From 720c638717ee0d4b19f888537e316cfac154c311 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Zwoli=C5=84ski?= Date: Tue, 16 May 2023 12:02:47 +0200 Subject: [PATCH 001/132] Add AES encrypted keys support for PKCS5 PBES2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Maciej ZwoliƄski --- include/mbedtls/oid.h | 3 +++ library/oid.c | 14 +++++++++++++- tests/suites/host_test.function | 2 +- tests/suites/test_suite_pkcs5.data | 16 ++++++++++++++++ 4 files changed, 33 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 954507229..3a7f740c9 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -306,6 +306,9 @@ MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */ #define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */ #define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */ +#define MBEDTLS_OID_AES_128_CBC MBEDTLS_OID_AES "\x02" /** aes128-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes128-CBC-PAD(2) } */ +#define MBEDTLS_OID_AES_192_CBC MBEDTLS_OID_AES "\x16" /** aes192-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes192-CBC-PAD(22) } */ +#define MBEDTLS_OID_AES_256_CBC MBEDTLS_OID_AES "\x2a" /** aes256-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes256-CBC-PAD(42) } */ /* * Key Wrapping algorithms diff --git a/library/oid.c b/library/oid.c index d139a6d0d..89d133dfe 100644 --- a/library/oid.c +++ b/library/oid.c @@ -695,10 +695,22 @@ static const oid_cipher_alg_t oid_cipher_alg[] = OID_DESCRIPTOR(MBEDTLS_OID_DES_EDE3_CBC, "des-ede3-cbc", "DES-EDE3-CBC"), MBEDTLS_CIPHER_DES_EDE3_CBC, }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AES_128_CBC, "aes128-cbc", "AES128-CBC"), + MBEDTLS_CIPHER_AES_128_CBC, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AES_192_CBC, "aes192-cbc", "AES192-CBC"), + MBEDTLS_CIPHER_AES_192_CBC, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AES_256_CBC, "aes256-cbc", "AES256-CBC"), + MBEDTLS_CIPHER_AES_256_CBC, + }, { NULL_OID_DESCRIPTOR, MBEDTLS_CIPHER_NONE, - }, + } }; FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg) diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index 06f391fa4..95d30f8d2 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -459,7 +459,7 @@ int execute_tests(int argc, const char **argv) int ret; unsigned total_errors = 0, total_tests = 0, total_skipped = 0; FILE *file; - char buf[5000]; + char buf[10000]; char *params[50]; /* Store for processed integer params. */ mbedtls_test_argument_t int_params[50]; diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index f3ea5536f..8480b5c00 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -142,6 +142,22 @@ PBES2 Decrypt (Invalid padding & PKCS7 padding enabled) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607" +PBES2 Decrypt DES-EDE3-CBC (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302906092A864886F70D01050C301C040832A773780540A2D602020800300C06082A864886F70D02090500301406082A864886F70D03070408480B29975B655BCE":"7A776F6C696E":"7C4948C17F9ABCDD9CC8DE3C91C83B6BAA2D01ABBC86DD3336875B018A7AA5527EEBA4788992FED8966923A1BD0405A1B2CA2FC011944E360863E4437D14C2F82A465D3F58D3B005389F8B46F5900A170B7A6A371DD052C59EF76858ADB553E1BD9EAA284EE1DA150BBF61879A6FC265886B5D12596D2413A9E3881EA49366D68BFD6DDA087E15A3F1C426D0416B294A57F7599D2F49C5090550A4DAD4781541E362D76F84A3389676EBE4F556FCCFC8E16065101ECC888E60D5DD58244A3CD1B90731DB5A43B30BDBF41C66A3E26AAF6363D630242CC1A6F456672FB7290D5542BFD32776619C6FD9C863CAC856DC529EFEFBE96F353697E5EC878762814ED0E6A672B38BF0D5B76F1825E8C697A646779FCD819BF4F28AE461D436D8535641670638E5C6FC8F7F2B6CA9F2868DEC0A3830645BC84701CC6A02A14E2AEE8D33D9224C96FA2F26F4675B3A73A0C7571552FE25C49F2455526D93F869A7E7C56E5E9F3012A05B298A38D7E3EEF66C6E13301B34B15C3D98446BF044E1F7C4A6FCE867AB9A68567ABC844A6B65AF8FA33D6BF899ADE0DCE98D50352F15EE2AFFD5D3BECD867DA7F54C6DEDB3396D30516FAECD3E62083E55A4A65D3CE6AB39DADD6A7C5EB192F14B8D13773AFA2CBB081350FA7DD9B5F1AD78E0F9DE17216DAE4D21EA843C4DDCD2C0B963F27F9F774435C200864D59CF28C483BCD948CA1E8950CF7C924D7BB69D85FD99BBB3E466AC36B0887CCCCDA508C55D55AC0B7045B6CC4013E9B216E6C40A6F1EFA299A078849DF7C90D1F8BCA7295B0C74403C6AE3D79717955F134AB7962F44DA87351B6F71569CA30A3D55B58958C485A285C169649607F2736DA0FC1E6BD35B7F63DBD8B3BDF300603BBFB54C23F895DCC5E086BDA3EB41D54E591A5B8537EBA4AA876513271270E2D953DA6F7AF95EF91CC986487E1F3136B15368C9638D5867FD4F8E581A3E6E1D552E778C99E465D7B243AE2C4525CE15C35E6588931FE8C476BA8ECA7CAE327B946C384FDF37448BE3662D1EAEFF7063C8427BADD713CB8EB7093FD9F3ABE582B9175C5AE10F1C85369B93A0DA29F120B12206B31B25670C8025C7F74FC2F59ADBA35E157F5BF2E77B01D61A77F1E33B7877A54F66ABD1E6CA12819EB951CFD89BBF985FD550EB2AB5AD4B8B0099A00E3FD358D2808E6178C14B1C365A1D31B7BA3F9F7F7A06852C5329D26C64AB4C1392C2FA9CDD78D30983C14E7BC9F19EF30BA5CC58759C7BC6F7F324D0A79188EB0740FD83E3B0B0664748F16071BB658C5679B7967C31300BC11B73A18545959F324734FCD4C06DE33E9290915A40A8F7799E049B8B7CCEACA02515720ECFAD78B7CB36A6144EB9AE483EA1AE978054B84C68BBA29D95C619516B783D11A6150D88DD594B975A7FD217944BD177E04FE21FE78B7BDC4B4E1E4012B756AF83589447739A5CEF211AB706C137FFC28D17F24891DF0C5DD811DE3AE90B6C4B0324376EB8A4980CF789541E2A1BFAAB3E0E64D50F584346727FEEB4EC1BBC1FFE08AF71E1A700E890006401191047661CAF3030F0D489C28BFFF374334036A68A6F4D67C25E90B04ADD9AC1763183E30E461918D45EE9C3A4F4CE621FABF6907901939278FB6FE940BCF0C6575F25C759263931383B001C7823340D9D739520E23517A8CE6EBBD4D16AAFA2149B9F04873DBD652D8CE033D65C021D4825A065F6E4CAD1927F9A":0:"308204BD020100300D06092A864886F70D0101010500048204A7308204A30201000282010100D0680E66E3F69348A111BC720B747A402236FA15B330004F21A97E903AB94419F485688BAF2EEC07306D4C321D91DEA5D426D6336D342D967DC4192D537FDFE42548AEE817B57B82A9D75C8308839C739C830C3B6847D9F2EE65899F117DA196DBF64BD6AC6CE4486619FDFB41C57AFB8B8E893526699976CEB8CD3E07B668FB3F18D70C816F6BC1B26F767B1BF987B4D994FD5F53F7B497FF6A43F73D383F8DA05BAA2A68DDDDCFD2B3A7AACFA8B06D26D2C261BFEC13E7BA7C88AC7CA5AE187BE31D8E579FEE2FC90C31E38C249EBC13C70490AC3463269FACF294D419505ADBC54B0697BF01DEB8EB83DF3236DD9059E6BD0CE64D8D39CB80A2DCDF82E19B020301000102820100517E4F1B66CAF5BEF1D4F8A673DA412FB0F1648B75BD3071C10D0143AEE2E14170FF75E92140ACE506C7C682D6534307FF548C7021A4C4AAD3550A2F52366FBB4BE5071814A54FBDC1624877A8ADA6510303AF95CF6A414CA0722E05789672C8860CE28CF871C0369B4E50A59E8B7552C5B89FE89BB3B161E6E616C3C9CA47743A32482A8885035BEB72E85564A0F004C4A99A935F4BAB523857E558FCF4A27ECD30EA5A91205BD84B9F550565561C9CDC324E3CFC478445D12C032B0057035EF4F548280F238038F3EE6097864D8724AFB53BCA8C62A8F5177AA072D4784EAAEB8B81BB6A3ACF453C5859B374E1FA3B3959FDBD630044B530A2FB50232517D902818100FE860C42D18CBDF8758CF5D4D2487E8EA4C0D6D3A1C735AD14A37A66D972B7B2B3D9551E0B25BAB7F58EAD0B7A696686F4B98DDCB15A20A388D1AB7793004B83B97915D747F8CB09390D2C2A0DE05FCAFAA36911DA2F5D30E0E0178FA7B7B0E57006A44056169078690F9B48225340812A2ADA48CC56B48A0FC75C842DE94FA702818100D19D86F612C92312B3C7F673CA9F4C4808ABEBAD925526A4509E3179C025DFE351720B40562355955B5856A0C9B306F0AAA3C132CEF8E04D94651FCE6A6B89FAD6A683E40551743D962FB4AE5895F7186D9EEC1F5E8A11CCC8BE1783080C5C86E909CF366B26E79316AC687F42E6A6300BC50B944642CF297393FE9EF47F3CED0281806035C18ABC754C1610314177BA2947159A777E7D2F0903643289FD29C58694A3CB521AD7A97510989B0CDCA29B1A1E74632B84D16884DE13931356927391C7F9B9F1686D213A8D5D2620B1920FFEC1971399138D79013063DA8D3ABAC5B62CFAFD96B51DD0ACE4DD6F31440C47555AEBB849CC8B7A1A48526BD67B4547A98ABF0281800E8210AD476F9475DEEBA02B3383030C994D0CEADE8DF636B93DB9BEEB85B3915039CC7D8F78B29BBBCEC9702785B49D43B241D4FA6E4F580F45508640E7608D73FDE2730DCB2D7875C4A784C9ACD7856150F696D53C492F1B55CCDACCDBCE2BA8457D8A0EB08AA6AB9313487BA0EB2FB820D34457F897CE0EA9D79DB8DE75A102818100DB30BDD1E07CB8131091FB3DE7284553FCB0C5C9797C02A74D364D235A41DBCB3D210528722440AF91B073BD5D8EEE0123DC32FF67CE8410E9875B3061AA976E0470797A03C7A59B4A25986AF2C79D2237AABADEF8A9F7BD117CA7274FBFAB4DB7BB77583720419A14938FF1DC643D7AAF7119A3DC46F7F178778C51310579A1" + +PBES2 Decrypt AES-128-CBC (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302906092A864886F70D01050C301C0408E9ED80B476045B2602020800300C06082A864886F70D02090500301D0609608648016503040102041052C89F1A8BE8E0EAE6D415F1974624A4":"7A776F6C696E":"279EBEFD0DDC751FFEABDC91F9C8BEA6081E58702D429E0D44FE96735AE6DD58BD4CD84498A91804F43D669A7159C57B758D536C0CF237FE4E868CE0AE87DA2C97B9649975FE189A9200435BFFD0304286508B0F9AB8C2E36B09AF336E27A6F40EE1AA1906A38A9E187E4A7A14B472D89C6A65D39AA9D390445A6859894431BEF8EAE07B914A70F55D95DF2FB1DB8B40154C1F1E16B4273156328DBAFDDBE2AE41BEAF227525D3B5D57FE9B7C188A2FE8493ABA3C916EDF486F520C670F505A4FC8DD083245032EF69C6C76141C8576AE7E59D4DB5974C316848CCCF6A36EFB3BA67175FD996756F3E51034D659CF98D95F953BBE5A9DE564426FCE324D3A3F463C2E6464DBC34610ECEC20518B47ACB9A4ED85C326A963D3B3C7088AF2A320E4B364666D2EE3D38D067808EC01BB765C5D4B4487E2F9D9FFEC8F0EC4C4262070F252C7E9D95CF01747055E2176BB9D17DE302ADC1C39335849797DF171AAF89946931D5A5C94FB85DB84D67290974B4F8F8E677F77FD62FE7B0A10E4DE9FE83598F47D3B32015FA2B1558672D2D81C65C123AE821052C84FA0ED2C5A5A39A7B12CFEB68887722970FC907D1B586A67F8479A1EBC4E8AE4676047086A7EE7520C9147C089B4AE5B2505C14C6F28F645F90C55E51BADBC4B4167EC4A757CD59452E800BCCA9D3DD01BD084057102403B4804D51A6EF404AB5B31FFFFA19AC56861D9863A5460077D109E043E5B2134D812652E80E3FF804FD1A0114FD8F1F72D97A0A6E88A2DE124FFCD2C17B7BCAC30B19189BC8301B25012C05014BA7DA9949A9F0F30470C760474E27A8160F237DAFA85CBE5499C7429109858E581AD2D5A4634691BEFA1C5545F78D0B93F140D5ABF06FB91CFDBD1D93D106199A1E35F651053D0E80787CEED53404F0F0C9EA54C8CC39682916D6731C3B91A4988B54D821F0EAD621606765F8048ED9FAE9DAB781C830C77DA70C44DB8C4BB000CE12C59DCA4BA5966EB25F7B32EBCB524C8C4B019B65E3B024E41BBDE68531A2205A784A842EB9673B56CDF88C2F056C9E5685C7BA0E52E067EC8B4B7CDAA8C6F1AFAFC05C51119A6AC25122C5F93E9157761788AB76641300CCBA08845C2932729CC31FE6E8577E3A565BCA9E6668619874540FC866B8677A8452BEAD9C6648893355D82B2D0EAEF1B13C5B1A3DDDB23B2EA00B9C9F627E753D7FF51D5AF87C2A07FE228CB00EC497D8869973282188833E36C74111050B409877913760E7C77F05B6B4DD19778F69F3F46F54B4842863B7BB0716DA26DDA07DDD334FCC7DD2B1A03FE0DE31B4018D2D96AED72B8D2F206D1011BCEFEE9EA413CDB053665553FEEA2E3EB54DD525DC12B7BBC3A76F1530F320717CBEF5AA541791335901A57436ECFE9917B9D009178CDDFBD9FD8756A808B72668B34A3D86303A6D5F6D38685356C1A87ECD2EC61A63FC53F5DA959B33988E869785E694AB079763CA9DD9B1EA2B8BAE5F31EB75D0F71D87B68AA9A4CB6995859FAB0028EFC633ED4DAA4A8FB0E6A55EF9B2DEA1E947C8DEA81CEAB9232A29340947719D4CEAABFB8E1E065F43F231D6A1C83E8F554530C58F8C02D2386F2C67D2F043097375ABD0C18F390BFA2867F870B1A1DA1AB6103D2275420B09778D9B775F147B6BB47598367F9C44AF509136F5F69E61E4A8592E44C860041D5C9C94A63BE17C6E93995A321238D80EF111F8BF137C7A38FACB6329CFDC9A5B9FB2DB":0:"308204BD020100300D06092A864886F70D0101010500048204A7308204A30201000282010100D0680E66E3F69348A111BC720B747A402236FA15B330004F21A97E903AB94419F485688BAF2EEC07306D4C321D91DEA5D426D6336D342D967DC4192D537FDFE42548AEE817B57B82A9D75C8308839C739C830C3B6847D9F2EE65899F117DA196DBF64BD6AC6CE4486619FDFB41C57AFB8B8E893526699976CEB8CD3E07B668FB3F18D70C816F6BC1B26F767B1BF987B4D994FD5F53F7B497FF6A43F73D383F8DA05BAA2A68DDDDCFD2B3A7AACFA8B06D26D2C261BFEC13E7BA7C88AC7CA5AE187BE31D8E579FEE2FC90C31E38C249EBC13C70490AC3463269FACF294D419505ADBC54B0697BF01DEB8EB83DF3236DD9059E6BD0CE64D8D39CB80A2DCDF82E19B020301000102820100517E4F1B66CAF5BEF1D4F8A673DA412FB0F1648B75BD3071C10D0143AEE2E14170FF75E92140ACE506C7C682D6534307FF548C7021A4C4AAD3550A2F52366FBB4BE5071814A54FBDC1624877A8ADA6510303AF95CF6A414CA0722E05789672C8860CE28CF871C0369B4E50A59E8B7552C5B89FE89BB3B161E6E616C3C9CA47743A32482A8885035BEB72E85564A0F004C4A99A935F4BAB523857E558FCF4A27ECD30EA5A91205BD84B9F550565561C9CDC324E3CFC478445D12C032B0057035EF4F548280F238038F3EE6097864D8724AFB53BCA8C62A8F5177AA072D4784EAAEB8B81BB6A3ACF453C5859B374E1FA3B3959FDBD630044B530A2FB50232517D902818100FE860C42D18CBDF8758CF5D4D2487E8EA4C0D6D3A1C735AD14A37A66D972B7B2B3D9551E0B25BAB7F58EAD0B7A696686F4B98DDCB15A20A388D1AB7793004B83B97915D747F8CB09390D2C2A0DE05FCAFAA36911DA2F5D30E0E0178FA7B7B0E57006A44056169078690F9B48225340812A2ADA48CC56B48A0FC75C842DE94FA702818100D19D86F612C92312B3C7F673CA9F4C4808ABEBAD925526A4509E3179C025DFE351720B40562355955B5856A0C9B306F0AAA3C132CEF8E04D94651FCE6A6B89FAD6A683E40551743D962FB4AE5895F7186D9EEC1F5E8A11CCC8BE1783080C5C86E909CF366B26E79316AC687F42E6A6300BC50B944642CF297393FE9EF47F3CED0281806035C18ABC754C1610314177BA2947159A777E7D2F0903643289FD29C58694A3CB521AD7A97510989B0CDCA29B1A1E74632B84D16884DE13931356927391C7F9B9F1686D213A8D5D2620B1920FFEC1971399138D79013063DA8D3ABAC5B62CFAFD96B51DD0ACE4DD6F31440C47555AEBB849CC8B7A1A48526BD67B4547A98ABF0281800E8210AD476F9475DEEBA02B3383030C994D0CEADE8DF636B93DB9BEEB85B3915039CC7D8F78B29BBBCEC9702785B49D43B241D4FA6E4F580F45508640E7608D73FDE2730DCB2D7875C4A784C9ACD7856150F696D53C492F1B55CCDACCDBCE2BA8457D8A0EB08AA6AB9313487BA0EB2FB820D34457F897CE0EA9D79DB8DE75A102818100DB30BDD1E07CB8131091FB3DE7284553FCB0C5C9797C02A74D364D235A41DBCB3D210528722440AF91B073BD5D8EEE0123DC32FF67CE8410E9875B3061AA976E0470797A03C7A59B4A25986AF2C79D2237AABADEF8A9F7BD117CA7274FBFAB4DB7BB77583720419A14938FF1DC643D7AAF7119A3DC46F7F178778C51310579A1" + +PBES2 Decrypt AES-192-CBC (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302906092A864886F70D01050C301C0408777618CD183CC88102020800300C06082A864886F70D02090500301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"7A776F6C696E":"540DADAE140E86453630405F6C5C97FFBD691D1BB3F9294292138BB3757EB78E1AAC1016257D387FB6D92A85E7D2E41EAC0D532018423B6DD38F3D44460FC818704BF4BF7BA15AA62143386C58615F719A1C0F4D178E0A3BECD7FFD3DC96AA261BE2006DB5C398BBDCFC8CE8D67DE6FD4B5079E60D5C865B41765A2881FD8AFC6D71B0B3B9C3F347EEDE5D355DA83895DF6E055CF6FF713AA9396821403C31440D40DD410FC0AB965ACA89A2A017A9F00084B6C32DB6A65B4EF5698C994B8B822DADE62789C7F0884372FD4CE7F5E9F9A77B35390AA1A236991B1ECA4C072A3760AEA316291112814A0B81793196EEA5ECF45A0E98DA780F251601AAC03950128A6587C83CA3F78A81D046982167B18DBEF4EEF1350E421A7CE37D62D11823E37C0CDA4FDE22198BED5C49F1ABEBDD9A769FC94B8BF2D023A876C9DE5DAC56EFDF4E00164AF02077046D7C8D5A056A2BFFA4E40B385727E12D6B9AC8CF72C7EE3B7FD86D1CE9EA9856C88A0BAE90AF780C32B9C96A064B84D16D343B9F4E5E1C0F76D19AAD9FAC7C7E56810FC44801F81207669C2E8AE3AC7CEF853F87E68082AD620131768360908A6257248FB53E185D97B22F574555F0B9E366C39FD5B1394FDBAE8D14923E90DD9A9F2256627CD3E19E1FC2C1FF773077A459B902564011E5C23254EC62084604BDA1D2ED134F5BA1EF8AB993778267E54851ED04B6A28EEBA9102F69429A8450A246730E071690E245BD5DE3522641664CC31E11AE648414AB825BB9A774CB9E525C23DD83EB7B650CFCB5AE9EE88E0504B34E667B4FE04336572AB95B42ED10C961B7D176C8E7D3A6EF797CBEF33988AB2899DA553210001855AEE49D9E218B1367472D954EDF4681F138554EBC885B5A20BAA0353AA745FBF1D1FBFE6627E5BB03A34DFA9D2A30674A7968BDD705E744A74649D16D00690D8F01880C41F0A7EC090528E228A4DD24B530BD5CDF4F0387DA4A199015CCAC611665424965F69B91782097B4AFCBB696A600A12D15C88E25A6F77FB4AE5D50E81330CBD2F6EA6704E9862413A4B8D66CC66CDAD4A06D74FF4699F06A15EEB8BC79F05A9498010013004A0BCCECBE0EB62DCFFE8F6436B567119AD0A38E870415D39E14A92BB2B4F3C05C552ACC7CC9AD0781735E94CEF1B6422660DF0E501ED8CA1BFA3EB14F9470B889D7FE006E2AD4E4999CB6DF95FF724FDDBFF4C6476FEB9D6AADD0489A226A825EA4F450DDACB34480D5F1E6B9C0A1CABE14659D28068D8806FC75833FFB98B2B81CC91AA590701E061F882020F78FC04C38E3A325E75192A22A6AE1AD60E393AA2F1DF160F881699F3025F7A78E28A14CCB99BD73C135D0E07BFE4E2A2523BF1E0445C550BAE2A72C67C649B1C29A067A7CAC2E47D4A7ECFAF8A255EAC64E764ACC741AE35FC01FA12057F7352FBE7D92E717327EEACD1BD50E5753A26C40BE8DC2FB8375621EB83F96A004BC8AC8B21C0F5217AFE091A844DE866D89E5EA9705813F960DF6457455317835C4B77A443B955960179D3E5A4649BEC702090AFE7E9E2F1AC2DE85BEB31760A8EC81CC58CFF1DD9F06E2786F4320A144E2E4F4A852056007FA5D27A22E99D60B19FC4D36FE1A5BC201D82C5BE861A9D5BAAC6AFB7F6AB1EE748B9880C40D92B7EA65D00A6970C386C1FCDC5E25B7E8790B6F6B8BF631D70262B3CDBD7CA3023090D0F34112135D75E5BE28378CC5EF48585EDD3C95FD9C817F":0:"308204BD020100300D06092A864886F70D0101010500048204A7308204A30201000282010100D0680E66E3F69348A111BC720B747A402236FA15B330004F21A97E903AB94419F485688BAF2EEC07306D4C321D91DEA5D426D6336D342D967DC4192D537FDFE42548AEE817B57B82A9D75C8308839C739C830C3B6847D9F2EE65899F117DA196DBF64BD6AC6CE4486619FDFB41C57AFB8B8E893526699976CEB8CD3E07B668FB3F18D70C816F6BC1B26F767B1BF987B4D994FD5F53F7B497FF6A43F73D383F8DA05BAA2A68DDDDCFD2B3A7AACFA8B06D26D2C261BFEC13E7BA7C88AC7CA5AE187BE31D8E579FEE2FC90C31E38C249EBC13C70490AC3463269FACF294D419505ADBC54B0697BF01DEB8EB83DF3236DD9059E6BD0CE64D8D39CB80A2DCDF82E19B020301000102820100517E4F1B66CAF5BEF1D4F8A673DA412FB0F1648B75BD3071C10D0143AEE2E14170FF75E92140ACE506C7C682D6534307FF548C7021A4C4AAD3550A2F52366FBB4BE5071814A54FBDC1624877A8ADA6510303AF95CF6A414CA0722E05789672C8860CE28CF871C0369B4E50A59E8B7552C5B89FE89BB3B161E6E616C3C9CA47743A32482A8885035BEB72E85564A0F004C4A99A935F4BAB523857E558FCF4A27ECD30EA5A91205BD84B9F550565561C9CDC324E3CFC478445D12C032B0057035EF4F548280F238038F3EE6097864D8724AFB53BCA8C62A8F5177AA072D4784EAAEB8B81BB6A3ACF453C5859B374E1FA3B3959FDBD630044B530A2FB50232517D902818100FE860C42D18CBDF8758CF5D4D2487E8EA4C0D6D3A1C735AD14A37A66D972B7B2B3D9551E0B25BAB7F58EAD0B7A696686F4B98DDCB15A20A388D1AB7793004B83B97915D747F8CB09390D2C2A0DE05FCAFAA36911DA2F5D30E0E0178FA7B7B0E57006A44056169078690F9B48225340812A2ADA48CC56B48A0FC75C842DE94FA702818100D19D86F612C92312B3C7F673CA9F4C4808ABEBAD925526A4509E3179C025DFE351720B40562355955B5856A0C9B306F0AAA3C132CEF8E04D94651FCE6A6B89FAD6A683E40551743D962FB4AE5895F7186D9EEC1F5E8A11CCC8BE1783080C5C86E909CF366B26E79316AC687F42E6A6300BC50B944642CF297393FE9EF47F3CED0281806035C18ABC754C1610314177BA2947159A777E7D2F0903643289FD29C58694A3CB521AD7A97510989B0CDCA29B1A1E74632B84D16884DE13931356927391C7F9B9F1686D213A8D5D2620B1920FFEC1971399138D79013063DA8D3ABAC5B62CFAFD96B51DD0ACE4DD6F31440C47555AEBB849CC8B7A1A48526BD67B4547A98ABF0281800E8210AD476F9475DEEBA02B3383030C994D0CEADE8DF636B93DB9BEEB85B3915039CC7D8F78B29BBBCEC9702785B49D43B241D4FA6E4F580F45508640E7608D73FDE2730DCB2D7875C4A784C9ACD7856150F696D53C492F1B55CCDACCDBCE2BA8457D8A0EB08AA6AB9313487BA0EB2FB820D34457F897CE0EA9D79DB8DE75A102818100DB30BDD1E07CB8131091FB3DE7284553FCB0C5C9797C02A74D364D235A41DBCB3D210528722440AF91B073BD5D8EEE0123DC32FF67CE8410E9875B3061AA976E0470797A03C7A59B4A25986AF2C79D2237AABADEF8A9F7BD117CA7274FBFAB4DB7BB77583720419A14938FF1DC643D7AAF7119A3DC46F7F178778C51310579A1" + +PBES2 Decrypt AES-256-CBC (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302906092A864886F70D01050C301C0408B948C29B606B981502020800300C06082A864886F70D02090500301D060960864801650304012A0410FD87E5DBEE6E498D887C771C454D4265":"7A776F6C696E":"3BDA5B8B7C541816276A84F779F4961C291CCA695D2DEE57F23B359886852947F1609CAA73072A3D1CEC95B17E987B05C4F401ADBF73B602F031BE107D2290E905E1B16455954C58DE8605CA679FDC83EB3C16427294400AFF227126300E4568CF1332ADAA4CB361F52E0DC4FD19682B7762EAF860B1674549D30ABF4DA2F998364FED59247552E807CCCE4CFD5E4B1F5E37EF3F18ED31BC1318193160AC1FFC487646FAB1FC006A0603AB3DFAB0F068B459665D4902624AC487B924914135BDDD7A2899007F45DB30847745464E1D134A58FCFBA69E13C4BDCDAA6845D57404EF0C46C102DB3621A5EFB0B8DC247951C51BB3777782EF59BBA0211AA5B8E6A91AF6409ED2984B50DC06A2295BE99E4A9B2D769BE13E8E6CF9F01259FCDB09642C10AF77B3B3F057F2D8F7AF234293DF08175D40831FAF776C299CCE88AA5F860318BF96F5C4B52CBAEB3E9BF3092A818A4B638F835084C9666D79668E08D125E0668925123F24BE675B592068F8E29D0FCD9D763148F261D88A9DE9022A6759467EA1BB06CDB20FD335E8D080F18A8DE331873C4A5C4213D36C332E319C146EA10F6FB1BF82493616776BBBD6B38251F847F1961FDAE518E18BECACE932C1EB477946D9381036DC2C9537786A3BE295D5156AB479DD6DD0B3E85652A4B66C0BF69926504A2DC5068A99E05F08DDAC2FD99C2AFA76203B64886D99E8D3C67C94C92BDB9D22B28CA775512A55BB7B4A9483DD2541B0BABF58769CDBFB05EE53FE452E0B4B42DF086F2932969AE943837CD2EDF7B5B731245B1A6C83079F42BFF3B170819F852B5AA493B2D9A378FB8C99F400E7F4E2FE503AB7399F271451238DCA8667077E555D6F96747C5854A9D2F13CE93D2BD6AAF9808DAF0BEFE1448A5536927A9D8C7886FCA937C6912943E4B20412540625F277552E6B6FB914F2916B780CD529FB0A3491C9011E3CFED7BDBFEC3BD18B260DB882294D647AB70577E60C6E3E85F6CAAE9F2EC6820115B5CD854A1368CB4B6D23B16B32CB5DB9D77D7A556EEB6ECD4075C74CE606EA25E0300EC65761F0EFDA7B6E8DA3C0196E274D86BC2911C2A96A6E0B6C259449E4D43C248AE5614D4D74147FB1963C5770958523F7AB8606F904892523BECD2D7CC81DD296361C0D11DFB2CA306B42CC0481E9B3A66FE2E17562FC9210139CE33B9724283207EF6B17496D6D0E1D07641A7BDB4DEF9A7CDE297CFBB119FDB43CF970B6DFF5F08EABE5E087DFBDB067CAEEEB460D381C844154947B527C4C40F452A64EF2E15A4A9D13F060835380FA49B5201682F13E543207E791147D15C54C6540F2F3F3D8AAFC50623B260422EA5558906798FB555BEF0EE8BAFB544442185911883C3CA4DAC700BB8198C4C9E136F3517410AB2FFE605BA6AA27CB35958C7B51EDDA0961CD8F42ED7B61342E9BF7783289CB9D299C9CC84F08B7546D28CCCE2ABCB68A7BAEAC6C67E3FAA14E4502D9711CFAC16E4BBFBE016A9755D49E233B3DDDBF03C77F4542D7566B03264B0B85E006CAABEED61715F2E97913F36DB841B3DFEC1CF6549976D93D35AAE9BC1383F84133F38904F819DF3FDC3DBE636F0661DABEF654D2C52BF1A1A2E33F79032F4E2C34981BC354B74B727CCC759209790FFAFED8E9DB5532AD6F9F0BD7B74A5DE63A4363464DC5A137D56BCCFACBB8C77229B048A587027B24D1968A1BEB3935C6C416E4A8AB14F3AF2C1858942D27CB976AF4":0:"308204BD020100300D06092A864886F70D0101010500048204A7308204A30201000282010100D0680E66E3F69348A111BC720B747A402236FA15B330004F21A97E903AB94419F485688BAF2EEC07306D4C321D91DEA5D426D6336D342D967DC4192D537FDFE42548AEE817B57B82A9D75C8308839C739C830C3B6847D9F2EE65899F117DA196DBF64BD6AC6CE4486619FDFB41C57AFB8B8E893526699976CEB8CD3E07B668FB3F18D70C816F6BC1B26F767B1BF987B4D994FD5F53F7B497FF6A43F73D383F8DA05BAA2A68DDDDCFD2B3A7AACFA8B06D26D2C261BFEC13E7BA7C88AC7CA5AE187BE31D8E579FEE2FC90C31E38C249EBC13C70490AC3463269FACF294D419505ADBC54B0697BF01DEB8EB83DF3236DD9059E6BD0CE64D8D39CB80A2DCDF82E19B020301000102820100517E4F1B66CAF5BEF1D4F8A673DA412FB0F1648B75BD3071C10D0143AEE2E14170FF75E92140ACE506C7C682D6534307FF548C7021A4C4AAD3550A2F52366FBB4BE5071814A54FBDC1624877A8ADA6510303AF95CF6A414CA0722E05789672C8860CE28CF871C0369B4E50A59E8B7552C5B89FE89BB3B161E6E616C3C9CA47743A32482A8885035BEB72E85564A0F004C4A99A935F4BAB523857E558FCF4A27ECD30EA5A91205BD84B9F550565561C9CDC324E3CFC478445D12C032B0057035EF4F548280F238038F3EE6097864D8724AFB53BCA8C62A8F5177AA072D4784EAAEB8B81BB6A3ACF453C5859B374E1FA3B3959FDBD630044B530A2FB50232517D902818100FE860C42D18CBDF8758CF5D4D2487E8EA4C0D6D3A1C735AD14A37A66D972B7B2B3D9551E0B25BAB7F58EAD0B7A696686F4B98DDCB15A20A388D1AB7793004B83B97915D747F8CB09390D2C2A0DE05FCAFAA36911DA2F5D30E0E0178FA7B7B0E57006A44056169078690F9B48225340812A2ADA48CC56B48A0FC75C842DE94FA702818100D19D86F612C92312B3C7F673CA9F4C4808ABEBAD925526A4509E3179C025DFE351720B40562355955B5856A0C9B306F0AAA3C132CEF8E04D94651FCE6A6B89FAD6A683E40551743D962FB4AE5895F7186D9EEC1F5E8A11CCC8BE1783080C5C86E909CF366B26E79316AC687F42E6A6300BC50B944642CF297393FE9EF47F3CED0281806035C18ABC754C1610314177BA2947159A777E7D2F0903643289FD29C58694A3CB521AD7A97510989B0CDCA29B1A1E74632B84D16884DE13931356927391C7F9B9F1686D213A8D5D2620B1920FFEC1971399138D79013063DA8D3ABAC5B62CFAFD96B51DD0ACE4DD6F31440C47555AEBB849CC8B7A1A48526BD67B4547A98ABF0281800E8210AD476F9475DEEBA02B3383030C994D0CEADE8DF636B93DB9BEEB85B3915039CC7D8F78B29BBBCEC9702785B49D43B241D4FA6E4F580F45508640E7608D73FDE2730DCB2D7875C4A784C9ACD7856150F696D53C492F1B55CCDACCDBCE2BA8457D8A0EB08AA6AB9313487BA0EB2FB820D34457F897CE0EA9D79DB8DE75A102818100DB30BDD1E07CB8131091FB3DE7284553FCB0C5C9797C02A74D364D235A41DBCB3D210528722440AF91B073BD5D8EEE0123DC32FF67CE8410E9875B3061AA976E0470797A03C7A59B4A25986AF2C79D2237AABADEF8A9F7BD117CA7274FBFAB4DB7BB77583720419A14938FF1DC643D7AAF7119A3DC46F7F178778C51310579A1" + PBES2 Decrypt (bad params tag) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C pbes2_decrypt:MBEDTLS_ASN1_SEQUENCE:"":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" From 1c19557f49c191df26d4066838575f42d1b786d3 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 19 Sep 2023 17:27:28 +0100 Subject: [PATCH 002/132] Revert increase of test buffer size. Signed-off-by: Ryan Everett --- tests/suites/host_test.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index 95d30f8d2..06f391fa4 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -459,7 +459,7 @@ int execute_tests(int argc, const char **argv) int ret; unsigned total_errors = 0, total_tests = 0, total_skipped = 0; FILE *file; - char buf[10000]; + char buf[5000]; char *params[50]; /* Store for processed integer params. */ mbedtls_test_argument_t int_params[50]; From 1a913093244aff20c37fa1b6b60fc7c21139ff37 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 25 Sep 2023 14:15:03 +0100 Subject: [PATCH 003/132] Restore array formatting Signed-off-by: Ryan Everett --- library/oid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/oid.c b/library/oid.c index 89d133dfe..a1cf6fcd0 100644 --- a/library/oid.c +++ b/library/oid.c @@ -710,7 +710,7 @@ static const oid_cipher_alg_t oid_cipher_alg[] = { NULL_OID_DESCRIPTOR, MBEDTLS_CIPHER_NONE, - } + }, }; FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg) From 223e716693f969561db05d887e66b6aad576e814 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 25 Sep 2023 14:26:53 +0100 Subject: [PATCH 004/132] Replace AES-CBC test data Previously the buffer size was increased in order to allow for large test data, these new tests fit in the original sized buffer. Test data generated with openssl using the following command line: openssl kdf -keylen $LEN -kdfopt digest:SHA256 -kdfopt iter:10000 -kdfopt pass:"PasswordPasswordPassword" -kdfopt hexsalt:0102030405060708 PBKDF2 openssl enc -$ENC -iv 2F904F75B47B48A618068D79BD9A826C -K $KEY -in $IN -e -out $OUT Signed-off-by: Ryan Everett --- tests/suites/test_suite_pkcs5.data | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index 8480b5c00..94ac86c04 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -142,21 +142,17 @@ PBES2 Decrypt (Invalid padding & PKCS7 padding enabled) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607" -PBES2 Decrypt DES-EDE3-CBC (OK) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302906092A864886F70D01050C301C040832A773780540A2D602020800300C06082A864886F70D02090500301406082A864886F70D03070408480B29975B655BCE":"7A776F6C696E":"7C4948C17F9ABCDD9CC8DE3C91C83B6BAA2D01ABBC86DD3336875B018A7AA5527EEBA4788992FED8966923A1BD0405A1B2CA2FC011944E360863E4437D14C2F82A465D3F58D3B005389F8B46F5900A170B7A6A371DD052C59EF76858ADB553E1BD9EAA284EE1DA150BBF61879A6FC265886B5D12596D2413A9E3881EA49366D68BFD6DDA087E15A3F1C426D0416B294A57F7599D2F49C5090550A4DAD4781541E362D76F84A3389676EBE4F556FCCFC8E16065101ECC888E60D5DD58244A3CD1B90731DB5A43B30BDBF41C66A3E26AAF6363D630242CC1A6F456672FB7290D5542BFD32776619C6FD9C863CAC856DC529EFEFBE96F353697E5EC878762814ED0E6A672B38BF0D5B76F1825E8C697A646779FCD819BF4F28AE461D436D8535641670638E5C6FC8F7F2B6CA9F2868DEC0A3830645BC84701CC6A02A14E2AEE8D33D9224C96FA2F26F4675B3A73A0C7571552FE25C49F2455526D93F869A7E7C56E5E9F3012A05B298A38D7E3EEF66C6E13301B34B15C3D98446BF044E1F7C4A6FCE867AB9A68567ABC844A6B65AF8FA33D6BF899ADE0DCE98D50352F15EE2AFFD5D3BECD867DA7F54C6DEDB3396D30516FAECD3E62083E55A4A65D3CE6AB39DADD6A7C5EB192F14B8D13773AFA2CBB081350FA7DD9B5F1AD78E0F9DE17216DAE4D21EA843C4DDCD2C0B963F27F9F774435C200864D59CF28C483BCD948CA1E8950CF7C924D7BB69D85FD99BBB3E466AC36B0887CCCCDA508C55D55AC0B7045B6CC4013E9B216E6C40A6F1EFA299A078849DF7C90D1F8BCA7295B0C74403C6AE3D79717955F134AB7962F44DA87351B6F71569CA30A3D55B58958C485A285C169649607F2736DA0FC1E6BD35B7F63DBD8B3BDF300603BBFB54C23F895DCC5E086BDA3EB41D54E591A5B8537EBA4AA876513271270E2D953DA6F7AF95EF91CC986487E1F3136B15368C9638D5867FD4F8E581A3E6E1D552E778C99E465D7B243AE2C4525CE15C35E6588931FE8C476BA8ECA7CAE327B946C384FDF37448BE3662D1EAEFF7063C8427BADD713CB8EB7093FD9F3ABE582B9175C5AE10F1C85369B93A0DA29F120B12206B31B25670C8025C7F74FC2F59ADBA35E157F5BF2E77B01D61A77F1E33B7877A54F66ABD1E6CA12819EB951CFD89BBF985FD550EB2AB5AD4B8B0099A00E3FD358D2808E6178C14B1C365A1D31B7BA3F9F7F7A06852C5329D26C64AB4C1392C2FA9CDD78D30983C14E7BC9F19EF30BA5CC58759C7BC6F7F324D0A79188EB0740FD83E3B0B0664748F16071BB658C5679B7967C31300BC11B73A18545959F324734FCD4C06DE33E9290915A40A8F7799E049B8B7CCEACA02515720ECFAD78B7CB36A6144EB9AE483EA1AE978054B84C68BBA29D95C619516B783D11A6150D88DD594B975A7FD217944BD177E04FE21FE78B7BDC4B4E1E4012B756AF83589447739A5CEF211AB706C137FFC28D17F24891DF0C5DD811DE3AE90B6C4B0324376EB8A4980CF789541E2A1BFAAB3E0E64D50F584346727FEEB4EC1BBC1FFE08AF71E1A700E890006401191047661CAF3030F0D489C28BFFF374334036A68A6F4D67C25E90B04ADD9AC1763183E30E461918D45EE9C3A4F4CE621FABF6907901939278FB6FE940BCF0C6575F25C759263931383B001C7823340D9D739520E23517A8CE6EBBD4D16AAFA2149B9F04873DBD652D8CE033D65C021D4825A065F6E4CAD1927F9A":0:"308204BD020100300D06092A864886F70D0101010500048204A7308204A30201000282010100D0680E66E3F69348A111BC720B747A402236FA15B330004F21A97E903AB94419F485688BAF2EEC07306D4C321D91DEA5D426D6336D342D967DC4192D537FDFE42548AEE817B57B82A9D75C8308839C739C830C3B6847D9F2EE65899F117DA196DBF64BD6AC6CE4486619FDFB41C57AFB8B8E893526699976CEB8CD3E07B668FB3F18D70C816F6BC1B26F767B1BF987B4D994FD5F53F7B497FF6A43F73D383F8DA05BAA2A68DDDDCFD2B3A7AACFA8B06D26D2C261BFEC13E7BA7C88AC7CA5AE187BE31D8E579FEE2FC90C31E38C249EBC13C70490AC3463269FACF294D419505ADBC54B0697BF01DEB8EB83DF3236DD9059E6BD0CE64D8D39CB80A2DCDF82E19B020301000102820100517E4F1B66CAF5BEF1D4F8A673DA412FB0F1648B75BD3071C10D0143AEE2E14170FF75E92140ACE506C7C682D6534307FF548C7021A4C4AAD3550A2F52366FBB4BE5071814A54FBDC1624877A8ADA6510303AF95CF6A414CA0722E05789672C8860CE28CF871C0369B4E50A59E8B7552C5B89FE89BB3B161E6E616C3C9CA47743A32482A8885035BEB72E85564A0F004C4A99A935F4BAB523857E558FCF4A27ECD30EA5A91205BD84B9F550565561C9CDC324E3CFC478445D12C032B0057035EF4F548280F238038F3EE6097864D8724AFB53BCA8C62A8F5177AA072D4784EAAEB8B81BB6A3ACF453C5859B374E1FA3B3959FDBD630044B530A2FB50232517D902818100FE860C42D18CBDF8758CF5D4D2487E8EA4C0D6D3A1C735AD14A37A66D972B7B2B3D9551E0B25BAB7F58EAD0B7A696686F4B98DDCB15A20A388D1AB7793004B83B97915D747F8CB09390D2C2A0DE05FCAFAA36911DA2F5D30E0E0178FA7B7B0E57006A44056169078690F9B48225340812A2ADA48CC56B48A0FC75C842DE94FA702818100D19D86F612C92312B3C7F673CA9F4C4808ABEBAD925526A4509E3179C025DFE351720B40562355955B5856A0C9B306F0AAA3C132CEF8E04D94651FCE6A6B89FAD6A683E40551743D962FB4AE5895F7186D9EEC1F5E8A11CCC8BE1783080C5C86E909CF366B26E79316AC687F42E6A6300BC50B944642CF297393FE9EF47F3CED0281806035C18ABC754C1610314177BA2947159A777E7D2F0903643289FD29C58694A3CB521AD7A97510989B0CDCA29B1A1E74632B84D16884DE13931356927391C7F9B9F1686D213A8D5D2620B1920FFEC1971399138D79013063DA8D3ABAC5B62CFAFD96B51DD0ACE4DD6F31440C47555AEBB849CC8B7A1A48526BD67B4547A98ABF0281800E8210AD476F9475DEEBA02B3383030C994D0CEADE8DF636B93DB9BEEB85B3915039CC7D8F78B29BBBCEC9702785B49D43B241D4FA6E4F580F45508640E7608D73FDE2730DCB2D7875C4A784C9ACD7856150F696D53C492F1B55CCDACCDBCE2BA8457D8A0EB08AA6AB9313487BA0EB2FB820D34457F897CE0EA9D79DB8DE75A102818100DB30BDD1E07CB8131091FB3DE7284553FCB0C5C9797C02A74D364D235A41DBCB3D210528722440AF91B073BD5D8EEE0123DC32FF67CE8410E9875B3061AA976E0470797A03C7A59B4A25986AF2C79D2237AABADEF8A9F7BD117CA7274FBFAB4DB7BB77583720419A14938FF1DC643D7AAF7119A3DC46F7F178778C51310579A1" - PBES2 Decrypt AES-128-CBC (OK) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302906092A864886F70D01050C301C0408E9ED80B476045B2602020800300C06082A864886F70D02090500301D0609608648016503040102041052C89F1A8BE8E0EAE6D415F1974624A4":"7A776F6C696E":"279EBEFD0DDC751FFEABDC91F9C8BEA6081E58702D429E0D44FE96735AE6DD58BD4CD84498A91804F43D669A7159C57B758D536C0CF237FE4E868CE0AE87DA2C97B9649975FE189A9200435BFFD0304286508B0F9AB8C2E36B09AF336E27A6F40EE1AA1906A38A9E187E4A7A14B472D89C6A65D39AA9D390445A6859894431BEF8EAE07B914A70F55D95DF2FB1DB8B40154C1F1E16B4273156328DBAFDDBE2AE41BEAF227525D3B5D57FE9B7C188A2FE8493ABA3C916EDF486F520C670F505A4FC8DD083245032EF69C6C76141C8576AE7E59D4DB5974C316848CCCF6A36EFB3BA67175FD996756F3E51034D659CF98D95F953BBE5A9DE564426FCE324D3A3F463C2E6464DBC34610ECEC20518B47ACB9A4ED85C326A963D3B3C7088AF2A320E4B364666D2EE3D38D067808EC01BB765C5D4B4487E2F9D9FFEC8F0EC4C4262070F252C7E9D95CF01747055E2176BB9D17DE302ADC1C39335849797DF171AAF89946931D5A5C94FB85DB84D67290974B4F8F8E677F77FD62FE7B0A10E4DE9FE83598F47D3B32015FA2B1558672D2D81C65C123AE821052C84FA0ED2C5A5A39A7B12CFEB68887722970FC907D1B586A67F8479A1EBC4E8AE4676047086A7EE7520C9147C089B4AE5B2505C14C6F28F645F90C55E51BADBC4B4167EC4A757CD59452E800BCCA9D3DD01BD084057102403B4804D51A6EF404AB5B31FFFFA19AC56861D9863A5460077D109E043E5B2134D812652E80E3FF804FD1A0114FD8F1F72D97A0A6E88A2DE124FFCD2C17B7BCAC30B19189BC8301B25012C05014BA7DA9949A9F0F30470C760474E27A8160F237DAFA85CBE5499C7429109858E581AD2D5A4634691BEFA1C5545F78D0B93F140D5ABF06FB91CFDBD1D93D106199A1E35F651053D0E80787CEED53404F0F0C9EA54C8CC39682916D6731C3B91A4988B54D821F0EAD621606765F8048ED9FAE9DAB781C830C77DA70C44DB8C4BB000CE12C59DCA4BA5966EB25F7B32EBCB524C8C4B019B65E3B024E41BBDE68531A2205A784A842EB9673B56CDF88C2F056C9E5685C7BA0E52E067EC8B4B7CDAA8C6F1AFAFC05C51119A6AC25122C5F93E9157761788AB76641300CCBA08845C2932729CC31FE6E8577E3A565BCA9E6668619874540FC866B8677A8452BEAD9C6648893355D82B2D0EAEF1B13C5B1A3DDDB23B2EA00B9C9F627E753D7FF51D5AF87C2A07FE228CB00EC497D8869973282188833E36C74111050B409877913760E7C77F05B6B4DD19778F69F3F46F54B4842863B7BB0716DA26DDA07DDD334FCC7DD2B1A03FE0DE31B4018D2D96AED72B8D2F206D1011BCEFEE9EA413CDB053665553FEEA2E3EB54DD525DC12B7BBC3A76F1530F320717CBEF5AA541791335901A57436ECFE9917B9D009178CDDFBD9FD8756A808B72668B34A3D86303A6D5F6D38685356C1A87ECD2EC61A63FC53F5DA959B33988E869785E694AB079763CA9DD9B1EA2B8BAE5F31EB75D0F71D87B68AA9A4CB6995859FAB0028EFC633ED4DAA4A8FB0E6A55EF9B2DEA1E947C8DEA81CEAB9232A29340947719D4CEAABFB8E1E065F43F231D6A1C83E8F554530C58F8C02D2386F2C67D2F043097375ABD0C18F390BFA2867F870B1A1DA1AB6103D2275420B09778D9B775F147B6BB47598367F9C44AF509136F5F69E61E4A8592E44C860041D5C9C94A63BE17C6E93995A321238D80EF111F8BF137C7A38FACB6329CFDC9A5B9FB2DB":0:"308204BD020100300D06092A864886F70D0101010500048204A7308204A30201000282010100D0680E66E3F69348A111BC720B747A402236FA15B330004F21A97E903AB94419F485688BAF2EEC07306D4C321D91DEA5D426D6336D342D967DC4192D537FDFE42548AEE817B57B82A9D75C8308839C739C830C3B6847D9F2EE65899F117DA196DBF64BD6AC6CE4486619FDFB41C57AFB8B8E893526699976CEB8CD3E07B668FB3F18D70C816F6BC1B26F767B1BF987B4D994FD5F53F7B497FF6A43F73D383F8DA05BAA2A68DDDDCFD2B3A7AACFA8B06D26D2C261BFEC13E7BA7C88AC7CA5AE187BE31D8E579FEE2FC90C31E38C249EBC13C70490AC3463269FACF294D419505ADBC54B0697BF01DEB8EB83DF3236DD9059E6BD0CE64D8D39CB80A2DCDF82E19B020301000102820100517E4F1B66CAF5BEF1D4F8A673DA412FB0F1648B75BD3071C10D0143AEE2E14170FF75E92140ACE506C7C682D6534307FF548C7021A4C4AAD3550A2F52366FBB4BE5071814A54FBDC1624877A8ADA6510303AF95CF6A414CA0722E05789672C8860CE28CF871C0369B4E50A59E8B7552C5B89FE89BB3B161E6E616C3C9CA47743A32482A8885035BEB72E85564A0F004C4A99A935F4BAB523857E558FCF4A27ECD30EA5A91205BD84B9F550565561C9CDC324E3CFC478445D12C032B0057035EF4F548280F238038F3EE6097864D8724AFB53BCA8C62A8F5177AA072D4784EAAEB8B81BB6A3ACF453C5859B374E1FA3B3959FDBD630044B530A2FB50232517D902818100FE860C42D18CBDF8758CF5D4D2487E8EA4C0D6D3A1C735AD14A37A66D972B7B2B3D9551E0B25BAB7F58EAD0B7A696686F4B98DDCB15A20A388D1AB7793004B83B97915D747F8CB09390D2C2A0DE05FCAFAA36911DA2F5D30E0E0178FA7B7B0E57006A44056169078690F9B48225340812A2ADA48CC56B48A0FC75C842DE94FA702818100D19D86F612C92312B3C7F673CA9F4C4808ABEBAD925526A4509E3179C025DFE351720B40562355955B5856A0C9B306F0AAA3C132CEF8E04D94651FCE6A6B89FAD6A683E40551743D962FB4AE5895F7186D9EEC1F5E8A11CCC8BE1783080C5C86E909CF366B26E79316AC687F42E6A6300BC50B944642CF297393FE9EF47F3CED0281806035C18ABC754C1610314177BA2947159A777E7D2F0903643289FD29C58694A3CB521AD7A97510989B0CDCA29B1A1E74632B84D16884DE13931356927391C7F9B9F1686D213A8D5D2620B1920FFEC1971399138D79013063DA8D3ABAC5B62CFAFD96B51DD0ACE4DD6F31440C47555AEBB849CC8B7A1A48526BD67B4547A98ABF0281800E8210AD476F9475DEEBA02B3383030C994D0CEADE8DF636B93DB9BEEB85B3915039CC7D8F78B29BBBCEC9702785B49D43B241D4FA6E4F580F45508640E7608D73FDE2730DCB2D7875C4A784C9ACD7856150F696D53C492F1B55CCDACCDBCE2BA8457D8A0EB08AA6AB9313487BA0EB2FB820D34457F897CE0EA9D79DB8DE75A102818100DB30BDD1E07CB8131091FB3DE7284553FCB0C5C9797C02A74D364D235A41DBCB3D210528722440AF91B073BD5D8EEE0123DC32FF67CE8410E9875B3061AA976E0470797A03C7A59B4A25986AF2C79D2237AABADEF8A9F7BD117CA7274FBFAB4DB7BB77583720419A14938FF1DC643D7AAF7119A3DC46F7F178778C51310579A1" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" PBES2 Decrypt AES-192-CBC (OK) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302906092A864886F70D01050C301C0408777618CD183CC88102020800300C06082A864886F70D02090500301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"7A776F6C696E":"540DADAE140E86453630405F6C5C97FFBD691D1BB3F9294292138BB3757EB78E1AAC1016257D387FB6D92A85E7D2E41EAC0D532018423B6DD38F3D44460FC818704BF4BF7BA15AA62143386C58615F719A1C0F4D178E0A3BECD7FFD3DC96AA261BE2006DB5C398BBDCFC8CE8D67DE6FD4B5079E60D5C865B41765A2881FD8AFC6D71B0B3B9C3F347EEDE5D355DA83895DF6E055CF6FF713AA9396821403C31440D40DD410FC0AB965ACA89A2A017A9F00084B6C32DB6A65B4EF5698C994B8B822DADE62789C7F0884372FD4CE7F5E9F9A77B35390AA1A236991B1ECA4C072A3760AEA316291112814A0B81793196EEA5ECF45A0E98DA780F251601AAC03950128A6587C83CA3F78A81D046982167B18DBEF4EEF1350E421A7CE37D62D11823E37C0CDA4FDE22198BED5C49F1ABEBDD9A769FC94B8BF2D023A876C9DE5DAC56EFDF4E00164AF02077046D7C8D5A056A2BFFA4E40B385727E12D6B9AC8CF72C7EE3B7FD86D1CE9EA9856C88A0BAE90AF780C32B9C96A064B84D16D343B9F4E5E1C0F76D19AAD9FAC7C7E56810FC44801F81207669C2E8AE3AC7CEF853F87E68082AD620131768360908A6257248FB53E185D97B22F574555F0B9E366C39FD5B1394FDBAE8D14923E90DD9A9F2256627CD3E19E1FC2C1FF773077A459B902564011E5C23254EC62084604BDA1D2ED134F5BA1EF8AB993778267E54851ED04B6A28EEBA9102F69429A8450A246730E071690E245BD5DE3522641664CC31E11AE648414AB825BB9A774CB9E525C23DD83EB7B650CFCB5AE9EE88E0504B34E667B4FE04336572AB95B42ED10C961B7D176C8E7D3A6EF797CBEF33988AB2899DA553210001855AEE49D9E218B1367472D954EDF4681F138554EBC885B5A20BAA0353AA745FBF1D1FBFE6627E5BB03A34DFA9D2A30674A7968BDD705E744A74649D16D00690D8F01880C41F0A7EC090528E228A4DD24B530BD5CDF4F0387DA4A199015CCAC611665424965F69B91782097B4AFCBB696A600A12D15C88E25A6F77FB4AE5D50E81330CBD2F6EA6704E9862413A4B8D66CC66CDAD4A06D74FF4699F06A15EEB8BC79F05A9498010013004A0BCCECBE0EB62DCFFE8F6436B567119AD0A38E870415D39E14A92BB2B4F3C05C552ACC7CC9AD0781735E94CEF1B6422660DF0E501ED8CA1BFA3EB14F9470B889D7FE006E2AD4E4999CB6DF95FF724FDDBFF4C6476FEB9D6AADD0489A226A825EA4F450DDACB34480D5F1E6B9C0A1CABE14659D28068D8806FC75833FFB98B2B81CC91AA590701E061F882020F78FC04C38E3A325E75192A22A6AE1AD60E393AA2F1DF160F881699F3025F7A78E28A14CCB99BD73C135D0E07BFE4E2A2523BF1E0445C550BAE2A72C67C649B1C29A067A7CAC2E47D4A7ECFAF8A255EAC64E764ACC741AE35FC01FA12057F7352FBE7D92E717327EEACD1BD50E5753A26C40BE8DC2FB8375621EB83F96A004BC8AC8B21C0F5217AFE091A844DE866D89E5EA9705813F960DF6457455317835C4B77A443B955960179D3E5A4649BEC702090AFE7E9E2F1AC2DE85BEB31760A8EC81CC58CFF1DD9F06E2786F4320A144E2E4F4A852056007FA5D27A22E99D60B19FC4D36FE1A5BC201D82C5BE861A9D5BAAC6AFB7F6AB1EE748B9880C40D92B7EA65D00A6970C386C1FCDC5E25B7E8790B6F6B8BF631D70262B3CDBD7CA3023090D0F34112135D75E5BE28378CC5EF48585EDD3C95FD9C817F":0:"308204BD020100300D06092A864886F70D0101010500048204A7308204A30201000282010100D0680E66E3F69348A111BC720B747A402236FA15B330004F21A97E903AB94419F485688BAF2EEC07306D4C321D91DEA5D426D6336D342D967DC4192D537FDFE42548AEE817B57B82A9D75C8308839C739C830C3B6847D9F2EE65899F117DA196DBF64BD6AC6CE4486619FDFB41C57AFB8B8E893526699976CEB8CD3E07B668FB3F18D70C816F6BC1B26F767B1BF987B4D994FD5F53F7B497FF6A43F73D383F8DA05BAA2A68DDDDCFD2B3A7AACFA8B06D26D2C261BFEC13E7BA7C88AC7CA5AE187BE31D8E579FEE2FC90C31E38C249EBC13C70490AC3463269FACF294D419505ADBC54B0697BF01DEB8EB83DF3236DD9059E6BD0CE64D8D39CB80A2DCDF82E19B020301000102820100517E4F1B66CAF5BEF1D4F8A673DA412FB0F1648B75BD3071C10D0143AEE2E14170FF75E92140ACE506C7C682D6534307FF548C7021A4C4AAD3550A2F52366FBB4BE5071814A54FBDC1624877A8ADA6510303AF95CF6A414CA0722E05789672C8860CE28CF871C0369B4E50A59E8B7552C5B89FE89BB3B161E6E616C3C9CA47743A32482A8885035BEB72E85564A0F004C4A99A935F4BAB523857E558FCF4A27ECD30EA5A91205BD84B9F550565561C9CDC324E3CFC478445D12C032B0057035EF4F548280F238038F3EE6097864D8724AFB53BCA8C62A8F5177AA072D4784EAAEB8B81BB6A3ACF453C5859B374E1FA3B3959FDBD630044B530A2FB50232517D902818100FE860C42D18CBDF8758CF5D4D2487E8EA4C0D6D3A1C735AD14A37A66D972B7B2B3D9551E0B25BAB7F58EAD0B7A696686F4B98DDCB15A20A388D1AB7793004B83B97915D747F8CB09390D2C2A0DE05FCAFAA36911DA2F5D30E0E0178FA7B7B0E57006A44056169078690F9B48225340812A2ADA48CC56B48A0FC75C842DE94FA702818100D19D86F612C92312B3C7F673CA9F4C4808ABEBAD925526A4509E3179C025DFE351720B40562355955B5856A0C9B306F0AAA3C132CEF8E04D94651FCE6A6B89FAD6A683E40551743D962FB4AE5895F7186D9EEC1F5E8A11CCC8BE1783080C5C86E909CF366B26E79316AC687F42E6A6300BC50B944642CF297393FE9EF47F3CED0281806035C18ABC754C1610314177BA2947159A777E7D2F0903643289FD29C58694A3CB521AD7A97510989B0CDCA29B1A1E74632B84D16884DE13931356927391C7F9B9F1686D213A8D5D2620B1920FFEC1971399138D79013063DA8D3ABAC5B62CFAFD96B51DD0ACE4DD6F31440C47555AEBB849CC8B7A1A48526BD67B4547A98ABF0281800E8210AD476F9475DEEBA02B3383030C994D0CEADE8DF636B93DB9BEEB85B3915039CC7D8F78B29BBBCEC9702785B49D43B241D4FA6E4F580F45508640E7608D73FDE2730DCB2D7875C4A784C9ACD7856150F696D53C492F1B55CCDACCDBCE2BA8457D8A0EB08AA6AB9313487BA0EB2FB820D34457F897CE0EA9D79DB8DE75A102818100DB30BDD1E07CB8131091FB3DE7284553FCB0C5C9797C02A74D364D235A41DBCB3D210528722440AF91B073BD5D8EEE0123DC32FF67CE8410E9875B3061AA976E0470797A03C7A59B4A25986AF2C79D2237AABADEF8A9F7BD117CA7274FBFAB4DB7BB77583720419A14938FF1DC643D7AAF7119A3DC46F7F178778C51310579A1" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" PBES2 Decrypt AES-256-CBC (OK) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302906092A864886F70D01050C301C0408B948C29B606B981502020800300C06082A864886F70D02090500301D060960864801650304012A0410FD87E5DBEE6E498D887C771C454D4265":"7A776F6C696E":"3BDA5B8B7C541816276A84F779F4961C291CCA695D2DEE57F23B359886852947F1609CAA73072A3D1CEC95B17E987B05C4F401ADBF73B602F031BE107D2290E905E1B16455954C58DE8605CA679FDC83EB3C16427294400AFF227126300E4568CF1332ADAA4CB361F52E0DC4FD19682B7762EAF860B1674549D30ABF4DA2F998364FED59247552E807CCCE4CFD5E4B1F5E37EF3F18ED31BC1318193160AC1FFC487646FAB1FC006A0603AB3DFAB0F068B459665D4902624AC487B924914135BDDD7A2899007F45DB30847745464E1D134A58FCFBA69E13C4BDCDAA6845D57404EF0C46C102DB3621A5EFB0B8DC247951C51BB3777782EF59BBA0211AA5B8E6A91AF6409ED2984B50DC06A2295BE99E4A9B2D769BE13E8E6CF9F01259FCDB09642C10AF77B3B3F057F2D8F7AF234293DF08175D40831FAF776C299CCE88AA5F860318BF96F5C4B52CBAEB3E9BF3092A818A4B638F835084C9666D79668E08D125E0668925123F24BE675B592068F8E29D0FCD9D763148F261D88A9DE9022A6759467EA1BB06CDB20FD335E8D080F18A8DE331873C4A5C4213D36C332E319C146EA10F6FB1BF82493616776BBBD6B38251F847F1961FDAE518E18BECACE932C1EB477946D9381036DC2C9537786A3BE295D5156AB479DD6DD0B3E85652A4B66C0BF69926504A2DC5068A99E05F08DDAC2FD99C2AFA76203B64886D99E8D3C67C94C92BDB9D22B28CA775512A55BB7B4A9483DD2541B0BABF58769CDBFB05EE53FE452E0B4B42DF086F2932969AE943837CD2EDF7B5B731245B1A6C83079F42BFF3B170819F852B5AA493B2D9A378FB8C99F400E7F4E2FE503AB7399F271451238DCA8667077E555D6F96747C5854A9D2F13CE93D2BD6AAF9808DAF0BEFE1448A5536927A9D8C7886FCA937C6912943E4B20412540625F277552E6B6FB914F2916B780CD529FB0A3491C9011E3CFED7BDBFEC3BD18B260DB882294D647AB70577E60C6E3E85F6CAAE9F2EC6820115B5CD854A1368CB4B6D23B16B32CB5DB9D77D7A556EEB6ECD4075C74CE606EA25E0300EC65761F0EFDA7B6E8DA3C0196E274D86BC2911C2A96A6E0B6C259449E4D43C248AE5614D4D74147FB1963C5770958523F7AB8606F904892523BECD2D7CC81DD296361C0D11DFB2CA306B42CC0481E9B3A66FE2E17562FC9210139CE33B9724283207EF6B17496D6D0E1D07641A7BDB4DEF9A7CDE297CFBB119FDB43CF970B6DFF5F08EABE5E087DFBDB067CAEEEB460D381C844154947B527C4C40F452A64EF2E15A4A9D13F060835380FA49B5201682F13E543207E791147D15C54C6540F2F3F3D8AAFC50623B260422EA5558906798FB555BEF0EE8BAFB544442185911883C3CA4DAC700BB8198C4C9E136F3517410AB2FFE605BA6AA27CB35958C7B51EDDA0961CD8F42ED7B61342E9BF7783289CB9D299C9CC84F08B7546D28CCCE2ABCB68A7BAEAC6C67E3FAA14E4502D9711CFAC16E4BBFBE016A9755D49E233B3DDDBF03C77F4542D7566B03264B0B85E006CAABEED61715F2E97913F36DB841B3DFEC1CF6549976D93D35AAE9BC1383F84133F38904F819DF3FDC3DBE636F0661DABEF654D2C52BF1A1A2E33F79032F4E2C34981BC354B74B727CCC759209790FFAFED8E9DB5532AD6F9F0BD7B74A5DE63A4363464DC5A137D56BCCFACBB8C77229B048A587027B24D1968A1BEB3935C6C416E4A8AB14F3AF2C1858942D27CB976AF4":0:"308204BD020100300D06092A864886F70D0101010500048204A7308204A30201000282010100D0680E66E3F69348A111BC720B747A402236FA15B330004F21A97E903AB94419F485688BAF2EEC07306D4C321D91DEA5D426D6336D342D967DC4192D537FDFE42548AEE817B57B82A9D75C8308839C739C830C3B6847D9F2EE65899F117DA196DBF64BD6AC6CE4486619FDFB41C57AFB8B8E893526699976CEB8CD3E07B668FB3F18D70C816F6BC1B26F767B1BF987B4D994FD5F53F7B497FF6A43F73D383F8DA05BAA2A68DDDDCFD2B3A7AACFA8B06D26D2C261BFEC13E7BA7C88AC7CA5AE187BE31D8E579FEE2FC90C31E38C249EBC13C70490AC3463269FACF294D419505ADBC54B0697BF01DEB8EB83DF3236DD9059E6BD0CE64D8D39CB80A2DCDF82E19B020301000102820100517E4F1B66CAF5BEF1D4F8A673DA412FB0F1648B75BD3071C10D0143AEE2E14170FF75E92140ACE506C7C682D6534307FF548C7021A4C4AAD3550A2F52366FBB4BE5071814A54FBDC1624877A8ADA6510303AF95CF6A414CA0722E05789672C8860CE28CF871C0369B4E50A59E8B7552C5B89FE89BB3B161E6E616C3C9CA47743A32482A8885035BEB72E85564A0F004C4A99A935F4BAB523857E558FCF4A27ECD30EA5A91205BD84B9F550565561C9CDC324E3CFC478445D12C032B0057035EF4F548280F238038F3EE6097864D8724AFB53BCA8C62A8F5177AA072D4784EAAEB8B81BB6A3ACF453C5859B374E1FA3B3959FDBD630044B530A2FB50232517D902818100FE860C42D18CBDF8758CF5D4D2487E8EA4C0D6D3A1C735AD14A37A66D972B7B2B3D9551E0B25BAB7F58EAD0B7A696686F4B98DDCB15A20A388D1AB7793004B83B97915D747F8CB09390D2C2A0DE05FCAFAA36911DA2F5D30E0E0178FA7B7B0E57006A44056169078690F9B48225340812A2ADA48CC56B48A0FC75C842DE94FA702818100D19D86F612C92312B3C7F673CA9F4C4808ABEBAD925526A4509E3179C025DFE351720B40562355955B5856A0C9B306F0AAA3C132CEF8E04D94651FCE6A6B89FAD6A683E40551743D962FB4AE5895F7186D9EEC1F5E8A11CCC8BE1783080C5C86E909CF366B26E79316AC687F42E6A6300BC50B944642CF297393FE9EF47F3CED0281806035C18ABC754C1610314177BA2947159A777E7D2F0903643289FD29C58694A3CB521AD7A97510989B0CDCA29B1A1E74632B84D16884DE13931356927391C7F9B9F1686D213A8D5D2620B1920FFEC1971399138D79013063DA8D3ABAC5B62CFAFD96B51DD0ACE4DD6F31440C47555AEBB849CC8B7A1A48526BD67B4547A98ABF0281800E8210AD476F9475DEEBA02B3383030C994D0CEADE8DF636B93DB9BEEB85B3915039CC7D8F78B29BBBCEC9702785B49D43B241D4FA6E4F580F45508640E7608D73FDE2730DCB2D7875C4A784C9ACD7856150F696D53C492F1B55CCDACCDBCE2BA8457D8A0EB08AA6AB9313487BA0EB2FB820D34457F897CE0EA9D79DB8DE75A102818100DB30BDD1E07CB8131091FB3DE7284553FCB0C5C9797C02A74D364D235A41DBCB3D210528722440AF91B073BD5D8EEE0123DC32FF67CE8410E9875B3061AA976E0470797A03C7A59B4A25986AF2C79D2237AABADEF8A9F7BD117CA7274FBFAB4DB7BB77583720419A14938FF1DC643D7AAF7119A3DC46F7F178778C51310579A1" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" PBES2 Decrypt (bad params tag) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C From 8494c986a0cf12ad8e8dd8359bed055eb7028f0a Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 10 Oct 2023 18:26:57 +0100 Subject: [PATCH 005/132] Add Encryption test data for AES 128,196,256 PBES2 Data (for encryption and decryption) generated using openssl: openssl kdf -keylen 24 -kdfopt digest:SHA256 -kdfopt iter:10000 -kdfopt pass:"PasswordPasswordPassword" -kdfopt hexsalt:0102030405060708 PBKDF2 69D1831EA16816B82797E5E9619C2F62153BC65C1791B5C0 openssl enc $MODE -iv 2F904F75B47B48A618068D79BD9A826C -K $KEY -in $FILE -e -out $ENC Signed-off-by: Ryan Everett --- tests/suites/test_suite_pkcs5.data | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index 94ac86c04..f372520e3 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -142,6 +142,18 @@ PBES2 Decrypt (Invalid padding & PKCS7 padding enabled) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607" +PBES2 Encrypt AES-128-CBC (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e" + +PBES2 Encrypt AES-192-CBC (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94" + +PBES2 Encrypt AES-256-CBC (OK) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566" + PBES2 Decrypt AES-128-CBC (OK) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" From 632699b9255be5070c35618622b70db1bbc7248d Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 11 Oct 2023 14:20:33 +0100 Subject: [PATCH 006/132] Add Changelog Signed-off-by: Ryan Everett --- ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt diff --git a/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt b/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt new file mode 100644 index 000000000..96f48d6e7 --- /dev/null +++ b/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt @@ -0,0 +1,3 @@ +Features + * Add support for using AES-CBC 128, 192, and 256 bit schemes + with PKCS#5 PBES2. \ No newline at end of file From cd80f09aa3628d671394fa985948de1b287c5689 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 12 Oct 2023 11:08:20 +0100 Subject: [PATCH 007/132] Fix Changelog formatting Signed-off-by: Ryan Everett --- ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt b/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt index 96f48d6e7..e00c1e0a6 100644 --- a/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt +++ b/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt @@ -1,3 +1,3 @@ Features * Add support for using AES-CBC 128, 192, and 256 bit schemes - with PKCS#5 PBES2. \ No newline at end of file + with PKCS#5 PBES2. From 86bfbe8ef2621973f4760bc8f0299e14aa1dc7a2 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 12 Oct 2023 11:19:13 +0100 Subject: [PATCH 008/132] Fix test data dependencies Signed-off-by: Ryan Everett --- tests/suites/test_suite_pkcs5.data | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index f372520e3..3bd6b49f0 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -143,27 +143,27 @@ depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIP pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607" PBES2 Encrypt AES-128-CBC (OK) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e" PBES2 Encrypt AES-192-CBC (OK) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94" PBES2 Encrypt AES-256-CBC (OK) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566" PBES2 Decrypt AES-128-CBC (OK) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" PBES2 Decrypt AES-192-CBC (OK) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" PBES2 Decrypt AES-256-CBC (OK) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" PBES2 Decrypt (bad params tag) From 6d0a09358275e5c131c6a7e23d36d6f89fbd4996 Mon Sep 17 00:00:00 2001 From: Benson Liou Date: Wed, 27 Dec 2023 22:03:24 +0800 Subject: [PATCH 009/132] use mbedtls_ssl_session_init() to init session variable Use mbedtls_ssl_session_init() to init variable just like session-family APIs described Signed-off-by: Benson Liou --- include/mbedtls/ssl.h | 2 +- programs/ssl/ssl_client2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 043988f25..96f4bb286 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4669,7 +4669,7 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl * \param ssl The SSL context representing the connection for which to * to export a session structure for later resumption. * \param session The target structure in which to store the exported session. - * This must have been initialized with mbedtls_ssl_init_session() + * This must have been initialized with mbedtls_ssl_session_init() * but otherwise be unused. * * \note This function can handle a variety of mechanisms for session diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 1b3dedb22..05bb2ffdd 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -833,7 +833,7 @@ int main(int argc, char *argv[]) mbedtls_net_init(&server_fd); mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); - memset(&saved_session, 0, sizeof(mbedtls_ssl_session)); + mbedtls_ssl_session_init(&saved_session); rng_init(&rng); #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) mbedtls_x509_crt_init(&cacert); From 4580d4d8297d8339f23ef837a65d02a8aee5eeff Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 27 Oct 2023 18:41:02 +0100 Subject: [PATCH 010/132] Add accessor helpers for mbedtls_test_info Step one of being able to control access to mbedtls_test_info with a mutex. Signed-off-by: Paul Elliott --- programs/ssl/ssl_test_lib.c | 2 +- programs/test/metatest.c | 6 ++- tests/include/test/helpers.h | 76 +++++++++++++++++++++++++++- tests/src/helpers.c | 55 ++++++++++++++++++++ tests/src/threading_helpers.c | 14 ++--- tests/suites/host_test.function | 37 +++++++------- tests/suites/test_suite_dhm.function | 2 +- 7 files changed, 159 insertions(+), 33 deletions(-) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index b49dd67c2..d4511acb8 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -427,7 +427,7 @@ int test_hooks_failure_detected(void) mbedtls_test_mutex_usage_check(); #endif - if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_SUCCESS) { + if (mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_SUCCESS) { return 1; } return 0; diff --git a/programs/test/metatest.c b/programs/test/metatest.c index b8dffa9bb..545129dff 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -343,9 +343,11 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_TEST_MUTEX_USAGE) mbedtls_test_mutex_usage_check(); #endif + int result = (int) mbedtls_test_get_result(); + mbedtls_printf("Running metatest %s... done, result=%d\n", - argv[1], (int) mbedtls_test_info.result); - mbedtls_exit(mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SUCCESS ? + argv[1], result); + mbedtls_exit(result == MBEDTLS_TEST_RESULT_SUCCESS ? MBEDTLS_EXIT_SUCCESS : MBEDTLS_EXIT_FAILURE); } diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 7c962a283..689a1b573 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -74,7 +74,81 @@ typedef struct { #endif } mbedtls_test_info_t; -extern mbedtls_test_info_t mbedtls_test_info; + +/** + * \brief Get the current test result status + * + * \return The current test result status + */ +mbedtls_test_result_t mbedtls_test_get_result(void); + +/** + * \brief Get the current test name/description + * + * \return The current test name/description + */ +const char *mbedtls_test_get_test(void); + +/** + * \brief Get the current test filename + * + * \return The current test filename + */ +const char *mbedtls_get_test_filename(void); + +/** + * \brief Get the current test file line number (for failure / skip) + * + * \return The current test file line number (for failure / skip) + */ +int mbedtls_test_get_line_no(void); + +/** + * \brief Increment the current test step. + */ +void mbedtls_test_increment_step(void); + +/** + * \brief Get the current test step + * + * \return The current test step + */ +unsigned long mbedtls_test_get_step(void); + +/** + * \brief Get the current test line buffer 1 + * + * \return The current test line buffer 1 + */ +const char *mbedtls_test_get_line1(void); + +/** + * \brief Get the current test line buffer 2 + * + * \return The current test line buffer 2 + */ +const char *mbedtls_test_get_line2(void); + +#if defined(MBEDTLS_TEST_MUTEX_USAGE) +/** + * \brief Get the current mutex usage error message + * + * \return The current mutex error message (may be NULL if no error) + */ +const char *mbedtls_test_get_mutex_usage_error(void); + +/** + * \brief Set the current mutex usage error message + * + * \note This will only set the mutex error message if one has not + * already been set, or if we are clearing the message (msg is + * NULL) + * + * \param msg Error message to set (can be NULL to clear) + */ +void mbedtls_test_set_mutex_usage_error(const char *msg); +#endif + int mbedtls_test_platform_setup(void); void mbedtls_test_platform_teardown(void); diff --git a/tests/src/helpers.c b/tests/src/helpers.c index eb28919b8..6bfe15dd7 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -22,6 +22,61 @@ static mbedtls_platform_context platform_ctx; mbedtls_test_info_t mbedtls_test_info; +/*----------------------------------------------------------------------------*/ +/* Mbedtls Test Info accessors */ + +mbedtls_test_result_t mbedtls_test_get_result(void) +{ + return mbedtls_test_info.result; +} + +const char *mbedtls_test_get_test(void) +{ + return mbedtls_test_info.test; +} +const char *mbedtls_get_test_filename(void) +{ + return mbedtls_test_info.filename; +} + +int mbedtls_test_get_line_no(void) +{ + return mbedtls_test_info.line_no; +} + +void mbedtls_test_increment_step(void) +{ + ++mbedtls_test_info.step; +} + +unsigned long mbedtls_test_get_step(void) +{ + return mbedtls_test_info.step; +} + +const char *mbedtls_test_get_line1(void) +{ + return mbedtls_test_info.line1; +} +const char *mbedtls_test_get_line2(void) +{ + return mbedtls_test_info.line2; +} + +#if defined(MBEDTLS_TEST_MUTEX_USAGE) +const char *mbedtls_test_get_mutex_usage_error(void) +{ + return mbedtls_test_info.mutex_usage_error; +} + +void mbedtls_test_set_mutex_usage_error(const char *msg) +{ + if (mbedtls_test_info.mutex_usage_error == NULL || msg == NULL) { + mbedtls_test_info.mutex_usage_error = msg; + } +} +#endif // #if defined(MBEDTLS_TEST_MUTEX_USAGE) + /*----------------------------------------------------------------------------*/ /* Helper Functions */ diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c index 5fbf65b2d..261d14175 100644 --- a/tests/src/threading_helpers.c +++ b/tests/src/threading_helpers.c @@ -109,9 +109,7 @@ static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex, { (void) mutex; - if (mbedtls_test_info.mutex_usage_error == NULL) { - mbedtls_test_info.mutex_usage_error = msg; - } + mbedtls_test_set_mutex_usage_error(msg); mbedtls_fprintf(stdout, "[mutex: %s] ", msg); /* Don't mark the test as failed yet. This way, if the test fails later * for a functional reason, the test framework will report the message @@ -233,17 +231,15 @@ void mbedtls_test_mutex_usage_check(void) * negative number means a missing init somewhere. */ mbedtls_fprintf(stdout, "[mutex: %d leaked] ", live_mutexes); live_mutexes = 0; - if (mbedtls_test_info.mutex_usage_error == NULL) { - mbedtls_test_info.mutex_usage_error = "missing free"; - } + mbedtls_test_set_mutex_usage_error("missing free"); } - if (mbedtls_test_info.mutex_usage_error != NULL && - mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { + if (mbedtls_test_get_mutex_usage_error() != NULL && + mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_FAILED) { /* Functionally, the test passed. But there was a mutex usage error, * so mark the test as failed after all. */ mbedtls_test_fail("Mutex usage error", __LINE__, __FILE__); } - mbedtls_test_info.mutex_usage_error = NULL; + mbedtls_test_set_mutex_usage_error(NULL); } void mbedtls_test_mutex_usage_end(void) diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index cc286973c..1ebaf46de 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -371,14 +371,12 @@ static void write_outcome_entry(FILE *outcome_file, * \param missing_unmet_dependencies Non-zero if there was a problem tracking * all unmet dependencies, 0 otherwise. * \param ret The test dispatch status (DISPATCH_xxx). - * \param info A pointer to the test info structure. */ static void write_outcome_result(FILE *outcome_file, size_t unmet_dep_count, int unmet_dependencies[], int missing_unmet_dependencies, - int ret, - const mbedtls_test_info_t *info) + int ret) { if (outcome_file == NULL) { return; @@ -401,7 +399,7 @@ static void write_outcome_result(FILE *outcome_file, } break; } - switch (info->result) { + switch (mbedtls_test_get_result()) { case MBEDTLS_TEST_RESULT_SUCCESS: mbedtls_fprintf(outcome_file, "PASS;"); break; @@ -410,8 +408,9 @@ static void write_outcome_result(FILE *outcome_file, break; default: mbedtls_fprintf(outcome_file, "FAIL;%s:%d:%s", - info->filename, info->line_no, - info->test); + mbedtls_get_test_filename(), + mbedtls_test_get_line_no(), + mbedtls_test_get_test()); break; } break; @@ -614,7 +613,7 @@ int execute_tests(int argc, const char **argv) break; } mbedtls_fprintf(stdout, "%s%.66s", - mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED ? + mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED ? "\n" : "", buf); mbedtls_fprintf(stdout, " "); for (i = strlen(buf) + 1; i < 67; i++) { @@ -690,7 +689,7 @@ int execute_tests(int argc, const char **argv) write_outcome_result(outcome_file, unmet_dep_count, unmet_dependencies, missing_unmet_dependencies, - ret, &mbedtls_test_info); + ret); if (unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE) { total_skipped++; mbedtls_fprintf(stdout, "----"); @@ -715,30 +714,30 @@ int execute_tests(int argc, const char **argv) unmet_dep_count = 0; missing_unmet_dependencies = 0; } else if (ret == DISPATCH_TEST_SUCCESS) { - if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SUCCESS) { + if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_SUCCESS) { mbedtls_fprintf(stdout, "PASS\n"); - } else if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SKIPPED) { + } else if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_SKIPPED) { mbedtls_fprintf(stdout, "----\n"); total_skipped++; } else { total_errors++; mbedtls_fprintf(stdout, "FAILED\n"); mbedtls_fprintf(stdout, " %s\n at ", - mbedtls_test_info.test); - if (mbedtls_test_info.step != (unsigned long) (-1)) { + mbedtls_test_get_test()); + if (mbedtls_test_get_step() != (unsigned long) (-1)) { mbedtls_fprintf(stdout, "step %lu, ", - mbedtls_test_info.step); + mbedtls_test_get_step()); } mbedtls_fprintf(stdout, "line %d, %s", - mbedtls_test_info.line_no, - mbedtls_test_info.filename); - if (mbedtls_test_info.line1[0] != 0) { + mbedtls_test_get_line_no(), + mbedtls_get_test_filename()); + if (mbedtls_test_get_line1()[0] != 0) { mbedtls_fprintf(stdout, "\n %s", - mbedtls_test_info.line1); + mbedtls_test_get_line1()); } - if (mbedtls_test_info.line2[0] != 0) { + if (mbedtls_test_get_line2()[0] != 0) { mbedtls_fprintf(stdout, "\n %s", - mbedtls_test_info.line2); + mbedtls_test_get_line2()); } } fflush(stdout); diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index e6f75de77..20905940b 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -31,7 +31,7 @@ static int check_dhm_param_output(const mbedtls_mpi *expected, int ok = 0; mbedtls_mpi_init(&actual); - ++mbedtls_test_info.step; + mbedtls_test_increment_step(); TEST_ASSERT(size >= *offset + 2); n = (buffer[*offset] << 8) | buffer[*offset + 1]; From 5c498f355dffbb479283125bb2c22b08ac076273 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 31 Oct 2023 16:38:56 +0000 Subject: [PATCH 011/132] Use mbedtls_test_info accessors internally as well Signed-off-by: Paul Elliott --- tests/include/test/helpers.h | 6 ++- tests/src/helpers.c | 94 ++++++++++++++++++++++-------------- 2 files changed, 62 insertions(+), 38 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 689a1b573..564a5539f 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -61,14 +61,16 @@ typedef enum { MBEDTLS_TEST_RESULT_SKIPPED } mbedtls_test_result_t; +#define MBEDTLS_TEST_LINE_LENGTH 76 + typedef struct { mbedtls_test_result_t result; const char *test; const char *filename; int line_no; unsigned long step; - char line1[76]; - char line2[76]; + char line1[MBEDTLS_TEST_LINE_LENGTH]; + char line2[MBEDTLS_TEST_LINE_LENGTH]; #if defined(MBEDTLS_TEST_MUTEX_USAGE) const char *mutex_usage_error; #endif diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 6bfe15dd7..52785fc01 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -30,6 +30,15 @@ mbedtls_test_result_t mbedtls_test_get_result(void) return mbedtls_test_info.result; } +void mbedtls_test_set_result(mbedtls_test_result_t result, const char *test, + int line_no, const char *filename) +{ + mbedtls_test_info.result = result; + mbedtls_test_info.test = test; + mbedtls_test_info.line_no = line_no; + mbedtls_test_info.filename = filename; +} + const char *mbedtls_test_get_test(void) { return mbedtls_test_info.test; @@ -54,15 +63,38 @@ unsigned long mbedtls_test_get_step(void) return mbedtls_test_info.step; } +void mbedtls_test_set_step(unsigned long step) { + mbedtls_test_info.step = step; +} + const char *mbedtls_test_get_line1(void) { return mbedtls_test_info.line1; } + +void mbedtls_test_set_line1(const char *line) +{ + if (line == NULL) { + memset(mbedtls_test_info.line1, 0, sizeof(mbedtls_test_info.line1)); + } else { + strncpy(mbedtls_test_info.line1, line, sizeof(mbedtls_test_info.line1)); + } +} + const char *mbedtls_test_get_line2(void) { return mbedtls_test_info.line2; } +void mbedtls_test_set_line2(const char *line) { + if (line == NULL) { + memset(mbedtls_test_info.line2, 0, sizeof(mbedtls_test_info.line2)); + } else { + strncpy(mbedtls_test_info.line2, line, sizeof(mbedtls_test_info.line2)); + } +} + + #if defined(MBEDTLS_TEST_MUTEX_USAGE) const char *mbedtls_test_get_mutex_usage_error(void) { @@ -126,28 +158,17 @@ int mbedtls_test_ascii2uc(const char c, unsigned char *uc) void mbedtls_test_fail(const char *test, int line_no, const char *filename) { - if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { + if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { /* We've already recorded the test as having failed. Don't * overwrite any previous information about the failure. */ return; } - mbedtls_test_info.result = MBEDTLS_TEST_RESULT_FAILED; - mbedtls_test_info.test = test; - mbedtls_test_info.line_no = line_no; - mbedtls_test_info.filename = filename; + mbedtls_test_set_result(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename); } void mbedtls_test_skip(const char *test, int line_no, const char *filename) { - mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SKIPPED; - mbedtls_test_info.test = test; - mbedtls_test_info.line_no = line_no; - mbedtls_test_info.filename = filename; -} - -void mbedtls_test_set_step(unsigned long step) -{ - mbedtls_test_info.step = step; + mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SKIPPED, test, line_no, filename); } #if defined(MBEDTLS_BIGNUM_C) @@ -156,13 +177,11 @@ unsigned mbedtls_test_case_uses_negative_0 = 0; void mbedtls_test_info_reset(void) { - mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SUCCESS; - mbedtls_test_info.step = (unsigned long) (-1); - mbedtls_test_info.test = 0; - mbedtls_test_info.line_no = 0; - mbedtls_test_info.filename = 0; - memset(mbedtls_test_info.line1, 0, sizeof(mbedtls_test_info.line1)); - memset(mbedtls_test_info.line2, 0, sizeof(mbedtls_test_info.line2)); + mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0); + mbedtls_test_set_step((unsigned long) (-1)); + mbedtls_test_set_line1(NULL); + mbedtls_test_set_line2(NULL); + #if defined(MBEDTLS_BIGNUM_C) mbedtls_test_case_uses_negative_0 = 0; #endif @@ -178,20 +197,21 @@ int mbedtls_test_equal(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { + if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { /* We've already recorded the test as having failed. Don't * overwrite any previous information about the failure. */ return 0; } + char buf[MBEDTLS_TEST_LINE_LENGTH]; mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(mbedtls_test_info.line1, - sizeof(mbedtls_test_info.line1), + (void) mbedtls_snprintf(buf, sizeof(buf), "lhs = 0x%016llx = %lld", value1, (long long) value1); - (void) mbedtls_snprintf(mbedtls_test_info.line2, - sizeof(mbedtls_test_info.line2), + mbedtls_test_set_line1(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), "rhs = 0x%016llx = %lld", value2, (long long) value2); + mbedtls_test_set_line2(buf); return 0; } @@ -205,20 +225,21 @@ int mbedtls_test_le_u(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { + if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { /* We've already recorded the test as having failed. Don't * overwrite any previous information about the failure. */ return 0; } + char buf[MBEDTLS_TEST_LINE_LENGTH]; mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(mbedtls_test_info.line1, - sizeof(mbedtls_test_info.line1), + (void) mbedtls_snprintf(buf, sizeof(buf), "lhs = 0x%016llx = %llu", value1, value1); - (void) mbedtls_snprintf(mbedtls_test_info.line2, - sizeof(mbedtls_test_info.line2), + mbedtls_test_set_line1(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), "rhs = 0x%016llx = %llu", value2, value2); + mbedtls_test_set_line2(buf); return 0; } @@ -232,20 +253,21 @@ int mbedtls_test_le_s(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { + if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { /* We've already recorded the test as having failed. Don't * overwrite any previous information about the failure. */ return 0; } + char buf[MBEDTLS_TEST_LINE_LENGTH]; mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(mbedtls_test_info.line1, - sizeof(mbedtls_test_info.line1), + (void) mbedtls_snprintf(buf, sizeof(buf), "lhs = 0x%016llx = %lld", (unsigned long long) value1, value1); - (void) mbedtls_snprintf(mbedtls_test_info.line2, - sizeof(mbedtls_test_info.line2), + mbedtls_test_set_line1(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), "rhs = 0x%016llx = %lld", (unsigned long long) value2, value2); + mbedtls_test_set_line2(buf); return 0; } From c7a1e9936aaca86c85c1ec1bff3a56a04a6454fa Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 3 Nov 2023 18:44:57 +0000 Subject: [PATCH 012/132] Move bignum flag for negative zero into test_info Add accessors ready for protection with test_info mutex. Signed-off-by: Paul Elliott --- tests/include/test/bignum_helpers.h | 28 +++++++++---------------- tests/include/test/helpers.h | 25 ++++++++++++++++++++++ tests/src/bignum_helpers.c | 2 +- tests/src/helpers.c | 25 +++++++++++++++++----- tests/suites/test_suite_bignum.function | 2 +- 5 files changed, 57 insertions(+), 25 deletions(-) diff --git a/tests/include/test/bignum_helpers.h b/tests/include/test/bignum_helpers.h index 2f6bf8931..cf175a3ac 100644 --- a/tests/include/test/bignum_helpers.h +++ b/tests/include/test/bignum_helpers.h @@ -77,30 +77,22 @@ void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N); * * - This function guarantees that if \p s begins with '-' then the sign * bit of the result will be negative, even if the value is 0. - * When this function encounters such a "negative 0", it - * increments #mbedtls_test_case_uses_negative_0. - * - The size of the result is exactly the minimum number of limbs needed - * to fit the digits in the input. In particular, this function constructs - * a bignum with 0 limbs for an empty string, and a bignum with leading 0 - * limbs if the string has sufficiently many leading 0 digits. - * This is important so that the "0 (null)" and "0 (1 limb)" and - * "leading zeros" test cases do what they claim. + * When this function encounters such a "negative 0", it calls + * mbedtls_test_increment_case_uses_negative_0(). + * - The size of the result is exactly the minimum number of limbs needed to fit + * the digits in the input. In particular, this function constructs a bignum + * with 0 limbs for an empty string, and a bignum with leading 0 limbs if the + * string has sufficiently many leading 0 digits. This is important so that + * the "0 (null)" and "0 (1 limb)" and "leading zeros" test cases do what they + * claim. * - * \param[out] X The MPI object to populate. It must be initialized. - * \param[in] s The null-terminated hexadecimal string to read from. + * \param[out] X The MPI object to populate. It must be initialized. + * \param[in] s The null-terminated hexadecimal string to read from. * * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. */ int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s); -/** Nonzero if the current test case had an input parsed with - * mbedtls_test_read_mpi() that is a negative 0 (`"-"`, `"-0"`, `"-00"`, etc., - * constructing a result with the sign bit set to -1 and the value being - * all-limbs-0, which is not a valid representation in #mbedtls_mpi but is - * tested for robustness). - */ -extern unsigned mbedtls_test_case_uses_negative_0; - #endif /* MBEDTLS_BIGNUM_C */ #endif /* TEST_BIGNUM_HELPERS_H */ diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 564a5539f..b672ecca6 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -74,6 +74,9 @@ typedef struct { #if defined(MBEDTLS_TEST_MUTEX_USAGE) const char *mutex_usage_error; #endif +#if defined(MBEDTLS_BIGNUM_C) + unsigned case_uses_negative_0; +#endif } mbedtls_test_info_t; @@ -151,6 +154,28 @@ const char *mbedtls_test_get_mutex_usage_error(void); void mbedtls_test_set_mutex_usage_error(const char *msg); #endif +#if defined(MBEDTLS_BIGNUM_C) + +/** + * \brief Get whether the current test is a bignum test that uses + * negative zero. + * + * \return non zero if the current test uses bignum negative zero. + */ +unsigned mbedtls_test_get_case_uses_negative_0(void); + +/** + * \brief Indicate that the current test uses bignum negative zero. + * + * \note This function is called if the current test case had an + * input parsed with mbedtls_test_read_mpi() that is a negative + * 0 (`"-"`, `"-0"`, `"-00"`, etc., constructing a result with + * the sign bit set to -1 and the value being all-limbs-0, + * which is not a valid representation in #mbedtls_mpi but is + * tested for robustness). * + */ +void mbedtls_test_increment_case_uses_negative_0(void); +#endif int mbedtls_test_platform_setup(void); void mbedtls_test_platform_teardown(void); diff --git a/tests/src/bignum_helpers.c b/tests/src/bignum_helpers.c index c85e2caaf..913f5e387 100644 --- a/tests/src/bignum_helpers.c +++ b/tests/src/bignum_helpers.c @@ -135,7 +135,7 @@ int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s) } if (negative) { if (mbedtls_mpi_cmp_int(X, 0) == 0) { - ++mbedtls_test_case_uses_negative_0; + mbedtls_test_increment_case_uses_negative_0(); } X->s = -1; } diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 52785fc01..03a8fa728 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -109,6 +109,25 @@ void