tmp_buf = NULL; + } - TEST_CALLOC(tmp_buf, i); - TEST_EQUAL(mbedtls_ecdsa_raw_to_der(key_bits, input->x, input->len, - tmp_buf, i, &ret_len), 0); exit: mbedtls_free(tmp_buf); } From e01a2b03c63ef2fd087d850a6a006231417e5f71 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 Feb 2024 15:16:36 +0100 Subject: [PATCH 118/166] psa_util: update documentation for mbedtls_ecdsa_der_to_raw() Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 132c73f23..8868bc13a 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -211,7 +211,8 @@ int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_l * \param der_len Size of \p der in bytes. * \param[out] raw Buffer that will be filled with the converted raw * signature. It can overlap with der buffer. - * \param raw_size Size of \p raw in bytes. + * \param raw_size Size of \p raw in bytes. Must be at least + * 2 * PSA_BITS_TO_BYTES(bits) bytes. * \param[out] raw_len On success it is updated with the amount of valid * data (in bytes) written to \p raw. It's undefined * in case of failure. From 2bd0ecdf4582ee04877c028c456ecf487d47dc9b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 Feb 2024 15:25:15 +0100 Subject: [PATCH 119/166] psa_util: improve documentation for convert_raw_to_der_single_int() Signed-off-by: Valerio Setti --- library/psa_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_util.c b/library/psa_util.c index 4e350c097..1bb02e907 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -346,7 +346,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family, * * \param raw_buf Buffer containing the raw coordinate to be * converted. - * \param raw_len Length of raw_buf in bytes. + * \param raw_len Length of raw_buf in bytes. This must be > 0. * \param der_buf_start Pointer to the beginning of the buffer which * will be filled with the DER converted data. * \param der_buf_end End of the buffer used to store the DER output. From 8334d00772c155c41eb1a735417fd98dfd0382ee Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 Feb 2024 15:35:26 +0100 Subject: [PATCH 120/166] psa_util: improve check of raw_len in mbedtls_ecdsa_raw_to_der() Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 3 ++- library/psa_util.c | 2 +- tests/suites/test_suite_psa_crypto_util.data | 8 ++++++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 8868bc13a..a5f09a4f4 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -188,7 +188,8 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa * * \param bits Size of each coordinate in bits. * \param raw Buffer that contains the signature in raw format. - * \param raw_len Length of \p raw in bytes. + * \param raw_len Length of \p raw in bytes. This must be + * PSA_BITS_TO_BYTES(bits) bytes. * \param[out] der Buffer that will be filled with the converted DER * output. It can overlap with raw buffer. * \param der_size Size of \p der in bytes. Given \p bits parameter: diff --git a/library/psa_util.c b/library/psa_util.c index 1bb02e907..f3fcd1d8c 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -413,7 +413,7 @@ int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_l unsigned char *p = der + der_size; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if (raw_len < 2 * coordinate_len) { + if ((raw_len < 2 * coordinate_len) || (raw_len > 2 * coordinate_len)) { return MBEDTLS_ERR_ASN1_INVALID_DATA; } diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index 606e56399..580622f8c 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -26,6 +26,14 @@ ECDSA Raw -> DER, 256bit, s with MSb set depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_raw_to_der:256:"1111111111111111111111111111111111111111111111111111111111111111A222222222222222222222222222222222222222222222222222222222222222":"304502201111111111111111111111111111111111111111111111111111111111111111022100A222222222222222222222222222222222222222222222222222222222222222":0 +ECDSA Raw -> DER, 256bit, Invalid raw signature (1 byte shorter) +depends_on:PSA_WANT_ECC_SECP_K1_256 +ecdsa_raw_to_der:256:"111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA Raw -> DER, 256bit, Invalid raw signature (1 byte longer) +depends_on:PSA_WANT_ECC_SECP_K1_256 +ecdsa_raw_to_der:256:"1111111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + ECDSA DER -> Raw, 256bit, Success depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0 From bec1d842ac2a38d37a30fee182a7246ead5c41c9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 Feb 2024 15:50:02 +0100 Subject: [PATCH 121/166] psa_util: convert_der_to_raw_single_int() accepts also all zero integers These values are not mathematically valid as signature, but as for what it concerns with ECDSA conversion functions, 0 values in DER format should be translated to 0 values in raw format. Signed-off-by: Valerio Setti --- library/psa_util.c | 4 ---- tests/suites/test_suite_psa_crypto_util.data | 24 +++++++++++++------- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/library/psa_util.c b/library/psa_util.c index f3fcd1d8c..0a77855b0 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -493,10 +493,6 @@ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len, p++; unpadded_len--; } - /* It should never happen that the input number has 0 length. */ - if (unpadded_len == 0) { - return MBEDTLS_ERR_ASN1_INVALID_DATA; - } if (unpadded_len > coordinate_size) { /* Parsed number is longer than the maximum expected value. */ diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index 580622f8c..f12a4bb72 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -74,21 +74,29 @@ ECDSA DER -> Raw, 256bit, r with MSb set depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_der_to_raw:256:"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0 -ECDSA DER -> Raw, 256bit, Invalid r (only 1 zero byte) +ECDSA DER -> Raw, 256bit, Valid r all zeros depends_on:PSA_WANT_ECC_SECP_K1_256 -ecdsa_der_to_raw:256:"302502010002202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA +ecdsa_der_to_raw:256:"30440220000000000000000000000000000000000000000000000000000000000000000002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0 -ECDSA DER -> Raw, 256bit, Invalid s (only 1 zero byte) +ECDSA DER -> Raw, 256bit, Valid s all zeros depends_on:PSA_WANT_ECC_SECP_K1_256 -ecdsa_der_to_raw:256:"302502201111111111111111111111111111111111111111111111111111111111111111020100":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA +ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102200000000000000000000000000000000000000000000000000000000000000000":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0 -ECDSA DER -> Raw, 256bit, Invalid r (0-length) +ECDSA DER -> Raw, 256bit, Valid r only 1 zero byte depends_on:PSA_WANT_ECC_SECP_K1_256 -ecdsa_der_to_raw:256:"3024020002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA +ecdsa_der_to_raw:256:"302502010002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0 -ECDSA DER -> Raw, 256bit,Invalid s (0-length) +ECDSA DER -> Raw, 256bit, Valid s only 1 zero byte depends_on:PSA_WANT_ECC_SECP_K1_256 -ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA +ecdsa_der_to_raw:256:"302502201111111111111111111111111111111111111111111111111111111111111111020100":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0 + +ECDSA DER -> Raw, 256bit, Valid 0-length r +depends_on:PSA_WANT_ECC_SECP_K1_256 +ecdsa_der_to_raw:256:"3024020002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0 + +ECDSA DER -> Raw, 256bit, Valid 0-length s +depends_on:PSA_WANT_ECC_SECP_K1_256 +ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0 # 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. ECDSA Raw -> DER, 512bit, Success From 05c256fb3639d3ae3ca414d309851e45fdb36ca4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 Feb 2024 16:02:11 +0100 Subject: [PATCH 122/166] psa_util: minor performance improvement in mbedtls_ecdsa_der_to_raw() Signed-off-by: Valerio Setti --- library/psa_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_util.c b/library/psa_util.c index 0a77855b0..7e79b1ce8 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -529,7 +529,7 @@ int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_l return ret; } - memset(raw_tmp, 0, sizeof(raw_tmp)); + memset(raw_tmp, 0, 2 * coordinate_size); /* Extract r */ ret = convert_der_to_raw_single_int(p, data_len, raw_tmp, coordinate_size); From 091bdc416d5056554bb8963054357423165662b7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 Feb 2024 16:17:44 +0100 Subject: [PATCH 123/166] psa_util: enhance checks on leading zeros in convert_der_to_raw_single_int() Signed-off-by: Valerio Setti --- library/psa_util.c | 10 ++++++++++ tests/suites/test_suite_psa_crypto_util.data | 12 ++++++++---- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/library/psa_util.c b/library/psa_util.c index 7e79b1ce8..674f21b9b 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -488,10 +488,20 @@ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len, return ret; } + /* It's invalid to have MSb set without a leading 0x00 (leading 0x00 is + * checked below). */ + if ((*p & 0x80) != 0) { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + /* Skip possible leading zero */ if ((unpadded_len > 0) && (*p == 0x00)) { p++; unpadded_len--; + /* Only 1 leading zero is allowed, otherwise that's an error. */ + if (*p == 0x00) { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } } if (unpadded_len > coordinate_size) { diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index f12a4bb72..568f6c571 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -74,13 +74,13 @@ ECDSA DER -> Raw, 256bit, r with MSb set depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_der_to_raw:256:"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0 -ECDSA DER -> Raw, 256bit, Valid r all zeros +ECDSA DER -> Raw, 256bit, Invalid r all zeros depends_on:PSA_WANT_ECC_SECP_K1_256 -ecdsa_der_to_raw:256:"30440220000000000000000000000000000000000000000000000000000000000000000002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0 +ecdsa_der_to_raw:256:"30440220000000000000000000000000000000000000000000000000000000000000000002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA -ECDSA DER -> Raw, 256bit, Valid s all zeros +ECDSA DER -> Raw, 256bit, Invalid s all zeros depends_on:PSA_WANT_ECC_SECP_K1_256 -ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102200000000000000000000000000000000000000000000000000000000000000000":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0 +ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102200000000000000000000000000000000000000000000000000000000000000000":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA ECDSA DER -> Raw, 256bit, Valid r only 1 zero byte depends_on:PSA_WANT_ECC_SECP_K1_256 @@ -98,6 +98,10 @@ ECDSA DER -> Raw, 256bit, Valid 0-length s depends_on:PSA_WANT_ECC_SECP_K1_256 ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0 +ECDSA DER -> Raw, 256bit, Invalid r: MSb set without leading zero +depends_on:PSA_WANT_ECC_SECP_K1_256 +ecdsa_der_to_raw:256:"30440220911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + # 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. ECDSA Raw -> DER, 512bit, Success depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 From 110126110da3316451f9ddf7d4f011973c6d1a17 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 Feb 2024 16:24:18 +0100 Subject: [PATCH 124/166] test_suite_psa_util: use more generic symbols for test case dependencies Use PSA_VENDOR_ECC_MAX_CURVE_BITS instead of a specific curve since what we care about is only bit-size not the curve itself. Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_util.data | 68 ++++++++++---------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index 568f6c571..69e4e19e9 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -1,141 +1,141 @@ ECDSA Raw -> DER, 256bit, Success -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0 ECDSA Raw -> DER, 256bit, Raw data too short -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der:256:"111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA ECDSA Raw -> DER, 256bit, DER buffer too small -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"304402201111111111111111111111111111111111111111111111111111111111111111022022222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ECDSA Raw -> DER, 256bit, Null r -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der:256:"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA ECDSA Raw -> DER, 256bit, Null s -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA ECDSA Raw -> DER, 256bit, r with MSb set -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der:256:"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0 ECDSA Raw -> DER, 256bit, s with MSb set -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der:256:"1111111111111111111111111111111111111111111111111111111111111111A222222222222222222222222222222222222222222222222222222222222222":"304502201111111111111111111111111111111111111111111111111111111111111111022100A222222222222222222222222222222222222222222222222222222222222222":0 ECDSA Raw -> DER, 256bit, Invalid raw signature (1 byte shorter) -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der:256:"111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA ECDSA Raw -> DER, 256bit, Invalid raw signature (1 byte longer) -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der:256:"1111111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA ECDSA DER -> Raw, 256bit, Success -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0 ECDSA DER -> Raw, 256bit, Raw buffer too small -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ECDSA DER -> Raw, 256bit, Wrong sequence tag -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"40440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ECDSA DER -> Raw, 256bit, Invalid sequence length -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"30ff0220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_LENGTH ECDSA DER -> Raw, 256bit, Wrong integer tag -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"30440120111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ECDSA DER -> Raw, 256bit, Wrong r integer length (too small) -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"30440219111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ECDSA DER -> Raw, 256bit, Wrong r integer length (too large) -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"30440221111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA ECDSA DER -> Raw, 256bit, Wrong s integer length (too small) -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102192222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ECDSA DER -> Raw, 256bit, Wrong s integer length (too large) -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102212222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_OUT_OF_DATA ECDSA DER -> Raw, 256bit, r with MSb set -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0 ECDSA DER -> Raw, 256bit, Invalid r all zeros -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"30440220000000000000000000000000000000000000000000000000000000000000000002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA ECDSA DER -> Raw, 256bit, Invalid s all zeros -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102200000000000000000000000000000000000000000000000000000000000000000":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA ECDSA DER -> Raw, 256bit, Valid r only 1 zero byte -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"302502010002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0 ECDSA DER -> Raw, 256bit, Valid s only 1 zero byte -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"302502201111111111111111111111111111111111111111111111111111111111111111020100":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0 ECDSA DER -> Raw, 256bit, Valid 0-length r -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"3024020002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0 ECDSA DER -> Raw, 256bit, Valid 0-length s -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0 ECDSA DER -> Raw, 256bit, Invalid r: MSb set without leading zero -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"30440220911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA # 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. ECDSA Raw -> DER, 512bit, Success -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 512 ecdsa_raw_to_der:512:"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"308184024011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024022222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 # 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. ECDSA DER -> Raw, 512bit, Success -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 512 ecdsa_der_to_raw:512:"308184024011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024022222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 # 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. # Bit length is rounded up to 528 to be multiple of 8. ECDSA Raw -> DER, 521bit, Success -depends_on:PSA_WANT_ECC_SECP_R1_521 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 521 ecdsa_raw_to_der:528:"111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818802421111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 # 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. # Bit length is rounded up to 528 to be multiple of 8. ECDSA DER -> Raw, 521bit, Success -depends_on:PSA_WANT_ECC_SECP_R1_521 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 521 ecdsa_der_to_raw:528:"30818802421111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 ECDSA Raw -> DER, 256bit, Incremental DER buffer sizes -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der_incremental:256:"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222" ECDSA Raw -> DER, 512bit, Incremental DER buffer sizes -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 512 ecdsa_raw_to_der_incremental:512:"9111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818502410091111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024022222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222" ECDSA Raw -> DER, 521bit, Incremental DER buffer sizes -depends_on:PSA_WANT_ECC_SECP_R1_521 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 521 ecdsa_raw_to_der_incremental:528:"911111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"3081890243009111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222" ECDSA Raw -> DER, 256bit, DER buffer of minimal length (1 byte per integer) -depends_on:PSA_WANT_ECC_SECP_K1_256 +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der_incremental:256:"00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002":"3006020101020102" From 1792bb44a0aac407b8d87b08eeba487e19ac854f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 Feb 2024 17:34:49 +0100 Subject: [PATCH 125/166] test_suite_psa_crypto_util: add more test cases Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_util.data | 28 +++++++++++++++++--- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index 69e4e19e9..7f3f5b50b 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -26,6 +26,18 @@ ECDSA Raw -> DER, 256bit, s with MSb set depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der:256:"1111111111111111111111111111111111111111111111111111111111111111A222222222222222222222222222222222222222222222222222222222222222":"304502201111111111111111111111111111111111111111111111111111111111111111022100A222222222222222222222222222222222222222222222222222222222222222":0 +ECDSA Raw -> DER, 256bit, both r and s with MSb set +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der:256:"A111111111111111111111111111111111111111111111111111111111111111A222222222222222222222222222222222222222222222222222222222222222":"3046022100A111111111111111111111111111111111111111111111111111111111111111022100A222222222222222222222222222222222222222222222222222222222222222":0 + +ECDSA Raw -> DER, 256bit, r and s only 1 byte of data +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der:256:"00000000000000000000000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000022":"3006020111020122":0 + +ECDSA Raw -> DER, 256bit, r and s only 1 byte of data with MSb set +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der:256:"000000000000000000000000000000000000000000000000000000000000009100000000000000000000000000000000000000000000000000000000000000A2":"300802020091020200A2":0 + ECDSA Raw -> DER, 256bit, Invalid raw signature (1 byte shorter) depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der:256:"111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA @@ -54,22 +66,26 @@ ECDSA DER -> Raw, 256bit, Wrong integer tag depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"30440120111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -ECDSA DER -> Raw, 256bit, Wrong r integer length (too small) +ECDSA DER -> Raw, 256bit, Wrong r integer length (1 byte smaller than the actual size) depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"30440219111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -ECDSA DER -> Raw, 256bit, Wrong r integer length (too large) +ECDSA DER -> Raw, 256bit, Wrong r integer length (1 byte larger than the actual size) depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"30440221111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA -ECDSA DER -> Raw, 256bit, Wrong s integer length (too small) +ECDSA DER -> Raw, 256bit, Wrong s integer length (1 byte smaller than the actual size) depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102192222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -ECDSA DER -> Raw, 256bit, Wrong s integer length (too large) +ECDSA DER -> Raw, 256bit, Wrong s integer length (1 byte larger than the actual size) depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102212222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_OUT_OF_DATA +ECDSA DER -> Raw, 256bit, r size 1 byte larger than allowed for output raw coordinate +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"3045022111111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + ECDSA DER -> Raw, 256bit, r with MSb set depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0 @@ -118,6 +134,10 @@ ECDSA Raw -> DER, 521bit, Success depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 521 ecdsa_raw_to_der:528:"111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818802421111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 +ECDSA Raw -> DER, 521bit, Success (integers exactly 521 bits) +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 521 +ecdsa_raw_to_der:528:"011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818802420111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 + # 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. # Bit length is rounded up to 528 to be multiple of 8. ECDSA DER -> Raw, 521bit, Success From 9ae32704b615c473303c35c708efa18673858476 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 5 Feb 2024 16:44:16 +0000 Subject: [PATCH 126/166] Add missing dependencies for pkparse tests Signed-off-by: Ryan Everett --- tests/suites/test_suite_pkparse.