mbedtls_test_set_mutex_usage_error(const char *msg) } #endif // #if defined(MBEDTLS_TEST_MUTEX_USAGE) +#if defined(MBEDTLS_BIGNUM_C) + +unsigned mbedtls_test_get_case_uses_negative_0(void) +{ + return mbedtls_test_info.case_uses_negative_0; +} + +void mbedtls_test_set_case_uses_negative_0(unsigned uses) +{ + mbedtls_test_info.case_uses_negative_0 = uses; +} + +void mbedtls_test_increment_case_uses_negative_0(void) +{ + ++mbedtls_test_info.case_uses_negative_0; +} + +#endif + /*----------------------------------------------------------------------------*/ /* Helper Functions */ @@ -171,10 +190,6 @@ void mbedtls_test_skip(const char *test, int line_no, const char *filename) mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SKIPPED, test, line_no, filename); } -#if defined(MBEDTLS_BIGNUM_C) -unsigned mbedtls_test_case_uses_negative_0 = 0; -#endif - void mbedtls_test_info_reset(void) { mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0); @@ -183,7 +198,7 @@ void mbedtls_test_info_reset(void) mbedtls_test_set_line2(NULL); #if defined(MBEDTLS_BIGNUM_C) - mbedtls_test_case_uses_negative_0 = 0; + mbedtls_test_set_case_uses_negative_0(0); #endif } diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function index c90f1bbbb..35900e620 100644 --- a/tests/suites/test_suite_bignum.function +++ b/tests/suites/test_suite_bignum.function @@ -24,7 +24,7 @@ static int sign_is_valid(const mbedtls_mpi *X) * we sometimes test the robustness of library functions when given * a negative zero input. If a test case has a negative zero as input, * we don't mind if the function has a negative zero output. */ - if (!mbedtls_test_case_uses_negative_0 && + if (!mbedtls_test_get_case_uses_negative_0() && mbedtls_mpi_bitlen(X) == 0 && X->s != 1) { return 0; } From 65064265c2706b88b8e6ba44f7d65e7053bd7140 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 27 Nov 2023 17:29:05 +0000 Subject: [PATCH 013/132] Protect test info access with mutex Signed-off-by: Paul Elliott --- tests/include/test/helpers.h | 10 +- tests/src/helpers.c | 208 +++++++++++++++++++++++++++++--- tests/suites/host_test.function | 15 ++- 3 files changed, 204 insertions(+), 29 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index b672ecca6..73459d992 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -123,16 +123,18 @@ unsigned long mbedtls_test_get_step(void); /** * \brief Get the current test line buffer 1 * - * \return The current test line buffer 1 + * \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH, + * which will have line buffer 1 copied to it. */ -const char *mbedtls_test_get_line1(void); +void mbedtls_test_get_line1(char *line); /** * \brief Get the current test line buffer 2 * - * \return The current test line buffer 2 + * \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH, + * which will have line buffer 1 copied to it. */ -const char *mbedtls_test_get_line2(void); +void mbedtls_test_get_line2(char *line); #if defined(MBEDTLS_TEST_MUTEX_USAGE) /** diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 03a8fa728..1bad819ac 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -13,6 +13,10 @@ #include #endif +#if defined(MBEDTLS_THREADING_C) +#include "mbedtls/threading.h" +#endif + /*----------------------------------------------------------------------------*/ /* Static global variables */ @@ -22,76 +26,200 @@ static mbedtls_platform_context platform_ctx; mbedtls_test_info_t mbedtls_test_info; +#ifdef MBEDTLS_THREADING_C +mbedtls_threading_mutex_t mbedtls_test_info_mutex; +#endif /* MBEDTLS_THREADING_C */ + /*----------------------------------------------------------------------------*/ /* Mbedtls Test Info accessors */ mbedtls_test_result_t mbedtls_test_get_result(void) { - return mbedtls_test_info.result; + mbedtls_test_result_t result; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + result = mbedtls_test_info.result; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return result; } void mbedtls_test_set_result(mbedtls_test_result_t result, const char *test, int line_no, const char *filename) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + mbedtls_test_info.result = result; mbedtls_test_info.test = test; mbedtls_test_info.line_no = line_no; mbedtls_test_info.filename = filename; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } const char *mbedtls_test_get_test(void) { - return mbedtls_test_info.test; + const char *test; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + test = mbedtls_test_info.test; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return test; } const char *mbedtls_get_test_filename(void) { - return mbedtls_test_info.filename; + const char *filename; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + /* It should be ok just to pass back the pointer here, as it is going to + * be a pointer into non changing data. */ + filename = mbedtls_test_info.filename; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return filename; } int mbedtls_test_get_line_no(void) { - return mbedtls_test_info.line_no; + int line_no; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + line_no = mbedtls_test_info.line_no; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return line_no; } void mbedtls_test_increment_step(void) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + ++mbedtls_test_info.step; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } unsigned long mbedtls_test_get_step(void) { - return mbedtls_test_info.step; + unsigned long step; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + step = mbedtls_test_info.step; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return step; } -void mbedtls_test_set_step(unsigned long step) { - mbedtls_test_info.step = step; -} - -const char *mbedtls_test_get_line1(void) +void mbedtls_test_set_step(unsigned long step) { - return mbedtls_test_info.line1; +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + mbedtls_test_info.step = step; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ +} + +void mbedtls_test_get_line1(char *line) +{ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + memcpy(line, mbedtls_test_info.line1, MBEDTLS_TEST_LINE_LENGTH); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_set_line1(const char *line) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + if (line == NULL) { - memset(mbedtls_test_info.line1, 0, sizeof(mbedtls_test_info.line1)); + memset(mbedtls_test_info.line1, 0, MBEDTLS_TEST_LINE_LENGTH); } else { - strncpy(mbedtls_test_info.line1, line, sizeof(mbedtls_test_info.line1)); + memcpy(mbedtls_test_info.line1, line, MBEDTLS_TEST_LINE_LENGTH); } + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } -const char *mbedtls_test_get_line2(void) +void mbedtls_test_get_line2(char *line) { - return mbedtls_test_info.line2; +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + memcpy(line, mbedtls_test_info.line2, MBEDTLS_TEST_LINE_LENGTH); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } -void mbedtls_test_set_line2(const char *line) { +void mbedtls_test_set_line2(const char *line) +{ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + if (line == NULL) { - memset(mbedtls_test_info.line2, 0, sizeof(mbedtls_test_info.line2)); + memset(mbedtls_test_info.line2, 0, MBEDTLS_TEST_LINE_LENGTH); } else { - strncpy(mbedtls_test_info.line2, line, sizeof(mbedtls_test_info.line2)); + memcpy(mbedtls_test_info.line2, line, MBEDTLS_TEST_LINE_LENGTH); } + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } @@ -103,9 +231,17 @@ const char *mbedtls_test_get_mutex_usage_error(void) void mbedtls_test_set_mutex_usage_error(const char *msg) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + if (mbedtls_test_info.mutex_usage_error == NULL || msg == NULL) { mbedtls_test_info.mutex_usage_error = msg; } + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } #endif // #if defined(MBEDTLS_TEST_MUTEX_USAGE) @@ -113,17 +249,43 @@ void mbedtls_test_set_mutex_usage_error(const char *msg) unsigned mbedtls_test_get_case_uses_negative_0(void) { - return mbedtls_test_info.case_uses_negative_0; + unsigned test_case_uses_negative_0 = 0; +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + test_case_uses_negative_0 = mbedtls_test_info.case_uses_negative_0; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return test_case_uses_negative_0; } void mbedtls_test_set_case_uses_negative_0(unsigned uses) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + mbedtls_test_info.case_uses_negative_0 = uses; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_increment_case_uses_negative_0(void) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + ++mbedtls_test_info.case_uses_negative_0; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } #endif @@ -150,11 +312,19 @@ int mbedtls_test_platform_setup(void) ret = mbedtls_platform_setup(&platform_ctx); #endif /* MBEDTLS_PLATFORM_C */ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_init(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + return ret; } void mbedtls_test_platform_teardown(void) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_free(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + #if defined(MBEDTLS_PLATFORM_C) mbedtls_platform_teardown(&platform_ctx); #endif /* MBEDTLS_PLATFORM_C */ diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index 1ebaf46de..eb42a07eb 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -720,6 +720,8 @@ int execute_tests(int argc, const char **argv) mbedtls_fprintf(stdout, "----\n"); total_skipped++; } else { + char line_buffer[MBEDTLS_TEST_LINE_LENGTH]; + total_errors++; mbedtls_fprintf(stdout, "FAILED\n"); mbedtls_fprintf(stdout, " %s\n at ", @@ -731,13 +733,14 @@ int execute_tests(int argc, const char **argv) mbedtls_fprintf(stdout, "line %d, %s", mbedtls_test_get_line_no(), mbedtls_get_test_filename()); - if (mbedtls_test_get_line1()[0] != 0) { - mbedtls_fprintf(stdout, "\n %s", - mbedtls_test_get_line1()); + + mbedtls_test_get_line1(line_buffer); + if (line_buffer[0] != 0) { + mbedtls_fprintf(stdout, "\n %s", line_buffer); } - if (mbedtls_test_get_line2()[0] != 0) { - mbedtls_fprintf(stdout, "\n %s", - mbedtls_test_get_line2()); + mbedtls_test_get_line2(line_buffer); + if (line_buffer[0] != 0) { + mbedtls_fprintf(stdout, "\n %s", line_buffer); } } fflush(stdout); From 0710ac4ec88faa168876525e17e9b409ee13cd16 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 9 Jan 2024 17:20:58 +0000 Subject: [PATCH 014/132] Add ability to exclude mutex from tests We need to be able to exclude mbedtls_test_info_mutex() from the normal tests, as this mutex has to be locked to report mutex errors, and also reports as leaked, due to where it is initialised / free'd. Signed-off-by: Paul Elliott --- tests/src/threading_helpers.c | 137 ++++++++++++++++++++-------------- 1 file changed, 83 insertions(+), 54 deletions(-) diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c index 261d14175..0894700a3 100644 --- a/tests/src/threading_helpers.c +++ b/tests/src/threading_helpers.c @@ -117,40 +117,62 @@ static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex, * mbedtls_test_mutex_usage_check() will mark it as failed. */ } +extern mbedtls_threading_mutex_t mbedtls_test_info_mutex; + +static int mbedtls_test_mutex_can_test(mbedtls_threading_mutex_t *mutex) +{ + /* If we attempt to run tests on this mutex then we are going to run into a + * couple of problems: + * 1. If any test on this mutex fails, we are going to deadlock when + * reporting that failure, as we already hold the mutex at that point. + * 2. Given the 'global' position of the initialization and free of this + * mutex, it will be shown as leaked on the first test run. */ + if (mutex == &mbedtls_test_info_mutex) { + return 0; + } + + return 1; +} + static void mbedtls_test_wrap_mutex_init(mbedtls_threading_mutex_t *mutex) { mutex_functions.init(mutex); - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - mutex->state = MUTEX_IDLE; - ++live_mutexes; + if (mbedtls_test_mutex_can_test(mutex)) { + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + mutex->state = MUTEX_IDLE; + ++live_mutexes; - mutex_functions.unlock(&mbedtls_test_mutex_mutex); + mutex_functions.unlock(&mbedtls_test_mutex_mutex); + } } } static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex) { - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + if (mbedtls_test_mutex_can_test(mutex)) { + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->state) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "free without init or double free"); - break; - case MUTEX_IDLE: - mutex->state = MUTEX_FREED; - --live_mutexes; - break; - case MUTEX_LOCKED: - mbedtls_test_mutex_usage_error(mutex, "free without unlock"); - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; + switch (mutex->state) { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error(mutex, "free without init or double free"); + break; + case MUTEX_IDLE: + mutex->state = MUTEX_FREED; + --live_mutexes; + break; + case MUTEX_LOCKED: + mbedtls_test_mutex_usage_error(mutex, "free without unlock"); + break; + default: + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); + break; + } + + mutex_functions.unlock(&mbedtls_test_mutex_mutex); } - - mutex_functions.unlock(&mbedtls_test_mutex_mutex); } + mutex_functions.free(mutex); } @@ -160,26 +182,30 @@ static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex) * is to hold the passed in and internal mutex - otherwise we create a race * condition. */ int ret = mutex_functions.lock(mutex); - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->state) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "lock without init"); - break; - case MUTEX_IDLE: - if (ret == 0) { - mutex->state = MUTEX_LOCKED; - } - break; - case MUTEX_LOCKED: - mbedtls_test_mutex_usage_error(mutex, "double lock"); - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; - } - mutex_functions.unlock(&mbedtls_test_mutex_mutex); + if (mbedtls_test_mutex_can_test(mutex)) { + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + switch (mutex->state) { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error(mutex, "lock without init"); + break; + case MUTEX_IDLE: + if (ret == 0) { + mutex->state = MUTEX_LOCKED; + } + break; + case MUTEX_LOCKED: + mbedtls_test_mutex_usage_error(mutex, "double lock"); + break; + default: + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); + break; + } + + mutex_functions.unlock(&mbedtls_test_mutex_mutex); + } } + return ret; } @@ -188,23 +214,26 @@ static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex) /* Lock the internal mutex first and change state, so that the only way to * change the state is to hold the passed in and internal mutex - otherwise * we create a race condition. */ - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->state) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "unlock without init"); - break; - case MUTEX_IDLE: - mbedtls_test_mutex_usage_error(mutex, "unlock without lock"); - break; - case MUTEX_LOCKED: - mutex->state = MUTEX_IDLE; - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; + if (mbedtls_test_mutex_can_test(mutex)) { + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + switch (mutex->state) { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error(mutex, "unlock without init"); + break; + case MUTEX_IDLE: + mbedtls_test_mutex_usage_error(mutex, "unlock without lock"); + break; + case MUTEX_LOCKED: + mutex->state = MUTEX_IDLE; + break; + default: + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); + break; + } + mutex_functions.unlock(&mbedtls_test_mutex_mutex); } - mutex_functions.unlock(&mbedtls_test_mutex_mutex); } + return mutex_functions.unlock(mutex); } From 4cfd6a6bc6ca35f8debc069c2a1ff026756c303b Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 10 Jan 2024 19:15:45 +0000 Subject: [PATCH 015/132] Fix dependencies in pkcs5 aes-128-cbc tests These tests do not specify a hash function. This is an optional parameter with default value hmacWithSHA1, so these test cases are dependant on SHA-1 and not SHA-256 Signed-off-by: Ryan Everett --- tests/suites/test_suite_pkcs5.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index 3bd6b49f0..453ee231c 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -143,7 +143,7 @@ depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIP pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607" PBES2 Encrypt AES-128-CBC (OK) -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e" PBES2 Encrypt AES-192-CBC (OK) @@ -155,7 +155,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_ pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566" PBES2 Decrypt AES-128-CBC (OK) -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" PBES2 Decrypt AES-192-CBC (OK) From ae0b4bd04c10df2ca397844359c5a93f1c65e327 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 10 Jan 2024 19:19:10 +0000 Subject: [PATCH 016/132] Add more details to comments Signed-off-by: Ryan Everett --- include/mbedtls/oid.h | 4 +++- tests/suites/test_suite_pkcs5.data | 12 ++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 3a7f740c9..de8e4545e 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -300,7 +300,9 @@ #define MBEDTLS_OID_HMAC_RIPEMD160 MBEDTLS_OID_INTERNET "\x05\x05\x08\x01\x04" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) iso-identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1) hmacRIPEMD160(4)} */ /* - * Encryption algorithms + * Encryption algorithms, + * the following standardized object identifiers are specified at + * https://datatracker.ietf.org/doc/html/rfc8018#appendix-C. */ #define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG \ MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */ diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index 453ee231c..790a31ba0 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -142,27 +142,27 @@ PBES2 Decrypt (Invalid padding & PKCS7 padding enabled) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607" -PBES2 Encrypt AES-128-CBC (OK) +PBES2 Encrypt AES-128-CBC (OK, generated with OpenSSL) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e" -PBES2 Encrypt AES-192-CBC (OK) +PBES2 Encrypt AES-192-CBC (OK, generated with OpenSSL) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94" -PBES2 Encrypt AES-256-CBC (OK) +PBES2 Encrypt AES-256-CBC (OK, generated with OpenSSL) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566" -PBES2 Decrypt AES-128-CBC (OK) +PBES2 Decrypt AES-128-CBC (OK, generated with OpenSSL) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" -PBES2 Decrypt AES-192-CBC (OK) +PBES2 Decrypt AES-192-CBC (OK, generated with OpenSSL) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" -PBES2 Decrypt AES-256-CBC (OK) +PBES2 Decrypt AES-256-CBC (OK, generated with OpenSSL) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" From 1f935f50270f759c4223ef08dffb1f09312c516e Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 10 Jan 2024 19:26:19 +0000 Subject: [PATCH 017/132] Add AES tests to test_suite_pkparse Test data generated using openssl: openssl genpkey -algorithm rsa -out $OUT -$ALG Signed-off-by: Ryan Everett --- ..._pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem | 30 +++++++++++++++++++ ..._pkcs8_pbes2_pbkdf2_2048_aes192_sha256.pem | 30 +++++++++++++++++++ ..._pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem | 30 +++++++++++++++++++ tests/suites/test_suite_pkparse.data | 12 ++++++++ 4 files changed, 102 insertions(+) create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192_sha256.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem new file mode 100644 index 000000000..276c61313 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIV3y5ahakUYYCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBCcu2VAdIWUQawcrlhFDgV+BIIE +0JMB3FUnHGs5otXZJvxOkiIrliuQiDjy8AuctQdVNhArYeTfTxW6wZZxacDOAJT/ +JvxbpKRANBSCp+TOf5jMAHl11L8Pr7Z22HumPjJXyuTwntG/lYpWzHKLo+V2GGFo +8E5Q0uya0A+4sL80JQMKa6G4BZGdnOwD1krUPxrxsNXVRbsHcsewUc1nKshPlj0X +1A4Fe6IqgichLPODluJcJo6tWCrhKdDxyDzCdZ0ZiJpUgH7SPo3XZ6GO68nlSKz6 +vwChjrkUsmgDbeGr8yFP4kuaagRngMovGQXcYyNBDWZQYKM7uMqz6zuh4VJuvAJk +h/d8WDkFz6fJAEpqYYDBqVj5vGH3Xq0e4LzErJ0s8jQuOy66noiQIXF5U9V6sLvk +irbIyEVcBUWUIs2QCgEVbKRTNAzo3+V690etqVYx5mW8m3CenJ4TrrtsQJwOZlF5 +tz6a+RNjj5EZKRx5WoOQ/ZyQK77+dg4lO0MbaUptBawsLifCQANmJ7hOIl/aG8ae +8ZnBUFYR4Cmomkcb/OjabGv5iyizZ3esf5kfmhvaRDQN+V7Vx7Dy6lzzpJ3vhxoo ++VRCFAVIS+XPvGLynUvawHiSWlzYFKeX6t9ZriIDomVxZE/+zFbw6iQmE4pM6jS7 +mgwuVeKFeD0zVOI3I3pXN0NBZYZgkO3gdly6QbmETxkZB2ccv+Bqe/DdAi4Zq/JO +prW8x4o5wogfn5heVGB++Kh8l9jXxqqh8f8txNwfR0oli/TQdT78FgXcaWbQh+e+ +vFtIAIHlGK+u+FGPJm4DuyW5LY+lYE0aJMD9Bre8yWVy3aF4IZ9KQz4gxObQS/mu +CXHqPCiuwnjaiGFwf6IuTvX3hD+9j9XvGKZn8Y7U42iwzKdYD6qRAXn4+v1G9KIV +cPB1XBCpnEk8E+whjaht5EnAk2I/vesT3akfemgRxEegKS1Ziu/bwTId5mFLx3oV +ql0Nb8dAlIkpDTwxGK7FgRhUwutml6HvvYKtG10OqvrFV026pyQnkVMBGCUMRKvO +ddNAKOr8Mz0qrme0osCxVBdLxnVjvIwsiPBsX2INV86xW7DUe50u+mbCxu4eXCsA +zIJps5WP+ol4z04oZEUp9DEFxILO65MBmWd8y43UqRaaAOXYU+IZ5Tyx0wPcSAbb +iLMFwZ5uA3rIXSvzesgdiX5oJOY1+Y4hpBB6148u2YmKQsNLC0FLodEdXrrDacS4 +jJbc/Zlw2Q2u+YXBzec9hLGsA63qGybc8gmrYYoutwv4fYwSFx8N5AiENFYughBv +EyYXx/gjsSUJOZpI7VDcTS5YiqxRy8VBGXM/ewcvsNxjLTiyQz2Dv8PvGdCzJHbE +CelmFM+RKa/NzkIv/SwM5hXKCO8wpXT5HApXiTxCjonX/f4Uqu0JxiHYqvV7ih3p +k+9kE2eo3GzXWPG4DvcKpDd8pz0aAV02+AGZatRceg0wpOVzo+EC7c8V0SU4De9V +gLyYzY53HLbeqhPm3Yb0yt6fIBfcRxLi7A86K9c2+Na4BFLJPvf7pMQLmLlcdp1M +wKQhQw8DFxxstrup98H29r2n+XzPukhZawQfTEJwfx8y1Kp1UvJOeg/wL1PayyNv +0CQRRMZ0UEb3o6GjSyb3j98oGNe1LAvoykqc8QsBlP6f +-----END ENCRYPTED PRIVATE KEY----- \ No newline at end of file diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192_sha256.pem new file mode 100644 index 000000000..06bcd2802 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192_sha256.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIw3sKoAeJu8kCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEWBBB/MRVI6fUEUiqwEb+tcClNBIIE +0JH3R2rIt9cTB0FcsWjoHKFtVy1DTtHZUwk5FlHXm00ngB46gIDzAbTdow6WpspV +H3wJgwU//AAE4bwuZ/AcQlRz2M+OuO3GT47EhjKvXiS3OjrIvkXp24LCS3lSbFV+ +dGc6A2CXlSHF9c/umrKlRtVpSXsnBlVhggVyI/1RidBmCeF2i2205bt/Z2mjODo3 +SlSZjZ8GeFOnm/0zSBxgltbemgfsNMo1QOFRTXblzRE9Ldc5DCPgyCNDHOVUugO3 +lrf9Wyak2oiUtCG5cApaeDTedQv61YK+Zt/ptJmXps/N0nskb3X40ngs+buDuAVP +7uUTxP8ZkvQdVcWD/FNweAPssAGxDcWhacVxeuXdDb+ktjZuHnYJ06lC5nTdJAi3 +zRuvXpYNPQNBfU2MwYV4P4g67ltqdtfZcOiqMIqtb0rWu+dfS0cVPUZHBhHATFbA +Tvo0GtUKuhLzGP4Zr6RSJVlxkjbNtfrE3lS1b5HwaE04F6iagRdH1b6f00FfFXAr +oTFz4/ykkY9q7w3yTLfX/8B5EUbcXLzJBZrAWA1RmsV6aiAvgh94587QprRrL6dD +gcCTjLeVIFw4QNQvzkroErWQbEsZ33cAFB/qJDSEd1FgEMh4LsbHwGP8M/iQNaV1 +WWgh43j3XjwAC2f17okd/+1WxhwpugEJ8EeSfY3oONtyE8sAXRhPLpR1eouRqTmY +5032TNhf9hzNIvJ1eYwehCZfZkvuqJxGe6rXbV579qSThzUpfz6BYylS+xcf6nJP +JniG1RodX/AkkicmKja4fNcp7JDDsmBPU9pLOfr8SodUlimGEQ8PGNNYIrOjKbHe +BICi0ZDSxgt+pPUfjeF9VIcYHF7vUj15ovbd7uJSshmEIIxdX2YDzOjoJHYevsyZ +uZm2ONA90R9szgJMWP2ChKXaNF0UySaG3hueWDRa7GJMPRjpCvcwhAw29YHSvNOq +MbQmyyjFDAk07BFXvXSahSXODe0HPVTbyT8eP2SO7VMPuOWdxH9+adOl8KPCx0L7 +kwiPgnRhAGaevOZs8M80EEOC6JLR9hM9LVCHWnXD41NvGgCSmu8SwzKzKB3KBVas +aSb8XW7IuNFZh2o6FfmDKUp0uXoifWVWe96ertJrHckRbTd4ZpjK2bWChh3WxE9s +0EYG8PAu/NSW7ARPgXZ43f/nYieSQd01zty8Vj4io2gVpQDm0YtZrv/a+gW3HSQj +mBmdDOsQmpP9gfCnOJOILlE/+ouVYiGeSMFbKc1tde1FBtwt0RGQVM7KoRb7itNe +AntBerIDERzq83iXvalzYdB2qw9yzZwvf5hGvNn+rDCD3aZTrr6if9QrrVeDYcTd +TTOVeQx2RgtXv4xdiV4epS8e7xOgLZphC52E4WTRoBz1qEJRHGj1HX8REJ7Q47HK +cZr5IZdLuIulvPPWcY/KLw437h7njAMM2rT0HqL5yZA5Bcnpj/SCQGRHew7OacSK +p1WKw2C/R6MTGDFplefr/f3NUT4quWybfHQG3L3zqjSbKBS0pVPlA4SPwhSgev3P +v+sShYuWwLTiVfzep/nBRcz2W3CHtHI2oahjEI9Vm/7WSdjxl7tSrHlsy7JbVuOA +3PF6QbG2JWgnyfmmgtK86iTchMlxBgWe5S5lz6kZNUXN +-----END ENCRYPTED PRIVATE KEY----- \ No newline at end of file diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem new file mode 100644 index 000000000..eb2ee1456 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIcVlPn8HF5kcCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBA6UHwbVfKyYQwiCmyTPE/QBIIE +0Na0hdMyQvJvRUKDvR9Gds0VrwRjHq+WBCDcHfJJRS5RiSCWnOCifZHA/zYoYZ4j +rHnuzmheOuGZWjUkdZQ8kVKFGGCKQjHKHTlfDhVv/SQzwYYWVRyaubDC2SKYORKf +zCFzLjr8RCwBo0ubh9q+QvPrmvy/jZYHYruU7vGseS4vKnWwnXey0ii8L2qD71Fo +uH6WAMRc6xHzm1W2WSnFZvZFLwCmGg/LlHc34TdCgXyX8dhJsIAwlwuCStFWs194 +A5h5ZrLiDdpGCThn47H0jx8kzVcoY+dwuJXgNfzAbzDgbRyzCpQx7Fulzf36iyPO +fq1OrF0+DUSrEv1GJTXT4/1xlpaZgR2RT7in7jCSE7XyATBLRrL9nKAQCmLAARnb +ITLWUPMmxJJDLLn9faBt7ZpyRzLRqGMT6nRNBouAg8DWqqcRvBLfi3TxoQ/KS2BJ +HMtyTfSQpghAsUUqraquSfyLoA1+b47gO+H/grQIMMnfThGiUx9MLOGFAvQ3Um8R +aoTm8X8RuAH3BALA0m9isRww/yA/dw/03jtByDYMeQ/NAHAgL1proXqsojHIYN5v +6vesHcATHGiFnPY0kqKVyIN1G8n5Gji5P875GPq00WN2kPMLiBG9woq9yZ+l5HYu +ofpdtpQRgJJSmEBJgpvwxoJKTUa9mYN29klYiv97AwWj2D2VsJvjG+IlfVybUB26 +mkenc3Hve2V2JueYh8Oijl1j+plc61tYJ0WQloZHQWHSqCJkXEMqUX6DZZyxREix +8kUuWabSkxSq1uRxf7iG442oaer5mhktpbEMWyA22mJLfXBwNaULqlhZGdeqKz4N +zwE0vg1rug1ooLX/s85n6h0FMD+ANbbNU18hQaxmjiCETPp0txAVWpaGAQZsYkW2 +ff+Aj5Mer/qB/K/TBh+7c5PkwcpTTCF/HQ2XF3B30lsBhFmsbXBkvxThhgZkGHfO +EQrxsgc9pwQrM3WT70ZI3uMrN5DfK7Dp+AVwIIBlEeai6FEMpZkg/4tPYK4GkwWP +ZEzSBoUETO9up3NwKuYWS3VOAmsOO8qRXw9bynV2WxMZ8NTWDmSKX+MqYz28ejjK +/5EYX3uW1NVjz608QbzT3XxNtX9B/FTPT9OlK8IxeiOjfDG2fqe3k7bYBZGVC2/M +aCaVPTND8xHsodxIoYbEbF29YSV/FLtw1eQ3LpwDN5OCzXpiZ65A4PxnB3iPHoNl +8o76h2dcksN+NKsdjnRH95b9V8CVlc8QwLBSCWk5bkfTXLeSkDM14jpJ0+BCuAyD +bdCo+R32ItDlke/L6d+CtVbyhDJigdl9w9XKBJ3f9XKw6Q4RnuCNQf3fqo1h+vVs +Ia4Mau6XSKyyZtEH5F0mO0iwpYBxPz6S9u36WnI6ot2Ep8AlfjBTRbH0g/luPjaz +9Jiah0i9p79L3wMNJHfqkdkUvJyLKu0rTy23L0sw3Eg9rx2TErrlIWugoAi0peia +36sC82X78xIzOCq1XwaIojnyB0fqxJDn93BI9dKhnBzWP54oY/ckq+ixb1oBQ0Kx +sLWcOwbT/yprpo36ZMy1DcxjjVyEfRmzwJJ65qFk48XJ4JIswdmaFfYbZ8yQyRiy +coJGwITg1bspV4krBAspArmqN3D4LviHXojUMxD6Sx8R +-----END ENCRYPTED PRIVATE KEY----- \ No newline at end of file diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index f82dcb5e2..67723c91f 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -890,6 +890,18 @@ Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +Parse RSA Key #99.3 (Generated with OpenSSL, PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA256, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem":"PolarSSLTest":0 + +Parse RSA Key #99.4 (Generated with OpenSSL, PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA256, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192_sha256.pem":"PolarSSLTest":0 + +Parse RSA Key #99.5 (Generated with OpenSSL, PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA256, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem":"PolarSSLTest":0 + Parse Public RSA Key #1 (PKCS#8 wrapped) depends_on:MBEDTLS_PEM_PARSE_C pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs8_2048_public.pem":0 From d00a138075dd2032faeabb6a40b8196053b97a89 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 11 Jan 2024 17:23:15 +0000 Subject: [PATCH 018/132] Change test data for pkparse aes Test data generated using openSSL with: openssl pkcs8 -topk8 -v2 $ENC -v2prf hmacWithSHA384 -inform PEM -in $IN -outform PEM -out $OUT -passout "pass:PolarSSLTest" Signed-off-by: Ryan Everett --- tests/data_files/Makefile | 24 ++++++++ ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem | 56 +++++++++--------- ..._pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem | 30 ---------- ...cs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der | Bin 0 -> 1329 bytes ...cs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem | 30 ++++++++++ ..._pkcs8_pbes2_pbkdf2_2048_aes192_sha256.pem | 30 ---------- ...cs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der | Bin 0 -> 1329 bytes ...cs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem | 30 ++++++++++ ..._pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem | 30 ---------- ...cs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der | Bin 0 -> 1329 bytes ...cs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem | 30 ++++++++++ tests/suites/test_suite_pkparse.data | 30 +++++++--- 12 files changed, 163 insertions(+), 127 deletions(-) delete mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem delete mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192_sha256.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem delete mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 21ca489c1..cb4a683f7 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1045,6 +1045,30 @@ rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem +rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 aes-128-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der +rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 aes-128-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem +keys_rsa_enc_pkcs8_v2_2048_aes128cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem + +rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 aes-192-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der +rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 aes-192-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem +keys_rsa_enc_pkcs8_v2_2048_aes192cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem + +rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der +rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem +keys_rsa_enc_pkcs8_v2_2048_aes256cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem + rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem index 0d1b587f5..f917af2a4 100644 --- a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem @@ -1,30 +1,30 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIYFcs8Uhn2poCAggA -MAwGCCqGSIb3DQIKBQAwFAYIKoZIhvcNAwcECKCBLl+C+3nCBIIEyEnIPlXdh1e3 -+cnyhX7dCRzR/NsygcRBJUPdwRUMAaOo/t+oZxFmHnblchxQ+pFoHrI9GVwg8uID -meEHlzSSKt8kOTvJ3C148jRFJy61YH6k5GEN+z5ihS9uTszaXRUlEsGfP1/SzWY9 -ME+pX+0kwJ4az87mYKyNUwK4U5d65Ic30pvRJc4unvFtRz6wtwqU+EV283pXHfyc -VNgQFjb1IPHEz/PSuE9p94mQvdIbVmuK2dRiMag/HcABvVhxzLldKyEHHhrHR0pa -gc41+3HVjz0b6RPE24zNrxA9bU+1URGwlkIlh7Jpc/ZuYRj6LQ33xUdYZcMZw0b4 -pSFJcUgX+GUXLyWLqhIxxc+GIeL2Vt5G0ea5KEqxOvSj2bJV2/JA0KtmrcIjX5Kz -d/9bAvxatcqIikVNVkQpUc1glKiIBfVrmyJ4XUlX9i5F3cgl18zrYUI4zPSBn8o5 -yxSfCuIMx+3zS4BiyugGNOclIbpLMjQuMrXxrt7S+QlXfdbXvyNfxa3qfqf7/P2k -ykxl0z1bjvkck6XoFGXdb13isUEtY2NjujZKZe55BLGqr7FsIIQSTAHilwMpK+CV -fA1EL4ck1+7FV+l8fJ0nN1Li1xOnDeAFuO2m91uibNMYPvRSoX9c+HQKXCdGfiuk -5tfNaq8bbXeIJ/P8wTjMZqI2l6HZRuXvvmRHN2zZ4BSsT3+61xtvSTISEimDSm5T -hYY583LG5lpFoOC0Y4EUw/ltmQpKW7AGkLg7SyC9oKvoeWM4c2t8HrL3iKPXtkwd -A/iEfZTxzmR57u+ZMlbws0evPiZQml8voJnuT6qwbos7g7V/Pc3Rj+b84JZcI2Jz -D89/VudIHfFDTXC/gcSRG4bd0glILJHT9FOCAlX5TEuRyeWasoVOV+m3Pi8vQM1u -tCsjE9UdoIdhoI5j94VhzHApdD4fePcQW9DysYa2R10gWIZKUvhUHH3FWLR2X2gK -Wiz5YkhEGXBRtDHd4cx8EM1bJMKwFyYXjXTPGfGlGiPt8b9u4F++IlsKcgGgPIvh -2rIm4jHuN3LRRlFkJ5B0kuOOxZ6GBfxasS+Ix4DZoIfqZsGNI5Wu2ikGZOKxX7Ij -G9RvcdpVV8C2Y+M9qI2+x93WAtQ+NRJo4/+gJ0O9bVUhjjAmIHu2bMtbvr9aPJhd -OpB9VQxB3c5mEXkNOV52oOGnIGVjbJMb4e3/MRpWtTFVcX6r200Gn6Hn3MnWZXdd -H7pOpAowTcTlFcbJ0WWjfZygj5HKKUOFzPYNnXKizjzQhF6yK0mphKFY+8tpFQqB -mV/1HlWJTSsAmh/FN21B2qq+KRiwMdpzKIEKC47mK+dzzo1mrTqmExvbiaLG8upr -KMb/lEnSCasiZKTh71J3+5vUE+Nw73rYNZcdh7fj+GBK9KJ3hdKwYc/9yyQx1Lua -4aXnUM6vQAsV+OLYNQE8vXMRtuftbPbV9sqiBLPIc/0P2EJ9mbEye8FM+koHUCKo -xtJe5SK36DMwAas6tjimouVgWTcAdbq9r8jQlCJ1WxXPUcCJdv6pFQUGKQ+34TMK -uWOhErUNRdqel9DthU5ig5dZs2DqlzbRzWYosZc1B6Q4/nua2JiBi8IeqtPILr2a -JYJ9DNzxn07lcFHiVgrJuA== +MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI11AY9mDsg8QCAggA +MAwGCCqGSIb3DQIKBQAwFAYIKoZIhvcNAwcECDzvZWW4smTrBIIEyG/U2B5LazZZ +rzLUN7V38xI1ZR6rcBJreOk0QmVOSk9QMh+Kq+LmFwnY2NY+xikAfRJKWUsjk+h4 +DzCWn+nsrvU2wK582XThWYwJ79BIwkweUWV9l1Nfw0vyx/FkcTHE+eGPdABBL4BO +o4uajZso7tYY2+jyPobqSn18j2TInKbHR7lB5l6OAX9FsV0pGKYBgKxa9LTj7ufD +70G5WLHJAfnTX/6+wWktDOMMCPTXij3qA0fyu835shMUWQ+KUx0Dyp2A6qeprV1Z +nklRzevWsA4pbNMe+GG3WrRj52YRVuwDJjgTeq5rIfyoyLGv0ZUZsa/KEP/oToe9 +CmFPHWA2RDpK4zD8lscsjsOj+B0UREcSw9CdL91rFZkr++PuI3A1/T+3M8DkjLiB +CvSVziZLyZaqUVd0UdXrHyGeFxIMAx8xfYGiLi/EEay2zEScGbQ2kU+N1Vpuyu39 +PoEmqNOchoEkLeMVTYTQDfK3LgYQXpvdLCQQG76AqRIbuY+ZfYYw8eWyJhm78Qwx +fAenH4i5AjgJcV/5xiLpj+1trdefaCSp0Z8XY7ng/xyNCOOdSbBOPl4JnD6snYaT +06dtpowP7gcN3bZQo/r2XsH8F1VPvjG2wZ38R7aHlF8vjCZ1gUtCuraoM9AAdVoW +zWiptA4Lc5CAp+kDa2Nf5gyL0lvN/IbWYE23/OMTECmwG+O/HNtvltmdmYB8Ze6A +pdlkftjf/NvFsHloJS76SreR0tpWM8rGnSqQdecWLutgWP7HiK6C77UYv3b71SVj +ga5uv2l67UAj9EPTizZvLJjn0ubylfCW4eaPkEJBaYW4uG/3BcWzpLRnGyq6csMC +/tly2Y1L9dBqyZMIMW/ZFm8/64K8IRaSu/8mMGxjQ7VHeU6JSDk3G4by8jdYjLA2 +Y3tWYaelX8oE02jrwv47PPFWft/P+3Gjwo8lFq0zQTAk2C1vHs44jLzsOxfizo6s +mzmGh54JFsdE1tlYoa515Id2I27vjCvK6XbbgguinHaIsRgaRnCyyqEjO22z2zP3 +RpJD7FdugvZDepLfII1H8+JlbyBEd2zByMIPehIeM/HWWN0ukAgIz6yardrCYiuU +hXTqTz6bzaZMRJauPt/gpSvAx8kTKr9nXH2VRiToUs3ABjT9DN1/mQ1RlA0NmK1i +qfsMRXWzckaKgmJ8fglxEY7UR6fOqt3325yVQ/x49AKBxBDO9wmfpHEO3aQY7+H5 +hP/5tuc81226VFbyTERtTaEb/I+7iiImcWtVW4bB/1DgCu1NTlay6XaHOoclxcEE +N+d/3wDjSrsUhAKcK42wNPa74eSZy9ElJ+33xC56tqxhvo6YdG7VFu3S8qnhaXf1 +ijcRCw7vr2ShGMAhnloz4T+IX3ZGrzkVSXQG+rpaFag0b1QxeS6w/V7F8u+wljnq +1BzIfEjnE3lpR1eiZ8Ygu/n4kb7n5gHZqd1C8QiFZOGczX3uKFbH3/HOS20A+/6R +3rkjCQ+Uyxl3+wVdyOSpUCqtLfJBx69CM/6lDBPrliQ6DE94xKFrNEogG3IE36rW +oSCJcveg3cdbrHSqc+3m36FbQl2YKy8hgBwhrym2xHZ/ZS+acUQsN/V3VvEym3N6 +QXFLn3yqnmpr1g+yqXfQwA== -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem deleted file mode 100644 index 276c61313..000000000 --- a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIV3y5ahakUYYCAggA -MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBCcu2VAdIWUQawcrlhFDgV+BIIE -0JMB3FUnHGs5otXZJvxOkiIrliuQiDjy8AuctQdVNhArYeTfTxW6wZZxacDOAJT/ -JvxbpKRANBSCp+TOf5jMAHl11L8Pr7Z22HumPjJXyuTwntG/lYpWzHKLo+V2GGFo -8E5Q0uya0A+4sL80JQMKa6G4BZGdnOwD1krUPxrxsNXVRbsHcsewUc1nKshPlj0X -1A4Fe6IqgichLPODluJcJo6tWCrhKdDxyDzCdZ0ZiJpUgH7SPo3XZ6GO68nlSKz6 -vwChjrkUsmgDbeGr8yFP4kuaagRngMovGQXcYyNBDWZQYKM7uMqz6zuh4VJuvAJk -h/d8WDkFz6fJAEpqYYDBqVj5vGH3Xq0e4LzErJ0s8jQuOy66noiQIXF5U9V6sLvk -irbIyEVcBUWUIs2QCgEVbKRTNAzo3+V690etqVYx5mW8m3CenJ4TrrtsQJwOZlF5 -tz6a+RNjj5EZKRx5WoOQ/ZyQK77+dg4lO0MbaUptBawsLifCQANmJ7hOIl/aG8ae -8ZnBUFYR4Cmomkcb/OjabGv5iyizZ3esf5kfmhvaRDQN+V7Vx7Dy6lzzpJ3vhxoo -+VRCFAVIS+XPvGLynUvawHiSWlzYFKeX6t9ZriIDomVxZE/+zFbw6iQmE4pM6jS7 -mgwuVeKFeD0zVOI3I3pXN0NBZYZgkO3gdly6QbmETxkZB2ccv+Bqe/DdAi4Zq/JO -prW8x4o5wogfn5heVGB++Kh8l9jXxqqh8f8txNwfR0oli/TQdT78FgXcaWbQh+e+ -vFtIAIHlGK+u+FGPJm4DuyW5LY+lYE0aJMD9Bre8yWVy3aF4IZ9KQz4gxObQS/mu -CXHqPCiuwnjaiGFwf6IuTvX3hD+9j9XvGKZn8Y7U42iwzKdYD6qRAXn4+v1G9KIV -cPB1XBCpnEk8E+whjaht5EnAk2I/vesT3akfemgRxEegKS1Ziu/bwTId5mFLx3oV -ql0Nb8dAlIkpDTwxGK7FgRhUwutml6HvvYKtG10OqvrFV026pyQnkVMBGCUMRKvO -ddNAKOr8Mz0qrme0osCxVBdLxnVjvIwsiPBsX2INV86xW7DUe50u+mbCxu4eXCsA -zIJps5WP+ol4z04oZEUp9DEFxILO65MBmWd8y43UqRaaAOXYU+IZ5Tyx0wPcSAbb -iLMFwZ5uA3rIXSvzesgdiX5oJOY1+Y4hpBB6148u2YmKQsNLC0FLodEdXrrDacS4 -jJbc/Zlw2Q2u+YXBzec9hLGsA63qGybc8gmrYYoutwv4fYwSFx8N5AiENFYughBv -EyYXx/gjsSUJOZpI7VDcTS5YiqxRy8VBGXM/ewcvsNxjLTiyQz2Dv8PvGdCzJHbE -CelmFM+RKa/NzkIv/SwM5hXKCO8wpXT5HApXiTxCjonX/f4Uqu0JxiHYqvV7ih3p -k+9kE2eo3GzXWPG4DvcKpDd8pz0aAV02+AGZatRceg0wpOVzo+EC7c8V0SU4De9V -gLyYzY53HLbeqhPm3Yb0yt6fIBfcRxLi7A86K9c2+Na4BFLJPvf7pMQLmLlcdp1M -wKQhQw8DFxxstrup98H29r2n+XzPukhZawQfTEJwfx8y1Kp1UvJOeg/wL1PayyNv -0CQRRMZ0UEb3o6GjSyb3j98oGNe1LAvoykqc8QsBlP6f ------END ENCRYPTED PRIVATE KEY----- \ No newline at end of file diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der new file mode 100644 index 0000000000000000000000000000000000000000..00519400f2d3cc307206e207be2db90425a243dc GIT binary patch literal 1329 zcmV-11&LNQU&90Ul2Eo)JX--{dq z0tf&w3%ZY%eeqoARu;zjI@zJdnPpVp`i6rrw6Hoo8hZmKj(m zyO@1y#MGL4Q-xXe8ko%;AYVaFr9V=^YL05@I{bO-!^an{7_E(znO-lBbWfJl1%@tT zI>K<8U6T@2DS2w`Z8$|llZW7X4G}`TbUP3Nu_gAogQ_PQE<49}g0j&`M@gIY`&Bn| zrOKWZ8KeW?L4DRbV}FN{Z;lY&-aNqgN#x050n0b>cfU zd_&Krpp&lTGtP}tnAzXPTq&GKLa+`^!7NB}31JQ_0_=`SyR=s{gf?T8J2XM zASB2SiODzW97Ed2sfNzBR__T)hz;z^m@Sg^#Nu}GBo9$olPNY_qkWPS<;6DM2c+7L z#2#?#s6KFQa(8*(9xIVtI#|_YyJWcJxMTsMG%=17BpjF7J5cIaNfn&9XW45uc*EO! z$FZYW*Pnj7aEpzk??XJSfWJaO$+D#>V&IZA{k`wro-3{J-0&S2n7k3-#TjCnn;@2F zA(9Vx4vtGHAnJ2r-@BxS@Mds$2X%u7*3F}l2o4aePmr@O?phM}m6b3CrKW|*X*yQn ziYIJQ1vZOZ3&AAmzWQ|Z6Bt=~?z360evrKOrkTd+q{j}bm_SbCZ?^NH*E1qA-kY?cMD>wTO{K0B`Tpx=eIz_$?h3HN< z19JMlnuz7Ko9zxxadF8Prnq6Oi)i(r4VJ#hIs|6*=&{j1x{L4t^DGw&g>W-!)rA`b z578x{>`88E4*yx%U$9{GlpWt7LIFa?)71lwB)T{pO^sU3RAzWI zxfh3FGuzx|4HsExNO=XQ9Ug9+>OrhqwSV??Lvb0Vkpfh*?f25}ok-OlQgg|81R=9k zoqgjG^MMAx>t9FQc49CKTjomOI{4$UdG|MehhZ6l;{5>-URnmjf8?x$Su(jcJ@${_On|eFeC(;Q@>Kr8CEn zQ(W0dmSJaEx`Ln;`}I#C9$mh7q7bY148WmiqHp5345b#-t3qL0*~~tCY6`dPgNX`Z zWqnxO14QH+Gi)^UBNx)iEa7T;x)K1MO!u@BB8OqX#Q8#}-VK!t8yIehpfHqW^Y3(K z({<<7=6imND`5{JXz&R=dWSPPxI)KRuSG!}InsW^4JHY4h}_3i1jKv6;K^(d9gFjk nMO~mF7aa(U$AS9&{!Wj~?w6I4+#BDS`nq#=?~*tQPhcl(&LNQU&90UkDqAt z0tf&w3s=)T1cC(6 zw1rOHCLzruT3Ix3J_9NIrY7AGr$y*Qzw;EXj z<&j5hSL_w*-o13>$vVmQI;Cp#Ok!Ph`r4$Ql#*>^ojHksgxQRr0XZz$!{2_l8_(+I zr7uv^4_*~vS!;QIqN$-6f3=a#H^6MhBg?%oCde1CEVZ-N=$Ac0;dDjOQv#6rZ)2K@ zGlO3-jMQl(Ysh0DQTUiSkvjjS6iyw?PoBHUlYv&&X-|@HM4E0H7+cV(lHw!Q!84c% zyo_9oDfuCuz*69T9071$1Y1(rdv^)8CEmfRk75kkg>^URz&fuXQqtqfj7mZvy1zN& z(_CZuXcu929yaIpB`aKsh9*45cklI9lLOR7aL}152K@>IVGL+NOg6xd${4J5$F%r z^5PZh|KWE~R#Q6dm8ZV%IO&@U_-^1DTa>C^^`41X!