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index a8d6536e9..5e9f0e7a8 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -891,15 +891,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #99.3 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem":"PolarSSLTest":0 Parse RSA Key #99.4 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem":"PolarSSLTest":0 Parse RSA Key #99.5 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem":"PolarSSLTest":0 Parse RSA Key #99.6 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384 DER, 2048-bit) From 1d5fa22f9dc75841106d96cba39a113fe092dc21 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 5 Feb 2024 16:45:38 +0000 Subject: [PATCH 127/166] Fix pkcs5 aes test data Remove the keyLength parameter from the AES-256 tests. Add MBEDTLS_CIPHER_PADDING_PKCS7 to the dependencies. Signed-off-by: Ryan Everett --- tests/suites/test_suite_pkcs5.data | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index 790a31ba0..939c82fc0 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -143,16 +143,16 @@ depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIP pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607" PBES2 Encrypt AES-128-CBC (OK, generated with OpenSSL) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e" PBES2 Encrypt AES-192-CBC (OK, generated with OpenSSL) -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7 pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94" PBES2 Encrypt AES-256-CBC (OK, generated with OpenSSL) -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566" +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7 +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301a0408010203040506070802022710300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566" PBES2 Decrypt AES-128-CBC (OK, generated with OpenSSL) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC @@ -164,7 +164,7 @@ pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886 PBES2 Decrypt AES-256-CBC (OK, generated with OpenSSL) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301a0408010203040506070802022710300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" PBES2 Decrypt (bad params tag) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C From 0e60e93c12002b1aae6fb77e647b3cfdba64134e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 Feb 2024 17:59:42 +0100 Subject: [PATCH 128/166] test_suite_psa_crypto_util: improve ecdsa_der_to_raw() Check that the parsing always fails if the input is truncated. Signed-off-by: Valerio Setti --- .../test_suite_psa_crypto_util.function | 27 ++++++++++++++----- 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_util.function b/tests/suites/test_suite_psa_crypto_util.function index 51f42a7bd..fe811e062 100644 --- a/tests/suites/test_suite_psa_crypto_util.function +++ b/tests/suites/test_suite_psa_crypto_util.function @@ -58,20 +58,35 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_PSA_UTIL_HAVE_ECDSA */ void ecdsa_der_to_raw(int key_bits, data_t *input, data_t *exp_result, int exp_ret) { - unsigned char *tmp_buf = NULL; - size_t tmp_buf_len = exp_result->len; + unsigned char *in_buf = NULL; + size_t in_buf_len; + unsigned char *out_buf = NULL; + size_t out_buf_len = exp_result->len; size_t ret_len; - TEST_CALLOC(tmp_buf, tmp_buf_len); + TEST_CALLOC(out_buf, out_buf_len); + + /* Verify that parsing of truncated input always fails. */ + for (in_buf_len = 1; in_buf_len < input->len; in_buf_len++) { + /* We alloc a copy of input buffer with limited length so that sanitizers + * can detect overreads. */ + TEST_CALLOC(in_buf, in_buf_len); + memcpy(in_buf, input->x, in_buf_len); + TEST_ASSERT(mbedtls_ecdsa_der_to_raw(key_bits, in_buf, in_buf_len, + out_buf, out_buf_len, &ret_len) != 0); + mbedtls_free(in_buf); + in_buf = NULL; + } TEST_EQUAL(mbedtls_ecdsa_der_to_raw(key_bits, input->x, input->len, - tmp_buf, tmp_buf_len, &ret_len), exp_ret); + out_buf, out_buf_len, &ret_len), exp_ret); if (exp_ret == 0) { - ASSERT_COMPARE(exp_result->x, exp_result->len, tmp_buf, ret_len); + ASSERT_COMPARE(exp_result->x, exp_result->len, out_buf, ret_len); } exit: - mbedtls_free(tmp_buf); + mbedtls_free(in_buf); + mbedtls_free(out_buf); } /* END_CASE */ From fe329cea3fdcda1865c21e24b5fa3e5aef219eaa Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 6 Feb 2024 08:00:18 +0100 Subject: [PATCH 129/166] rsa: handle buffer length similarly in private and public key parsing Signed-off-by: Valerio Setti --- library/rsa.c | 8 +++++++- tests/suites/test_suite_rsa.data | 2 +- tests/suites/test_suite_x509parse.data | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index f4add9173..b250e1d49 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -109,6 +109,10 @@ int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, si end = p + len; + if (end > (key + keylen)) { + return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + } + if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) { return ret; } @@ -239,7 +243,9 @@ int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key, return ret; } - if (p + len != end) { + end = p + len; + + if (end > (key + keylen)) { return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; } diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index b404f00d2..b89d1583c 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -707,7 +707,7 @@ RSA parse public key - public exponent 0 rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203000000":MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA parse public key - wrong sequence length -rsa_parse_pkcs1_key:1:"308188028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +rsa_parse_pkcs1_key:1:"308188028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_OUT_OF_DATA RSA parse public key - wrong modulus length rsa_parse_pkcs1_key:1:"308189028180009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 261c220ee..b9ae20c56 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1774,7 +1774,7 @@ x509parse_crt:"307d3068a0030201008204deadbeef300d06092a864886f70d01010b0500300c3 X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring length) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring tag) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 From d4fc5d9d1c76a6cb978ceb4cc74ec62b111b0007 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 6 Feb 2024 08:42:42 +0100 Subject: [PATCH 130/166] psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der() The only real contraint on the raw buffer is that it is large enough to contain 2 coordinates. Larger buffers are therefore allowed and the extra data will simply be ignored. Note = trying to impose a strict sizing on the raw buffer causes several failures in test suites. This suggests that it is quite common to use larger buffer to store raw signatures. Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 2 +- library/psa_util.c | 2 +- tests/suites/test_suite_psa_crypto_util.data | 4 ---- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index a5f09a4f4..9294d29bb 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -188,7 +188,7 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa * * \param bits Size of each coordinate in bits. * \param raw Buffer that contains the signature in raw format. - * \param raw_len Length of \p raw in bytes. This must be + * \param raw_len Length of \p raw in bytes. This must be at least * PSA_BITS_TO_BYTES(bits) bytes. * \param[out] der Buffer that will be filled with the converted DER * output. It can overlap with raw buffer. diff --git a/library/psa_util.c b/library/psa_util.c index 674f21b9b..7ce5eea03 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -413,7 +413,7 @@ int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_l unsigned char *p = der + der_size; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if ((raw_len < 2 * coordinate_len) || (raw_len > 2 * coordinate_len)) { + if (raw_len < 2 * coordinate_len) { return MBEDTLS_ERR_ASN1_INVALID_DATA; } diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index 7f3f5b50b..f7e6ebace 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -42,10 +42,6 @@ ECDSA Raw -> DER, 256bit, Invalid raw signature (1 byte shorter) depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der:256:"111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA -ECDSA Raw -> DER, 256bit, Invalid raw signature (1 byte longer) -depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 -ecdsa_raw_to_der:256:"1111111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA - ECDSA DER -> Raw, 256bit, Success depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0 From 4e9683e8180801a6d0c5326794263c32d62f1e71 Mon Sep 17 00:00:00 2001 From: Chien Wong Date: Thu, 28 Dec 2023 17:07:43 +0800 Subject: [PATCH 131/166] Reduce many unnecessary static memory consumption .data section of ssl_client1 becomes 320 bytes smaller on AMD64. Signed-off-by: Chien Wong --- library/ecp_curves.c | 14 +++++++------- library/sha3.c | 4 ++-- library/ssl_tls.c | 16 ++++++++-------- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 577e23b7a..9a011bbfe 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -52,7 +52,7 @@ defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) /* For these curves, we build the group parameters dynamically. */ #define ECP_LOAD_GROUP -static mbedtls_mpi_uint mpi_one[] = { 1 }; +static const mbedtls_mpi_uint mpi_one[] = { 1 }; #endif /* @@ -4511,7 +4511,7 @@ static inline void ecp_mpi_set1(mbedtls_mpi *X) { X->s = 1; X->n = 1; - X->p = mpi_one; + X->p = (mbedtls_mpi_uint *) mpi_one; /* X->p will not be modified so the cast is safe */ } /* @@ -5318,7 +5318,7 @@ cleanup: */ #define P_KOBLITZ_MAX (256 / 8 / sizeof(mbedtls_mpi_uint)) // Max limbs in P #define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R -static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs, +static inline int ecp_mod_koblitz(mbedtls_mpi *N, const mbedtls_mpi_uint *Rp, size_t p_limbs, size_t adjust, size_t shift, mbedtls_mpi_uint mask) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -5332,7 +5332,7 @@ static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p /* Init R */ R.s = 1; - R.p = Rp; + R.p = (mbedtls_mpi_uint *) Rp; /* R.p will not be modified so the cast is safe */ R.n = P_KOBLITZ_R; /* Common setup for M */ @@ -5403,7 +5403,7 @@ cleanup: */ static int ecp_mod_p192k1(mbedtls_mpi *N) { - static mbedtls_mpi_uint Rp[] = { + static const mbedtls_mpi_uint Rp[] = { MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00) }; @@ -5420,7 +5420,7 @@ static int ecp_mod_p192k1(mbedtls_mpi *N) */ static int ecp_mod_p224k1(mbedtls_mpi *N) { - static mbedtls_mpi_uint Rp[] = { + static const mbedtls_mpi_uint Rp[] = { MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00) }; @@ -5442,7 +5442,7 @@ static int ecp_mod_p224k1(mbedtls_mpi *N) */ static int ecp_mod_p256k1(mbedtls_mpi *N) { - static mbedtls_mpi_uint Rp[] = { + static const mbedtls_mpi_uint Rp[] = { MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00) }; diff --git a/library/sha3.c b/library/sha3.c index d90fefaea..f420a1249 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -37,7 +37,7 @@ mbedtls_sha3_family_functions; /* * List of supported SHA-3 families */ -static mbedtls_sha3_family_functions sha3_families[] = { +static const mbedtls_sha3_family_functions sha3_families[] = { { MBEDTLS_SHA3_224, 1152, 224 }, { MBEDTLS_SHA3_256, 1088, 256 }, { MBEDTLS_SHA3_384, 832, 384 }, @@ -180,7 +180,7 @@ void mbedtls_sha3_clone(mbedtls_sha3_context *dst, */ int mbedtls_sha3_starts(mbedtls_sha3_context *ctx, mbedtls_sha3_id id) { - mbedtls_sha3_family_functions *p = NULL; + const mbedtls_sha3_family_functions *p = NULL; for (p = sha3_families; p->id != MBEDTLS_SHA3_NONE; p++) { if (p->id == id) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ecfecf277..10c5f74b2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -631,7 +631,7 @@ static const char *extension_name_table[] = { [MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT] = "record_size_limit" }; -static unsigned int extension_type_table[] = { +static const unsigned int extension_type_table[] = { [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = 0xff, [MBEDTLS_SSL_EXT_ID_SERVERNAME] = MBEDTLS_TLS_EXT_SERVERNAME, [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, @@ -3706,7 +3706,7 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, (SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT) | \ (SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT))) -static unsigned char ssl_serialized_session_header[] = { +static const unsigned char ssl_serialized_session_header[] = { MBEDTLS_VERSION_MAJOR, MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH, @@ -4431,7 +4431,7 @@ void mbedtls_ssl_session_free(mbedtls_ssl_session *session) (SSL_SERIALIZED_CONTEXT_CONFIG_ALPN << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT) | \ 0u)) -static unsigned char ssl_serialized_context_header[] = { +static const unsigned char ssl_serialized_context_header[] = { MBEDTLS_VERSION_MAJOR, MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH, @@ -5049,7 +5049,7 @@ void mbedtls_ssl_config_init(mbedtls_ssl_config *conf) * See the documentation of mbedtls_ssl_conf_curves() for what we promise * about this list. */ -static uint16_t ssl_preset_default_groups[] = { +static const uint16_t ssl_preset_default_groups[] = { #if defined(MBEDTLS_ECP_HAVE_CURVE25519) MBEDTLS_SSL_IANA_TLS_GROUP_X25519, #endif @@ -5100,7 +5100,7 @@ static const int ssl_preset_suiteb_ciphersuites[] = { * - ssl_tls12_preset* is for TLS 1.2 use only. * - ssl_preset_* is for TLS 1.3 only or hybrid TLS 1.3/1.2 handshakes. */ -static uint16_t ssl_preset_default_sig_algs[] = { +static const uint16_t ssl_preset_default_sig_algs[] = { #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ defined(MBEDTLS_MD_CAN_SHA256) && \ @@ -5195,7 +5195,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ /* NOTICE: see above */ -static uint16_t ssl_preset_suiteb_sig_algs[] = { +static const uint16_t ssl_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ defined(MBEDTLS_MD_CAN_SHA256) && \ @@ -5236,7 +5236,7 @@ static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -static uint16_t ssl_preset_suiteb_groups[] = { +static const uint16_t ssl_preset_suiteb_groups[] = { #if defined(MBEDTLS_ECP_HAVE_SECP256R1) MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, #endif @@ -5250,7 +5250,7 @@ static uint16_t ssl_preset_suiteb_groups[] = { /* Function for checking `ssl_preset_*_sig_algs` and `ssl_tls12_preset_*_sig_algs` * to make sure there are no duplicated signature algorithm entries. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_no_sig_alg_duplication(uint16_t *sig_algs) +static int ssl_check_no_sig_alg_duplication(const uint16_t *sig_algs) { size_t i, j; int ret = 0; From f20728ee49a89ef8fbb9154dd014c1cbe28a48b9 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 6 Feb 2024 12:49:45 +0000 Subject: [PATCH 132/166] Fix missed case for removing accessor Signed-off-by: Paul Elliott --- tests/src/helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index ee87a61ee..da0b54a00 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -483,7 +483,7 @@ int mbedtls_test_le_s(const char *test, int line_no, const char *filename, #endif /* MBEDTLS_THREADING_C */ /* Don't use accessor, we already hold mutex. */ - if (mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_FAILED) { + if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { /* If we've already recorded the test as having failed then don't * overwrite any previous information about the failure. */ From 94c5806a64aa68eac1af9ad25d3b4e302fdae2f4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 6 Feb 2024 15:49:06 +0100 Subject: [PATCH 133/166] suite_psa_crypto_util: make ecdsa_raw_to_der_incremental() more readable Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_util.function | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_util.function b/tests/suites/test_suite_psa_crypto_util.function index fe811e062..2d8915e54 100644 --- a/tests/suites/test_suite_psa_crypto_util.function +++ b/tests/suites/test_suite_psa_crypto_util.function @@ -28,12 +28,11 @@ exit: void ecdsa_raw_to_der_incremental(int key_bits, data_t *input, data_t *exp_result) { unsigned char *tmp_buf = NULL; - size_t tmp_buf_len = exp_result->len; size_t ret_len; size_t i; /* Test with an output buffer smaller than required (expexted to fail). */ - for (i = 1; i < tmp_buf_len; i++) { + for (i = 1; i < exp_result->len; i++) { TEST_CALLOC(tmp_buf, i); TEST_ASSERT(mbedtls_ecdsa_raw_to_der(key_bits, input->x, input->len, tmp_buf, i, &ret_len) != 0); @@ -42,7 +41,7 @@ void ecdsa_raw_to_der_incremental(int key_bits, data_t *input, data_t *exp_resul } /* Test with an output buffer larger/equal than required (expexted to * succeed). */ - for (i = tmp_buf_len; i < (2 * tmp_buf_len); i++) { + for (i = exp_result->len; i < (2 * exp_result->len); i++) { TEST_CALLOC(tmp_buf, i); TEST_ASSERT(mbedtls_ecdsa_raw_to_der(key_bits, input->x, input->len, tmp_buf, i, &ret_len) == 0); From 79e2e5d2d00d95fe9d9131baa3d79726d28e1f5b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 6 Feb 2024 15:10:03 +0000 Subject: [PATCH 134/166] Add comment to set/increment step functions These functions are thread safe, but using them from within multiple threads at the same time may not have the intended effect, given order cannot be guaranteed. Also, standardise header comment formatting. Signed-off-by: Paul Elliott --- tests/include/test/helpers.h | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index f2fb62d93..a939b1c0e 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -111,6 +111,11 @@ int mbedtls_test_get_line_no(void); /** * \brief Increment the current test step. + * + * \note Calling this function from within multiple threads at the + * same time is not recommended - whilst it is entirely thread + * safe, the order of calls to this function can obviously not + * be ensured, so unexpected results may occur. */ void mbedtls_test_increment_step(void); @@ -215,30 +220,35 @@ void mbedtls_test_fail(const char *test, int line_no, const char *filename); void mbedtls_test_skip(const char *test, int line_no, const char *filename); /** - * \brief Set the test step number for failure reports. + * \brief Set the test step number for failure reports. * - * Call this function to display "step NNN" in addition to the - * line number and file name if a test fails. Typically the "step - * number" is the index of a for loop but it can be whatever you - * want. + * Call this function to display "step NNN" in addition to the + * line number and file name if a test fails. Typically the + * "step number" is the index of a for loop but it can be + * whatever you want. + * + * \note Calling this function from a within multiple threads at the + * same time is not recommended - whilst it is entirely thread + * safe, the order of calls to this function can obviously not + * be ensured, so unexpected results may occur. * * \param step The step number to report. */ void mbedtls_test_set_step(unsigned long step); /** - * \brief Reset mbedtls_test_info to a ready/starting state. + * \brief Reset mbedtls_test_info to a ready/starting state. */ void mbedtls_test_info_reset(void); #ifdef MBEDTLS_TEST_MUTEX_USAGE /** - * \brief Get the test info data mutex. + * \brief Get the test info data mutex. * - * \note This is designed only to be used by threading_helpers to avoid a - * deadlock, not for general access to this mutex. + * \note This is designed only to be used by threading_helpers to + * avoid a deadlock, not for general access to this mutex. * - * \return The test info data mutex. + * \return The test info data mutex. */ mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void); From 2b6a7b37f40c01f63497782525421026ee697f22 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 6 Feb 2024 16:21:44 +0100 Subject: [PATCH 135/166] suite_psa_crypto_util: use 521 bits data and bit-size instead of 528 Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_util.data | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index f7e6ebace..eb205b905 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -125,20 +125,14 @@ depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 512 ecdsa_der_to_raw:512:"308184024011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024022222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 # 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. -# Bit length is rounded up to 528 to be multiple of 8. ECDSA Raw -> DER, 521bit, Success depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 521 -ecdsa_raw_to_der:528:"111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818802421111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 - -ECDSA Raw -> DER, 521bit, Success (integers exactly 521 bits) -depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 521 -ecdsa_raw_to_der:528:"011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818802420111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 +ecdsa_raw_to_der:521:"011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818802420111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 # 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. -# Bit length is rounded up to 528 to be multiple of 8. ECDSA DER -> Raw, 521bit, Success depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 521 -ecdsa_der_to_raw:528:"30818802421111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 +ecdsa_der_to_raw:521:"30818802420111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 ECDSA Raw -> DER, 256bit, Incremental DER buffer sizes depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 @@ -150,7 +144,7 @@ ecdsa_raw_to_der_incremental:512:"9111111111111111111111111111111111111111111111 ECDSA Raw -> DER, 521bit, Incremental DER buffer sizes depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 521 -ecdsa_raw_to_der_incremental:528:"911111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"3081890243009111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222" +ecdsa_raw_to_der_incremental:521:"011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818802420111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222" ECDSA Raw -> DER, 256bit, DER buffer of minimal length (1 byte per integer) depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 From 6269f3baf497e3a9b8d5e9d8d40d8a9c4af144f6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 6 Feb 2024 16:55:18 +0100 Subject: [PATCH 136/166] Revert "psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der()" This reverts commit d4fc5d9d1c76a6cb978ceb4cc74ec62b111b0007. Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 2 +- library/psa_util.c | 2 +- tests/suites/test_suite_psa_crypto_util.data | 4 ++++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 9294d29bb..a5f09a4f4 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -188,7 +188,7 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa * * \param bits Size of each coordinate in bits. * \param raw Buffer that contains the signature in raw format. - * \param raw_len Length of \p raw in bytes. This must be at least + * \param raw_len Length of \p raw in bytes. This must be * PSA_BITS_TO_BYTES(bits) bytes. * \param[out] der Buffer that will be filled with the converted DER * output. It can overlap with raw buffer. diff --git a/library/psa_util.c b/library/psa_util.c index 7ce5eea03..674f21b9b 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -413,7 +413,7 @@ int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_l unsigned char *p = der + der_size; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if (raw_len < 2 * coordinate_len) { + if ((raw_len < 2 * coordinate_len) || (raw_len > 2 * coordinate_len)) { return MBEDTLS_ERR_ASN1_INVALID_DATA; } diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index eb205b905..1d170297b 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -42,6 +42,10 @@ ECDSA Raw -> DER, 256bit, Invalid raw signature (1 byte shorter) depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der:256:"111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA +ECDSA Raw -> DER, 256bit, Invalid raw signature (1 byte longer) +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der:256:"1111111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + ECDSA DER -> Raw, 256bit, Success depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0 From cf81f6997759decd200a8953cd9d3f46f3de447a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 6 Feb 2024 16:57:12 +0100 Subject: [PATCH 137/166] psa_util: smarter raw length check in mbedtls_ecdsa_raw_to_der() Signed-off-by: Valerio Setti --- library/psa_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_util.c b/library/psa_util.c index 674f21b9b..970274e3f 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -413,7 +413,7 @@ int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_l unsigned char *p = der + der_size; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if ((raw_len < 2 * coordinate_len) || (raw_len > 2 * coordinate_len)) { + if (raw_len != (2 * coordinate_len)) { return MBEDTLS_ERR_ASN1_INVALID_DATA; } From bb76f80218fa679eff384a1dace645d5faa5774f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 6 Feb 2024 16:57:23 +0100 Subject: [PATCH 138/166] pk_wrap: use proper raw buffer length in ecdsa_sign_psa() Signed-off-by: Valerio Setti --- library/pk_wrap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index c45fbd436..d61a7cbad 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -729,7 +729,7 @@ static int ecdsa_sign_psa(mbedtls_svc_key_id_t key_id, mbedtls_md_type_t md_alg, } done: - ret = mbedtls_ecdsa_raw_to_der(key_bits, sig, sig_size, sig, sig_size, sig_len); + ret = mbedtls_ecdsa_raw_to_der(key_bits, sig, *sig_len, sig, sig_size, sig_len); return ret; } From 1810fd9ac8f78be06558b3cdfacc70a9b3ece362 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 6 Feb 2024 17:02:49 +0100 Subject: [PATCH 139/166] add changelog Signed-off-by: Valerio Setti --- ChangeLog.d/7765.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/7765.txt diff --git a/ChangeLog.d/7765.txt b/ChangeLog.d/7765.txt new file mode 100644 index 000000000..3dd6b5d30 --- /dev/null +++ b/ChangeLog.d/7765.txt @@ -0,0 +1,3 @@ +Features + * Add functions mbedtls_ecdsa_raw_to_der() and mbedtls_ecdsa_der_to_raw() to + convert ECDSA signatures between raw and DER (ASN.1) formats. From a76a0011aba1b192df04b710ae876f4395381439 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 6 Feb 2024 16:45:54 +0000 Subject: [PATCH 140/166] Remove mutex calls in psa_wipe_all_key_slots Code size and code style improvement, these calls aren't needed. Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index f4c6ee005..9890de622 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -144,9 +144,6 @@ void psa_wipe_all_key_slots(void) { size_t slot_idx; -#if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_lock(&mbedtls_threading_key_slot_mutex); -#endif for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) { psa_key_slot_t *slot = &global_data.key_slots[slot_idx]; slot->registered_readers = 1; @@ -154,9 +151,6 @@ void psa_wipe_all_key_slots(void) (void) psa_wipe_key_slot(slot); } global_data.key_slots_initialized = 0; -#if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_unlock(&mbedtls_threading_key_slot_mutex); -#endif } psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, From e053cb2f12ad05b58406a28724b362eeffd09cdb Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 6 Feb 2024 14:57:43 +0000 Subject: [PATCH 141/166] Stop platform test failures with GCC and TSAN Signed-off-by: Paul Elliott --- tests/include/test/helpers.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 7c962a283..47d4dcd45 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -23,6 +23,10 @@ #if defined(__SANITIZE_ADDRESS__) /* gcc -fsanitize=address */ # define MBEDTLS_TEST_HAVE_ASAN #endif +#if defined(__SANITIZE_THREAD__) /* gcc -fsanitize-thread */ +# define MBEDTLS_TEST_HAVE_TSAN +#endif + #if defined(__has_feature) # if __has_feature(address_sanitizer) /* clang -fsanitize=address */ # define MBEDTLS_TEST_HAVE_ASAN From 30a303f1a8b856cfd6d44ad89754a018e49fb479 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 6 Feb 2024 19:45:11 +0100 Subject: [PATCH 142/166] ECDSA signature conversion: put bits first Metadata, then inputs, then outputs. https://github.com/Mbed-TLS/mbedtls/pull/8703#discussion_r1474697136 Signed-off-by: Gilles Peskine --- .../architecture/psa-migration/psa-legacy-bridges.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/architecture/psa-migration/psa-legacy-bridges.md b/docs/architecture/psa-migration/psa-legacy-bridges.md index e09d23c49..ec3fcd0b1 100644 --- a/docs/architecture/psa-migration/psa-legacy-bridges.md +++ b/docs/architecture/psa-migration/psa-legacy-bridges.md @@ -330,12 +330,12 @@ Based on the [gap analysis](#signature-formats): [ACTION] [#7765](https://github.com/Mbed-TLS/mbedtls/issues/7765) Implement `mbedtls_ecdsa_raw_to_der` and `mbedtls_ecdsa_der_to_raw` as described below. ``` -int mbedtls_ecdsa_raw_to_der(const unsigned char *raw, size_t raw_len, - unsigned char *der, size_t der_size, size_t *der_len, - size_t bits); -int mbedtls_ecdsa_der_to_raw(const unsigned char *der, size_t der_len, - unsigned char *raw, size_t raw_size, size_t *raw_len, - size_t bits); +int mbedtls_ecdsa_raw_to_der(size_t bits, + const unsigned char *raw, size_t raw_len, + unsigned char *der, size_t der_size, size_t *der_len); +int mbedtls_ecdsa_der_to_raw(size_t bits, + const unsigned char *der, size_t der_len, + unsigned char *raw, size_t raw_size, size_t *raw_len); ``` * These functions convert between the signature format used by `mbedtls_pk_{sign,verify}{,_ext}` and the signature format used by `psa_{sign,verify}_{hash,message}`. From 447bbce8b4e7fd95388dc365b71c09202cb3d238 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 7 Feb 2024 08:02:03 +0100 Subject: [PATCH 143/166] rsa: remove unnecessary check in priv/pub key parsing Signed-off-by: Valerio Setti --- library/rsa.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index b250e1d49..c8ea980e0 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -107,12 +107,9 @@ int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, si return ret; } + /* mbedtls_asn1_get_tag() already ensures that len is valid (i.e. p+len <= end)*/ end = p + len; - if (end > (key + keylen)) { - return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; - } - if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) { return ret; } @@ -243,12 +240,9 @@ int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key, return ret; } + /* mbedtls_asn1_get_tag() already ensures that len is valid (i.e. p+len <= end)*/ end = p + len; - if (end > (key + keylen)) { - return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; - } - /* Import N */ if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { return ret; From 3f557ad59c3279c00258be0660723290e9ee20af Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 Feb 2024 11:22:16 +0100 Subject: [PATCH 144/166] Wording improvement Signed-off-by: Gilles Peskine --- docs/architecture/psa-migration/psa-legacy-bridges.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/architecture/psa-migration/psa-legacy-bridges.md b/docs/architecture/psa-migration/psa-legacy-bridges.md index ec3fcd0b1..912344e31 100644 --- a/docs/architecture/psa-migration/psa-legacy-bridges.md +++ b/docs/architecture/psa-migration/psa-legacy-bridges.md @@ -340,5 +340,5 @@ int mbedtls_ecdsa_der_to_raw(size_t bits, * These functions convert between the signature format used by `mbedtls_pk_{sign,verify}{,_ext}` and the signature format used by `psa_{sign,verify}_{hash,message}`. * The input and output buffers can overlap. -* The `bits` parameter is necessary in the DER-to-raw direction because the DER format lacks leading zeros, so something else needs to convey the size of (r,s). The `bits` parameter is not needed in the raw-to-DER direction, but [it can help catch errors](https://github.com/Mbed-TLS/mbedtls/pull/8681#discussion_r1445980971) and the information is readily available in practice. +* The `bits` parameter is necessary in the DER-to-raw direction because the DER format lacks leading zeros, so something else needs to convey the size of (r,s). The `bits` parameter is redundant in the raw-to-DER direction, but we have it anyway because [it helps catch errors](https://github.com/Mbed-TLS/mbedtls/pull/8681#discussion_r1445980971), and it isn't a burden on the caller because the information is readily available in practice. * Should these functions rely on the ASN.1 module? We experimented [calling ASN.1 functions](https://github.com/Mbed-TLS/mbedtls/pull/8681), [reimplementing simpler ASN.1 functions](https://github.com/Mbed-TLS/mbedtls/pull/8696), and [providing the functions from the ASN.1 module](https://github.com/Mbed-TLS/mbedtls/pull/8703). Providing the functions from the ASN.1 module [won on a compromise of code size and simplicity](https://github.com/Mbed-TLS/mbedtls/issues/7765#issuecomment-1893670015). From 2840523ae4829984a9b163876351ab5b5a3e3dfc Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 7 Feb 2024 10:42:22 +0000 Subject: [PATCH 145/166] Remind contributors not to force-push Signed-off-by: Dave Rodgman --- .github/pull_request_template.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index a07e8abd1..586536c0c 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -18,3 +18,10 @@ Please tick as appropriate and edit the reasons (e.g.: "backport: not needed bec Please refer to the [contributing guidelines](https://github.com/Mbed-TLS/mbedtls/blob/development/CONTRIBUTING.md), especially the checklist for PR contributors. + +Help make review efficient: +* Multiple simple commits + - please structure your PR into a series of small commits, each of which does one thing +* No force-push + - please do not force-push to update your PR - just add new commit(s) + - use `git merge` (or the GitHub web interface) to resolve conflicts - not `git rebase` From c1a4d1f09a93d25f3037a3d56afaff3990811d94 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 7 Feb 2024 11:04:14 +0000 Subject: [PATCH 146/166] Remove comments about rebasing vs merging; link to longer RTD document Signed-off-by: Dave Rodgman --- .github/pull_request_template.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 586536c0c..55b5964b5 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -24,4 +24,4 @@ Help make review efficient: - please structure your PR into a series of small commits, each of which does one thing * No force-push - please do not force-push to update your PR - just add new commit(s) - - use `git merge` (or the GitHub web interface) to resolve conflicts - not `git rebase` +* See our [Guidelines for Contributors](https://mbed-tls.readthedocs.io/en/latest/reviews/review-for-contributors/) for more details about the review process. From 2a6593bbb628d72a1c5be18c254ecff6e4f3961c Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 7 Feb 2024 11:05:47 +0000 Subject: [PATCH 147/166] Slightly soften force-push suggestion Signed-off-by: Dave Rodgman --- .github/pull_request_template.