+8!wXBKw2qq?wiK|p1i%{t$7^ZBus*7`?3R>BKd9nzx!s_U zrwu9U>Y@PKa31p)iNITu5y3gV$JZFx$c0kuqh~nZEF)DkwR#8UoQ1{1Qxo?UVslo~!) z$QD*JnmrdD$K&U6K|pGdDIqYy^00{Wqa6@$?5u+fkh_9Ob{t`kXbCx{5dy-8K>7W- z-qd{JgAmDY2r2g^oZJC+iu*(ZVbsetqdAhUaFgnY1aux2h$G$Wl1gKuW*dWQ%T$;y&8Aa(Ogt20+!tSs^UjvYeAWL9NRyiUppyk2HbZW=(3n zYfj~ebCIe=SkfC>8Xin;?qHi-UI@_ey-35pa^HvfLfGCZPHr|WhLvAC0I`u0BAL2+ zdFLtO5-6TbB|6I7kiA^WrjtKCWd`e~hIu(BwW&nRE0I+wMh=_2n~RYu_<_DYkZg{#%}D1{ieTo8$L7)EnlvXhoCLH(Vo zi_3;~>=ZS+aZARUkotfCa4rxgua1Y>W7$|;j4-`m|E@xuI3Q_Ie-(xX#5Vl$)KG`q z6c;pI`0GL?cbpq;BL!%+tH2AMWLWliX{SnjSx3$`W@$MRuuo*h@q(#BCjo93Cd}fK zUOPg&oYK)RXX@(LuRPpcuRb9C8{GtVPMR^8bzN$N;R65di{z%Ob%Nxcg2%;#9mTIM ns%=zS6I21S<3ME|Frcv4-lguEO{pvGT=rW>2CCR71B_Rj1p{}Z literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem new file mode 100644 index 000000000..0a36a716d --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI8i+OtR0wbD0CAggA +MAwGCCqGSIb3DQIKBQAwHQYJYIZIAWUDBAEWBBBHvOq1294P18bekzyYVp4QBIIE +0AJnZHjPZcPYKdSNaNfPfc2s+UmTgYeLCun5sd+9KIYyozJ2ljZTijsdp/hItWTu +DmHrfLTLV8mtL/OFJ83u0rDoHVfSrDLwFMAy/nmbtlLYPFEfU9MQ8s2OtvKuobmI +b3x7b+MrTlG5ConptsQQw5tl3dza9DZGfHUnO2EzXorytSMLFCGeQskzbN7Y/Sbf +2+IL5yoifcfPddTbKDyTa77K2516tK2+WTU/VUfv2r5d5SiivZLuMjIYrbneHYoq +hW30BZozCqJKJ5G2jwNjLUjPirA6qtS0Y1tIb5rRjZ0pSy1X5oIQL2laZLrDo9gP +/Ud8m1k2nv9Uv9HPM+G4xCMSiJVaptYPyzFQACcSdA/BVUdBC0EwzIj2nbaoAlM0 ++sZ2Asbohnds/AsDz+/b6MaMKg9Onoort0zF/HtpSII6+WSmvGOaV2469JEIvZlU +JIn1YugpDPIe6/B35J9sYfvVNKVsvJntCKxmcz6Nw2VvPKXC3o/bseBqAhLKDMZZ +Hr3id3O7bN2ng3lKuGofmQeMYnW4zb4coXytdc/XCvf63xE0NsUEBFuRMpc9iocC +2RMBEzNyE4tnigI61T/zkpwgBic1p/isGoXMdPWl+Z+IAIYgyxOVwO9g78yVW9tp +1xF9WzJrGHKNT9RLmINyo3jt/wRj8Q+T0EG45cDQcHwpyXdNS614hUCIaeTvQcR9 +8F+f4D8IvL+GJt2EtbqL+D687X/hptNehpFf+uxGiHQfrtOvYS/ArNrewa1ts9nq +SMAE7Hb7MzFdnhDqRFBa+//H1jvNkDx3qXfb1/MNE8pR6vjcueKKQ0BzlrNX1O2C +oz0OCMeDfXZhWdYmNjLNcdbonrvq5Z9nOUEdw2lNWELT4lOAmqgA/xBFdQa4glCx +WS1r6DyjgTdGlPbcGugRuTcYXNx6iikWzoS1369maz+WV9qW7r8kA1Fs7WUiYnOb +I1E06yQKVANe+t2SQYN2jPK3EsFFOBxG9tlcXbZVxvx9m6XJR7f7YnLPN+b0f1qF +cT2c5IhK5pKRiZds82lWBnk+eli+qUXILIBbDvBmY4PyPk+kyewAHI1HWBfoSH/3 +aLIV6JPgwjAJKnr0++jUqETID/yGyLHNNy1u4ALyAfbFVU//RGmwAxhrBNPdVVGb +rBfKL+VL8Hu/m5XWXez0nHKyD8J1i/XO1OutBsXYxEn6Xnu9rJn8F6nJ+XB3zt6K +QdkUp85t3GM0wyizuPRWJrSVfYyjV41yEBXqe2lgqTT9dpvpgIRtvUeq83e8PD/3 +6qKoeTv+3cppCFZ3vLArGvsvRTcbfc3YEzXxz6gc/1HTzd8UpCnA/9+jepG3IzRL +1bLs8QVzIBAT/UpuC6QWUdAR/JZMEFLU5FnRh6oXuh2Zys66Ot7LyNhnGlSEPlXI +polURx0bew+QigBGiH7NpyMgRi9Wh+1HOA/wsAp4X7O+DhaX6vdiDbQoilN1LclU +TRFShpuaxwRA1ek2Jz3JLn7wCsGaVXrd2v/CgrxofCWzGjR2RWj9hAkV4eoJ3G6A +x3DhMRrqXc/O3ON9TyhKBZP1g35In5bZmBUv/o+7eYV7KDETxPwsD3A+dCqUJObU +kyZehu2DsfyZFI98SnecRpb0M0vi6ZZueCykOVec6xkX +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem deleted file mode 100644 index eb2ee1456..000000000 --- a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIcVlPn8HF5kcCAggA -MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBA6UHwbVfKyYQwiCmyTPE/QBIIE -0Na0hdMyQvJvRUKDvR9Gds0VrwRjHq+WBCDcHfJJRS5RiSCWnOCifZHA/zYoYZ4j -rHnuzmheOuGZWjUkdZQ8kVKFGGCKQjHKHTlfDhVv/SQzwYYWVRyaubDC2SKYORKf -zCFzLjr8RCwBo0ubh9q+QvPrmvy/jZYHYruU7vGseS4vKnWwnXey0ii8L2qD71Fo -uH6WAMRc6xHzm1W2WSnFZvZFLwCmGg/LlHc34TdCgXyX8dhJsIAwlwuCStFWs194 -A5h5ZrLiDdpGCThn47H0jx8kzVcoY+dwuJXgNfzAbzDgbRyzCpQx7Fulzf36iyPO -fq1OrF0+DUSrEv1GJTXT4/1xlpaZgR2RT7in7jCSE7XyATBLRrL9nKAQCmLAARnb -ITLWUPMmxJJDLLn9faBt7ZpyRzLRqGMT6nRNBouAg8DWqqcRvBLfi3TxoQ/KS2BJ -HMtyTfSQpghAsUUqraquSfyLoA1+b47gO+H/grQIMMnfThGiUx9MLOGFAvQ3Um8R -aoTm8X8RuAH3BALA0m9isRww/yA/dw/03jtByDYMeQ/NAHAgL1proXqsojHIYN5v -6vesHcATHGiFnPY0kqKVyIN1G8n5Gji5P875GPq00WN2kPMLiBG9woq9yZ+l5HYu -ofpdtpQRgJJSmEBJgpvwxoJKTUa9mYN29klYiv97AwWj2D2VsJvjG+IlfVybUB26 -mkenc3Hve2V2JueYh8Oijl1j+plc61tYJ0WQloZHQWHSqCJkXEMqUX6DZZyxREix -8kUuWabSkxSq1uRxf7iG442oaer5mhktpbEMWyA22mJLfXBwNaULqlhZGdeqKz4N -zwE0vg1rug1ooLX/s85n6h0FMD+ANbbNU18hQaxmjiCETPp0txAVWpaGAQZsYkW2 -ff+Aj5Mer/qB/K/TBh+7c5PkwcpTTCF/HQ2XF3B30lsBhFmsbXBkvxThhgZkGHfO -EQrxsgc9pwQrM3WT70ZI3uMrN5DfK7Dp+AVwIIBlEeai6FEMpZkg/4tPYK4GkwWP -ZEzSBoUETO9up3NwKuYWS3VOAmsOO8qRXw9bynV2WxMZ8NTWDmSKX+MqYz28ejjK -/5EYX3uW1NVjz608QbzT3XxNtX9B/FTPT9OlK8IxeiOjfDG2fqe3k7bYBZGVC2/M -aCaVPTND8xHsodxIoYbEbF29YSV/FLtw1eQ3LpwDN5OCzXpiZ65A4PxnB3iPHoNl -8o76h2dcksN+NKsdjnRH95b9V8CVlc8QwLBSCWk5bkfTXLeSkDM14jpJ0+BCuAyD -bdCo+R32ItDlke/L6d+CtVbyhDJigdl9w9XKBJ3f9XKw6Q4RnuCNQf3fqo1h+vVs -Ia4Mau6XSKyyZtEH5F0mO0iwpYBxPz6S9u36WnI6ot2Ep8AlfjBTRbH0g/luPjaz -9Jiah0i9p79L3wMNJHfqkdkUvJyLKu0rTy23L0sw3Eg9rx2TErrlIWugoAi0peia -36sC82X78xIzOCq1XwaIojnyB0fqxJDn93BI9dKhnBzWP54oY/ckq+ixb1oBQ0Kx -sLWcOwbT/yprpo36ZMy1DcxjjVyEfRmzwJJ65qFk48XJ4JIswdmaFfYbZ8yQyRiy -coJGwITg1bspV4krBAspArmqN3D4LviHXojUMxD6Sx8R ------END ENCRYPTED PRIVATE KEY----- \ No newline at end of file diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der new file mode 100644 index 0000000000000000000000000000000000000000..136cfb95e32e5143abc65618e79f96451fd28030 GIT binary patch literal 1329 zcmV-11&LNQU&90UlPFNBb^`2A)A z0tf&w3kOAoM$#BWCe;yF90r!C6437^Gmkxb z6=IPvb6A~Dmmx@3E=cXmLHrw}eg&2zHndfJC0t%@gyF4xb`}?B_i(Mdw^FRcKTBte zU*^b607){JM%gpYJEWzju79RR@x(2k^puv&OD_abvLlZlHE%T@#)9A%W6t*UAh>gGbdPAQYC6!JHqky;<0Ozm zolz-jLW#XtT3yqU$}^8NX((*G`uSr|4He97P`5l!pS$@n+|^%0B0O|Pstw=ptbF)m zO=)eFvX`~?7l#Hj^6b@LO{;8$)uH;vgy6g=+4;`=u<(G|aZ8T~|vk&bbbZw=0Z=KK!GM}$bLL7B4q+U7JW5#^L{^*1Tz zEcd~DlUlMIhZOQkm%Yo**$rIb6XtGpfMC5ezcUG3)BsBFgKSnSq0| z0foW^wRcq&z+&WteMR29r$iI*T9fg= zGtMxK*XXNIDFBgJvnx~X8Wrgl*YL)#n6^gGMRu)8nN=Bd0T8avR+NDc}rqJpooRY#SgEDxX1o z!;iFYe$AG(HF5a8|@-Zb*}RGQ)caSspz0vV9o*h#L$UPkcRc!F6o&lseF zE{@cQp227{jt)>|s|5?gQ(<~wqwT^HqDKmwjRjH0Ve4Wi6K;Jn`bAXZf1Z|I66?PN ze@)7^ZlIL6hgLWP83ndXIO!d=PKCSe54!iX7^$*&$t%iYONE5yji<;@4fyli!;u2v zsMu6C-IQ1;+ogM2O-#w@)$LS}bXFLBRRz+C2p@MaVv`M`-lf?bnlg{`km nxyhPoC#DQYb>O3IxZu#v);EsqKdk4Z(g8)DM}S@RkHrM!rGa_o literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem new file mode 100644 index 000000000..da2e90f79 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIhWg0Xe90dAcCAggA +MAwGCCqGSIb3DQIKBQAwHQYJYIZIAWUDBAEqBBCRE60k0URZBki+hlzaxgZgBIIE +0Hffn1sg3qNNUkFDHdbvU9E3+aaMJKWqDS4bUqGguT7Tz36TPM1drUZSFyWvPgNY +dXonxu+2h6jzRny0clPyp3kCbJEqgvyj0laKNAfV1fmJRVkIFiCMs0iBLQnyjAJb +IJ8hGxsnotdvmL3oTvHq0YawPXRXVDC4qeO+PzcDjSZ62E+Bz1bE2/tLif1BKd0k +QbccsD9pCyF8pauCAxgN2AWWdus3IzH+hWUf4DTT7AhCdYNijY+ZmBgKGkJoJWwl +aIZrPGJ7tNIDecQt86xLffKifI/b2dO5e3Q1NgNzHM77ncoeLr9nFSlsc2W3qA/A +gEDcuGj1ujchKK70Phfz50HMfnP3pCqLk8jDI78/TSvHDiblF68hsUbAsvbtHNu6 ++AXlDdSU2bcRyQRsjvaf2lMLt+qkUX+P640SKnXIYa1o9dv4+alE4XTZaimmOnao +DjYm6bTHAYcE//DW/LXt7V+q1KCPqpoHMR140vyjIRN8uEcPXyTka6lU34ypIhUb +N7ggLrXrCjh3nJo+nCtXOIMf9O9eD9I/0i8dktZFuTRj1sO/z9J/xFxHTdBG/BB5 +1MEmwriRubrw5Ud+uXnRq+lg5rW3n4+5TBvwYq/GLfyj36ojegbE8OdMfJJqCdd4 +zywMXwYiMi76gYAwEL60DWRn+3vud02QwY8hBXfiOPq2kxazvZM5SWy/1bPgStkn +fG9uzE8n/ABZA0XWuV8hNAcxYlS+0s3IguvvHogQtQMYTTg/D3OODpc0f/+y3O8N +qI5Iym1SrWpnF8vVFZsMblMDr+tbeCvYQ+HuaTc0L5cpAozoY7iCzuqwDHFrYTzC +rSZ70V+FQ956m4xkCBu6TrzqzhA8zfDFs3z9LfV62v9zLgUS8uCKSKWxznM0IdiE +ZnNrwaE1xsO5QN8LfvlO4NVVxN/ATie5tmlLndS4c2ZkswcR3WM6cW1buVaIPsz7 +lU7sbd/I9pWpzd3eZNkVrWpyWxvFQxBUNNC5IXcgRBZsGgVGRw35LBlWXKluKrVi +Z/FAf23dt3n2S4dtJ+Fd2+YL/YiK0lqtrm+GkSjmMvVQ57PJn8QvW359e4QsxDyN +wv6iEQDUqZcQ89ggdGdoSFFgBtFACc9iCKsu5AjTJl+Tql/A3FV7SwYDfZwQuT4e +gc4dZPuSSVd8cttUeFUmtrPCMx2nP7ZDVYFrZyK07eAIL89gv3bYWu8R/wMKNvzr +g0Ao0+AnfLJg11C8pAhJea1dxwu7g6LSpA+oCZov4RpqUnLKMCpPbypyFhSizZtF +evDMf+5aUAbe0+ZsCjUT+RftpzYCPV9uGhYhLMIFRP/7FCcHMrDn7CbAektm063U +EwP2O1rUrMhPWqRztx71cGBloeVPE8Ddwnsorr4M7EXihZcvNsLfz3N9NUopkU3M +sM2fEAnq2KMyrrwVGRSHvm70gUDpJeFanRBsI9z1Tr4r3utHIIQ+0u9pFPbQln0Q +4X4U7KbKC4leTYGMPMFOPXihiMTazNcs232stAYUYe6/DmVX/p2dJHvHux5qBGIW +Rbv7OuwazOsDqNfrqZTesENIGl/KPoNXiolp/YtG3DHQ1vDjEj/XTOVWWkBDXVgP +ut4Pi20hvFBwvEBtypAgi1VLcad5+dlrEwryewlLLw5h +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 67723c91f..a8d6536e9 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -890,17 +890,29 @@ Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Parse RSA Key #99.3 (Generated with OpenSSL, PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA256, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128_sha256.pem":"PolarSSLTest":0 +Parse RSA Key #99.3 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem":"PolarSSLTest":0 -Parse RSA Key #99.4 (Generated with OpenSSL, PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA256, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192_sha256.pem":"PolarSSLTest":0 +Parse RSA Key #99.4 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem":"PolarSSLTest":0 -Parse RSA Key #99.5 (Generated with OpenSSL, PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA256, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256_sha256.pem":"PolarSSLTest":0 +Parse RSA Key #99.5 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem":"PolarSSLTest":0 + +Parse RSA Key #99.6 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384 DER, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der":"PolarSSLTest":0 + +Parse RSA Key #99.7 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384 DER, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der":"PolarSSLTest":0 + +Parse RSA Key #99.8 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384 DER, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der":"PolarSSLTest":0 Parse Public RSA Key #1 (PKCS#8 wrapped) depends_on:MBEDTLS_PEM_PARSE_C From a90378c425a56af060f29ee1c9bdb6788e174ba6 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 12 Jan 2024 10:24:00 +0000 Subject: [PATCH 019/132] Restore previous version of rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem Signed-off-by: Ryan Everett --- ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem | 56 +++++++++---------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem index f917af2a4..0d1b587f5 100644 --- a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem @@ -1,30 +1,30 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI11AY9mDsg8QCAggA -MAwGCCqGSIb3DQIKBQAwFAYIKoZIhvcNAwcECDzvZWW4smTrBIIEyG/U2B5LazZZ -rzLUN7V38xI1ZR6rcBJreOk0QmVOSk9QMh+Kq+LmFwnY2NY+xikAfRJKWUsjk+h4 -DzCWn+nsrvU2wK582XThWYwJ79BIwkweUWV9l1Nfw0vyx/FkcTHE+eGPdABBL4BO -o4uajZso7tYY2+jyPobqSn18j2TInKbHR7lB5l6OAX9FsV0pGKYBgKxa9LTj7ufD -70G5WLHJAfnTX/6+wWktDOMMCPTXij3qA0fyu835shMUWQ+KUx0Dyp2A6qeprV1Z -nklRzevWsA4pbNMe+GG3WrRj52YRVuwDJjgTeq5rIfyoyLGv0ZUZsa/KEP/oToe9 -CmFPHWA2RDpK4zD8lscsjsOj+B0UREcSw9CdL91rFZkr++PuI3A1/T+3M8DkjLiB -CvSVziZLyZaqUVd0UdXrHyGeFxIMAx8xfYGiLi/EEay2zEScGbQ2kU+N1Vpuyu39 -PoEmqNOchoEkLeMVTYTQDfK3LgYQXpvdLCQQG76AqRIbuY+ZfYYw8eWyJhm78Qwx -fAenH4i5AjgJcV/5xiLpj+1trdefaCSp0Z8XY7ng/xyNCOOdSbBOPl4JnD6snYaT -06dtpowP7gcN3bZQo/r2XsH8F1VPvjG2wZ38R7aHlF8vjCZ1gUtCuraoM9AAdVoW -zWiptA4Lc5CAp+kDa2Nf5gyL0lvN/IbWYE23/OMTECmwG+O/HNtvltmdmYB8Ze6A -pdlkftjf/NvFsHloJS76SreR0tpWM8rGnSqQdecWLutgWP7HiK6C77UYv3b71SVj -ga5uv2l67UAj9EPTizZvLJjn0ubylfCW4eaPkEJBaYW4uG/3BcWzpLRnGyq6csMC -/tly2Y1L9dBqyZMIMW/ZFm8/64K8IRaSu/8mMGxjQ7VHeU6JSDk3G4by8jdYjLA2 -Y3tWYaelX8oE02jrwv47PPFWft/P+3Gjwo8lFq0zQTAk2C1vHs44jLzsOxfizo6s -mzmGh54JFsdE1tlYoa515Id2I27vjCvK6XbbgguinHaIsRgaRnCyyqEjO22z2zP3 -RpJD7FdugvZDepLfII1H8+JlbyBEd2zByMIPehIeM/HWWN0ukAgIz6yardrCYiuU -hXTqTz6bzaZMRJauPt/gpSvAx8kTKr9nXH2VRiToUs3ABjT9DN1/mQ1RlA0NmK1i -qfsMRXWzckaKgmJ8fglxEY7UR6fOqt3325yVQ/x49AKBxBDO9wmfpHEO3aQY7+H5 -hP/5tuc81226VFbyTERtTaEb/I+7iiImcWtVW4bB/1DgCu1NTlay6XaHOoclxcEE -N+d/3wDjSrsUhAKcK42wNPa74eSZy9ElJ+33xC56tqxhvo6YdG7VFu3S8qnhaXf1 -ijcRCw7vr2ShGMAhnloz4T+IX3ZGrzkVSXQG+rpaFag0b1QxeS6w/V7F8u+wljnq -1BzIfEjnE3lpR1eiZ8Ygu/n4kb7n5gHZqd1C8QiFZOGczX3uKFbH3/HOS20A+/6R -3rkjCQ+Uyxl3+wVdyOSpUCqtLfJBx69CM/6lDBPrliQ6DE94xKFrNEogG3IE36rW -oSCJcveg3cdbrHSqc+3m36FbQl2YKy8hgBwhrym2xHZ/ZS+acUQsN/V3VvEym3N6 -QXFLn3yqnmpr1g+yqXfQwA== +MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIYFcs8Uhn2poCAggA +MAwGCCqGSIb3DQIKBQAwFAYIKoZIhvcNAwcECKCBLl+C+3nCBIIEyEnIPlXdh1e3 ++cnyhX7dCRzR/NsygcRBJUPdwRUMAaOo/t+oZxFmHnblchxQ+pFoHrI9GVwg8uID +meEHlzSSKt8kOTvJ3C148jRFJy61YH6k5GEN+z5ihS9uTszaXRUlEsGfP1/SzWY9 +ME+pX+0kwJ4az87mYKyNUwK4U5d65Ic30pvRJc4unvFtRz6wtwqU+EV283pXHfyc +VNgQFjb1IPHEz/PSuE9p94mQvdIbVmuK2dRiMag/HcABvVhxzLldKyEHHhrHR0pa +gc41+3HVjz0b6RPE24zNrxA9bU+1URGwlkIlh7Jpc/ZuYRj6LQ33xUdYZcMZw0b4 +pSFJcUgX+GUXLyWLqhIxxc+GIeL2Vt5G0ea5KEqxOvSj2bJV2/JA0KtmrcIjX5Kz +d/9bAvxatcqIikVNVkQpUc1glKiIBfVrmyJ4XUlX9i5F3cgl18zrYUI4zPSBn8o5 +yxSfCuIMx+3zS4BiyugGNOclIbpLMjQuMrXxrt7S+QlXfdbXvyNfxa3qfqf7/P2k +ykxl0z1bjvkck6XoFGXdb13isUEtY2NjujZKZe55BLGqr7FsIIQSTAHilwMpK+CV +fA1EL4ck1+7FV+l8fJ0nN1Li1xOnDeAFuO2m91uibNMYPvRSoX9c+HQKXCdGfiuk +5tfNaq8bbXeIJ/P8wTjMZqI2l6HZRuXvvmRHN2zZ4BSsT3+61xtvSTISEimDSm5T +hYY583LG5lpFoOC0Y4EUw/ltmQpKW7AGkLg7SyC9oKvoeWM4c2t8HrL3iKPXtkwd +A/iEfZTxzmR57u+ZMlbws0evPiZQml8voJnuT6qwbos7g7V/Pc3Rj+b84JZcI2Jz +D89/VudIHfFDTXC/gcSRG4bd0glILJHT9FOCAlX5TEuRyeWasoVOV+m3Pi8vQM1u +tCsjE9UdoIdhoI5j94VhzHApdD4fePcQW9DysYa2R10gWIZKUvhUHH3FWLR2X2gK +Wiz5YkhEGXBRtDHd4cx8EM1bJMKwFyYXjXTPGfGlGiPt8b9u4F++IlsKcgGgPIvh +2rIm4jHuN3LRRlFkJ5B0kuOOxZ6GBfxasS+Ix4DZoIfqZsGNI5Wu2ikGZOKxX7Ij +G9RvcdpVV8C2Y+M9qI2+x93WAtQ+NRJo4/+gJ0O9bVUhjjAmIHu2bMtbvr9aPJhd +OpB9VQxB3c5mEXkNOV52oOGnIGVjbJMb4e3/MRpWtTFVcX6r200Gn6Hn3MnWZXdd +H7pOpAowTcTlFcbJ0WWjfZygj5HKKUOFzPYNnXKizjzQhF6yK0mphKFY+8tpFQqB +mV/1HlWJTSsAmh/FN21B2qq+KRiwMdpzKIEKC47mK+dzzo1mrTqmExvbiaLG8upr +KMb/lEnSCasiZKTh71J3+5vUE+Nw73rYNZcdh7fj+GBK9KJ3hdKwYc/9yyQx1Lua +4aXnUM6vQAsV+OLYNQE8vXMRtuftbPbV9sqiBLPIc/0P2EJ9mbEye8FM+koHUCKo +xtJe5SK36DMwAas6tjimouVgWTcAdbq9r8jQlCJ1WxXPUcCJdv6pFQUGKQ+34TMK +uWOhErUNRdqel9DthU5ig5dZs2DqlzbRzWYosZc1B6Q4/nua2JiBi8IeqtPILr2a +JYJ9DNzxn07lcFHiVgrJuA== -----END ENCRYPTED PRIVATE KEY----- From 86d5347930557f2d0de6d30292d100a08968e757 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 12 Jan 2024 10:31:31 +0000 Subject: [PATCH 020/132] Mention PK parse in changelog Signed-off-by: Ryan Everett --- ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt b/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt index e00c1e0a6..7f0fbc7e9 100644 --- a/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt +++ b/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt @@ -1,3 +1,3 @@ Features * Add support for using AES-CBC 128, 192, and 256 bit schemes - with PKCS#5 PBES2. + with PKCS#5 PBES2. Keys encrypted this way can now be parsed by PK parse. From e2f66620211cc16f54183d5b230c90ada22330ad Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 19 Jan 2024 20:22:24 +0000 Subject: [PATCH 021/132] Make test data static now it has accessors Signed-off-by: Paul Elliott --- tests/src/helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 1bad819ac..724fb59de 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -24,7 +24,7 @@ static mbedtls_platform_context platform_ctx; #endif -mbedtls_test_info_t mbedtls_test_info; +static mbedtls_test_info_t mbedtls_test_info; #ifdef MBEDTLS_THREADING_C mbedtls_threading_mutex_t mbedtls_test_info_mutex; From 3d2db89d5cd878d59be8edaab87e177f11e0ac00 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 19 Jan 2024 20:42:56 +0000 Subject: [PATCH 022/132] Access the test data mutex via accessor Remove the use of extern and instead use an accessor to get the address of the test info mutex (defined only if MBEDTLS_TEST_MUTEX_USAGE is defined, to hopefully stop more general usage) Signed-off-by: Paul Elliott --- tests/include/test/helpers.h | 16 +++++++++++++++- tests/src/helpers.c | 10 +++++++++- tests/src/threading_helpers.c | 4 +--- 3 files changed, 25 insertions(+), 5 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 73459d992..f2fb62d93 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -37,6 +37,7 @@ #if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \ defined(MBEDTLS_TEST_HOOKS) +#include "mbedtls/threading.h" #define MBEDTLS_TEST_MUTEX_USAGE #endif @@ -230,8 +231,21 @@ void mbedtls_test_set_step(unsigned long step); */ void mbedtls_test_info_reset(void); +#ifdef MBEDTLS_TEST_MUTEX_USAGE /** - * \brief Record the current test case as a failure if two integers + * \brief Get the test info data mutex. + * + * \note This is designed only to be used by threading_helpers to avoid a + * deadlock, not for general access to this mutex. + * + * \return The test info data mutex. + */ +mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void); + +#endif /* MBEDTLS_TEST_MUTEX_USAGE */ + +/** + * \brief Record the current test case as a failure if two integers * have a different value. * * This function is usually called via the macro diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 724fb59de..d0c75b08d 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -288,7 +288,15 @@ void mbedtls_test_increment_case_uses_negative_0(void) #endif /* MBEDTLS_THREADING_C */ } -#endif +#endif /* MBEDTLS_BIGNUM_C */ + +#ifdef MBEDTLS_TEST_MUTEX_USAGE +mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void) +{ + return &mbedtls_test_info_mutex; +} + +#endif /* MBEDTLS_TEST_MUTEX_USAGE */ /*----------------------------------------------------------------------------*/ /* Helper Functions */ diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c index 0894700a3..165e3508b 100644 --- a/tests/src/threading_helpers.c +++ b/tests/src/threading_helpers.c @@ -117,8 +117,6 @@ static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex, * mbedtls_test_mutex_usage_check() will mark it as failed. */ } -extern mbedtls_threading_mutex_t mbedtls_test_info_mutex; - static int mbedtls_test_mutex_can_test(mbedtls_threading_mutex_t *mutex) { /* If we attempt to run tests on this mutex then we are going to run into a @@ -127,7 +125,7 @@ static int mbedtls_test_mutex_can_test(mbedtls_threading_mutex_t *mutex) * reporting that failure, as we already hold the mutex at that point. * 2. Given the 'global' position of the initialization and free of this * mutex, it will be shown as leaked on the first test run. */ - if (mutex == &mbedtls_test_info_mutex) { + if (mutex == mbedtls_test_get_info_mutex()) { return 0; } From 8eb310c7e6663d28154b3de838d81cee6e61daa9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 22 Jan 2024 16:22:57 +0100 Subject: [PATCH 023/132] all.sh: add accelerated and reference components for HMAC Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 62 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 44930d28b..63f6129eb 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3655,6 +3655,68 @@ component_test_psa_crypto_config_reference_hash_use_psa() { tests/ssl-opt.sh } +# Auxiliary function to build config for hashes with and without drivers +config_psa_crypto_hmac_use_psa () { + driver_only="$1" + # start with config full for maximum coverage (also enables USE_PSA) + helper_libtestdriver1_adjust_config "full" + + # Direct dependencies of MD_C. We disable them also in the reference + # component to work with the same set of features. + scripts/config.py unset MBEDTLS_PKCS7_C + scripts/config.py unset MBEDTLS_PKCS5_C + scripts/config.py unset MBEDTLS_HMAC_DRBG_C + scripts/config.py unset MBEDTLS_HKDF_C + # Dependencies of HMAC_DRBG + scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA +} + +component_test_psa_crypto_config_accel_hmac() { + msg "test: full with accelerated hmac" + + loc_accel_list="ALG_HMAC KEY_TYPE_HMAC \ + ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \ + ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ + ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" + + # Configure + # --------- + + config_psa_crypto_hmac_use_psa 1 + + # Disable MD_C in order to disable the builtin support for HMAC. MD_LIGHT + # is still enabled though. + scripts/config.py unset MBEDTLS_MD_C + + # Build + # ----- + + helper_libtestdriver1_make_drivers "$loc_accel_list" + + helper_libtestdriver1_make_main "$loc_accel_list" + + # Ensure that built-in support for HMAC is disabled. + not grep mbedtls_md_hmac library/md.o + + # Run the tests + # ------------- + + msg "test: full with accelerated hmac" + make test +} + +component_test_psa_crypto_config_reference_hmac() { + msg "test: full without accelerated hmac" + + config_psa_crypto_hmac_use_psa 0 + + make + + msg "test: full without accelerated hmac" + make test +} + component_test_psa_crypto_config_accel_des () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated DES" From 20cea94fd405c2d321f2fe305f4f340d35e370e0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 22 Jan 2024 16:23:25 +0100 Subject: [PATCH 024/132] analyze_outcomes: add task for HMAC coverage Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 35 +++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 6503f9a27..9d441c7d3 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -240,6 +240,41 @@ KNOWN_TASKS = { } } }, + 'analyze_driver_vs_reference_hmac': { + 'test_function': do_analyze_driver_vs_reference, + 'args': { + 'component_ref': 'test_psa_crypto_config_reference_hmac', + 'component_driver': 'test_psa_crypto_config_accel_hmac', + 'ignored_suites': [ + # This suite tests builtins directly, but these are missing + # in the accelerated case. + 'psa_crypto_low_hash.generated', + ], + 'ignored_tests': { + 'test_suite_md': [ + # Builtin HMAC is not supported in the accelerate component. + re.compile('.*HMAC.*'), + # Following tests make use of functions which are not available + # when MD_C is disabled, as it happens in the accelerated + # test component. + re.compile('generic .* Hash file .*'), + 'MD list', + ], + 'test_suite_md.psa': [ + # "legacy only" tests require hash algorithms to be NOT + # accelerated, but this of course false for the accelerated + # test component. + re.compile('PSA dispatch .* legacy only'), + ], + 'test_suite_platform': [ + # Incompatible with sanitizers (e.g. ASan). If the driver + # component uses a sanitizer but the reference component + # doesn't, we have a PASS vs SKIP mismatch. + 'Check mbedtls_calloc overallocation', + ], + } + } + }, 'analyze_driver_vs_reference_cipher_aead_cmac': { 'test_function': do_analyze_driver_vs_reference, 'args': { From e35117640dbf171ca482646c393e03889d6724a1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 22 Jan 2024 16:28:23 +0100 Subject: [PATCH 025/132] cert_[req/write]: add MD_C dependency Both programs use mbedtls_md_info_from_string() which is only available as long as MBEDTLS_MD_C is enabled. Signed-off-by: Valerio Setti --- programs/x509/cert_req.c | 3 ++- programs/x509/cert_write.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 6ae43a9d9..dcfd1765c 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -14,7 +14,8 @@ #if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_FS_IO) + !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_FS_IO) || \ + !defined(MBEDTLS_MD_C) int main(void) { mbedtls_printf("MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or " diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index bf25c4cbd..0b2575e84 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -15,7 +15,7 @@ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ !defined(MBEDTLS_ERROR_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \ - !defined(MBEDTLS_PEM_WRITE_C) + !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_MD_C) int main(void) { mbedtls_printf("MBEDTLS_X509_CRT_WRITE_C and/or MBEDTLS_X509_CRT_PARSE_C and/or " From 1626cc767bee7eeee9913a8bea47cfa74f2b9ae3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 22 Jan 2024 16:29:46 +0100 Subject: [PATCH 026/132] test_suite_entropy: relax MD_C dependency to MD_LIGHT Signed-off-by: Valerio Setti --- tests/suites/test_suite_entropy.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index ed9f3ac3c..5ac65fcf5 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -447,7 +447,7 @@ void entropy_nv_seed_std_io() } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_MD_C:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT */ +/* BEGIN_CASE depends_on:MBEDTLS_MD_LIGHT:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT */ void entropy_nv_seed(data_t *read_seed) { #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) From cd89b0b536741f6ad91e2884988abba47be88554 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 24 Jan 2024 14:24:55 +0100 Subject: [PATCH 027/132] all.sh: disable legacy hash support in test_psa_crypto_config_accel_hmac() Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 15 +++++++++++---- tests/scripts/analyze_outcomes.py | 3 +++ 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 63f6129eb..e2b44d8e8 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3661,6 +3661,17 @@ config_psa_crypto_hmac_use_psa () { # start with config full for maximum coverage (also enables USE_PSA) helper_libtestdriver1_adjust_config "full" + if [ "$driver_only" -eq 1 ]; then + # Disable MD_C in order to disable the builtin support for HMAC. MD_LIGHT + # is still enabled though (for ENTROPY_C among others). + scripts/config.py unset MBEDTLS_MD_C + # Disable also the builtin hashes since they are supported by the driver + # and MD module is able to perform PSA dispathing. + scripts/config.py unset-all MBEDTLS_SHA + scripts/config.py unset MBEDTLS_MD5_C + scripts/config.py unset MBEDTLS_RIPEMD160_C + fi + # Direct dependencies of MD_C. We disable them also in the reference # component to work with the same set of features. scripts/config.py unset MBEDTLS_PKCS7_C @@ -3685,10 +3696,6 @@ component_test_psa_crypto_config_accel_hmac() { config_psa_crypto_hmac_use_psa 1 - # Disable MD_C in order to disable the builtin support for HMAC. MD_LIGHT - # is still enabled though. - scripts/config.py unset MBEDTLS_MD_C - # Build # ----- diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 9d441c7d3..b6e26d4cc 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -246,6 +246,9 @@ KNOWN_TASKS = { 'component_ref': 'test_psa_crypto_config_reference_hmac', 'component_driver': 'test_psa_crypto_config_accel_hmac', 'ignored_suites': [ + # These suites require legacy hash support, which is disabled + # in the accelerate component. + 'shax', 'mdx', # This suite tests builtins directly, but these are missing # in the accelerated case. 'psa_crypto_low_hash.generated', From 9f521056bc39533621f3f6b1a1986675035942b7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 24 Jan 2024 15:44:24 +0100 Subject: [PATCH 028/132] driver-only-builds: add documentation for HMAC acceleration Signed-off-by: Valerio Setti --- docs/driver-only-builds.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index f59420e3d..e4c30bd33 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -105,7 +105,26 @@ provided by a driver or built-in, you should use the following macros: - for code that uses only the PSA Crypto API: `PSA_WANT_ALG_xxx` from `psa/crypto.h`; - for code that uses non-PSA crypto APIs: `MBEDTLS_MD_CAN_xxx` from - `mbedtls/md.h`. + `mbedtls/config_adjust_legacy_crypto.h`. + +### HMAC + +In addition to accelerated hash operations, it is also possible to accelerate +HMAC by enabling and accelerating: +- HMAC algorithm and key type, i.e. `[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_HMAC` and + `[PSA_WANT|MBEDTLS_PSA_ACCEL]KEY_TYPE_HMAC`. +- Required hash algorithm(s) as explained in [Hashes](#hashes) section. + +In such a build it is possible to disable legacy HMAC support by disabling +`MBEDTLS_MD_C` and still getting crypto operations, X.509 and TLS to work as +usual. Exceptions are: +- [Hashes](#hashes) are obviously valid here for the accelerated algorithms. +- Legacy HMAC support (`mbedtls_md_hmac_xxx()`) won't be possible. +- `MBEDTLS_PKCS[5|7]_C`, `MBEDTLS_HMAC_DRBG_C` and `MBEDTLS_HKDF_C` since they + depend on the legacy implementation of HMAC. + - disabling HMAC_DRBG_C cause deterministic ECDSA (i.e. + `MBEDTLS_DETERMINISTIC_ECDSA` on the legacy side and + `PSA_WANT_ALG_DETERMINISTIC_ECDSA` on the PSA one) to be not available. Elliptic-curve cryptography (ECC) --------------------------------- From 89d8a12e9ce40b2b0eee6e7d3a9fabfbc48910a7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 26 Jan 2024 15:04:05 +0100 Subject: [PATCH 029/132] analyze_outcomes: fix typo Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index b6e26d4cc..c300f9105 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -247,7 +247,7 @@ KNOWN_TASKS = { 'component_driver': 'test_psa_crypto_config_accel_hmac', 'ignored_suites': [ # These suites require legacy hash support, which is disabled - # in the accelerate component. + # in the accelerated component. 'shax', 'mdx', # This suite tests builtins directly, but these are missing # in the accelerated case. From 18be2fb9df3097bbe54c90a420b976dccace4279 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 26 Jan 2024 15:07:02 +0100 Subject: [PATCH 030/132] driver-only-builds: improve a sentence in the HMAC section Signed-off-by: Valerio Setti --- docs/driver-only-builds.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index e4c30bd33..4095d8ee7 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -118,7 +118,9 @@ HMAC by enabling and accelerating: In such a build it is possible to disable legacy HMAC support by disabling `MBEDTLS_MD_C` and still getting crypto operations, X.509 and TLS to work as usual. Exceptions are: -- [Hashes](#hashes) are obviously valid here for the accelerated algorithms. +- As mentioned in [Hashes](#hashes) direct calls to legacy lo-level hash APIs + (`mbedtls_sha256()` etc.) will not be possible for the legacy modules that + are disabled. - Legacy HMAC support (`mbedtls_md_hmac_xxx()`) won't be possible. - `MBEDTLS_PKCS[5|7]_C`, `MBEDTLS_HMAC_DRBG_C` and `MBEDTLS_HKDF_C` since they depend on the legacy implementation of HMAC. From e29c868ca498a45976e60b0b6be416f71badb2fc Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 12 Jan 2024 16:24:44 +0000 Subject: [PATCH 031/132] programs_dh_server: Updated to use `mbedtls_dhm_set_group()` & `mbedtls_dhm_get_len()`. Signed-off-by: Minos Galanakis --- programs/pkey/dh_server.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 91bac0ef4..1ae5651ba 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -66,7 +66,7 @@ int main(void) mbedtls_dhm_context dhm; mbedtls_aes_context aes; - mbedtls_mpi N, P, Q, D, E; + mbedtls_mpi N, P, Q, D, E, dhm_P, dhm_G; mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); @@ -75,8 +75,8 @@ int main(void) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); - + mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&dhm_P); + mbedtls_mpi_init(&dhm_G); /* * 1. Setup the RNG */ @@ -141,8 +141,9 @@ int main(void) goto exit; } - if (mbedtls_mpi_read_file(&dhm.MBEDTLS_PRIVATE(P), 16, f) != 0 || - mbedtls_mpi_read_file(&dhm.MBEDTLS_PRIVATE(G), 16, f) != 0) { + if ((ret = mbedtls_mpi_read_file(&dhm_P, 16, f)) != 0 || + (ret = mbedtls_mpi_read_file(&dhm_G, 16, f)) != 0 || + (ret = mbedtls_dhm_set_group(&dhm, &dhm_P, &dhm_G) != 0)) { mbedtls_printf(" failed\n ! Invalid DH parameter file\n\n"); fclose(f); goto exit; @@ -176,7 +177,7 @@ int main(void) memset(buf, 0, sizeof(buf)); if ((ret = - mbedtls_dhm_make_params(&dhm, (int) mbedtls_mpi_size(&dhm.MBEDTLS_PRIVATE(P)), buf, &n, + mbedtls_dhm_make_params(&dhm, (int) mbedtls_dhm_get_len(&dhm), buf, &n, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { mbedtls_printf(" failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret); goto exit; @@ -286,7 +287,8 @@ int main(void) exit: mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); + mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&dhm_P); + mbedtls_mpi_free(&dhm_G); mbedtls_net_free(&client_fd); mbedtls_net_free(&listen_fd); From 97489dc7e5f9c161395144b0397fb65a5fbfc29b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 12 Jan 2024 16:47:52 +0000 Subject: [PATCH 032/132] programs_benchmark: Updated to use `mbedtls_dhm_set_group()` & `mbedtls_dhm_get_len()` Signed-off-by: Minos Galanakis --- programs/test/benchmark.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 6f7f69bda..895b1488f 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -1089,18 +1089,21 @@ int main(int argc, char *argv[]) mbedtls_dhm_context dhm; size_t olen; size_t n; + mbedtls_mpi P, G; + mbedtls_mpi_init(&P); mbedtls_mpi_init(&G); for (i = 0; (size_t) i < sizeof(dhm_sizes) / sizeof(dhm_sizes[0]); i++) { mbedtls_dhm_init(&dhm); - if (mbedtls_mpi_read_binary(&dhm.MBEDTLS_PRIVATE(P), dhm_P[i], + if (mbedtls_mpi_read_binary(&P, dhm_P[i], dhm_P_size[i]) != 0 || - mbedtls_mpi_read_binary(&dhm.MBEDTLS_PRIVATE(G), dhm_G[i], - dhm_G_size[i]) != 0) { + mbedtls_mpi_read_binary(&G, dhm_G[i], + dhm_G_size[i]) != 0 || + mbedtls_dhm_set_group(&dhm, &P, &G) != 0) { mbedtls_exit(1); } - n = mbedtls_mpi_size(&dhm.MBEDTLS_PRIVATE(P)); + n = mbedtls_dhm_get_len(&dhm); mbedtls_dhm_make_public(&dhm, (int) n, buf, n, myrand, NULL); if (mbedtls_mpi_copy(&dhm.MBEDTLS_PRIVATE(GY), &dhm.MBEDTLS_PRIVATE(GX)) != 0) { mbedtls_exit(1); @@ -1119,6 +1122,7 @@ int main(int argc, char *argv[]) mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &olen, myrand, NULL)); mbedtls_dhm_free(&dhm); + mbedtls_mpi_free(&P), mbedtls_mpi_free(&G); } } #endif From 8ee1b5f46ec60b3bd67706d083116c6d2373918b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 15 Jan 2024 15:54:19 +0000 Subject: [PATCH 033/132] programs_benchmark: Updated to use `mbedtls_dhm_read_public()`. Signed-off-by: Minos Galanakis --- programs/test/benchmark.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 895b1488f..8fa5d6298 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -1105,7 +1105,8 @@ int main(int argc, char *argv[]) n = mbedtls_dhm_get_len(&dhm); mbedtls_dhm_make_public(&dhm, (int) n, buf, n, myrand, NULL); - if (mbedtls_mpi_copy(&dhm.MBEDTLS_PRIVATE(GY), &dhm.MBEDTLS_PRIVATE(GX)) != 0) { + + if (mbedtls_dhm_read_public(&dhm, buf, n) != 0) { mbedtls_exit(1); } From f23336e0406e719fe5d736e2b464e22468ca0f3b Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 24 Jan 2024 11:39:21 +0000 Subject: [PATCH 034/132] Make psa_close_key thread safe There are two mutex locks here, the one performed in get_and_lock.. and the one performed outside. Linearizes at the final unlock. (This function is deprecated) Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 47ace359d..3bb2691c6 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -536,11 +536,22 @@ psa_status_t psa_close_key(psa_key_handle_t handle) return status; } + +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_lock( + &mbedtls_threading_key_slot_mutex)); +#endif if (slot->registered_readers == 1) { - return psa_wipe_key_slot(slot); + status = psa_wipe_key_slot(slot); } else { - return psa_unregister_read(slot); + status = psa_unregister_read(slot); } +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif + + return status; } psa_status_t psa_purge_key(mbedtls_svc_key_id_t key) From b0821959ae4a742de79d834bd71bc3cd1952fb86 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 24 Jan 2024 11:42:32 +0000 Subject: [PATCH 035/132] Make psa_purge_key thread safe Relies on get_and_lock_X being thread safe. There are two mutex locks here, one in psa_get_and_lock... Linearization point is the final unlock (or first lock on failure). Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 3bb2691c6..e8813b901 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -564,12 +564,22 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key) return status; } +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_lock( + &mbedtls_threading_key_slot_mutex)); +#endif if ((!