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 55b5964b5..9d30412fd 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -22,6 +22,6 @@ checklist for PR contributors. Help make review efficient: * Multiple simple commits - please structure your PR into a series of small commits, each of which does one thing -* No force-push +* Avoid force-push - please do not force-push to update your PR - just add new commit(s) * See our [Guidelines for Contributors](https://mbed-tls.readthedocs.io/en/latest/reviews/review-for-contributors/) for more details about the review process. From a8082c43d5f8a389ec843b17886673efa14c8667 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 7 Feb 2024 13:31:19 +0000 Subject: [PATCH 148/166] Add MBEDTLS_CIPHER_C dependencies to new pkparse tests Signed-off-by: Ryan Everett --- tests/suites/test_suite_pkparse.data | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 5e9f0e7a8..6af070255 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -891,27 +891,27 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #99.3 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem":"PolarSSLTest":0 Parse RSA Key #99.4 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem":"PolarSSLTest":0 Parse RSA Key #99.5 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem":"PolarSSLTest":0 Parse RSA Key #99.6 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384 DER, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der":"PolarSSLTest":0 Parse RSA Key #99.7 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384 DER, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der":"PolarSSLTest":0 Parse RSA Key #99.8 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384 DER, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der":"PolarSSLTest":0 Parse Public RSA Key #1 (PKCS#8 wrapped) From affba30833d7b38d22670ba389fe9b71aaf158a5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 7 Feb 2024 15:03:33 +0100 Subject: [PATCH 149/166] psa_util: update documentation for mbedtls_ecdsa_raw_to_der() Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index a5f09a4f4..984f03154 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -192,12 +192,13 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa * PSA_BITS_TO_BYTES(bits) bytes. * \param[out] der Buffer that will be filled with the converted DER * output. It can overlap with raw buffer. - * \param der_size Size of \p der in bytes. Given \p bits parameter: - * * #MBEDTLS_ECDSA_MAX_SIG_LEN(\p bits) can be used - * to determine a large enough buffer for any - * \p raw input vector. - * * The minimum size might be smaller in case - * \p raw input vector contains padding zeros. + * \param der_size Size of \p der in bytes. It is enough if \p der_size + * is at least the size of the actual output. (The size + * of the output can vary depending on the presence of + * leading zeros in the data.) You can use + * #MBEDTLS_ECDSA_MAX_SIG_LEN(\p bits) to determine a + * size that is large enough for all signatures for a + * given value of \p bits. * \param[out] der_len On success it contains the amount of valid data * (in bytes) written to \p der. It's undefined * in case of failure. From ef07fa0fc3a6d0a7ebff1777978a7799678f0bd4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 7 Feb 2024 15:16:45 +0100 Subject: [PATCH 150/166] test_suite_psa_crypto_util: add more test for raw->der Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_util.data | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index 1d170297b..86f63ab85 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -2,10 +2,6 @@ ECDSA Raw -> DER, 256bit, Success depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0 -ECDSA Raw -> DER, 256bit, Raw data too short -depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 -ecdsa_raw_to_der:256:"111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA - ECDSA Raw -> DER, 256bit, DER buffer too small depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"304402201111111111111111111111111111111111111111111111111111111111111111022022222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL @@ -38,14 +34,22 @@ ECDSA Raw -> DER, 256bit, r and s only 1 byte of data with MSb set depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der:256:"000000000000000000000000000000000000000000000000000000000000009100000000000000000000000000000000000000000000000000000000000000A2":"300802020091020200A2":0 -ECDSA Raw -> DER, 256bit, Invalid raw signature (1 byte shorter) +ECDSA Raw -> DER, 256bit, Invalid raw signature (r 1 byte shorter) depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der:256:"111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA -ECDSA Raw -> DER, 256bit, Invalid raw signature (1 byte longer) +ECDSA Raw -> DER, 256bit, Invalid raw signature (r and s 1 byte shorter) +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der:256:"1111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA Raw -> DER, 256bit, Invalid raw signature (r 1 byte longer) depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_raw_to_der:256:"1111111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA +ECDSA Raw -> DER, 256bit, Invalid raw signature (r and s 1 byte longer) +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der:256:"111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + ECDSA DER -> Raw, 256bit, Success depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0 From bda577bb0bd003206c7234ced60950faaa8a7ef7 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 6 Feb 2024 17:49:20 +0000 Subject: [PATCH 151/166] Fix confusing comment in ctr drbg thread test Make it clearer where the magic number chosen for entropy_len actually comes from, and why we chose this value. Signed-off-by: Paul Elliott --- tests/suites/test_suite_ctr_drbg.function | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 425c43ef1..63524f25a 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -354,7 +354,12 @@ void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count) const size_t n_random_calls = thread_count * thread_random_reps + 1; - /* Based on the size of MBEDTLS_CTR_DRBG_ENTROPY_LEN for SHA512. */ + /* This is a known-answer test, and although tests use a mock entropy + * function the input entropy length will still affect the output. + * We therefore need to pick a fixed entropy length, rather than using the + * default entropy length (MBEDTLS_CTR_DRBG_ENTROPY_LEN). We've chosen to + * use the default value of MBEDTLS_CTR_DRBG_ENTROPY_LEN for SHA-512, + * as this was the value used when the expected answers were calculated. */ const size_t entropy_len = 48; AES_PSA_INIT(); @@ -367,8 +372,8 @@ void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count) test_offset_idx = 0; - /* Need to do this, otherwise if we are forced into using SHA256 for - * whaever reason, output will differ. */ + /* Need to set a non-default fixed entropy len, to ensure same output across + * all configs - see above for details. */ mbedtls_ctr_drbg_set_entropy_len(&ctx, entropy_len); if (reseed == 0) { From 1910390b4a819d5eaa582ad4a57483b4278e473f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 7 Feb 2024 16:16:58 +0100 Subject: [PATCH 152/166] psa_util: improve leading zeros check in convert_der_to_raw_single_int() Signed-off-by: Valerio Setti --- library/psa_util.c | 15 +++++++++------ tests/suites/test_suite_psa_crypto_util.data | 16 ++++++++++++---- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/library/psa_util.c b/library/psa_util.c index 970274e3f..fd119bf3d 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -488,18 +488,21 @@ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len, return ret; } - /* It's invalid to have MSb set without a leading 0x00 (leading 0x00 is - * checked below). */ - if ((*p & 0x80) != 0) { + /* It's invalid to have: + * - unpadded_len == 0. + * - MSb set without a leading 0x00 (leading 0x00 is checked below). */ + if (((unpadded_len == 0) || (*p & 0x80) != 0)) { return MBEDTLS_ERR_ASN1_INVALID_DATA; } /* Skip possible leading zero */ - if ((unpadded_len > 0) && (*p == 0x00)) { + if (*p == 0x00) { p++; unpadded_len--; - /* Only 1 leading zero is allowed, otherwise that's an error. */ - if (*p == 0x00) { + /* It is not allowed to have more than 1 leading zero. + * Ignore the case in which unpadded_len = 0 because that's a 0 encoded + * in ASN.1 format (i.e. 020100). */ + if ((unpadded_len > 0) && (*p == 0x00)) { return MBEDTLS_ERR_ASN1_INVALID_DATA; } } diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data index 86f63ab85..807007b5e 100644 --- a/tests/suites/test_suite_psa_crypto_util.data +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -110,13 +110,21 @@ ECDSA DER -> Raw, 256bit, Valid s only 1 zero byte depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 ecdsa_der_to_raw:256:"302502201111111111111111111111111111111111111111111111111111111111111111020100":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0 -ECDSA DER -> Raw, 256bit, Valid 0-length r +ECDSA DER -> Raw, 256bit, Invalid 0-length r depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 -ecdsa_der_to_raw:256:"3024020002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0 +ecdsa_der_to_raw:256:"3024020002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA -ECDSA DER -> Raw, 256bit, Valid 0-length s +ECDSA DER -> Raw, 256bit, Invalid 0-length s depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 -ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0 +ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA DER -> Raw, 256bit, Invalid r 2 leading zeros +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"3027020300000102202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA DER -> Raw, 256bit, Invalid s 2 leading zeros +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"3027022011111111111111111111111111111111111111111111111111111111111111110203000001":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA ECDSA DER -> Raw, 256bit, Invalid r: MSb set without leading zero depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 From 68608b23177faf654dc3d774122b478d7a5d0a06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Feb 2024 11:51:39 +0100 Subject: [PATCH 153/166] Remove redundant helper macros in check_config.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 28 +++++----------------------- 1 file changed, 5 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index b21135686..40936cd49 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -281,23 +281,8 @@ #error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites" #endif -/* Helpers for hash dependencies, will be undefined at the end of the file */ -/* Do SHA-256, 384, 512 to cover Entropy and TLS. */ -#if defined(MBEDTLS_SHA256_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256)) -#define MBEDTLS_MD_HAVE_SHA256 -#endif -#if defined(MBEDTLS_SHA384_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384)) -#define MBEDTLS_MD_HAVE_SHA384 -#endif -#if defined(MBEDTLS_SHA512_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512)) -#define MBEDTLS_MD_HAVE_SHA512 -#endif - #if defined(MBEDTLS_ENTROPY_C) && \ - !(defined(MBEDTLS_MD_HAVE_SHA512) || defined(MBEDTLS_MD_HAVE_SHA256)) + !(defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA256)) #error "MBEDTLS_ENTROPY_C defined, but not all prerequisites" #endif #if defined(MBEDTLS_ENTROPY_C) && \ @@ -305,12 +290,12 @@ #error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high" #endif #if defined(MBEDTLS_ENTROPY_C) && \ - (defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(MBEDTLS_MD_HAVE_SHA512)) \ + (defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(MBEDTLS_MD_CAN_SHA512)) \ && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32) #error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high" #endif #if defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_MD_HAVE_SHA256) + defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_MD_CAN_SHA256) #error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites" #endif @@ -471,7 +456,7 @@ /* Use of EC J-PAKE in TLS requires SHA-256. */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - !defined(MBEDTLS_MD_HAVE_SHA256) + !defined(MBEDTLS_MD_CAN_SHA256) #error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" #endif @@ -975,7 +960,7 @@ #endif #else /* MBEDTLS_USE_PSA_CRYPTO */ #if !defined(MBEDTLS_MD_C) || \ - !(defined(MBEDTLS_MD_HAVE_SHA256) || defined(MBEDTLS_MD_HAVE_SHA384)) + !(defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA384)) #error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites" #endif #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -1220,9 +1205,6 @@ /* Undefine helper symbols */ #undef MBEDTLS_PK_HAVE_JPAKE -#undef MBEDTLS_MD_HAVE_SHA256 -#undef MBEDTLS_MD_HAVE_SHA384 -#undef MBEDTLS_MD_HAVE_SHA512 #undef MBEDTLS_PK_HAVE_CURVE_SECP256R1 /* From 7eb3f9a5237e9b18ca1ec6df948b0a710b140151 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Feb 2024 11:56:54 +0100 Subject: [PATCH 154/166] Simplify and fix dependency of MD_C on a hash MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Simplify: let's take advantage of the MD_CAN macros instead of doing it again ourselves. Fix: SHA-3 was forgotten. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 40936cd49..785285919 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -468,23 +468,19 @@ #error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C" #endif -#if defined(MBEDTLS_MD_C) && !( \ - defined(MBEDTLS_MD5_C) || \ - defined(MBEDTLS_RIPEMD160_C) || \ - defined(MBEDTLS_SHA1_C) || \ - defined(MBEDTLS_SHA224_C) || \ - defined(MBEDTLS_SHA256_C) || \ - defined(MBEDTLS_SHA384_C) || \ - defined(MBEDTLS_SHA512_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && \ - (defined(PSA_WANT_ALG_MD5) || \ - defined(PSA_WANT_ALG_RIPEMD160) || \ - defined(PSA_WANT_ALG_SHA_1) || \ - defined(PSA_WANT_ALG_SHA_224) || \ - defined(PSA_WANT_ALG_SHA_256) || \ - defined(PSA_WANT_ALG_SHA_384) || \ - defined(PSA_WANT_ALG_SHA_512)))) -#error "MBEDTLS_MD_C defined, but not all prerequisites" +#if defined(MBEDTLS_MD_C) && \ + !defined(MBEDTLS_MD_CAN_MD5) && \ + !defined(MBEDTLS_MD_CAN_RIPEMD160) && \ + !defined(MBEDTLS_MD_CAN_SHA1) && \ + !defined(MBEDTLS_MD_CAN_SHA224) && \ + !defined(MBEDTLS_MD_CAN_SHA256) && \ + !defined(MBEDTLS_MD_CAN_SHA384) && \ + !defined(MBEDTLS_MD_CAN_SHA512) && \ + !defined(MBEDTLS_MD_CAN_SHA3_224) && \ + !defined(MBEDTLS_MD_CAN_SHA3_256) && \ + !defined(MBEDTLS_MD_CAN_SHA3_384) && \ + !defined(MBEDTLS_MD_CAN_SHA3_512) +#error "MBEDTLS_MD_C defined, but no hash algorithm" #endif #if defined(MBEDTLS_LMS_C) && \ From 49f64b4cac9a34405f16bcf9e4e20c7fa0ee3792 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Feb 2024 12:00:28 +0100 Subject: [PATCH 155/166] Fix dependency on low-level hash modules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit None of the TLS code is calling low-level hash functions directly. So the correct dependencies here are MD_CAN. (I checked and this was the only occurrence.) Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 785285919..8c8130bb9 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -461,11 +461,11 @@ #endif #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ - !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \ - ( !defined(MBEDTLS_SHA256_C) && \ - !defined(MBEDTLS_SHA512_C) && \ - !defined(MBEDTLS_SHA1_C) ) -#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C" + !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \ + !defined(MBEDTLS_MD_CAN_SHA256) && \ + !defined(MBEDTLS_MD_CAN_SHA512) && \ + !defined(MBEDTLS_MD_CAN_SHA1) +#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires SHA-512, SHA-256 or SHA-1". #endif #if defined(MBEDTLS_MD_C) && \ From 61758e606ea226c275d8c667e539c964ecc0dcfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Feb 2024 12:03:28 +0100 Subject: [PATCH 156/166] Fix wrong dependency of ECJPAKE_C MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It always uses MD now. (The "fall back" to PSA Crypto was only in the 1st iteration of driver-only hash support, before we changed the architecture to make everything go through MD.) Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 8c8130bb9..3be200d83 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -234,9 +234,8 @@ #endif #endif /* MBEDTLS_PK_C && MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_ECJPAKE_C) && \ - ( !defined(MBEDTLS_ECP_C) || \ - !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) ) ) +#if defined(MBEDTLS_ECJPAKE_C) && \ + (!defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C)) #error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites" #endif From e1f3faf5bf920c7788f113b22f50096028360214 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Feb 2024 12:17:20 +0100 Subject: [PATCH 157/166] Remove temporary macros that are not needed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Those were only used for KEY_EXCHANGE_ECJPAKE, but had a much larger scope than needed. We actually don't need those macros if we distinguish between cases when expressing dependencies for this key exchange. The remaining helper macros are all short lived. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 53 +++++++++++----------------------- 1 file changed, 17 insertions(+), 36 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 3be200d83..1dcd903d2 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -300,13 +300,13 @@ #if defined(__has_feature) #if __has_feature(memory_sanitizer) -#define MBEDTLS_HAS_MEMSAN +#define MBEDTLS_HAS_MEMSAN // #undef at the end of this paragraph #endif #endif #if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN) #error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer" #endif -#undef MBEDTLS_HAS_MEMSAN +#undef MBEDTLS_HAS_MEMSAN // temporary macro defined above #if defined(MBEDTLS_CCM_C) && \ !(defined(MBEDTLS_CCM_GCM_CAN_AES) || defined(MBEDTLS_CCM_GCM_CAN_ARIA) || \ @@ -372,28 +372,6 @@ #error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites" #endif -/* Helper for JPAKE dependencies, will be undefined at the end of the file */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) -#define MBEDTLS_PK_HAVE_JPAKE -#endif -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_ECJPAKE_C) -#define MBEDTLS_PK_HAVE_JPAKE -#endif -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -/* Helper for curve SECP256R1 */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(PSA_WANT_ECC_SECP_R1_256) -#define MBEDTLS_PK_HAVE_CURVE_SECP256R1 -#endif -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) -#define MBEDTLS_PK_HAVE_CURVE_SECP256R1 -#endif -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \ ( !defined(MBEDTLS_CAN_ECDH) || \ !defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \ @@ -447,11 +425,20 @@ #error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites" #endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - ( !defined(MBEDTLS_PK_HAVE_JPAKE) || \ - !defined(MBEDTLS_PK_HAVE_CURVE_SECP256R1) ) +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ + ( !defined(PSA_WANT_ALG_JPAKE) || \ + !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \ + !defined(PSA_WANT_ECC_SECP_R1_256) ) #error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" #endif +#else /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ + ( !defined(MBEDTLS_ECJPAKE_C) || \ + !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) ) +#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" +#endif +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Use of EC J-PAKE in TLS requires SHA-256. */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ @@ -1054,20 +1041,18 @@ #if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL) #error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites" #endif -#define MBEDTLS_THREADING_IMPL +#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph #endif - #if defined(MBEDTLS_THREADING_ALT) #if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL) #error "MBEDTLS_THREADING_ALT defined, but not all prerequisites" #endif -#define MBEDTLS_THREADING_IMPL +#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph #endif - #if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL) #error "MBEDTLS_THREADING_C defined, single threading implementation required" #endif -#undef MBEDTLS_THREADING_IMPL +#undef MBEDTLS_THREADING_IMPL // temporary macro defined above #if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_C) #error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites" @@ -1198,10 +1183,6 @@ #error "MBEDTLS_PKCS7_C is defined, but not all prerequisites" #endif -/* Undefine helper symbols */ -#undef MBEDTLS_PK_HAVE_JPAKE -#undef MBEDTLS_PK_HAVE_CURVE_SECP256R1 - /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the From 1463e49a3c2f2bdd7cac52964c0c0c599ef63d94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Feb 2024 12:28:30 +0100 Subject: [PATCH 158/166] Move config adjustment to config_adjust MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After this change, check_config.h does not have any #defined except: - the standard header double-inclusion guard - short-lived helpers that are #undef-ed in the same paragraph Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 14 ++------------ include/mbedtls/config_adjust_legacy_crypto.h | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 1dcd903d2..1741d8b9c 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -27,18 +27,8 @@ #if !defined(MBEDTLS_PLATFORM_C) #error "MBEDTLS_PLATFORM_C is required on Windows" #endif - -/* Fix the config here. Not convenient to put an #ifdef _WIN32 in mbedtls_config.h as - * it would confuse config.py. */ -#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \ - !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) -#define MBEDTLS_PLATFORM_SNPRINTF_ALT -#endif - -#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \ - !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) -#define MBEDTLS_PLATFORM_VSNPRINTF_ALT -#endif +/* See auto-enabling SNPRINTF_ALT and VSNPRINTF_ALT + * in * config_adjust_legacy_crypto.h */ #endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */ #if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 696266c6f..6126a1e86 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -22,6 +22,22 @@ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H #define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H +/* Ideally, we'd set those as defaults in mbedtls_config.h, but + * putting an #ifdef _WIN32 in mbedtls_config.h would confuse config.py. + * + * So, adjust it here. + * Not related to crypto, but this is the bottom of the stack. */ +#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900) +#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \ + !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) +#define MBEDTLS_PLATFORM_SNPRINTF_ALT +#endif +#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \ + !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) +#define MBEDTLS_PLATFORM_VSNPRINTF_ALT +#endif +#endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */ + /* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin * in PSA. */ #if defined(MBEDTLS_PSA_CRYPTO_C) && \ From a6184b2cc88eeb018d6fb1b8c715f98345b00c16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Feb 2024 12:30:56 +0100 Subject: [PATCH 159/166] Remove redundant check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We're already making sure of that in include/mbedtls/config_adjust_psa_superset_legacy.h - no need to double-check here. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 59 ---------------------------------- 1 file changed, 59 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 1741d8b9c..429bf3e80 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -44,65 +44,6 @@ #error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense" #endif -/* Check that each MBEDTLS_ECP_DP_xxx symbol has its PSA_WANT_ECC_xxx counterpart - * when PSA crypto is enabled. */ -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) || defined(MBEDTLS_PSA_CRYPTO_C) - -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) -#error "MBEDTLS_ECP_DP_BP256R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) -#error "MBEDTLS_ECP_DP_BP384R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) -#error "MBEDTLS_ECP_DP_BP512R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && !defined(PSA_WANT_ECC_MONTGOMERY_255) -#error "MBEDTLS_ECP_DP_CURVE25519_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) && !defined(PSA_WANT_ECC_MONTGOMERY_448) -#error "MBEDTLS_ECP_DP_CURVE448_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_192) -#error "MBEDTLS_ECP_DP_SECP192R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_224) -#error "MBEDTLS_ECP_DP_SECP224R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_256) -#error "MBEDTLS_ECP_DP_SECP256R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_384) -#error "MBEDTLS_ECP_DP_SECP384R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_521) -#error "MBEDTLS_ECP_DP_SECP521R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_192) -#error "MBEDTLS_ECP_DP_SECP192K1_ENABLED defined, but not its PSA counterpart" -#endif - -/* SECP224K1 is buggy in PSA API so we skip this check */ -#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_224) -#error "MBEDTLS_ECP_DP_SECP224K1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_256) -#error "MBEDTLS_ECP_DP_SECP256K1_ENABLED defined, but not its PSA counterpart" -#endif - -#endif /* MBEDTLS_PSA_CRYPTO_CONFIG || MBEDTLS_PSA_CRYPTO_C */ - /* Limitations on ECC key types acceleration: if we have any of `PUBLIC_KEY`, * `KEY_PAIR_BASIC`, `KEY_PAIR_IMPORT`, `KEY_PAIR_EXPORT` then we must have * all 4 of them. From afb2eee263a9fa2aae940e3ff19114194ed00167 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 8 Feb 2024 14:31:54 +0000 Subject: [PATCH 160/166] Add PKCS5/12 exceptions to analyze_block_cipher_dispatch Signed-off-by: Ryan Everett --- tests/scripts/analyze_outcomes.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 6503f9a27..a54ece636 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -562,6 +562,18 @@ KNOWN_TASKS = { # but these are not available in the accelerated component. re.compile('Set( non-existent)? padding with (AES|CAMELLIA).*'), ], + 'test_suite_pkcs12': [ + # The en/decryption part of PKCS#12 is not yet supported. + # The rest of PKCS#12 (key derivation) works, though. + re.compile(r'PBE Encrypt, .*'), + re.compile(r'PBE Decrypt, .*'), + ], + 'test_suite_pkcs5': [ + # The en/decryption part of PKCS#5 is not yet supported. + # The rest of PKCS#5 (PBKDF2) works, though. + re.compile(r'PBES2 Encrypt, .*'), + re.compile(r'PBES2 Decrypt .*'), + ], 'test_suite_pkparse': [ # PEM (called by pkparse) requires AES_C in order to decrypt # the key, but this is not available in the accelerated From 75e65fe24b4ba67f92bcb44dec768e6b0f5aadfc Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 8 Feb 2024 15:43:02 +0000 Subject: [PATCH 161/166] Reformat AES encryption test data in pkcs5 tests The added comma is needed so that these tests match the regex exceptions in analyze_outcomes.py. Moved the Encryption tests so that they are separate to decryption. Signed-off-by: Ryan Everett --- tests/suites/test_suite_pkcs5.data | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index 939c82fc0..52e682321 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -126,6 +126,18 @@ PBES2 Encrypt, pad=8 (PKCS7 padding disabled) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7 pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D5510101010101010101010101010101010":138:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:"" +PBES2 Encrypt, AES-128-CBC (OK, generated with OpenSSL) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e" + +PBES2 Encrypt, AES-192-CBC (OK, generated with OpenSSL) +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7 +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94" + +PBES2 Encrypt, AES-256-CBC (OK, generated with OpenSSL) +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7 +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301a0408010203040506070802022710300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566" + PBES2 Decrypt (OK) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF" @@ -142,18 +154,6 @@ PBES2 Decrypt (Invalid padding & PKCS7 padding enabled) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607" -PBES2 Encrypt AES-128-CBC (OK, generated with OpenSSL) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e" - -PBES2 Encrypt AES-192-CBC (OK, generated with OpenSSL) -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7 -pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94" - -PBES2 Encrypt AES-256-CBC (OK, generated with OpenSSL) -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7 -pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301a0408010203040506070802022710300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566" - PBES2 Decrypt AES-128-CBC (OK, generated with OpenSSL) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" From ac60afc2d295cc1d0ac2b46f3e04a1c5ea7ead7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Feb 2024 18:45:56 +0100 Subject: [PATCH 162/166] Remove useless overly strong dependency MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ECJPAKE_C only needs MD_LIGHT and it allready auto-enables it in config_adjust_legacy_crypto.h, so nothing to check here. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 429bf3e80..a7a346fe5 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -166,7 +166,7 @@ #endif /* MBEDTLS_PK_C && MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ECJPAKE_C) && \ - (!defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C)) + !defined(MBEDTLS_ECP_C) #error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites" #endif From 67f35688954e7920b58a5765942154da82a64cca Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 9 Feb 2024 13:02:23 +0000 Subject: [PATCH 163/166] Reduce analyze_block_cipher_dispatch exceptions Signed-off-by: Ryan Everett --- tests/scripts/analyze_outcomes.py | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index a54ece636..8c7f21f85 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -562,17 +562,10 @@ KNOWN_TASKS = { # but these are not available in the accelerated component. re.compile('Set( non-existent)? padding with (AES|CAMELLIA).*'), ], - 'test_suite_pkcs12': [ - # The en/decryption part of PKCS#12 is not yet supported. - # The rest of PKCS#12 (key derivation) works, though. - re.compile(r'PBE Encrypt, .*'), - re.compile(r'PBE Decrypt, .*'), - ], 'test_suite_pkcs5': [ - # The en/decryption part of PKCS#5 is not yet supported. + # The AES part of PKCS#5 PBES2 is not yet supported. # The rest of PKCS#5 (PBKDF2) works, though. - re.compile(r'PBES2 Encrypt, .*'), - re.compile(r'PBES2 Decrypt .*'), + re.compile(r'PBES2 .* AES-.*') ], 'test_suite_pkparse': [ # PEM (called by pkparse) requires AES_C in order to decrypt From 7fee4f731895aa13a11dd353ead4ee9e9e260e9e Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 9 Feb 2024 14:11:27 +0000 Subject: [PATCH 164/166] Fix mutex unlock error handling in psa_destroy_key Signed-off-by: Ryan Everett --- library/psa_crypto.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9d7b72f87..27ea3b84c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1167,17 +1167,19 @@ exit: /* Unregister from reading the slot. If we are the last active reader * then this will wipe the slot. */ status = psa_unregister_read(slot); + /* Prioritize CORRUPTION_DETECTED from unregistering over + * a storage error. */ + if (status != PSA_SUCCESS) { + overall_status = status; + } #if defined(MBEDTLS_THREADING_C) + /* Don't overwrite existing errors if the unlock fails. */ + status = overall_status; PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( &mbedtls_threading_key_slot_mutex)); #endif - /* Prioritize CORRUPTION_DETECTED from unregistering or - * SERVICE_FAILURE from unlocking over a storage error. */ - if (status != PSA_SUCCESS) { - overall_status = status; - } return overall_status; } From 9dc076b4f49ceedb2bfae13c74ae58c3251d1a95 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 9 Feb 2024 14:20:09 +0000 Subject: [PATCH 165/166] Fix issue with lock failures returning CORRUPTION_DETECTED Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 9890de622..dc38662e1 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -529,6 +529,9 @@ psa_status_t psa_close_key(psa_key_handle_t handle) } #if defined(MBEDTLS_THREADING_C) + /* We need to set status as success, otherwise CORRUPTION_DETECTED + * would be returned if the lock fails. */ + status = PSA_SUCCESS; PSA_THREADING_CHK_RET(mbedtls_mutex_lock( &mbedtls_threading_key_slot_mutex)); #endif @@ -563,6 +566,9 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key) psa_key_slot_t *slot; #if defined(MBEDTLS_THREADING_C) + /* We need to set status as success, otherwise CORRUPTION_DETECTED + * would be returned if the lock fails. */ + status = PSA_SUCCESS; PSA_THREADING_CHK_RET(mbedtls_mutex_lock( &mbedtls_threading_key_slot_mutex)); #endif From 5d2bcc63cd24f28006e22fa641c9ce7eabf76a1d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 9 Feb 2024 14:41:24 +0000 Subject: [PATCH 166/166] Fix typo / improve documentation for test step fns Signed-off-by: Paul Elliott --- tests/include/test/helpers.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 4e59e2094..d08100f15 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -116,10 +116,10 @@ int mbedtls_test_get_line_no(void); /** * \brief Increment the current test step. * - * \note Calling this function from within multiple threads at the - * same time is not recommended - whilst it is entirely thread - * safe, the order of calls to this function can obviously not - * be ensured, so unexpected results may occur. + * \note It is not recommended for multiple threads to call this + * function concurrently - whilst it is entirely thread safe, + * the order of calls to this function can obviously not be + * ensured, so unexpected results may occur. */ void mbedtls_test_increment_step(void); @@ -231,10 +231,10 @@ void mbedtls_test_skip(const char *test, int line_no, const char *filename); * "step number" is the index of a for loop but it can be * whatever you want. * - * \note Calling this function from a within multiple threads at the - * same time is not recommended - whilst it is entirely thread - * safe, the order of calls to this function can obviously not - * be ensured, so unexpected results may occur. + * \note It is not recommended for multiple threads to call this + * function concurrently - whilst it is entirely thread safe, + * the order of calls to this function can obviously not be + * ensured, so unexpected results may occur. * * \param step The step number to report. */