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) && (slot->registered_readers == 1)) { - return psa_wipe_key_slot(slot); + status = psa_wipe_key_slot(slot); } else { - return psa_unregister_read(slot); + status = psa_unregister_read(slot); } +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif + + return status; } void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats) From 16abd59a62522852423a35c2b96a087676e6a7ad Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 24 Jan 2024 17:37:46 +0000 Subject: [PATCH 036/132] Update psa_wipe_all_key_slots and document non-thread safety This function, and mbedtls_psa_crypto_free, are not thread safe as they wipe slots regardless of state. They are not part of the PSA Crypto API, untrusted applications cannot call these functions in a crypto service. In a service intergration, mbedtls_psa_crypto_free on the client cuts the communication with the crypto service. Signed-off-by: Ryan Everett --- include/psa/crypto_extra.h | 2 ++ library/psa_crypto_slot_management.c | 6 ++++++ library/psa_crypto_slot_management.h | 2 ++ 3 files changed, 10 insertions(+) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index fc9bf4f0f..18dccae0a 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -198,6 +198,8 @@ psa_status_t mbedtls_psa_register_se_key( * * This function clears all data associated with the PSA layer, * including the whole key store. + * This function is not thread safe, it wipes every key slot regardless of + * state and reader count. It should only be called when no slot is in use. * * This is an Mbed TLS extension. */ diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index e8813b901..599cc363b 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -144,6 +144,9 @@ void psa_wipe_all_key_slots(void) { size_t slot_idx; +#if defined(MBEDTLS_THREADING_C) + mbedtls_mutex_lock(&mbedtls_threading_key_slot_mutex); +#endif for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) { psa_key_slot_t *slot = &global_data.key_slots[slot_idx]; slot->registered_readers = 1; @@ -151,6 +154,9 @@ void psa_wipe_all_key_slots(void) (void) psa_wipe_key_slot(slot); } global_data.key_slots_initialized = 0; +#if defined(MBEDTLS_THREADING_C) + mbedtls_mutex_unlock(&mbedtls_threading_key_slot_mutex); +#endif } psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 002429b93..18a914496 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -92,6 +92,8 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, psa_status_t psa_initialize_key_slots(void); /** Delete all data from key slots in memory. + * This function is not thread safe, it wipes every key slot regardless of + * state and reader count. It should only be called when no slot is in use. * * This does not affect persistent storage. */ void psa_wipe_all_key_slots(void); From c053d968f2b90926a6c69b079fc35d25713005fb Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 25 Jan 2024 17:56:32 +0000 Subject: [PATCH 037/132] Make psa_destroy_key threadsafe We do not require linearizability in the case of destroying a key in use. Using a key and destroying it simultaneously will not cause any issues as the user will only use the copy of the key in the slot. Two simulatenous deletion calls to one key cannot interfere, the first caller sets the slot's state to PENDING_DELETION, the second caller will back off. Remove outdated comment about one key being in multiple slots, psa_open_key does not put the key into a new slot. Signed-off-by: Ryan Everett --- library/psa_crypto.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e6d3851ba..c81666818 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1071,6 +1071,10 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) return status; } +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_lock( + &mbedtls_threading_key_slot_mutex)); +#endif /* Set the key slot containing the key description's state to * PENDING_DELETION. This stops new operations from registering * to read the slot. Current readers can safely continue to access @@ -1079,7 +1083,12 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) * If the key is persistent, we can now delete the copy of the key * from memory. If the key is opaque, we require the driver to * deal with the deletion. */ - slot->state = PSA_SLOT_PENDING_DELETION; + status = psa_key_slot_state_transition(slot, PSA_SLOT_FULL, + PSA_SLOT_PENDING_DELETION); + + if (status != PSA_SUCCESS) { + goto exit; + } if (PSA_KEY_LIFETIME_IS_READ_ONLY(slot->attr.lifetime)) { /* Refuse the destruction of a read-only key (which may or may not work @@ -1134,11 +1143,6 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) if (overall_status == PSA_SUCCESS) { overall_status = status; } - - /* TODO: other slots may have a copy of the same key. We should - * invalidate them. - * https://github.com/ARMmbed/mbed-crypto/issues/214 - */ } #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ @@ -1159,8 +1163,14 @@ exit: /* Unregister from reading the slot. If we are the last active reader * then this will wipe the slot. */ status = psa_unregister_read(slot); - /* Prioritize CORRUPTION_DETECTED from unregistering over - * a storage error. */ + +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif + + /* Prioritize CORRUPTION_DETECTED from unregistering or + * SERVICE_FAILURE from unlocking over a storage error. */ if (status != PSA_SUCCESS) { overall_status = status; } From 763971f32ec317c5c8c6248f39d2f30cee3a93b5 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 29 Jan 2024 17:13:36 +0000 Subject: [PATCH 038/132] Comment on locking strategy in psa_destroy_key Signed-off-by: Ryan Everett --- library/psa_crypto.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c81666818..9d7b72f87 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1072,6 +1072,10 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) } #if defined(MBEDTLS_THREADING_C) + /* We cannot unlock between setting the state to PENDING_DELETION + * and destroying the key in storage, as otherwise another thread + * could load the key into a new slot and the key will not be + * fully destroyed. */ PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_lock( &mbedtls_threading_key_slot_mutex)); #endif From 3af9bc18f3be7a3e3cc52aa5f08dd4c7b92ddcb6 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 30 Jan 2024 17:21:57 +0000 Subject: [PATCH 039/132] Wrap get_and_lock_key_slot_in_memory calls in mutex It is useful to do this for the call in get_and_lock_key_slot. Documenting that get_and_lock_key_slot_in_memory requires the mutex is not part of this PR Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 31 +++++++++++++++++----------- 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 599cc363b..f4c6ee005 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -527,26 +527,29 @@ psa_status_t psa_open_key(mbedtls_svc_key_id_t key, psa_key_handle_t *handle) psa_status_t psa_close_key(psa_key_handle_t handle) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; if (psa_key_handle_is_null(handle)) { return PSA_SUCCESS; } +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_lock( + &mbedtls_threading_key_slot_mutex)); +#endif status = psa_get_and_lock_key_slot_in_memory(handle, &slot); if (status != PSA_SUCCESS) { if (status == PSA_ERROR_DOES_NOT_EXIST) { status = PSA_ERROR_INVALID_HANDLE; } - +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif return status; } -#if defined(MBEDTLS_THREADING_C) - PSA_THREADING_CHK_RET(mbedtls_mutex_lock( - &mbedtls_threading_key_slot_mutex)); -#endif if (slot->registered_readers == 1) { status = psa_wipe_key_slot(slot); } else { @@ -562,18 +565,22 @@ psa_status_t psa_close_key(psa_key_handle_t handle) psa_status_t psa_purge_key(mbedtls_svc_key_id_t key) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - status = psa_get_and_lock_key_slot_in_memory(key, &slot); - if (status != PSA_SUCCESS) { - return status; - } - #if defined(MBEDTLS_THREADING_C) PSA_THREADING_CHK_RET(mbedtls_mutex_lock( &mbedtls_threading_key_slot_mutex)); #endif + status = psa_get_and_lock_key_slot_in_memory(key, &slot); + if (status != PSA_SUCCESS) { +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif + return status; + } + if ((!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) && (slot->registered_readers == 1)) { status = psa_wipe_key_slot(slot); From fad978b2321551d91c51ce4a3ff76fea1a9ef34e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 30 Jan 2024 18:00:26 +0000 Subject: [PATCH 040/132] Fix race condition with test comparison functions Make sure we hold the mutex whilst making several changes at the same time, to prevent race condition on writing connected bits of data. Signed-off-by: Paul Elliott --- tests/src/helpers.c | 185 +++++++++++++++++++++++++------------------- 1 file changed, 107 insertions(+), 78 deletions(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index d0c75b08d..85345d8cf 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -53,18 +53,13 @@ mbedtls_test_result_t mbedtls_test_get_result(void) void mbedtls_test_set_result(mbedtls_test_result_t result, const char *test, int line_no, const char *filename) { -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ mbedtls_test_info.result = result; mbedtls_test_info.test = test; mbedtls_test_info.line_no = line_no; mbedtls_test_info.filename = filename; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ } const char *mbedtls_test_get_test(void) @@ -151,15 +146,10 @@ unsigned long mbedtls_test_get_step(void) void mbedtls_test_set_step(unsigned long step) { -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ mbedtls_test_info.step = step; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_get_line1(char *line) @@ -177,19 +167,14 @@ void mbedtls_test_get_line1(char *line) void mbedtls_test_set_line1(const char *line) { -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ if (line == NULL) { memset(mbedtls_test_info.line1, 0, MBEDTLS_TEST_LINE_LENGTH); } else { memcpy(mbedtls_test_info.line1, line, MBEDTLS_TEST_LINE_LENGTH); } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_get_line2(char *line) @@ -207,19 +192,14 @@ void mbedtls_test_get_line2(char *line) void mbedtls_test_set_line2(const char *line) { -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ if (line == NULL) { memset(mbedtls_test_info.line2, 0, MBEDTLS_TEST_LINE_LENGTH); } else { memcpy(mbedtls_test_info.line2, line, MBEDTLS_TEST_LINE_LENGTH); } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ } @@ -264,15 +244,10 @@ unsigned mbedtls_test_get_case_uses_negative_0(void) void mbedtls_test_set_case_uses_negative_0(unsigned uses) { -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ mbedtls_test_info.case_uses_negative_0 = uses; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_increment_case_uses_negative_0(void) @@ -355,21 +330,41 @@ int mbedtls_test_ascii2uc(const char c, unsigned char *uc) void mbedtls_test_fail(const char *test, int line_no, const char *filename) { - if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { - /* We've already recorded the test as having failed. Don't +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + /* Don't use accessor, we already hold mutex. */ + if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { + /* If we have already recorded the test as having failed then don't * overwrite any previous information about the failure. */ - return; + mbedtls_test_set_result(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename); } - mbedtls_test_set_result(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_skip(const char *test, int line_no, const char *filename) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SKIPPED, test, line_no, filename); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_info_reset(void) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0); mbedtls_test_set_step((unsigned long) (-1)); mbedtls_test_set_line1(NULL); @@ -378,6 +373,10 @@ void mbedtls_test_info_reset(void) #if defined(MBEDTLS_BIGNUM_C) mbedtls_test_set_case_uses_negative_0(0); #endif + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } int mbedtls_test_equal(const char *test, int line_no, const char *filename, @@ -390,21 +389,31 @@ int mbedtls_test_equal(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { - /* We've already recorded the test as having failed. Don't +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + /* Don't use accessor, as we already hold mutex. */ + if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { + /* If we've already recorded the test as having failed then don't * overwrite any previous information about the failure. */ - return 0; + + char buf[MBEDTLS_TEST_LINE_LENGTH]; + mbedtls_test_fail(test, line_no, filename); + (void) mbedtls_snprintf(buf, sizeof(buf), + "lhs = 0x%016llx = %lld", + value1, (long long) value1); + mbedtls_test_set_line1(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), + "rhs = 0x%016llx = %lld", + value2, (long long) value2); + mbedtls_test_set_line2(buf); } - char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(buf, sizeof(buf), - "lhs = 0x%016llx = %lld", - value1, (long long) value1); - mbedtls_test_set_line1(buf); - (void) mbedtls_snprintf(buf, sizeof(buf), - "rhs = 0x%016llx = %lld", - value2, (long long) value2); - mbedtls_test_set_line2(buf); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + return 0; } @@ -418,21 +427,31 @@ int mbedtls_test_le_u(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { - /* We've already recorded the test as having failed. Don't +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + /* Don't use accessor, we already hold mutex. */ + if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { + /* If we've already recorded the test as having failed then don't * overwrite any previous information about the failure. */ - return 0; + + char buf[MBEDTLS_TEST_LINE_LENGTH]; + mbedtls_test_fail(test, line_no, filename); + (void) mbedtls_snprintf(buf, sizeof(buf), + "lhs = 0x%016llx = %llu", + value1, value1); + mbedtls_test_set_line1(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), + "rhs = 0x%016llx = %llu", + value2, value2); + mbedtls_test_set_line2(buf); } - char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(buf, sizeof(buf), - "lhs = 0x%016llx = %llu", - value1, value1); - mbedtls_test_set_line1(buf); - (void) mbedtls_snprintf(buf, sizeof(buf), - "rhs = 0x%016llx = %llu", - value2, value2); - mbedtls_test_set_line2(buf); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + return 0; } @@ -446,21 +465,31 @@ int mbedtls_test_le_s(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { - /* We've already recorded the test as having failed. Don't +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + /* Don't use accessor, we already hold mutex. */ + if (mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_FAILED) { + /* If we've already recorded the test as having failed then don't * overwrite any previous information about the failure. */ - return 0; + + char buf[MBEDTLS_TEST_LINE_LENGTH]; + mbedtls_test_fail(test, line_no, filename); + (void) mbedtls_snprintf(buf, sizeof(buf), + "lhs = 0x%016llx = %lld", + (unsigned long long) value1, value1); + mbedtls_test_set_line1(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), + "rhs = 0x%016llx = %lld", + (unsigned long long) value2, value2); + mbedtls_test_set_line2(buf); } - char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(buf, sizeof(buf), - "lhs = 0x%016llx = %lld", - (unsigned long long) value1, value1); - mbedtls_test_set_line1(buf); - (void) mbedtls_snprintf(buf, sizeof(buf), - "rhs = 0x%016llx = %lld", - (unsigned long long) value2, value2); - mbedtls_test_set_line2(buf); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + return 0; } From 9efc60298ffbc09c43c837cbf7565023a312666e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 31 Jan 2024 15:33:23 +0000 Subject: [PATCH 041/132] Fix code style issues Signed-off-by: Paul Elliott --- tests/src/helpers.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 85345d8cf..49a7df298 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -147,7 +147,7 @@ unsigned long mbedtls_test_get_step(void) void mbedtls_test_set_step(unsigned long step) { /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ + * to calling this function. */ mbedtls_test_info.step = step; } @@ -168,7 +168,7 @@ void mbedtls_test_get_line1(char *line) void mbedtls_test_set_line1(const char *line) { /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ + * to calling this function. */ if (line == NULL) { memset(mbedtls_test_info.line1, 0, MBEDTLS_TEST_LINE_LENGTH); @@ -193,7 +193,7 @@ void mbedtls_test_get_line2(char *line) void mbedtls_test_set_line2(const char *line) { /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ + * to calling this function. */ if (line == NULL) { memset(mbedtls_test_info.line2, 0, MBEDTLS_TEST_LINE_LENGTH); @@ -245,7 +245,7 @@ unsigned mbedtls_test_get_case_uses_negative_0(void) void mbedtls_test_set_case_uses_negative_0(unsigned uses) { /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ + * to calling this function. */ mbedtls_test_info.case_uses_negative_0 = uses; } From 0b2835d1fde5739bd728e8b805ca76c22f90e9e2 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 1 Feb 2024 13:27:04 +0000 Subject: [PATCH 042/132] Fix accidental copy paste mistake Signed-off-by: Paul Elliott --- tests/src/helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 49a7df298..936da066f 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -375,7 +375,7 @@ void mbedtls_test_info_reset(void) #endif #ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); #endif /* MBEDTLS_THREADING_C */ } From ac61cee2fdcb4b24cc634ab90fa77f85e1dd8087 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 2 Feb 2024 17:53:38 +0000 Subject: [PATCH 043/132] Restore mutex lock for mbedtls_test_set_step() This function is called externally from several tests, so still requires a mutex lock. Add an internal function to reset the step, for use in functions where the mutex is already held. Signed-off-by: Paul Elliott --- tests/src/helpers.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 936da066f..ee87a61ee 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -144,12 +144,25 @@ unsigned long mbedtls_test_get_step(void) return step; } -void mbedtls_test_set_step(unsigned long step) +void mbedtls_test_reset_step(void) { /* Internal function only - mbedtls_test_info_mutex should be held prior * to calling this function. */ + mbedtls_test_info.step = (unsigned long) (-1); +} + +void mbedtls_test_set_step(unsigned long step) +{ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + mbedtls_test_info.step = step; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_get_line1(char *line) @@ -366,7 +379,7 @@ void mbedtls_test_info_reset(void) #endif /* MBEDTLS_THREADING_C */ mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0); - mbedtls_test_set_step((unsigned long) (-1)); + mbedtls_test_reset_step(); mbedtls_test_set_line1(NULL); mbedtls_test_set_line2(NULL); From 098e2d82cd4917cb03f5c385a449a6c83a1660e5 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 2 Feb 2024 17:59:26 +0000 Subject: [PATCH 044/132] Revert accidental formatting change Signed-off-by: Paul Elliott --- tests/include/test/bignum_helpers.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/include/test/bignum_helpers.h b/tests/include/test/bignum_helpers.h index cf175a3ac..a5e49cbe5 100644 --- a/tests/include/test/bignum_helpers.h +++ b/tests/include/test/bignum_helpers.h @@ -86,8 +86,8 @@ void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N); * the "0 (null)" and "0 (1 limb)" and "leading zeros" test cases do what they * claim. * - * \param[out] X The MPI object to populate. It must be initialized. - * \param[in] s The null-terminated hexadecimal string to read from. + * \param[out] X The MPI object to populate. It must be initialized. + * \param[in] s The null-terminated hexadecimal string to read from. * * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. */ From a4d17b34f354557838e05d2cb47200e8dcaaf59b Mon Sep 17 00:00:00 2001 From: Bill Roberts Date: Tue, 9 Jan 2024 13:10:05 -0600 Subject: [PATCH 045/132] pkg-config: add initial pkg-config files Add three package config files for mbedtls, mbedcrypto and mbedx509. Also update various project variables so the generated PC files have the required data needed without hardcoding it everywhere. This will help distros package the project following existing conventsions between a normal and -devel package that includes the headers and .pc files for pkg-config aware consumers. Fixes: #228 Signed-off-by: Bill Roberts --- CMakeLists.txt | 2 ++ ChangeLog.d/pkg-config-files-addition.txt | 2 ++ pkgconfig/CMakeLists.txt | 25 +++++++++++++++++++++ pkgconfig/JoinPaths.cmake | 27 +++++++++++++++++++++++ pkgconfig/mbedcrypto.pc.in | 10 +++++++++ pkgconfig/mbedtls.pc.in | 11 +++++++++ pkgconfig/mbedx509.pc.in | 11 +++++++++ 7 files changed, 88 insertions(+) create mode 100644 ChangeLog.d/pkg-config-files-addition.txt create mode 100644 pkgconfig/CMakeLists.txt create mode 100644 pkgconfig/JoinPaths.cmake create mode 100644 pkgconfig/mbedcrypto.pc.in create mode 100644 pkgconfig/mbedtls.pc.in create mode 100644 pkgconfig/mbedx509.pc.in diff --git a/CMakeLists.txt b/CMakeLists.txt index ad056466a..37a742e39 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -278,6 +278,8 @@ add_subdirectory(3rdparty) add_subdirectory(library) +add_subdirectory(pkgconfig) + # # The C files in tests/src directory contain test code shared among test suites # and programs. This shared test code is compiled and linked to test suites and diff --git a/ChangeLog.d/pkg-config-files-addition.txt b/ChangeLog.d/pkg-config-files-addition.txt new file mode 100644 index 000000000..e39f62ed9 --- /dev/null +++ b/ChangeLog.d/pkg-config-files-addition.txt @@ -0,0 +1,2 @@ +Features + * Add pc files for pkg-config. eg.) pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509) diff --git a/pkgconfig/CMakeLists.txt b/pkgconfig/CMakeLists.txt new file mode 100644 index 000000000..7dfc043ce --- /dev/null +++ b/pkgconfig/CMakeLists.txt @@ -0,0 +1,25 @@ +if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) + include(JoinPaths.cmake) + join_paths(PKGCONFIG_INCLUDEDIR "\${prefix}" "${CMAKE_INSTALL_INCLUDEDIR}") + join_paths(PKGCONFIG_LIBDIR "\${prefix}" "${CMAKE_INSTALL_LIBDIR}") + + #define these manually since minimum CMAKE version is not 3.9 for DESCRIPTION and 3.12 for HOMEPAGE_URL usage in project() below. + # Prefix with something that won't clash with newer versions of CMAKE. + set(PKGCONFIG_PROJECT_DESCRIPTION "Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems.") + set(PKGCONFIG_PROJECT_HOMEPAGE_URL "https://www.trustedfirmware.org/projects/mbed-tls/") + + configure_file(mbedcrypto.pc.in mbedcrypto.pc @ONLY) + install(FILES + ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto.pc + DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) + + configure_file(mbedtls.pc.in mbedtls.pc @ONLY) + install(FILES + ${CMAKE_CURRENT_BINARY_DIR}/mbedtls.pc + DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) + + configure_file(mbedx509.pc.in mbedx509.pc @ONLY) + install(FILES + ${CMAKE_CURRENT_BINARY_DIR}/mbedx509.pc + DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) +endif() diff --git a/pkgconfig/JoinPaths.cmake b/pkgconfig/JoinPaths.cmake new file mode 100644 index 000000000..193caed76 --- /dev/null +++ b/pkgconfig/JoinPaths.cmake @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# This module provides function for joining paths +# known from most languages +# +# Copyright The Mbed TLS Contributors +# +# This script originates from: +# - https://github.com/jtojnar/cmake-snips +# Jan has provided re-licensing under Apache 2.0 and GPL 2.0+ and +# allowed for the change of Copyright. +# +# Modelled after Python’s os.path.join +# https://docs.python.org/3.7/library/os.path.html#os.path.join +# Windows not supported +function(join_paths joined_path first_path_segment) + set(temp_path "${first_path_segment}") + foreach(current_segment IN LISTS ARGN) + if(NOT ("${current_segment}" STREQUAL "")) + if(IS_ABSOLUTE "${current_segment}") + set(temp_path "${current_segment}") + else() + set(temp_path "${temp_path}/${current_segment}") + endif() + endif() + endforeach() + set(${joined_path} "${temp_path}" PARENT_SCOPE) +endfunction() diff --git a/pkgconfig/mbedcrypto.pc.in b/pkgconfig/mbedcrypto.pc.in new file mode 100644 index 000000000..b35afc1b5 --- /dev/null +++ b/pkgconfig/mbedcrypto.pc.in @@ -0,0 +1,10 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +includedir=@PKGCONFIG_INCLUDEDIR@ +libdir=@PKGCONFIG_LIBDIR@ + +Name: @PROJECT_NAME@ +Description: @PKGCONFIG_PROJECT_DESCRIPTION@ +URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ +Version: @PROJECT_VERSION@ +Cflags: -I"${includedir}" +Libs: -L"${libdir}" -lmbedcrypto diff --git a/pkgconfig/mbedtls.pc.in b/pkgconfig/mbedtls.pc.in new file mode 100644 index 000000000..2bfce80b6 --- /dev/null +++ b/pkgconfig/mbedtls.pc.in @@ -0,0 +1,11 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +includedir=@PKGCONFIG_INCLUDEDIR@ +libdir=@PKGCONFIG_LIBDIR@ + +Name: @PROJECT_NAME@ +Description: @PKGCONFIG_PROJECT_DESCRIPTION@ +URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ +Version: @PROJECT_VERSION@ +Requires.private: mbedcrypto mbedx509 +Cflags: -I"${includedir}" +Libs: -L"${libdir}" -lmbedtls diff --git a/pkgconfig/mbedx509.pc.in b/pkgconfig/mbedx509.pc.in new file mode 100644 index 000000000..0ab2e31ea --- /dev/null +++ b/pkgconfig/mbedx509.pc.in @@ -0,0 +1,11 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +includedir=@PKGCONFIG_INCLUDEDIR@ +libdir=@PKGCONFIG_LIBDIR@ + +Name: @PROJECT_NAME@ +Description: @PKGCONFIG_PROJECT_DESCRIPTION@ +URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ +Version: @PROJECT_VERSION@ +Requires.private: mbedcrypto +Cflags: -I"${includedir}" +Libs: -L"${libdir}" -lmbedx509 From 9ae32704b615c473303c35c708efa18673858476 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 5 Feb 2024 16:44:16 +0000 Subject: [PATCH 046/132] Add missing dependencies for pkparse tests Signed-off-by: Ryan Everett --- tests/suites/test_suite_pkparse.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index a8d6536e9..5e9f0e7a8 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -891,15 +891,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #99.3 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem":"PolarSSLTest":0 Parse RSA Key #99.4 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem":"PolarSSLTest":0 Parse RSA Key #99.5 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem":"PolarSSLTest":0 Parse RSA Key #99.6 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384 DER, 2048-bit) From 1d5fa22f9dc75841106d96cba39a113fe092dc21 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 5 Feb 2024 16:45:38 +0000 Subject: [PATCH 047/132] Fix pkcs5 aes test data Remove the keyLength parameter from the AES-256 tests. Add MBEDTLS_CIPHER_PADDING_PKCS7 to the dependencies. Signed-off-by: Ryan Everett --- tests/suites/test_suite_pkcs5.data | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index 790a31ba0..939c82fc0 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -143,16 +143,16 @@ depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIP pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607" PBES2 Encrypt AES-128-CBC (OK, generated with OpenSSL) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e" PBES2 Encrypt AES-192-CBC (OK, generated with OpenSSL) -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7 pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94" PBES2 Encrypt AES-256-CBC (OK, generated with OpenSSL) -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566" +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7 +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301a0408010203040506070802022710300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566" PBES2 Decrypt AES-128-CBC (OK, generated with OpenSSL) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC @@ -164,7 +164,7 @@ pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886 PBES2 Decrypt AES-256-CBC (OK, generated with OpenSSL) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301a0408010203040506070802022710300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" PBES2 Decrypt (bad params tag) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C From f20728ee49a89ef8fbb9154dd014c1cbe28a48b9 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 6 Feb 2024 12:49:45 +0000 Subject: [PATCH 048/132] Fix missed case for removing accessor Signed-off-by: Paul Elliott --- tests/src/helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index ee87a61ee..da0b54a00 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -483,7 +483,7 @@ int mbedtls_test_le_s(const char *test, int line_no, const char *filename, #endif /* MBEDTLS_THREADING_C */ /* Don't use accessor, we already hold mutex. */ - if (mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_FAILED) { + if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { /* If we've already recorded the test as having failed then don't * overwrite any previous information about the failure. */ From 79e2e5d2d00d95fe9d9131baa3d79726d28e1f5b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 6 Feb 2024 15:10:03 +0000 Subject: [PATCH 049/132] Add comment to set/increment step functions These functions are thread safe, but using them from within multiple threads at the same time may not have the intended effect, given order cannot be guaranteed. Also, standardise header comment formatting. Signed-off-by: Paul Elliott --- tests/include/test/helpers.h | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index f2fb62d93..a939b1c0e 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -111,6 +111,11 @@ int mbedtls_test_get_line_no(void); /** * \brief Increment the current test step. + * + * \note Calling this function from within multiple threads at the + * same time is not recommended - whilst it is entirely thread + * safe, the order of calls to this function can obviously not + * be ensured, so unexpected results may occur. */ void mbedtls_test_increment_step(void); @@ -215,30 +220,35 @@ void mbedtls_test_fail(const char *test, int line_no, const char *filename); void mbedtls_test_skip(const char *test, int line_no, const char *filename); /** - * \brief Set the test step number for failure reports. + * \brief Set the test step number for failure reports. * - * Call this function to display "step NNN" in addition to the - * line number and file name if a test fails. Typically the "step - * number" is the index of a for loop but it can be whatever you - * want. + * Call this function to display "step NNN" in addition to the + * line number and file name if a test fails. Typically the + * "step number" is the index of a for loop but it can be + * whatever you want. + * + * \note Calling this function from a within multiple threads at the + * same time is not recommended - whilst it is entirely thread + * safe, the order of calls to this function can obviously not + * be ensured, so unexpected results may occur. * * \param step The step number to report. */ void mbedtls_test_set_step(unsigned long step); /** - * \brief Reset mbedtls_test_info to a ready/starting state. + * \brief Reset mbedtls_test_info to a ready/starting state. */ void mbedtls_test_info_reset(void); #ifdef MBEDTLS_TEST_MUTEX_USAGE /** - * \brief Get the test info data mutex. + * \brief Get the test info data mutex. * - * \note This is designed only to be used by threading_helpers to avoid a - * deadlock, not for general access to this mutex. + * \note This is designed only to be used by threading_helpers to + * avoid a deadlock, not for general access to this mutex. * - * \return The test info data mutex. + * \return The test info data mutex. */ mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void); From fb53647b0b4c51a57ec195e915cffcca6fcf43f2 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 26 Jan 2024 14:55:25 +0100 Subject: [PATCH 050/132] tests: ssl: Move group list to options Signed-off-by: Ronald Cron --- tests/include/test/ssl_helpers.h | 4 +- tests/src/test_helpers/ssl_helpers.c | 16 ++++---- tests/suites/test_suite_ssl.function | 59 ++++++++++++++-------------- 3 files changed, 39 insertions(+), 40 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 1f41966d6..44c2fcfea 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -85,6 +85,7 @@ typedef struct mbedtls_test_ssl_log_pattern { typedef struct mbedtls_test_handshake_test_options { const char *cipher; + uint16_t *group_list; mbedtls_ssl_protocol_version client_min_version; mbedtls_ssl_protocol_version client_max_version; mbedtls_ssl_protocol_version server_min_version; @@ -440,8 +441,7 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_test_handshake_test_options *options, mbedtls_test_message_socket_context *dtls_context, mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue, - uint16_t *group_list); + mbedtls_test_ssl_message_queue *output_queue); /* * Deinitializes endpoint represented by \p ep. diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 980c19218..cc96cfed4 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -50,6 +50,7 @@ void mbedtls_test_init_handshake_options( rng_seed += 0xD0; #endif opts->cipher = ""; + opts->group_list = NULL; opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; @@ -733,8 +734,7 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_test_handshake_test_options *options, mbedtls_test_message_socket_context *dtls_context, mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue, - uint16_t *group_list) + mbedtls_test_ssl_message_queue *output_queue) { int ret = -1; uintptr_t user_data_n; @@ -818,8 +818,8 @@ int mbedtls_test_ssl_endpoint_init( } } - if (group_list != NULL) { - mbedtls_ssl_conf_groups(&(ep->conf), group_list); + if (options->group_list != NULL) { + mbedtls_ssl_conf_groups(&(ep->conf), options->group_list); } mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); @@ -2006,7 +2006,7 @@ void mbedtls_test_ssl_perform_handshake( MBEDTLS_SSL_IS_CLIENT, options, &client_context, &client_queue, - &server_queue, NULL) == 0); + &server_queue) == 0); #if defined(MBEDTLS_TIMING_C) mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, mbedtls_timing_set_delay, @@ -2016,7 +2016,7 @@ void mbedtls_test_ssl_perform_handshake( TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, options, NULL, NULL, - NULL, NULL) == 0); + NULL) == 0); } if (strlen(options->cipher) > 0) { @@ -2029,7 +2029,7 @@ void mbedtls_test_ssl_perform_handshake( MBEDTLS_SSL_IS_SERVER, options, &server_context, &server_queue, - &client_queue, NULL) == 0); + &client_queue) == 0); #if defined(MBEDTLS_TIMING_C) mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, mbedtls_timing_set_delay, @@ -2038,7 +2038,7 @@ void mbedtls_test_ssl_perform_handshake( } else { TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - options, NULL, NULL, NULL, + options, NULL, NULL, NULL) == 0); } diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8687a4d6f..02b950038 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2457,7 +2457,7 @@ void mbedtls_endpoint_sanity(int endpoint_type) MD_OR_USE_PSA_INIT(); ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options, - NULL, NULL, NULL, NULL); + NULL, NULL, NULL); TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, options.pk_alg, @@ -2465,7 +2465,7 @@ void mbedtls_endpoint_sanity(int endpoint_type) TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options, - NULL, NULL, NULL, NULL); + NULL, NULL, NULL); TEST_ASSERT(ret == 0); exit: @@ -2509,14 +2509,14 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int mbedtls_platform_zeroize(&second_ep, sizeof(second_ep)); ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options, - NULL, NULL, NULL, NULL); + NULL, NULL, NULL); TEST_ASSERT(ret == 0); ret = mbedtls_test_ssl_endpoint_init( &second_ep, (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL, NULL); + &options, NULL, NULL, NULL); TEST_ASSERT(ret == 0); @@ -3069,11 +3069,10 @@ void force_bad_session_id_len() TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, &options, NULL, NULL, - NULL, NULL) == 0); + NULL) == 0); TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL, - NULL) == 0); + &options, NULL, NULL, NULL) == 0); mbedtls_debug_set_threshold(1); mbedtls_ssl_conf_dbg(&server.conf, options.srv_log_fun, @@ -3248,8 +3247,9 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) mbedtls_test_ssl_endpoint client, server; mbedtls_psa_stats_t stats; size_t free_slots_before = -1; - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); + mbedtls_test_handshake_test_options client_options, server_options; + mbedtls_test_init_handshake_options(&client_options); + mbedtls_test_init_handshake_options(&server_options); uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; @@ -3257,21 +3257,22 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) mbedtls_platform_zeroize(&client, sizeof(client)); mbedtls_platform_zeroize(&server, sizeof(server)); - options.pk_alg = MBEDTLS_PK_ECDSA; - options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2; - /* Client side, force SECP256R1 to make one key bitflip fail * the raw key agreement. Flipping the first byte makes the * required 0x04 identifier invalid. */ + client_options.pk_alg = MBEDTLS_PK_ECDSA; + client_options.group_list = iana_tls_group_list; TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &options, NULL, NULL, - NULL, iana_tls_group_list), 0); + &client_options, NULL, NULL, + NULL), 0); /* Server side */ + server_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2; + server_options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2; TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, - NULL, NULL), 0); + &server_options, NULL, NULL, + NULL), 0); TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), &(server.socket), @@ -3307,7 +3308,8 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) exit: mbedtls_test_ssl_endpoint_free(&client, NULL); mbedtls_test_ssl_endpoint_free(&server, NULL); - mbedtls_test_free_handshake_options(&options); + mbedtls_test_free_handshake_options(&client_options); + mbedtls_test_free_handshake_options(&server_options); MD_OR_USE_PSA_DONE(); } @@ -3336,15 +3338,13 @@ void tls13_server_certificate_msg_invalid_vector_len() client_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL, - NULL); + &client_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); mbedtls_test_init_handshake_options(&server_options); server_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL, - NULL); + &server_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), @@ -3591,14 +3591,12 @@ void tls13_resume_session_with_ticket() client_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL, - NULL); + &client_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); server_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL, - NULL); + &server_options, NULL, NULL, NULL); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, mbedtls_test_ticket_write, mbedtls_test_ticket_parse, @@ -3702,19 +3700,20 @@ void tls13_early_data(int scenario) PSA_INIT(); client_options.pk_alg = MBEDTLS_PK_ECDSA; + client_options.group_list = group_list; ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL, - group_list); + &client_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); mbedtls_ssl_conf_early_data(&client_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED); server_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.group_list = group_list; server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; server_options.srv_log_obj = &server_pattern; ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL, - group_list); + &server_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); + mbedtls_ssl_conf_early_data(&server_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, mbedtls_test_ticket_write, From b4ad3e750b9e592cb8e55d95dc1958194de0c5e8 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 26 Jan 2024 14:57:53 +0100 Subject: [PATCH 051/132] tests: ssl: First reset to all zeroes options in init Signed-off-by: Ronald Cron --- tests/src/test_helpers/ssl_helpers.c | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index cc96cfed4..2090f92cd 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -49,37 +49,25 @@ void mbedtls_test_init_handshake_options( srand(rng_seed); rng_seed += 0xD0; #endif + + memset(opts, 0, sizeof(*opts)); + opts->cipher = ""; - opts->group_list = NULL; opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3; - opts->expected_handshake_result = 0; - opts->expected_ciphersuite = 0; opts->pk_alg = MBEDTLS_PK_RSA; - opts->opaque_alg = 0; - opts->opaque_alg2 = 0; - opts->opaque_usage = 0; - opts->psk_str = NULL; - opts->dtls = 0; opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; - opts->serialize = 0; opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE; opts->cli_msg_len = 100; opts->srv_msg_len = 100; opts->expected_cli_fragments = 1; opts->expected_srv_fragments = 1; - opts->renegotiate = 0; opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; - opts->srv_log_obj = NULL; - opts->cli_log_obj = NULL; - opts->srv_log_fun = NULL; - opts->cli_log_fun = NULL; opts->resize_buffers = 1; #if defined(MBEDTLS_SSL_CACHE_C) - opts->cache = NULL; TEST_CALLOC(opts->cache, 1); mbedtls_ssl_cache_init(opts->cache); #if defined(MBEDTLS_HAVE_TIME) From ced99be007836d65563c8c1af5db6110cadca550 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 26 Jan 2024 15:49:12 +0100 Subject: [PATCH 052/132] tests: ssl: Add early data handshake option Signed-off-by: Ronald Cron --- tests/include/test/ssl_helpers.h | 1 + tests/src/test_helpers/ssl_helpers.c | 5 +++++ tests/suites/test_suite_ssl.function | 4 ++-- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 44c2fcfea..0aa53c868 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -113,6 +113,7 @@ typedef struct mbedtls_test_handshake_test_options { void (*srv_log_fun)(void *, int, const char *, int, const char *); void (*cli_log_fun)(void *, int, const char *, int, const char *); int resize_buffers; + int early_data; #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_context *cache; #endif diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 2090f92cd..a9a215949 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -67,6 +67,7 @@ void mbedtls_test_init_handshake_options( opts->expected_srv_fragments = 1; opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; opts->resize_buffers = 1; + opts->early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; #if defined(MBEDTLS_SSL_CACHE_C) TEST_CALLOC(opts->cache, 1); mbedtls_ssl_cache_init(opts->cache); @@ -812,6 +813,10 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); +#if defined(MBEDTLS_SSL_EARLY_DATA) + mbedtls_ssl_conf_early_data(&(ep->conf), options->early_data); +#endif + #if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C) if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->cache != NULL) { mbedtls_ssl_conf_session_cache(&(ep->conf), options->cache, diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 02b950038..861aa72ec 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3701,20 +3701,20 @@ void tls13_early_data(int scenario) client_options.pk_alg = MBEDTLS_PK_ECDSA; client_options.group_list = group_list; + client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &client_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); - mbedtls_ssl_conf_early_data(&client_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED); server_options.pk_alg = MBEDTLS_PK_ECDSA; server_options.group_list = group_list; + server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; server_options.srv_log_obj = &server_pattern; ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, &server_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); - mbedtls_ssl_conf_early_data(&server_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, mbedtls_test_ticket_write, mbedtls_test_ticket_parse, From 1f6e4e4a4999bd4716db933ecb7762479728e018 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 26 Jan 2024 16:31:33 +0100 Subject: [PATCH 053/132] tests: ssl: Add helper function to get a TLS 1.3 ticket Signed-off-by: Ronald Cron --- tests/include/test/ssl_helpers.h | 11 ++++++ tests/src/test_helpers/ssl_helpers.c | 56 ++++++++++++++++++++++++++++ tests/suites/test_suite_ssl.function | 52 ++++++++------------------ 3 files changed, 83 insertions(+), 36 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 0aa53c868..3506609ac 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -600,6 +600,17 @@ int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len); #endif /* MBEDTLS_SSL_SESSION_TICKETS */ +#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +int mbedtls_test_get_tls13_ticket( + mbedtls_test_handshake_test_options *client_options, + mbedtls_test_handshake_test_options *server_options, + mbedtls_ssl_session *session); +#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SRV_C && + MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS && + MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + #define ECJPAKE_TEST_PWD "bla" #if defined(MBEDTLS_USE_PSA_CRYPTO) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index a9a215949..ad4c070bc 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2455,4 +2455,60 @@ int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, return mbedtls_ssl_session_load(session, buf, len); } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ + +#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +int mbedtls_test_get_tls13_ticket( + mbedtls_test_handshake_test_options *client_options, + mbedtls_test_handshake_test_options *server_options, + mbedtls_ssl_session *session) +{ + int ret = -1; + unsigned char buf[64]; + mbedtls_test_ssl_endpoint client_ep, server_ep; + + mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); + mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); + + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, + client_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, + server_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, + mbedtls_test_ticket_write, + mbedtls_test_ticket_parse, + NULL); + + ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), + &(server_ep.socket), 1024); + TEST_EQUAL(ret, 0); + + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(server_ep.ssl), &(client_ep.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER), 0); + + TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 0); + + do { + ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf)); + } while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET); + + ret = mbedtls_ssl_get_session(&(client_ep.ssl), session); + TEST_EQUAL(ret, 0); + +exit: + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + + return ret; +} +#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SRV_C && + MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS && + MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + #endif /* MBEDTLS_SSL_TLS_C */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 861aa72ec..ca12051f8 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3572,15 +3572,11 @@ exit: void tls13_resume_session_with_ticket() { int ret = -1; - unsigned char buf[64]; mbedtls_test_ssl_endpoint client_ep, server_ep; mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; - /* - * Test set-up - */ mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); @@ -3589,14 +3585,27 @@ void tls13_resume_session_with_ticket() PSA_INIT(); + /* + * Run first handshake to get a ticket from the server. + */ client_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.pk_alg = MBEDTLS_PK_ECDSA; + + ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, + &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Prepare for handshake with the ticket. + */ ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &client_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); - server_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, &server_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, mbedtls_test_ticket_write, mbedtls_test_ticket_parse, @@ -3607,41 +3616,12 @@ void tls13_resume_session_with_ticket() &(server_ep.socket), 1024); TEST_EQUAL(ret, 0); - /* - * Run initial handshake: ephemeral key exchange mode, certificate with - * SECP256R1 key, CA certificate with SECP384R1 key, ECDSA signature - * algorithm. Then, get the ticket sent by the server at the end of its - * handshake sequence. - */ - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), 0); - - do { - ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf)); - } while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET); - - /* - * Save client session and reset the SSL context of the two endpoints. - */ - ret = mbedtls_ssl_get_session(&(client_ep.ssl), &saved_session); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_session_reset(&(client_ep.ssl)); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_session_reset(&(server_ep.ssl)); - TEST_EQUAL(ret, 0); - - /* - * Set saved session on client side and handshake using the ticket - * included in that session. - */ - ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); TEST_EQUAL(ret, 0); /* + * Handshake with ticket. + * * Run the handshake up to MBEDTLS_SSL_HANDSHAKE_WRAPUP and not * MBEDTLS_SSL_HANDSHAKE_OVER to preserve handshake data for the checks * below. From bfcdc069efb1d52a98e3578aa0ec62a4bec7e9e4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 26 Jan 2024 16:57:25 +0100 Subject: [PATCH 054/132] tests: ssl: Use get TLS 1.3 ticket helper for early data test Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.function | 106 ++++++++++----------------- 1 file changed, 40 insertions(+), 66 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index ca12051f8..d6e4c6aea 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3668,9 +3668,6 @@ void tls13_early_data(int scenario) MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; - /* - * Test set-up - */ mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); @@ -3679,16 +3676,50 @@ void tls13_early_data(int scenario) PSA_INIT(); + /* + * Run first handshake to get a ticket from the server. + */ + client_options.pk_alg = MBEDTLS_PK_ECDSA; client_options.group_list = group_list; client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + server_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.group_list = group_list; + server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + + ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, + &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Prepare for handshake with the ticket. + */ + switch (scenario) { + case TEST_EARLY_DATA_REFERENCE: + break; + + case TEST_EARLY_DATA_DEPROTECT_AND_DISCARD: + mbedtls_debug_set_threshold(3); + server_pattern.pattern = + "EarlyData: deprotect and discard app data records."; + server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + break; + + case TEST_EARLY_DATA_DISCARD_AFTER_HRR: + mbedtls_debug_set_threshold(3); + server_pattern.pattern = + "EarlyData: Ignore application message before 2nd ClientHello"; + server_options.group_list = group_list + 1; + break; + + default: + TEST_FAIL("Unknown scenario."); + } + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &client_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); - server_options.pk_alg = MBEDTLS_PK_ECDSA; - server_options.group_list = group_list; - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; server_options.srv_log_obj = &server_pattern; ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, @@ -3704,69 +3735,12 @@ void tls13_early_data(int scenario) &(server_ep.socket), 1024); TEST_EQUAL(ret, 0); - /* - * Run initial handshake: ephemeral key exchange mode, certificate with - * SECP256R1 key, CA certificate with SECP384R1 key, ECDSA signature - * algorithm. Then, get the ticket sent by the server at the end of its - * handshake sequence. - */ - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), 0); - - do { - ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf)); - } while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET); - - /* - * Save client session and reset the SSL context of the two endpoints. - */ - ret = mbedtls_ssl_get_session(&(client_ep.ssl), &saved_session); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_session_reset(&(client_ep.ssl)); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_session_reset(&(server_ep.ssl)); - TEST_EQUAL(ret, 0); - - /* - * Set saved session on client side and start handshake using the ticket - * included in that session. - */ - ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); TEST_EQUAL(ret, 0); - switch (scenario) { - case TEST_EARLY_DATA_REFERENCE: - break; - - case TEST_EARLY_DATA_DEPROTECT_AND_DISCARD: - mbedtls_debug_set_threshold(3); - server_pattern.pattern = - "EarlyData: deprotect and discard app data records."; - mbedtls_ssl_conf_early_data(&server_ep.conf, - MBEDTLS_SSL_EARLY_DATA_DISABLED); - break; - - case TEST_EARLY_DATA_DISCARD_AFTER_HRR: - mbedtls_debug_set_threshold(3); - server_pattern.pattern = - "EarlyData: Ignore application message before 2nd ClientHello"; - mbedtls_ssl_conf_groups(&server_ep.conf, group_list + 1); - /* - * Need to reset again to reconstruct the group list in the - * handshake structure from the configured one. - */ - ret = mbedtls_ssl_session_reset(&(server_ep.ssl)); - TEST_EQUAL(ret, 0); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - + /* + * Handshake with ticket and send early data. + */ TEST_EQUAL(mbedtls_test_move_handshake_to_state( &(client_ep.ssl), &(server_ep.ssl), MBEDTLS_SSL_SERVER_HELLO), 0); From fe59ff794d2e198665ca9456c097eae0b30fab66 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 24 Jan 2024 14:31:50 +0100 Subject: [PATCH 055/132] tls13: Send dummy CCS only once Fix cases where the client was sending two CCS, no harm but better to send only one. Prevent to send even more CCS when early data are involved without having to add conditional state transitions. Signed-off-by: Ronald Cron --- library/ssl_misc.h | 15 ++++++++++++--- library/ssl_tls13_client.c | 23 ++++++++++++++--------- library/ssl_tls13_generic.c | 2 ++ library/ssl_tls13_server.c | 10 +++++++--- 4 files changed, 35 insertions(+), 15 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 16cd62e28..dff19c88e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -731,14 +731,23 @@ struct mbedtls_ssl_handshake_params { uint8_t key_exchange_mode; /*!< Selected key exchange mode */ /** Number of HelloRetryRequest messages received/sent from/to the server. */ - int hello_retry_request_count; + uint8_t hello_retry_request_count; + +#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + /** + * Number of dummy change_cipher_spec (CCS) record sent. Used to send only + * one CCS per handshake without having to complicate the handshake state + * transitions. + */ + uint8_t ccs_count; +#endif #if defined(MBEDTLS_SSL_SRV_C) - /** selected_group of key_share extension in HelloRetryRequest message. */ - uint16_t hrr_selected_group; #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */ #endif + /** selected_group of key_share extension in HelloRetryRequest message. */ + uint16_t hrr_selected_group; #if defined(MBEDTLS_SSL_SESSION_TICKETS) uint16_t new_session_tickets_count; /*!< number of session tickets */ #endif diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index f4987b316..e6680c7a6 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2568,8 +2568,6 @@ static int ssl_tls13_process_server_finished(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_EARLY_DATA) if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA); - } else if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); } else #endif /* MBEDTLS_SSL_EARLY_DATA */ { @@ -3059,18 +3057,25 @@ int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl) */ #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: - ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); - if (ret == 0) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); + ret = 0; + if (ssl->handshake->ccs_count == 0) { + ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); + if (ret != 0) { + break; + } } + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); break; case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: - ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); - if (ret == 0) { - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); + ret = 0; + if (ssl->handshake->ccs_count == 0) { + ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); + if (ret != 0) { + break; + } } + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); break; #if defined(MBEDTLS_SSL_EARLY_DATA) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 2666067b7..386a75402 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1390,6 +1390,8 @@ int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl) /* Dispatch message */ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_write_record(ssl, 0)); + ssl->handshake->ccs_count++; + cleanup: MBEDTLS_SSL_DEBUG_MSG(2, ("<= write change cipher spec")); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 62b117cfa..05693f3bf 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3482,10 +3482,14 @@ int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl) break; case MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO: - ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); - if (ret == 0) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); + ret = 0; + if (ssl->handshake->ccs_count == 0) { + ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); + if (ret != 0) { + break; + } } + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); break; #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ From 90e223364ca559042710316d4ba4e6eb86178284 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 22 Jan 2024 15:24:21 +0100 Subject: [PATCH 056/132] tls13: cli: Refine early data status The main purpose of the change is to know from the status, at any point in the handshake, if early data can be sent or not and why. Signed-off-by: Ronald Cron --- include/mbedtls/ssl.h | 6 ++--- library/ssl_misc.h | 32 +++++++++++++++++++++++++++ library/ssl_tls.c | 2 +- library/ssl_tls13_client.c | 45 ++++++++++++++++++++++---------------- 4 files changed, 62 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e0cd79d02..9583a15be 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5106,9 +5106,9 @@ int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl); #if defined(MBEDTLS_SSL_EARLY_DATA) -#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 0 -#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 1 -#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 2 +#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 1 +#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 2 +#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 3 #if defined(MBEDTLS_SSL_SRV_C) /** diff --git a/library/ssl_misc.h b/library/ssl_misc.h index dff19c88e..942d4ad22 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2145,6 +2145,38 @@ int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, size_t *out_len); + +#if defined(MBEDTLS_SSL_CLI_C) +/* + * The client has not sent the first ClientHello yet, it is unknown if the + * client will send an early data indication extension or not. + */ +#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN 0 + +/* + * The client has sent an early data indication extension in its first + * ClientHello, it has not received the response (ServerHello or + * HelloRetryRequest) from the server yet. The transform to protect early data + * is not set and early data cannot be sent yet. + */ +#define MBEDTLS_SSL_EARLY_DATA_STATUS_SENT 4 + +/* + * The client has sent an early data indication extension in its first + * ClientHello, it has not received the response (ServerHello or + * HelloRetryRequest) from the server yet. The transform to protect early data + * has been set and early data can be written now. + */ +#define MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE 5 + +/* + * The client has sent an early data indication extension in its first + * ClientHello, the server has accepted them and the client has received the + * server Finished message. It cannot send early data to the server anymore. + */ +#define MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED 6 +#endif /* MBEDTLS_SSL_CLI_C */ + #endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8afedde88..3bbd4ca26 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1100,7 +1100,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_EARLY_DATA) #if defined(MBEDTLS_SSL_CLI_C) - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT; + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN; #endif #if defined(MBEDTLS_SSL_SRV_C) ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD; diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index e6680c7a6..5d7a49590 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1180,26 +1180,21 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, #endif #if defined(MBEDTLS_SSL_EARLY_DATA) - if (mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl) && - ssl_tls13_early_data_has_valid_ticket(ssl) && - ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && - ssl->handshake->hello_retry_request_count == 0) { + if (ssl->handshake->hello_retry_request_count == 0) { + if (mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl) && + ssl_tls13_early_data_has_valid_ticket(ssl) && + ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { + ret = mbedtls_ssl_tls13_write_early_data_ext( + ssl, 0, p, end, &ext_len); + if (ret != 0) { + return ret; + } + p += ext_len; - ret = mbedtls_ssl_tls13_write_early_data_ext( - ssl, 0, p, end, &ext_len); - if (ret != 0) { - return ret; + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_SENT; + } else { + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT; } - p += ext_len; - - /* Initializes the status to `rejected`. It will be updated to - * `accepted` if the EncryptedExtension message contain an early data - * indication extension. - */ - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write early_data extension")); - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT; } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -1236,7 +1231,7 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl) size_t psk_len; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) { + if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_SENT) { MBEDTLS_SSL_DEBUG_MSG( 1, ("Set hs psk for early data when writing the first psk")); @@ -1299,6 +1294,7 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl) 1, ("Switch to early data keys for outbound traffic")); mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_earlydata); + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE; #endif } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -1971,6 +1967,13 @@ static int ssl_tls13_postprocess_hrr(mbedtls_ssl_context *ssl) } ssl->session_negotiate->ciphersuite = ssl->handshake->ciphersuite_info->id; + +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT) { + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; + } +#endif + return 0; } @@ -2230,6 +2233,8 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) } ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; + } else if (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT) { + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; } #endif @@ -2567,6 +2572,7 @@ static int ssl_tls13_process_server_finished(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_EARLY_DATA) if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA); } else #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -3088,6 +3094,7 @@ int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl) 1, ("Switch to early data keys for outbound traffic")); mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_earlydata); + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE; } break; #endif /* MBEDTLS_SSL_EARLY_DATA */ From a7f94e49a821d37f4f33addd5db8d183cb1720f8 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 24 Jan 2024 09:40:46 +0100 Subject: [PATCH 057/132] tests: ssl: Add early data status unit test Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.data | 3 + tests/suites/test_suite_ssl.function | 143 +++++++++++++++++++++++++++ 2 files changed, 146 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 86945cc7b..82ec57ab3 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3282,3 +3282,6 @@ tls13_early_data:TEST_EARLY_DATA_DEPROTECT_AND_DISCARD TLS 1.3 early data, discard after HRR tls13_early_data:TEST_EARLY_DATA_DISCARD_AFTER_HRR + +TLS 1.3 cli, early data status +tls13_cli_early_data_status diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index d6e4c6aea..d44848fbd 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3787,3 +3787,146 @@ exit: PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ +void tls13_cli_early_data_status() +{ + int ret = -1; + mbedtls_test_ssl_endpoint client_ep, server_ep; + mbedtls_test_handshake_test_options client_options; + mbedtls_test_handshake_test_options server_options; + mbedtls_ssl_session saved_session; + + mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); + mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); + mbedtls_test_init_handshake_options(&client_options); + mbedtls_test_init_handshake_options(&server_options); + mbedtls_ssl_session_init(&saved_session); + + PSA_INIT(); + + /* + * Run first handshake to get a ticket from the server. + */ + client_options.pk_alg = MBEDTLS_PK_ECDSA; + client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + server_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + + ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, + &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Prepare for handshake with the ticket. + */ + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, + &client_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, + &server_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, + mbedtls_test_ticket_write, + mbedtls_test_ticket_parse, + NULL); + + ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), + &(server_ep.socket), 1024); + TEST_EQUAL(ret, 0); + + ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Go through the handshake sequence, state by state, checking the early + * data status each time. + */ + do { + int state = client_ep.ssl.state; + + /* Progress the handshake from at least one state */ + while (client_ep.ssl.state == state) { + ret = mbedtls_ssl_handshake_step(&(client_ep.ssl)); + TEST_ASSERT((ret == 0) || + (ret == MBEDTLS_ERR_SSL_WANT_READ) || + (ret == MBEDTLS_ERR_SSL_WANT_WRITE)); + if (client_ep.ssl.state != state) { + break; + } + ret = mbedtls_ssl_handshake_step(&(server_ep.ssl)); + TEST_ASSERT((ret == 0) || + (ret == MBEDTLS_ERR_SSL_WANT_READ) || + (ret == MBEDTLS_ERR_SSL_WANT_WRITE)); + } + + switch (client_ep.ssl.state) { + case MBEDTLS_SSL_CLIENT_HELLO: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN); + break; + + case MBEDTLS_SSL_SERVER_HELLO: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); + break; + + case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); + break; + + case MBEDTLS_SSL_SERVER_FINISHED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED); + break; + + case MBEDTLS_SSL_END_OF_EARLY_DATA: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + + case MBEDTLS_SSL_CLIENT_CERTIFICATE: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + + case MBEDTLS_SSL_CLIENT_FINISHED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + +#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SENT); + break; +#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ + + case MBEDTLS_SSL_FLUSH_BUFFERS: /* Intentional fallthrough */ + case MBEDTLS_SSL_HANDSHAKE_WRAPUP: /* Intentional fallthrough */ + case MBEDTLS_SSL_HANDSHAKE_OVER: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + + default: + TEST_FAIL("Unexpected state."); + } + } while (client_ep.ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER); + +#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + TEST_EQUAL(client_ep.ssl.handshake->ccs_count, 1); +#endif + +exit: + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_free_handshake_options(&client_options); + mbedtls_test_free_handshake_options(&server_options); + mbedtls_ssl_session_free(&saved_session); + PSA_DONE(); +} +/* END_CASE */ From 5c208d7dafb5457e6883c7935d0c3b4de9c7072b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 24 Jan 2024 10:13:30 +0100 Subject: [PATCH 058/132] tests: ssl: Add scenario param to early data status testing function Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.data | 8 +-- tests/suites/test_suite_ssl.function | 88 +++++++++++++++++++++------- 2 files changed, 70 insertions(+), 26 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 82ec57ab3..916849d9f 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3274,8 +3274,8 @@ elliptic_curve_get_properties TLS 1.3 resume session with ticket tls13_resume_session_with_ticket -TLS 1.3 early data, reference -tls13_early_data:TEST_EARLY_DATA_REFERENCE +TLS 1.3 early data, early data accepted +tls13_early_data:TEST_EARLY_DATA_ACCEPTED TLS 1.3 early data, deprotect and discard tls13_early_data:TEST_EARLY_DATA_DEPROTECT_AND_DISCARD @@ -3283,5 +3283,5 @@ tls13_early_data:TEST_EARLY_DATA_DEPROTECT_AND_DISCARD TLS 1.3 early data, discard after HRR tls13_early_data:TEST_EARLY_DATA_DISCARD_AFTER_HRR -TLS 1.3 cli, early data status -tls13_cli_early_data_status +TLS 1.3 cli, early data status, early data accepted +tls13_cli_early_data_status:TEST_EARLY_DATA_ACCEPTED diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index d44848fbd..920aa2ff4 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -13,7 +13,7 @@ #define SSL_MESSAGE_QUEUE_INIT { NULL, 0, 0, 0 } /* Mnemonics for the early data test scenarios */ -#define TEST_EARLY_DATA_REFERENCE 0 +#define TEST_EARLY_DATA_ACCEPTED 0 #define TEST_EARLY_DATA_DEPROTECT_AND_DISCARD 1 #define TEST_EARLY_DATA_DISCARD_AFTER_HRR 2 @@ -3695,7 +3695,7 @@ void tls13_early_data(int scenario) * Prepare for handshake with the ticket. */ switch (scenario) { - case TEST_EARLY_DATA_REFERENCE: + case TEST_EARLY_DATA_ACCEPTED: break; case TEST_EARLY_DATA_DEPROTECT_AND_DISCARD: @@ -3757,7 +3757,7 @@ void tls13_early_data(int scenario) MBEDTLS_SSL_HANDSHAKE_WRAPUP); switch (scenario) { - case TEST_EARLY_DATA_REFERENCE: + case TEST_EARLY_DATA_ACCEPTED: TEST_EQUAL(ret, MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA); TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 1); TEST_EQUAL(mbedtls_ssl_read_early_data(&(server_ep.ssl), @@ -3789,7 +3789,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ -void tls13_cli_early_data_status() +void tls13_cli_early_data_status(int scenario) { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; @@ -3820,6 +3820,14 @@ void tls13_cli_early_data_status() /* * Prepare for handshake with the ticket. */ + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + break; + + default: + TEST_FAIL("Unknown scenario."); + } + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &client_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); @@ -3864,52 +3872,88 @@ void tls13_cli_early_data_status() switch (client_ep.ssl.state) { case MBEDTLS_SSL_CLIENT_HELLO: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN); + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN); + break; + } break; case MBEDTLS_SSL_SERVER_HELLO: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); + break; + } break; case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); + break; + } break; case MBEDTLS_SSL_SERVER_FINISHED: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED); + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED); + break; + } break; case MBEDTLS_SSL_END_OF_EARLY_DATA: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + } break; case MBEDTLS_SSL_CLIENT_CERTIFICATE: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + } break; case MBEDTLS_SSL_CLIENT_FINISHED: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + } break; #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_SENT); + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SENT); + break; + } break; #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ case MBEDTLS_SSL_FLUSH_BUFFERS: /* Intentional fallthrough */ case MBEDTLS_SSL_HANDSHAKE_WRAPUP: /* Intentional fallthrough */ case MBEDTLS_SSL_HANDSHAKE_OVER: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + } break; default: From 265273e8b38dc2eff285d18cc470521a74f80db7 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 24 Jan 2024 11:13:19 +0100 Subject: [PATCH 059/132] tests: early data status: Add "not sent" scenario Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.data | 3 ++ tests/suites/test_suite_ssl.function | 58 +++++++++++++++++++++++----- 2 files changed, 52 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 916849d9f..ca4a2dcf0 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3285,3 +3285,6 @@ tls13_early_data:TEST_EARLY_DATA_DISCARD_AFTER_HRR TLS 1.3 cli, early data status, early data accepted tls13_cli_early_data_status:TEST_EARLY_DATA_ACCEPTED + +TLS 1.3 cli, early data status, no early data indication +tls13_cli_early_data_status:TEST_EARLY_DATA_NO_INDICATION_SENT diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 920aa2ff4..5bb96803b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -14,8 +14,9 @@ /* Mnemonics for the early data test scenarios */ #define TEST_EARLY_DATA_ACCEPTED 0 -#define TEST_EARLY_DATA_DEPROTECT_AND_DISCARD 1 -#define TEST_EARLY_DATA_DISCARD_AFTER_HRR 2 +#define TEST_EARLY_DATA_NO_INDICATION_SENT 1 +#define TEST_EARLY_DATA_DEPROTECT_AND_DISCARD 2 +#define TEST_EARLY_DATA_DISCARD_AFTER_HRR 3 #if (!defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \ defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) && \ @@ -3824,6 +3825,10 @@ void tls13_cli_early_data_status(int scenario) case TEST_EARLY_DATA_ACCEPTED: break; + case TEST_EARLY_DATA_NO_INDICATION_SENT: + client_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + break; + default: TEST_FAIL("Unknown scenario."); } @@ -3873,7 +3878,8 @@ void tls13_cli_early_data_status(int scenario) switch (client_ep.ssl.state) { case MBEDTLS_SSL_CLIENT_HELLO: switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: + case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ + case TEST_EARLY_DATA_NO_INDICATION_SENT: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN); break; @@ -3886,6 +3892,11 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; } break; @@ -3895,6 +3906,11 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; } break; @@ -3904,16 +3920,18 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED); break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; } break; case MBEDTLS_SSL_END_OF_EARLY_DATA: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); - break; - } + TEST_EQUAL(scenario, TEST_EARLY_DATA_ACCEPTED); + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); break; case MBEDTLS_SSL_CLIENT_CERTIFICATE: @@ -3922,6 +3940,11 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; } break; @@ -3931,11 +3954,17 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; } break; #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: + TEST_ASSERT(scenario != TEST_EARLY_DATA_NO_INDICATION_SENT); switch (scenario) { case TEST_EARLY_DATA_ACCEPTED: TEST_EQUAL(client_ep.ssl.early_data_status, @@ -3943,6 +3972,12 @@ void tls13_cli_early_data_status(int scenario) break; } break; + + case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: + TEST_ASSERT(scenario == TEST_EARLY_DATA_NO_INDICATION_SENT); + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ case MBEDTLS_SSL_FLUSH_BUFFERS: /* Intentional fallthrough */ @@ -3953,6 +3988,11 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; } break; From d6dba675b8b65e9bde5dc16fcbd3ce82f054a00f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 24 Jan 2024 12:22:24 +0100 Subject: [PATCH 060/132] tests: early data status: Add "server rejects" scenario Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.data | 7 +++- tests/suites/test_suite_ssl.function | 57 +++++++++++++++++++++++----- 2 files changed, 52 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index ca4a2dcf0..0b4f91138 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3277,8 +3277,8 @@ tls13_resume_session_with_ticket TLS 1.3 early data, early data accepted tls13_early_data:TEST_EARLY_DATA_ACCEPTED -TLS 1.3 early data, deprotect and discard -tls13_early_data:TEST_EARLY_DATA_DEPROTECT_AND_DISCARD +TLS 1.3 early data, server rejects early data +tls13_early_data:TEST_EARLY_DATA_SERVER_REJECTS TLS 1.3 early data, discard after HRR tls13_early_data:TEST_EARLY_DATA_DISCARD_AFTER_HRR @@ -3288,3 +3288,6 @@ tls13_cli_early_data_status:TEST_EARLY_DATA_ACCEPTED TLS 1.3 cli, early data status, no early data indication tls13_cli_early_data_status:TEST_EARLY_DATA_NO_INDICATION_SENT + +TLS 1.3 cli, early data status, server rejects early data +tls13_cli_early_data_status:TEST_EARLY_DATA_SERVER_REJECTS diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 5bb96803b..29ec9b33b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -15,7 +15,7 @@ /* Mnemonics for the early data test scenarios */ #define TEST_EARLY_DATA_ACCEPTED 0 #define TEST_EARLY_DATA_NO_INDICATION_SENT 1 -#define TEST_EARLY_DATA_DEPROTECT_AND_DISCARD 2 +#define TEST_EARLY_DATA_SERVER_REJECTS 2 #define TEST_EARLY_DATA_DISCARD_AFTER_HRR 3 #if (!defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \ @@ -3699,7 +3699,7 @@ void tls13_early_data(int scenario) case TEST_EARLY_DATA_ACCEPTED: break; - case TEST_EARLY_DATA_DEPROTECT_AND_DISCARD: + case TEST_EARLY_DATA_SERVER_REJECTS: mbedtls_debug_set_threshold(3); server_pattern.pattern = "EarlyData: deprotect and discard app data records."; @@ -3766,7 +3766,7 @@ void tls13_early_data(int scenario) TEST_MEMORY_COMPARE(buf, early_data_len, early_data, early_data_len); break; - case TEST_EARLY_DATA_DEPROTECT_AND_DISCARD: /* Intentional fallthrough */ + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ case TEST_EARLY_DATA_DISCARD_AFTER_HRR: TEST_EQUAL(ret, 0); TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 0); @@ -3829,6 +3829,10 @@ void tls13_cli_early_data_status(int scenario) client_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; break; + case TEST_EARLY_DATA_SERVER_REJECTS: + server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + break; + default: TEST_FAIL("Unknown scenario."); } @@ -3879,7 +3883,8 @@ void tls13_cli_early_data_status(int scenario) case MBEDTLS_SSL_CLIENT_HELLO: switch (scenario) { case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_NO_INDICATION_SENT: + case TEST_EARLY_DATA_NO_INDICATION_SENT: /* Intentional fallthrough */ + case TEST_EARLY_DATA_SERVER_REJECTS: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN); break; @@ -3888,7 +3893,8 @@ void tls13_cli_early_data_status(int scenario) case MBEDTLS_SSL_SERVER_HELLO: switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: + case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ + case TEST_EARLY_DATA_SERVER_REJECTS: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); break; @@ -3902,7 +3908,8 @@ void tls13_cli_early_data_status(int scenario) case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: + case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ + case TEST_EARLY_DATA_SERVER_REJECTS: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); break; @@ -3925,6 +3932,11 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; + + case TEST_EARLY_DATA_SERVER_REJECTS: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; } break; @@ -3945,6 +3957,11 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; + + case TEST_EARLY_DATA_SERVER_REJECTS: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; } break; @@ -3959,6 +3976,11 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; + + case TEST_EARLY_DATA_SERVER_REJECTS: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; } break; @@ -3966,7 +3988,8 @@ void tls13_cli_early_data_status(int scenario) case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: TEST_ASSERT(scenario != TEST_EARLY_DATA_NO_INDICATION_SENT); switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: + case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ + case TEST_EARLY_DATA_SERVER_REJECTS: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_SENT); break; @@ -3974,9 +3997,18 @@ void tls13_cli_early_data_status(int scenario) break; case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: - TEST_ASSERT(scenario == TEST_EARLY_DATA_NO_INDICATION_SENT); - TEST_EQUAL(client_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + TEST_ASSERT(scenario != TEST_EARLY_DATA_ACCEPTED); + switch (scenario) { + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; + + case TEST_EARLY_DATA_SERVER_REJECTS: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; + } break; #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ @@ -3993,6 +4025,11 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; + + case TEST_EARLY_DATA_SERVER_REJECTS: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; } break; From 2261ab298f15385d3b75f9adc0e99a7cd58b3699 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 24 Jan 2024 13:38:31 +0100 Subject: [PATCH 061/132] tests: early data status: Add HRR scenario Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.data | 5 +- tests/suites/test_suite_ssl.function | 68 ++++++++++++++++++++++++---- 2 files changed, 63 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 0b4f91138..69ccf26ee 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3281,7 +3281,7 @@ TLS 1.3 early data, server rejects early data tls13_early_data:TEST_EARLY_DATA_SERVER_REJECTS TLS 1.3 early data, discard after HRR -tls13_early_data:TEST_EARLY_DATA_DISCARD_AFTER_HRR +tls13_early_data:TEST_EARLY_DATA_HRR TLS 1.3 cli, early data status, early data accepted tls13_cli_early_data_status:TEST_EARLY_DATA_ACCEPTED @@ -3291,3 +3291,6 @@ tls13_cli_early_data_status:TEST_EARLY_DATA_NO_INDICATION_SENT TLS 1.3 cli, early data status, server rejects early data tls13_cli_early_data_status:TEST_EARLY_DATA_SERVER_REJECTS + +TLS 1.3 cli, early data status, hello retry request +tls13_cli_early_data_status:TEST_EARLY_DATA_HRR diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 29ec9b33b..2751e58c1 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -16,7 +16,7 @@ #define TEST_EARLY_DATA_ACCEPTED 0 #define TEST_EARLY_DATA_NO_INDICATION_SENT 1 #define TEST_EARLY_DATA_SERVER_REJECTS 2 -#define TEST_EARLY_DATA_DISCARD_AFTER_HRR 3 +#define TEST_EARLY_DATA_HRR 3 #if (!defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \ defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) && \ @@ -3706,7 +3706,7 @@ void tls13_early_data(int scenario) server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; break; - case TEST_EARLY_DATA_DISCARD_AFTER_HRR: + case TEST_EARLY_DATA_HRR: mbedtls_debug_set_threshold(3); server_pattern.pattern = "EarlyData: Ignore application message before 2nd ClientHello"; @@ -3767,7 +3767,7 @@ void tls13_early_data(int scenario) break; case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_DISCARD_AFTER_HRR: + case TEST_EARLY_DATA_HRR: TEST_EQUAL(ret, 0); TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 0); TEST_EQUAL(server_pattern.counter, 1); @@ -3797,6 +3797,11 @@ void tls13_cli_early_data_status(int scenario) mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; + uint16_t group_list[3] = { + MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, + MBEDTLS_SSL_IANA_TLS_GROUP_NONE + }; mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); @@ -3813,6 +3818,10 @@ void tls13_cli_early_data_status(int scenario) client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; server_options.pk_alg = MBEDTLS_PK_ECDSA; server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + if (scenario == TEST_EARLY_DATA_HRR) { + client_options.group_list = group_list; + server_options.group_list = group_list; + } ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, &saved_session); @@ -3833,6 +3842,10 @@ void tls13_cli_early_data_status(int scenario) server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; break; + case TEST_EARLY_DATA_HRR: + server_options.group_list = group_list + 1; + break; + default: TEST_FAIL("Unknown scenario."); } @@ -3888,6 +3901,16 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN); break; + + case TEST_EARLY_DATA_HRR: + if (client_ep.ssl.handshake->hello_retry_request_count == 0) { + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN); + } else { + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + } + break; } break; @@ -3903,6 +3926,16 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; + + case TEST_EARLY_DATA_HRR: + if (client_ep.ssl.handshake->hello_retry_request_count == 0) { + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); + } else { + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + } + break; } break; @@ -3918,6 +3951,11 @@ void tls13_cli_early_data_status(int scenario) TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; + + case TEST_EARLY_DATA_HRR: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; } break; @@ -3933,7 +3971,8 @@ void tls13_cli_early_data_status(int scenario) MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; - case TEST_EARLY_DATA_SERVER_REJECTS: + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); break; @@ -3958,7 +3997,8 @@ void tls13_cli_early_data_status(int scenario) MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; - case TEST_EARLY_DATA_SERVER_REJECTS: + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); break; @@ -3977,7 +4017,8 @@ void tls13_cli_early_data_status(int scenario) MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; - case TEST_EARLY_DATA_SERVER_REJECTS: + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); break; @@ -3989,13 +4030,20 @@ void tls13_cli_early_data_status(int scenario) TEST_ASSERT(scenario != TEST_EARLY_DATA_NO_INDICATION_SENT); switch (scenario) { case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_SENT); break; } break; + case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: + TEST_ASSERT(scenario == TEST_EARLY_DATA_HRR); + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; + case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: TEST_ASSERT(scenario != TEST_EARLY_DATA_ACCEPTED); switch (scenario) { @@ -4004,7 +4052,8 @@ void tls13_cli_early_data_status(int scenario) MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; - case TEST_EARLY_DATA_SERVER_REJECTS: + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); break; @@ -4026,7 +4075,8 @@ void tls13_cli_early_data_status(int scenario) MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); break; - case TEST_EARLY_DATA_SERVER_REJECTS: + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); break; From a76a0011aba1b192df04b710ae876f4395381439 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 6 Feb 2024 16:45:54 +0000 Subject: [PATCH 062/132] Remove mutex calls in psa_wipe_all_key_slots Code size and code style improvement, these calls aren't needed. Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index f4c6ee005..9890de622 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -144,9 +144,6 @@ void psa_wipe_all_key_slots(void) { size_t slot_idx; -#if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_lock(&mbedtls_threading_key_slot_mutex); -#endif for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) { psa_key_slot_t *slot = &global_data.key_slots[slot_idx]; slot->registered_readers = 1; @@ -154,9 +151,6 @@ void psa_wipe_all_key_slots(void) (void) psa_wipe_key_slot(slot); } global_data.key_slots_initialized = 0; -#if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_unlock(&mbedtls_threading_key_slot_mutex); -#endif } psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, From 7889fe79175f893e208c0eb29ca13cda08e87d3a Mon Sep 17 00:00:00 2001 From: Antonio de Angelis Date: Wed, 7 Feb 2024 13:01:33 +0000 Subject: [PATCH 063/132] Make check_config aware of MBEDTLS_PSA_CRYPTO_CLIENT When check_config needs to evaluate the availability of a feature through a PSA API, it should look for MBEDTLS_PSA_CRYPTO_CLIENT instead of MBEDTLS_PSA_CRYPTO_C, to be able to cover the case where the API is provided through a client/service interface. Signed-off-by: Antonio de Angelis --- include/mbedtls/check_config.h | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index b21135686..47de2e9ae 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -56,7 +56,7 @@ /* Check that each MBEDTLS_ECP_DP_xxx symbol has its PSA_WANT_ECC_xxx counterpart * when PSA crypto is enabled. */ -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) || defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) || defined(MBEDTLS_PSA_CRYPTO_CLIENT) #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) #error "MBEDTLS_ECP_DP_BP256R1_ENABLED defined, but not its PSA counterpart" @@ -154,7 +154,7 @@ #endif /* some curve accelerated */ #if defined(MBEDTLS_CTR_DRBG_C) && !(defined(MBEDTLS_AES_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_AES) && \ + (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_AES) && \ defined(PSA_WANT_ALG_ECB_NO_PADDING))) #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites" #endif @@ -236,7 +236,7 @@ #if defined(MBEDTLS_ECJPAKE_C) && \ ( !defined(MBEDTLS_ECP_C) || \ - !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) ) ) + !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_CLIENT) ) ) #error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites" #endif @@ -284,15 +284,15 @@ /* Helpers for hash dependencies, will be undefined at the end of the file */ /* Do SHA-256, 384, 512 to cover Entropy and TLS. */ #if defined(MBEDTLS_SHA256_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256)) + (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_256) #define MBEDTLS_MD_HAVE_SHA256 #endif #if defined(MBEDTLS_SHA384_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384)) + (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_384)) #define MBEDTLS_MD_HAVE_SHA384 #endif #if defined(MBEDTLS_SHA512_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512)) + (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_512)) #define MBEDTLS_MD_HAVE_SHA512 #endif @@ -491,7 +491,7 @@ defined(MBEDTLS_SHA256_C) || \ defined(MBEDTLS_SHA384_C) || \ defined(MBEDTLS_SHA512_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && \ + (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \ (defined(PSA_WANT_ALG_MD5) || \ defined(PSA_WANT_ALG_RIPEMD160) || \ defined(PSA_WANT_ALG_SHA_1) || \ @@ -503,7 +503,7 @@ #endif #if defined(MBEDTLS_LMS_C) && \ - ! ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) ) + ! ( defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_256) ) #error "MBEDTLS_LMS_C requires MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256" #endif @@ -891,7 +891,7 @@ * Note: for dependencies common with TLS 1.2 (running handshake hash), * see MBEDTLS_SSL_TLS_C. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - !(defined(MBEDTLS_PSA_CRYPTO_C) && \ + !(defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \ defined(PSA_WANT_ALG_HKDF_EXTRACT) && \ defined(PSA_WANT_ALG_HKDF_EXPAND) && \ (defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384))) @@ -1089,7 +1089,7 @@ #endif #undef MBEDTLS_THREADING_IMPL -#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_CLIENT) #error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites" #endif From a8082c43d5f8a389ec843b17886673efa14c8667 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 7 Feb 2024 13:31:19 +0000 Subject: [PATCH 064/132] Add MBEDTLS_CIPHER_C dependencies to new pkparse tests Signed-off-by: Ryan Everett --- tests/suites/test_suite_pkparse.data | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 5e9f0e7a8..6af070255 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -891,27 +891,27 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #99.3 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem":"PolarSSLTest":0 Parse RSA Key #99.4 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem":"PolarSSLTest":0 Parse RSA Key #99.5 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem":"PolarSSLTest":0 Parse RSA Key #99.6 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384 DER, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der":"PolarSSLTest":0 Parse RSA Key #99.7 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384 DER, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der":"PolarSSLTest":0 Parse RSA Key #99.8 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384 DER, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der":"PolarSSLTest":0 Parse Public RSA Key #1 (PKCS#8 wrapped) From 3c19b237d142da31c1dc28e6100482323e2b75d4 Mon Sep 17 00:00:00 2001 From: Antonio de Angelis Date: Wed, 7 Feb 2024 17:10:12 +0000 Subject: [PATCH 065/132] Fix trailing parenthesis Signed-off-by: Antonio de Angelis --- include/mbedtls/check_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 47de2e9ae..5283e26dc 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -284,7 +284,7 @@ /* Helpers for hash dependencies, will be undefined at the end of the file */ /* Do SHA-256, 384, 512 to cover Entropy and TLS. */ #if defined(MBEDTLS_SHA256_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_256) + (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_256)) #define MBEDTLS_MD_HAVE_SHA256 #endif #if defined(MBEDTLS_SHA384_C) || \ From a3172d1e9644aa6b19f264b5e411c69be21dd7c4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 8 Feb 2024 10:47:08 +0100 Subject: [PATCH 066/132] Inline the SHA3 parameters table into a switch This saves a few bytes of code size. Signed-off-by: Gilles Peskine --- library/sha3.c | 49 ++++++++++++++++++------------------------------- 1 file changed, 18 insertions(+), 31 deletions(-) diff --git a/library/sha3.c b/library/sha3.c index f420a1249..5df08f91c 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -26,25 +26,6 @@ #define XOR_BYTE 0x6 -typedef struct mbedtls_sha3_family_functions { - mbedtls_sha3_id id; - - uint16_t r; - uint16_t olen; -} -mbedtls_sha3_family_functions; - -/* - * List of supported SHA-3 families - */ -static const mbedtls_sha3_family_functions sha3_families[] = { - { MBEDTLS_SHA3_224, 1152, 224 }, - { MBEDTLS_SHA3_256, 1088, 256 }, - { MBEDTLS_SHA3_384, 832, 384 }, - { MBEDTLS_SHA3_512, 576, 512 }, - { MBEDTLS_SHA3_NONE, 0, 0 } -}; - static const uint64_t rc[24] = { 0x0000000000000001, 0x0000000000008082, 0x800000000000808a, 0x8000000080008000, 0x000000000000808b, 0x0000000080000001, 0x8000000080008081, 0x8000000000008009, @@ -180,21 +161,27 @@ void mbedtls_sha3_clone(mbedtls_sha3_context *dst, */ int mbedtls_sha3_starts(mbedtls_sha3_context *ctx, mbedtls_sha3_id id) { - const mbedtls_sha3_family_functions *p = NULL; - - for (p = sha3_families; p->id != MBEDTLS_SHA3_NONE; p++) { - if (p->id == id) { + switch (id) { + case MBEDTLS_SHA3_224: + ctx->olen = 224 / 8; + ctx->max_block_size = 1152 / 8; break; - } + case MBEDTLS_SHA3_256: + ctx->olen = 256 / 8; + ctx->max_block_size = 1088 / 8; + break; + case MBEDTLS_SHA3_384: + ctx->olen = 384 / 8; + ctx->max_block_size = 832 / 8; + break; + case MBEDTLS_SHA3_512: + ctx->olen = 512 / 8; + ctx->max_block_size = 576 / 8; + break; + default: + return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA; } - if (p->id == MBEDTLS_SHA3_NONE) { - return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA; - } - - ctx->olen = p->olen / 8; - ctx->max_block_size = p->r / 8; - memset(ctx->state, 0, sizeof(ctx->state)); ctx->index = 0; From 058c9a34ec30246ae582f549fb95851ae1010708 Mon Sep 17 00:00:00 2001 From: Antonio de Angelis Date: Thu, 8 Feb 2024 10:24:06 +0000 Subject: [PATCH 067/132] build_info should look for MBEDTLS_PSA_CRYPTO_CLIENT as well Similarly to check_config.h, also build_info.h should consider MBEDTLS_PSA_CRYPTO_CLIENT as the define which signals that PSA Crypto APIs feature are being required in the build (possibly due to the client/service architecture). It is automatically enabled if CRYPTO_C is enabled, but only at config_adjust_legacy_crypto.h which happens after the inclusion of the config_psa.h is needed Signed-off-by: Antonio de Angelis --- include/mbedtls/build_info.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 2f336ba21..99a449b50 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -158,7 +158,8 @@ * (e.g. MBEDTLS_MD_LIGHT) */ #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) /* PSA_WANT_xxx influences MBEDTLS_xxx */ || \ - defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */ + defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */ || \ + defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* The same as the previous, but with separation only */ #include "mbedtls/config_psa.h" #endif From 68608b23177faf654dc3d774122b478d7a5d0a06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Feb 2024 11:51:39 +0100 Subject: [PATCH 068/132] Remove redundant helper macros in check_config.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel PĂ©gouriĂ©-Gonnard --- include/mbedtls/check_config.h | 28 +++++----------------------- 1 file changed, 5 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index b21135686..40936cd49 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -281,23 +281,8 @@ #error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites" #endif -/* Helpers for hash dependencies, will be undefined at the end of the file */ -/* Do SHA-256, 384, 512 to cover Entropy and TLS. */ -#if defined(MBEDTLS_SHA256_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256)) -#define MBEDTLS_MD_HAVE_SHA256 -#endif -#if defined(MBEDTLS_SHA384_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384)) -#define MBEDTLS_MD_HAVE_SHA384 -#endif -#if defined(MBEDTLS_SHA512_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512)) -#define MBEDTLS_MD_HAVE_SHA512 -#endif - #if defined(MBEDTLS_ENTROPY_C) && \ - !(defined(MBEDTLS_MD_HAVE_SHA512) || defined(MBEDTLS_MD_HAVE_SHA256)) + !(defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA256)) #error "MBEDTLS_ENTROPY_C defined, but not all prerequisites" #endif #if defined(MBEDTLS_ENTROPY_C) && \ @@ -305,12 +290,12 @@ #error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high" #endif #if defined(MBEDTLS_ENTROPY_C) && \ - (defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(MBEDTLS_MD_HAVE_SHA512)) \ + (defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(MBEDTLS_MD_CAN_SHA512)) \ && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32) #error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high" #endif #if defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_MD_HAVE_SHA256) + defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_MD_CAN_SHA256) #error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites" #endif @@ -471,7 +456,7 @@ /* Use of EC J-PAKE in TLS requires SHA-256. */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - !defined(MBEDTLS_MD_HAVE_SHA256) + !defined(MBEDTLS_MD_CAN_SHA256) #error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" #endif @@ -975,7 +960,7 @@ #endif #else /* MBEDTLS_USE_PSA_CRYPTO */ #if !defined(MBEDTLS_MD_C) || \ - !(defined(MBEDTLS_MD_HAVE_SHA256) || defined(MBEDTLS_MD_HAVE_SHA384)) + !(defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA384)) #error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites" #endif #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -1220,9 +1205,6 @@ /* Undefine helper symbols */ #undef MBEDTLS_PK_HAVE_JPAKE -#undef MBEDTLS_MD_HAVE_SHA256 -#undef MBEDTLS_MD_HAVE_SHA384 -#undef MBEDTLS_MD_HAVE_SHA512 #undef MBEDTLS_PK_HAVE_CURVE_SECP256R1 /* From 7eb3f9a5237e9b18ca1ec6df948b0a710b140151 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Feb 2024 11:56:54 +0100 Subject: [PATCH 069/132] Simplify and fix dependency of MD_C on a hash MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Simplify: let's take advantage of the MD_CAN macros instead of doing it again ourselves. Fix: SHA-3 was forgotten. Signed-off-by: Manuel PĂ©gouriĂ©-Gonnard --- include/mbedtls/check_config.h | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 40936cd49..785285919 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -468,23 +468,19 @@ #error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C" #endif -#if defined(MBEDTLS_MD_C) && !( \ - defined(MBEDTLS_MD5_C) || \ - defined(MBEDTLS_RIPEMD160_C) || \ - defined(MBEDTLS_SHA1_C) || \ - defined(MBEDTLS_SHA224_C) || \ - defined(MBEDTLS_SHA256_C) || \ - defined(MBEDTLS_SHA384_C) || \ - defined(MBEDTLS_SHA512_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && \ - (defined(PSA_WANT_ALG_MD5) || \ - defined(PSA_WANT_ALG_RIPEMD160) || \ - defined(PSA_WANT_ALG_SHA_1) || \ - defined(PSA_WANT_ALG_SHA_224) || \ - defined(PSA_WANT_ALG_SHA_256) || \ - defined(PSA_WANT_ALG_SHA_384) || \ - defined(PSA_WANT_ALG_SHA_512)))) -#error "MBEDTLS_MD_C defined, but not all prerequisites" +#if defined(MBEDTLS_MD_C) && \ + !defined(MBEDTLS_MD_CAN_MD5) && \ + !defined(MBEDTLS_MD_CAN_RIPEMD160) && \ + !defined(MBEDTLS_MD_CAN_SHA1) && \ + !defined(MBEDTLS_MD_CAN_SHA224) && \ + !defined(MBEDTLS_MD_CAN_SHA256) && \ + !defined(MBEDTLS_MD_CAN_SHA384) && \ + !defined(MBEDTLS_MD_CAN_SHA512) && \ + !defined(MBEDTLS_MD_CAN_SHA3_224) && \ + !defined(MBEDTLS_MD_CAN_SHA3_256) && \ + !defined(MBEDTLS_MD_CAN_SHA3_384) && \ + !defined(MBEDTLS_MD_CAN_SHA3_512) +#error "MBEDTLS_MD_C defined, but no hash algorithm" #endif #if defined(MBEDTLS_LMS_C) && \ From 49f64b4cac9a34405f16bcf9e4e20c7fa0ee3792 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Feb 2024 12:00:28 +0100 Subject: [PATCH 070/132] Fix dependency on low-level hash modules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit None of the TLS code is calling low-level hash functions directly. So the correct dependencies here are MD_CAN. (I checked and this was the only occurrence.) Signed-off-by: Manuel PĂ©gouriĂ©-Gonnard --- include/mbedtls/check_config.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 785285919..8c8130bb9 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -461,11 +461,11 @@ #endif #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ - !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \ - ( !defined(MBEDTLS_SHA256_C) && \ - !defined(MBEDTLS_SHA512_C) && \ - !defined(MBEDTLS_SHA1_C) ) -#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C" + !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \ + !defined(MBEDTLS_MD_CAN_SHA256) && \ + !defined(MBEDTLS_MD_CAN_SHA512) && \ + !defined(MBEDTLS_MD_CAN_SHA1) +#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires SHA-512, SHA-256 or SHA-1". #endif #if defined(MBEDTLS_MD_C) && \ From 61758e606ea226c275d8c667e539c964ecc0dcfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Feb 2024 12:03:28 +0100 Subject: [PATCH 071/132] Fix wrong dependency of ECJPAKE_C MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It always uses MD now. (The "fall back" to PSA Crypto was only in the 1st iteration of driver-only hash support, before we changed the architecture to make everything go through MD.) Signed-off-by: Manuel PĂ©gouriĂ©-Gonnard --- include/mbedtls/check_config.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 8c8130bb9..3be200d83 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -234,9 +234,8 @@ #endif #endif /* MBEDTLS_PK_C && MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_ECJPAKE_C) && \ - ( !defined(MBEDTLS_ECP_C) || \ - !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) ) ) +#if defined(MBEDTLS_ECJPAKE_C) && \ + (!defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C)) #error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites" #endif From e1f3faf5bf920c7788f113b22f50096028360214 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Feb 2024 12:17:20 +0100 Subject: [PATCH 072/132] Remove temporary macros that are not needed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Those were only used for KEY_EXCHANGE_ECJPAKE, but had a much larger scope than needed. We actually don't need those macros if we distinguish between cases when expressing dependencies for this key exchange. The remaining helper macros are all short lived. Signed-off-by: Manuel PĂ©gouriĂ©-Gonnard --- include/mbedtls/check_config.h | 53 +++++++++++----------------------- 1 file changed, 17 insertions(+), 36 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 3be200d83..1dcd903d2 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -300,13 +300,13 @@ #if defined(__has_feature) #if __has_feature(memory_sanitizer) -#define MBEDTLS_HAS_MEMSAN +#define MBEDTLS_HAS_MEMSAN // #undef at the end of this paragraph #endif #endif #if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN) #error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer" #endif -#undef MBEDTLS_HAS_MEMSAN +#undef MBEDTLS_HAS_MEMSAN // temporary macro defined above #if defined(MBEDTLS_CCM_C) && \ !(defined(MBEDTLS_CCM_GCM_CAN_AES) || defined(MBEDTLS_CCM_GCM_CAN_ARIA) || \ @@ -372,28 +372,6 @@ #error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites" #endif -/* Helper for JPAKE dependencies, will be undefined at the end of the file */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) -#define MBEDTLS_PK_HAVE_JPAKE -#endif -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_ECJPAKE_C) -#define MBEDTLS_PK_HAVE_JPAKE -#endif -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -/* Helper for curve SECP256R1 */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(PSA_WANT_ECC_SECP_R1_256) -#define MBEDTLS_PK_HAVE_CURVE_SECP256R1 -#endif -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) -#define MBEDTLS_PK_HAVE_CURVE_SECP256R1 -#endif -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \ ( !defined(MBEDTLS_CAN_ECDH) || \ !defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \ @@ -447,11 +425,20 @@ #error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites" #endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - ( !defined(MBEDTLS_PK_HAVE_JPAKE) || \ - !defined(MBEDTLS_PK_HAVE_CURVE_SECP256R1) ) +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ + ( !defined(PSA_WANT_ALG_JPAKE) || \ + !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \ + !defined(PSA_WANT_ECC_SECP_R1_256) ) #error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" #endif +#else /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ + ( !defined(MBEDTLS_ECJPAKE_C) || \ + !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) ) +#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" +#endif +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Use of EC J-PAKE in TLS requires SHA-256. */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ @@ -1054,20 +1041,18 @@ #if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL) #error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites" #endif -#define MBEDTLS_THREADING_IMPL +#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph #endif - #if defined(MBEDTLS_THREADING_ALT) #if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL) #error "MBEDTLS_THREADING_ALT defined, but not all prerequisites" #endif -#define MBEDTLS_THREADING_IMPL +#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph #endif - #if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL) #error "MBEDTLS_THREADING_C defined, single threading implementation required" #endif -#undef MBEDTLS_THREADING_IMPL +#undef MBEDTLS_THREADING_IMPL // temporary macro defined above #if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_C) #error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites" @@ -1198,10 +1183,6 @@ #error "MBEDTLS_PKCS7_C is defined, but not all prerequisites" #endif -/* Undefine helper symbols */ -#undef MBEDTLS_PK_HAVE_JPAKE -#undef MBEDTLS_PK_HAVE_CURVE_SECP256R1 - /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the From 1463e49a3c2f2bdd7cac52964c0c0c599ef63d94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Feb 2024 12:28:30 +0100 Subject: [PATCH 073/132] Move config adjustment to config_adjust MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After this change, check_config.h does not have any #defined except: - the standard header double-inclusion guard - short-lived helpers that are #undef-ed in the same paragraph Signed-off-by: Manuel PĂ©gouriĂ©-Gonnard --- include/mbedtls/check_config.h | 14 ++------------ include/mbedtls/config_adjust_legacy_crypto.h | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 1dcd903d2..1741d8b9c 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -27,18 +27,8 @@ #if !defined(MBEDTLS_PLATFORM_C) #error "MBEDTLS_PLATFORM_C is required on Windows" #endif - -/* Fix the config here. Not convenient to put an #ifdef _WIN32 in mbedtls_config.h as - * it would confuse config.py. */ -#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \ - !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) -#define MBEDTLS_PLATFORM_SNPRINTF_ALT -#endif - -#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \ - !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) -#define MBEDTLS_PLATFORM_VSNPRINTF_ALT -#endif +/* See auto-enabling SNPRINTF_ALT and VSNPRINTF_ALT + * in * config_adjust_legacy_crypto.h */ #endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */ #if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 696266c6f..6126a1e86 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -22,6 +22,22 @@ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H #define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H +/* Ideally, we'd set those as defaults in mbedtls_config.h, but + * putting an #ifdef _WIN32 in mbedtls_config.h would confuse config.py. + * + * So, adjust it here. + * Not related to crypto, but this is the bottom of the stack. */ +#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900) +#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \ + !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) +#define MBEDTLS_PLATFORM_SNPRINTF_ALT +#endif +#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \ + !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) +#define MBEDTLS_PLATFORM_VSNPRINTF_ALT +#endif +#endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */ + /* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin * in PSA. */ #if defined(MBEDTLS_PSA_CRYPTO_C) && \ From a6184b2cc88eeb018d6fb1b8c715f98345b00c16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Feb 2024 12:30:56 +0100 Subject: [PATCH 074/132] Remove redundant check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We're already making sure of that in include/mbedtls/config_adjust_psa_superset_legacy.h - no need to double-check here. Signed-off-by: Manuel PĂ©gouriĂ©-Gonnard --- include/mbedtls/check_config.h | 59 ---------------------------------- 1 file changed, 59 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 1741d8b9c..429bf3e80 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -44,65 +44,6 @@ #error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense" #endif -/* Check that each MBEDTLS_ECP_DP_xxx symbol has its PSA_WANT_ECC_xxx counterpart - * when PSA crypto is enabled. */ -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) || defined(MBEDTLS_PSA_CRYPTO_C) - -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) -#error "MBEDTLS_ECP_DP_BP256R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) -#error "MBEDTLS_ECP_DP_BP384R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) -#error "MBEDTLS_ECP_DP_BP512R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && !defined(PSA_WANT_ECC_MONTGOMERY_255) -#error "MBEDTLS_ECP_DP_CURVE25519_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) && !defined(PSA_WANT_ECC_MONTGOMERY_448) -#error "MBEDTLS_ECP_DP_CURVE448_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_192) -#error "MBEDTLS_ECP_DP_SECP192R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_224) -#error "MBEDTLS_ECP_DP_SECP224R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_256) -#error "MBEDTLS_ECP_DP_SECP256R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_384) -#error "MBEDTLS_ECP_DP_SECP384R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_521) -#error "MBEDTLS_ECP_DP_SECP521R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_192) -#error "MBEDTLS_ECP_DP_SECP192K1_ENABLED defined, but not its PSA counterpart" -#endif - -/* SECP224K1 is buggy in PSA API so we skip this check */ -#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_224) -#error "MBEDTLS_ECP_DP_SECP224K1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_256) -#error "MBEDTLS_ECP_DP_SECP256K1_ENABLED defined, but not its PSA counterpart" -#endif - -#endif /* MBEDTLS_PSA_CRYPTO_CONFIG || MBEDTLS_PSA_CRYPTO_C */ - /* Limitations on ECC key types acceleration: if we have any of `PUBLIC_KEY`, * `KEY_PAIR_BASIC`, `KEY_PAIR_IMPORT`, `KEY_PAIR_EXPORT` then we must have * all 4 of them. From afb2eee263a9fa2aae940e3ff19114194ed00167 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 8 Feb 2024 14:31:54 +0000 Subject: [PATCH 075/132] Add PKCS5/12 exceptions to analyze_block_cipher_dispatch Signed-off-by: Ryan Everett --- tests/scripts/analyze_outcomes.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 6503f9a27..a54ece636 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -562,6 +562,18 @@ KNOWN_TASKS = { # but these are not available in the accelerated component. re.compile('Set( non-existent)? padding with (AES|CAMELLIA).*'), ], + 'test_suite_pkcs12': [ + # The en/decryption part of PKCS#12 is not yet supported. + # The rest of PKCS#12 (key derivation) works, though. + re.compile(r'PBE Encrypt, .*'), + re.compile(r'PBE Decrypt, .*'), + ], + 'test_suite_pkcs5': [ + # The en/decryption part of PKCS#5 is not yet supported. + # The rest of PKCS#5 (PBKDF2) works, though. + re.compile(r'PBES2 Encrypt, .*'), + re.compile(r'PBES2 Decrypt .*'), + ], 'test_suite_pkparse': [ # PEM (called by pkparse) requires AES_C in order to decrypt # the key, but this is not available in the accelerated From 75e65fe24b4ba67f92bcb44dec768e6b0f5aadfc Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 8 Feb 2024 15:43:02 +0000 Subject: [PATCH 076/132] Reformat AES encryption test data in pkcs5 tests The added comma is needed so that these tests match the regex exceptions in analyze_outcomes.py. Moved the Encryption tests so that they are separate to decryption. Signed-off-by: Ryan Everett --- tests/suites/test_suite_pkcs5.data | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index 939c82fc0..52e682321 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -126,6 +126,18 @@ PBES2 Encrypt, pad=8 (PKCS7 padding disabled) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7 pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D5510101010101010101010101010101010":138:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:"" +PBES2 Encrypt, AES-128-CBC (OK, generated with OpenSSL) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e" + +PBES2 Encrypt, AES-192-CBC (OK, generated with OpenSSL) +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7 +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94" + +PBES2 Encrypt, AES-256-CBC (OK, generated with OpenSSL) +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7 +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301a0408010203040506070802022710300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566" + PBES2 Decrypt (OK) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF" @@ -142,18 +154,6 @@ PBES2 Decrypt (Invalid padding & PKCS7 padding enabled) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607" -PBES2 Encrypt AES-128-CBC (OK, generated with OpenSSL) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e" - -PBES2 Encrypt AES-192-CBC (OK, generated with OpenSSL) -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7 -pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94" - -PBES2 Encrypt AES-256-CBC (OK, generated with OpenSSL) -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7 -pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301a0408010203040506070802022710300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566" - PBES2 Decrypt AES-128-CBC (OK, generated with OpenSSL) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" From ac60afc2d295cc1d0ac2b46f3e04a1c5ea7ead7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Feb 2024 18:45:56 +0100 Subject: [PATCH 077/132] Remove useless overly strong dependency MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ECJPAKE_C only needs MD_LIGHT and it allready auto-enables it in config_adjust_legacy_crypto.h, so nothing to check here. Signed-off-by: Manuel PĂ©gouriĂ©-Gonnard --- include/mbedtls/check_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 429bf3e80..a7a346fe5 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -166,7 +166,7 @@ #endif /* MBEDTLS_PK_C && MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ECJPAKE_C) && \ - (!defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C)) + !defined(MBEDTLS_ECP_C) #error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites" #endif From 9de84bd67775e05fabca1907cd9f2ea33078d99a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 8 Feb 2024 17:40:27 +0100 Subject: [PATCH 078/132] rsa: reject buffers with data outside main SEQUENCE when parsing keys Signed-off-by: Valerio Setti --- library/rsa.c | 10 ++++++++-- tests/suites/test_suite_psa_crypto.data | 4 ++-- tests/suites/test_suite_rsa.data | 6 +++--- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index f4c08626c..2c3386912 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -108,7 +108,10 @@ int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, si return ret; } - /* mbedtls_asn1_get_tag() already ensures that len is valid (i.e. p+len <= end)*/ + if (end != p + len) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } + end = p + len; if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) { @@ -241,7 +244,10 @@ int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key, return ret; } - /* mbedtls_asn1_get_tag() already ensures that len is valid (i.e. p+len <= end)*/ + if (end != p + len) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } + end = p + len; /* Import N */ diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 34af94a25..dc43599a7 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -106,7 +106,7 @@ import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa24 PSA import/export RSA keypair: trailing garbage ignored depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:-1:PSA_SUCCESS:0 +import_with_data:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ERROR_INVALID_ARGUMENT PSA import/export RSA public key: good, 1024-bit, opaque depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:PSA_CRYPTO_DRIVER_TEST @@ -158,7 +158,7 @@ import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa24 PSA import/export RSA keypair: trailing garbage ignored, opaque depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_SUCCESS:0 +import_with_data:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ERROR_INVALID_ARGUMENT PSA import RSA keypair: truncated depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index b89d1583c..1964b3286 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -662,7 +662,7 @@ RSA parse private key - correct values, extra integer inside the SEQUENCE rsa_parse_pkcs1_key:0:"3066020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c020100":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH RSA parse private key - correct values, extra integer outside the SEQUENCE -rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c020100":0 +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c020100":MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA parse private key - correct values, n wrong tag rsa_parse_pkcs1_key:0:"3063020100FF1100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG @@ -707,7 +707,7 @@ RSA parse public key - public exponent 0 rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203000000":MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA parse public key - wrong sequence length -rsa_parse_pkcs1_key:1:"308188028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_OUT_OF_DATA +rsa_parse_pkcs1_key:1:"308188028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA parse public key - wrong modulus length rsa_parse_pkcs1_key:1:"308189028180009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG @@ -725,7 +725,7 @@ RSA parse public key - correct values, extra integer inside the SEQUENCE rsa_parse_pkcs1_key:1:"30818c028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001020100":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH RSA parse public key - correct values, extra integer outside the SEQUENCE -rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001020100":0 +rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001020100":MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA priv key write - incremental output buffer size rsa_key_write_incremental:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c" From b1f6d2ad6fa2621772d35bda1835d8b0e1fa1d02 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 8 Feb 2024 17:41:45 +0100 Subject: [PATCH 079/132] asn1: enable mbedtls_asn1_get_tag() when PEM_PARSE_C is defined Signed-off-by: Valerio Setti --- include/mbedtls/asn1.h | 5 +++-- library/asn1parse.c | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index ff019f432..d8ee46930 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -198,7 +198,7 @@ typedef struct mbedtls_asn1_named_data { mbedtls_asn1_named_data; #if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) || \ - defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) + defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) || defined(MBEDTLS_PEM_PARSE_C) /** * \brief Get the length of an ASN.1 element. * Updates the pointer to immediately behind the length. @@ -245,7 +245,8 @@ int mbedtls_asn1_get_len(unsigned char **p, int mbedtls_asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag); -#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA */ +#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C || + MBEDTLS_PSA_UTIL_HAVE_ECDSA || MBEDTLS_PEM_PARSE_C */ #if defined(MBEDTLS_ASN1_PARSE_C) /** diff --git a/library/asn1parse.c b/library/asn1parse.c index e33fdf71d..644b43ba9 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -8,7 +8,7 @@ #include "common.h" #if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) || \ - defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) + defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) || defined(MBEDTLS_PEM_PARSE_C) #include "mbedtls/asn1.h" #include "mbedtls/platform_util.h" @@ -74,7 +74,8 @@ int mbedtls_asn1_get_tag(unsigned char **p, return mbedtls_asn1_get_len(p, end, len); } -#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA */ +#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C || + MBEDTLS_PSA_UTIL_HAVE_ECDSA || MBEDTLS_PEM_PARSE_C */ #if defined(MBEDTLS_ASN1_PARSE_C) int mbedtls_asn1_get_bool(unsigned char **p, From 2653e92a578fbe027579150b8c94f2a5d36baf48 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 8 Feb 2024 17:51:00 +0100 Subject: [PATCH 080/132] pem: fix valid data length returned by mbedtls_pem_read_buffer() ctx->buflen now returns the amount of valid data in ctx->buf. Unencrypted buffers were already ok, but encrypted ones were used to return the length of the encrypted buffer, not the unencrypted one. This commit fix this behavior for encrypted buffers. Signed-off-by: Valerio Setti --- include/mbedtls/pem.h | 6 +++--- library/pem.c | 20 +++++++++++++------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h index cc617a9bc..3c6a28d98 100644 --- a/include/mbedtls/pem.h +++ b/include/mbedtls/pem.h @@ -73,11 +73,11 @@ void mbedtls_pem_init(mbedtls_pem_context *ctx); * \param data source data to look in (must be nul-terminated) * \param pwd password for decryption (can be NULL) * \param pwdlen length of password - * \param use_len destination for total length used (set after header is - * correctly read, so unless you get + * \param use_len destination for total length used from data buffer. It is + * set after header is correctly read, so unless you get * MBEDTLS_ERR_PEM_BAD_INPUT_DATA or * MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is - * the length to skip) + * the length to skip. * * \note Attempts to check password correctness by verifying if * the decrypted text starts with an ASN.1 sequence of diff --git a/library/pem.c b/library/pem.c index 539134c29..7e7f86ff5 100644 --- a/library/pem.c +++ b/library/pem.c @@ -17,6 +17,7 @@ #include "mbedtls/cipher.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" +#include "mbedtls/asn1.h" #include @@ -431,15 +432,20 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const } /* - * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3 - * length bytes (allow 4 to be sure) in all known use cases. - * - * Use that as a heuristic to try to detect password mismatches. + * The result will be ASN.1 starting with a SEQUENCE tag. Parse it + * with ASN.1 functions in order to: + * - Have an heuristic guess about password mismatches. + * - Update len variable to the amount of valid data inside buf. */ - if (len <= 2 || buf[0] != 0x30 || buf[1] > 0x83) { - mbedtls_zeroize_and_free(buf, len); - return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH; + unsigned char *p = buf; + ret = mbedtls_asn1_get_tag(&p, buf + len, &len, + MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED); + if (ret != 0) { + mbedtls_free(buf); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); } + /* Add also the sequence block (tag + len) to the total amount of valid data. */ + len += (p - buf); #else mbedtls_zeroize_and_free(buf, len); return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE; From 010d23f9af824f58910cf3898ce4e6da5ea0ea35 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 8 Feb 2024 17:56:03 +0100 Subject: [PATCH 081/132] test_suite_[pkparse|x509parse]: fix return values of some PEM related error tests Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkparse.data | 2 +- tests/suites/test_suite_x509parse.data | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 762fd52a2..5b2dbb9cc 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -8,7 +8,7 @@ pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLTest":0 Parse RSA Key #3 (Wrong password) depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C -pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PK_PASSWORD_MISMATCH +pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG Parse RSA Key #4 (DES Encrypted) depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index b9ae20c56..2b0920d80 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1774,7 +1774,7 @@ x509parse_crt:"307d3068a0030201008204deadbeef300d06092a864886f70d01010b0500300c3 X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring length) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_OUT_OF_DATA +x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring tag) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 From 67f35688954e7920b58a5765942154da82a64cca Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 9 Feb 2024 13:02:23 +0000 Subject: [PATCH 082/132] Reduce analyze_block_cipher_dispatch exceptions Signed-off-by: Ryan Everett --- tests/scripts/analyze_outcomes.py | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index a54ece636..8c7f21f85 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -562,17 +562,10 @@ KNOWN_TASKS = { # but these are not available in the accelerated component. re.compile('Set( non-existent)? padding with (AES|CAMELLIA).*'), ], - 'test_suite_pkcs12': [ - # The en/decryption part of PKCS#12 is not yet supported. - # The rest of PKCS#12 (key derivation) works, though. - re.compile(r'PBE Encrypt, .*'), - re.compile(r'PBE Decrypt, .*'), - ], 'test_suite_pkcs5': [ - # The en/decryption part of PKCS#5 is not yet supported. + # The AES part of PKCS#5 PBES2 is not yet supported. # The rest of PKCS#5 (PBKDF2) works, though. - re.compile(r'PBES2 Encrypt, .*'), - re.compile(r'PBES2 Decrypt .*'), + re.compile(r'PBES2 .* AES-.*') ], 'test_suite_pkparse': [ # PEM (called by pkparse) requires AES_C in order to decrypt From 7fee4f731895aa13a11dd353ead4ee9e9e260e9e Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 9 Feb 2024 14:11:27 +0000 Subject: [PATCH 083/132] Fix mutex unlock error handling in psa_destroy_key Signed-off-by: Ryan Everett --- library/psa_crypto.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9d7b72f87..27ea3b84c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1167,17 +1167,19 @@ exit: /* Unregister from reading the slot. If we are the last active reader * then this will wipe the slot. */ status = psa_unregister_read(slot); + /* Prioritize CORRUPTION_DETECTED from unregistering over + * a storage error. */ + if (status != PSA_SUCCESS) { + overall_status = status; + } #if defined(MBEDTLS_THREADING_C) + /* Don't overwrite existing errors if the unlock fails. */ + status = overall_status; PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( &mbedtls_threading_key_slot_mutex)); #endif - /* Prioritize CORRUPTION_DETECTED from unregistering or - * SERVICE_FAILURE from unlocking over a storage error. */ - if (status != PSA_SUCCESS) { - overall_status = status; - } return overall_status; } From 9dc076b4f49ceedb2bfae13c74ae58c3251d1a95 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 9 Feb 2024 14:20:09 +0000 Subject: [PATCH 084/132] Fix issue with lock failures returning CORRUPTION_DETECTED Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 9890de622..dc38662e1 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -529,6 +529,9 @@ psa_status_t psa_close_key(psa_key_handle_t handle) } #if defined(MBEDTLS_THREADING_C) + /* We need to set status as success, otherwise CORRUPTION_DETECTED + * would be returned if the lock fails. */ + status = PSA_SUCCESS; PSA_THREADING_CHK_RET(mbedtls_mutex_lock( &mbedtls_threading_key_slot_mutex)); #endif @@ -563,6 +566,9 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key) psa_key_slot_t *slot; #if defined(MBEDTLS_THREADING_C) + /* We need to set status as success, otherwise CORRUPTION_DETECTED + * would be returned if the lock fails. */ + status = PSA_SUCCESS; PSA_THREADING_CHK_RET(mbedtls_mutex_lock( &mbedtls_threading_key_slot_mutex)); #endif From 5d2bcc63cd24f28006e22fa641c9ce7eabf76a1d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 9 Feb 2024 14:41:24 +0000 Subject: [PATCH 085/132] Fix typo / improve documentation for test step fns Signed-off-by: Paul Elliott --- tests/include/test/helpers.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 4e59e2094..d08100f15 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -116,10 +116,10 @@ int mbedtls_test_get_line_no(void); /** * \brief Increment the current test step. * - * \note Calling this function from within multiple threads at the - * same time is not recommended - whilst it is entirely thread - * safe, the order of calls to this function can obviously not - * be ensured, so unexpected results may occur. + * \note It is not recommended for multiple threads to call this + * function concurrently - whilst it is entirely thread safe, + * the order of calls to this function can obviously not be + * ensured, so unexpected results may occur. */ void mbedtls_test_increment_step(void); @@ -231,10 +231,10 @@ void mbedtls_test_skip(const char *test, int line_no, const char *filename); * "step number" is the index of a for loop but it can be * whatever you want. * - * \note Calling this function from a within multiple threads at the - * same time is not recommended - whilst it is entirely thread - * safe, the order of calls to this function can obviously not - * be ensured, so unexpected results may occur. + * \note It is not recommended for multiple threads to call this + * function concurrently - whilst it is entirely thread safe, + * the order of calls to this function can obviously not be + * ensured, so unexpected results may occur. * * \param step The step number to report. */ From 4ade8ee5b96a0cb0331efa2e2dd2b795fc2cb2cd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 9 Feb 2024 17:44:07 +0100 Subject: [PATCH 086/132] test_suite_pem: more tests for ASN.1 parsing after decoding Signed-off-by: Valerio Setti --- tests/suites/test_suite_pem.data | 13 +++++++++++++ tests/suites/test_suite_pem.function | 1 + 2 files changed, 14 insertions(+) diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index a4dff45f0..32d3c279b 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -49,3 +49,16 @@ mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KE PEM read (malformed PEM AES-128-CBC) depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,AA94892A169FA426AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:"" + +# The output sequence's length is not multiple of block size (16 bytes). This +# proves that the pem_context->len value is properly updated based on the SEQUENCE +# length read from the decoded ASN.1 data (i.e. extra padding, if any, is ignored). +PEM read (valid EC key encoded with AES-128-CBC) +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,151F851B6A7F3FBDAA5B7173117D0127\n\nLw+0OM+0Bwcl+ls/vxQbLrVshGc7bsNPvvtj2sJeMFFEq3V1mj/IO++0KK/CDhMH\nh6CZPsmgVOeM5uFpqYaq0fJbUduN2eDMWszWRm0SFkY=\n-----END EC PRIVATE KEY-----":"pwdpwd":0:"3041020101040f00d8023c809afd45e426d1a4dbe0ffa00706052b81040004a1220320000400da1ecfa53d528237625e119e2e0500d2eb671724f16deb6a63749516b7" + +# The text "hello world" (which is clearly not a valid ASN.1 SEQUENCE) is encoded +# with AES-128-CBC to prove that ASN.1 parsing after decoding fails. +PEM read (Invalid SEQUENCE encoded with AES-128-CBC) +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,765FCB151B573FC9E5FB3A0E5A198785\n\nU2FsdGVkX1/+Vl2WMhEy3zcdg14R+flkg/pW4ei4d0I=\n-----END EC PRIVATE KEY-----":"pwdpwd":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function index 413dc551c..2acc16e9f 100644 --- a/tests/suites/test_suite_pem.function +++ b/tests/suites/test_suite_pem.function @@ -3,6 +3,7 @@ #include "mbedtls/pem.h" #include "mbedtls/des.h" #include "mbedtls/aes.h" +#include "mbedtls/asn1.h" /* END_HEADER */ /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */ From 2b20ff62fc8c5fbb73d0c796f69edd063edccf33 Mon Sep 17 00:00:00 2001 From: PiotrBzdrega Date: Sun, 11 Feb 2024 01:56:45 +0100 Subject: [PATCH 087/132] move entropy init prior arguments number recognition Signed-off-by: PiotrBzdrega --- programs/pkey/gen_key.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 6914c9390..26453cc95 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -248,7 +248,7 @@ int main(int argc, char *argv[]) mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); #endif /* MBEDTLS_RSA_C */ - + mbedtls_entropy_init(&entropy); mbedtls_pk_init(&key); mbedtls_ctr_drbg_init(&ctr_drbg); memset(buf, 0, sizeof(buf)); @@ -336,7 +336,6 @@ usage: mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - mbedtls_entropy_init(&entropy); #if !defined(_WIN32) && defined(MBEDTLS_FS_IO) if (opt.use_dev_random) { if ((ret = mbedtls_entropy_add_source(&entropy, dev_random_entropy_poll, From f6a9cfa5d201cc588171fe879577c57a26b58b2a Mon Sep 17 00:00:00 2001 From: PiotrBzdrega Date: Sun, 11 Feb 2024 09:41:56 +0100 Subject: [PATCH 088/132] adjust indentation Signed-off-by: PiotrBzdrega --- programs/pkey/gen_key.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 26453cc95..194a5cbba 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -248,7 +248,8 @@ int main(int argc, char *argv[]) mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); #endif /* MBEDTLS_RSA_C */ - mbedtls_entropy_init(&entropy); + + mbedtls_entropy_init(&entropy); mbedtls_pk_init(&key); mbedtls_ctr_drbg_init(&ctr_drbg); memset(buf, 0, sizeof(buf)); From 19f1adfc69a315fc703d202bb6ccad815acebdca Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 1 Feb 2024 22:17:44 +0100 Subject: [PATCH 089/132] New function mbedtls_rsa_get_bitlen() Document, implement and test mbedtls_rsa_get_bitlen(). Signed-off-by: Gilles Peskine --- ChangeLog.d/rsa-bitlen.txt | 3 + include/mbedtls/rsa.h | 10 ++ library/rsa.c | 8 ++ tests/suites/test_suite_rsa.data | 138 +++++++++++++++++++++++---- tests/suites/test_suite_rsa.function | 35 ++++--- 5 files changed, 165 insertions(+), 29 deletions(-) create mode 100644 ChangeLog.d/rsa-bitlen.txt diff --git a/ChangeLog.d/rsa-bitlen.txt b/ChangeLog.d/rsa-bitlen.txt new file mode 100644 index 000000000..85a989442 --- /dev/null +++ b/ChangeLog.d/rsa-bitlen.txt @@ -0,0 +1,3 @@ +Features + * The new function mbedtls_rsa_get_bitlen() returns the length of the modulus + in bits, i.e. the key size for an RSA key. diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 9136375c1..c1e76b392 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -426,6 +426,16 @@ int mbedtls_rsa_export_raw(const mbedtls_rsa_context *ctx, int mbedtls_rsa_export_crt(const mbedtls_rsa_context *ctx, mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP); +/** + * \brief This function retrieves the length of the RSA modulus in bits. + * + * \param ctx The initialized RSA context. + * + * \return The length of the RSA modulus in bits. + * + */ +size_t mbedtls_rsa_get_bitlen(const mbedtls_rsa_context *ctx); + /** * \brief This function retrieves the length of RSA modulus in Bytes. * diff --git a/library/rsa.c b/library/rsa.c index f4c08626c..835146368 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1014,6 +1014,14 @@ int mbedtls_rsa_get_md_alg(const mbedtls_rsa_context *ctx) return ctx->hash_id; } +/* + * Get length in bits of RSA modulus + */ +size_t mbedtls_rsa_get_bitlen(const mbedtls_rsa_context *ctx) +{ + return mbedtls_mpi_bitlen(&ctx->N); +} + /* * Get length in bytes of RSA modulus */ diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index b89d1583c..778ec6723 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -468,58 +468,160 @@ RSA Deduce Moduli, corrupted mbedtls_rsa_deduce_primes:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA RSA Import (N,P,Q,D,E) -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":0:1:0:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:0:1:0:0 RSA Import (N,P,Q,D,E), inconsistent -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC3672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":0:1:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC3672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:0:1:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 RSA Import (N,P,Q,D,E), successive -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":1:1:0:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:1:1:0:0 RSA Import (N,P,Q,D,E), successive, inconsistent -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC3672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":1:1:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC3672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:1:1:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 RSA Import (-,P,Q,D,E) -mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":0:1:0:0 +mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:0:1:0:0 RSA Import (-,P,Q,D,E), successive -mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":1:1:0:0 +mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:1:1:0:0 RSA Import (N,-,-,D,E) -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":0:1:0:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:0:1:0:0 RSA Import (N,-,-,D,E), successive -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":1:1:0:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:1:1:0:0 RSA Import (N,P,Q,-,E) -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":0:1:0:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":2048:0:1:0:0 RSA Import (N,P,Q,-,E), successive -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":1:1:0:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":2048:1:1:0:0 RSA Import (-,P,Q,-,E) -mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":0:1:0:0 +mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":2048:0:1:0:0 RSA Import (-,P,Q,-,E), successive -mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":1:1:0:0 +mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":2048:1:1:0:0 RSA Import (N,-,Q,-,E) -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":0:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":2048:0:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import (N,-,Q,-,E), successive -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":1:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":2048:1:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import (N,-,-,-,E), complete public key -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"3":0:0:0:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"3":2048:0:0:0:0 RSA Import (N,-,-,-,E), complete public key, successive -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"3":1:0:0:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"3":2048:1:0:0:0 RSA Import (N,-,-,-,E), complete public key, corrupted -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"4":0:0:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"4":2048:0:0:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 RSA Import (N,-,-,-,E), complete public key, successive, corrupted -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"4":1:0:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"4":2048:1:0:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 + +RSA Import (N,P,Q,D,E) 512-bit complete pair +mbedtls_rsa_import:"cbc23c9751d5b0dc4f7ea5f871d6e31d7fb8a414eacfa006cf9c782385ce177b2a41b52cd80ddf75c4f14ffb679c388b4d0fe828413c2b8dd651e5039b2e14b3":"fbf724e9d31cb074dd117e96c4f9ad8ff6b4fe6dc72c7b9bc5af370c0833314d":"cf057bde49ab3cc354d731c03925e4cb34d7ecc41335948bca6d3438a0e35dff":"5705d006f8a68170b66aeacb9f231dc0bd89c85a3ea70a3b9e73bf43bca3f69699bfd123ec6fc533d3163dc8645d1e45342ad38b110659e96656f4763ec318f1":"10001":512:0:1:0:0 + +RSA Import (N,-,-,-,E) 512-bit public +mbedtls_rsa_import:"cbc23c9751d5b0dc4f7ea5f871d6e31d7fb8a414eacfa006cf9c782385ce177b2a41b52cd80ddf75c4f14ffb679c388b4d0fe828413c2b8dd651e5039b2e14b3":"":"":"":"10001":512:0:0:0:0 + +RSA Import (N,P,Q,D,E) 513-bit complete pair +mbedtls_rsa_import:"16798857c4718f9367a715b29038d042ea41686a457279db149d4da54146262305da39b02b764f2b56902e4c45425c2c3f404da82f86d8ed3b067da70899c5149":"18486f2d2df61d10ebe578caff5142047cae635909946b57c33028d35e4abac0b":"ecefea558b614138e773e1cd25380e49a910d6dd4b584457c1bfabf86922f87b":"1c3dbb460e6364b725989f7b321f3213e3a92d3bdce86c970ee05ba13cd4993758140f790489b61188c26354a6b372d32081750cecb84db563ec5724d78388ad":"10001":513:0:1:0:0 + +RSA Import (N,-,-,-,E) 513-bit public +mbedtls_rsa_import:"16798857c4718f9367a715b29038d042ea41686a457279db149d4da54146262305da39b02b764f2b56902e4c45425c2c3f404da82f86d8ed3b067da70899c5149":"":"":"":"10001":513:0:0:0:0 + +RSA Import (N,P,Q,D,E) 514-bit complete pair +mbedtls_rsa_import:"32f54232899f45a415e7a7728fc744703f4b4466e56d7d6900f125950bb9a42082d2f0162ce1ac9949da5be37af8c20178d79d8ac1ab860d5ed55b14f49d064ab":"1d2cc9d59be8079457a5f28c3e74d1d4c7763acc1a7e725dff09198a5b99d35cf":"1bf23921dfe89a0f681bf10fd27fd2bc914f8888b8addb1d102255e586827b665":"1d9f13ebecb3f8f7790440020831fd4682846e2ea20f13678674a7340caccd0b37ccaf79b7d4005adafb7e6f84e0ff7bbe28a27fd7337cdf100fe63afe967419":"10001":514:0:1:0:0 + +RSA Import (N,-,-,-,E) 514-bit public +mbedtls_rsa_import:"32f54232899f45a415e7a7728fc744703f4b4466e56d7d6900f125950bb9a42082d2f0162ce1ac9949da5be37af8c20178d79d8ac1ab860d5ed55b14f49d064ab":"":"":"":"10001":514:0:0:0:0 + +RSA Import (N,P,Q,D,E) 515-bit complete pair +mbedtls_rsa_import:"5f47dbe0d15f66c13ce0ff8af2edc7942ef4ff8b6b6e49ef5518ce3754efb5270204cb727c3f325b4a51dc02688eae0a6bfd7549854a7ede8b31f0e4adb835f85":"30c23bf1faf7515ed3e63abcda5b88b6387d213854da798e6662afb09441f192f":"1f4419ac839887606a8d299bc430f8e48f8984ae81982eaf03775fbe1a347bd8b":"5e8416fece5337c84acedb5007a98e4855c85d52fd2ffb91b9b590a2dcd3a8bc88e6e61573daa526a1b37ebae41401e6811d0d1e5458f1a5074178fb274a275a5":"10001":515:0:1:0:0 + +RSA Import (N,-,-,-,E) 515-bit public +mbedtls_rsa_import:"5f47dbe0d15f66c13ce0ff8af2edc7942ef4ff8b6b6e49ef5518ce3754efb5270204cb727c3f325b4a51dc02688eae0a6bfd7549854a7ede8b31f0e4adb835f85":"":"":"":"10001":515:0:0:0:0 + +RSA Import (N,P,Q,D,E) 516-bit complete pair +mbedtls_rsa_import:"bcc54a5a10ef1a3241c60aeec9c5ec54cd63407ee2b69748ad5ec53d1a3d7fea540811ba0eed19574cad6dca28691e2711fdf0e76d2bc6eec508e7a864ee13b03":"3a83434f8995a87a977f0e15e9b39f55551968a5f3cbaf6f7e0f177215c3a69bb":"339e4b5aef4912382ee5f6dd82c2cb5255e604279477ca22ed0b02cab66a75b59":"60a460bc5b8f0dca4d0226f6b9362b17ff4ea0e6550b45c85f79f560a2de796e35d51da40d1eae356cca05626a3686cee2dbcaa5b71b76ffa0cb313fb4a412f1":"10001":516:0:1:0:0 + +RSA Import (N,-,-,-,E) 516-bit public +mbedtls_rsa_import:"bcc54a5a10ef1a3241c60aeec9c5ec54cd63407ee2b69748ad5ec53d1a3d7fea540811ba0eed19574cad6dca28691e2711fdf0e76d2bc6eec508e7a864ee13b03":"":"":"":"10001":516:0:0:0:0 + +RSA Import (N,P,Q,D,E) 517-bit complete pair +mbedtls_rsa_import:"1a7b2e3d43f1b3e060d2f598939d0542178feac3310be308f4fd05872ec91048ea79543c0b00e5f61ec8b577ffa33c26bb74c2bc079033f006e6af59ec15cef529":"72e502be06a9fcb3ef64801055d10ecf8ec2b4a9429423813760e4258cf575373":"3b00e49f541091dce4940c9a36f203d195a81c7812111d9a89fc5971f363085f3":"19297286444925e1ce1ea5be94845ebaae28d1a926b164c8de008d8025b46704d77326956f97ceaadc3ebb74f94edbe1b7df5236693e7bb97cdd77b4569420fd01":"10001":517:0:1:0:0 + +RSA Import (N,-,-,-,E) 517-bit public +mbedtls_rsa_import:"1a7b2e3d43f1b3e060d2f598939d0542178feac3310be308f4fd05872ec91048ea79543c0b00e5f61ec8b577ffa33c26bb74c2bc079033f006e6af59ec15cef529":"":"":"":"10001":517:0:0:0:0 + +RSA Import (N,P,Q,D,E) 518-bit complete pair +mbedtls_rsa_import:"31defca6f97dac931fea5bd182c801b6512065929b327443dad9421379e15b37e33a6d3b11e51bd6905c9df9ec15980e91f10c34607749085456e85c1aad9cae1d":"725f1a4b37008897949b12bc9ba249d60d2df673b5a5367f9b490e79cc798446d":"6fa09a0615754b14f9aa4b5613e60e6d4988437c25b97fc056cb4841931902271":"1bcd08df3439e0d86b7444173966b1bda6dffe7f89d0c88b83169605316e75615c84cf7ea7c9cb16204e67329584d56f1840d247e4b392b627622d2101a2af2781":"10001":518:0:1:0:0 + +RSA Import (N,-,-,-,E) 518-bit public +mbedtls_rsa_import:"31defca6f97dac931fea5bd182c801b6512065929b327443dad9421379e15b37e33a6d3b11e51bd6905c9df9ec15980e91f10c34607749085456e85c1aad9cae1d":"":"":"":"10001":518:0:0:0:0 + +RSA Import (N,P,Q,D,E) 519-bit complete pair +mbedtls_rsa_import:"6de4c503dd2e6d74d6dbc95bdd85b177f3737c3da6b00860db6585d1026ae043450888773afd259ee52e7c70de86a1d805dec0d201b2cd9d91e5e1f323020b47b5":"f4c3d0904f80c3ee121aa94edda195415ddd21e4503ebbaf294993a649f896251":"72f01bc834d3eae97dea004f8af566b6030362fb3eb1063211d1dd699ece87225":"8361ce69203631864e99d5d28eb517c760b7e101941740ed0b6004ec2d07b9b6982132c9cff11ef49f715b04b6d76edd0e936b05efb4acf2cfdf6ea58f1149b41":"10001":519:0:1:0:0 + +RSA Import (N,-,-,-,E) 519-bit public +mbedtls_rsa_import:"6de4c503dd2e6d74d6dbc95bdd85b177f3737c3da6b00860db6585d1026ae043450888773afd259ee52e7c70de86a1d805dec0d201b2cd9d91e5e1f323020b47b5":"":"":"":"10001":519:0:0:0:0 + +RSA Import (N,P,Q,D,E) 520-bit complete pair +mbedtls_rsa_import:"c27fbd5b63f60f14b6fbbda29444aa6639cef01ec2b89b607ca0e5cf64f4f8ea41131c8c2a0204099b2030c8b155553404464fb351a7b44e77138412164997de31":"feb75ab38c05618105c1d7f1459475520cb64d8b477804f6f48b2bcc44ca6c147":"c37ab0c657015601027454c1e45d4abc85f7177d0757312b2811d4dc46f1b60c7":"4b4d2365a79cd317e5042fd62aeb2ec1a72dec1f2caa4655a3cab34e893aa2c81c06e18bd79a0d247dc109ab540c7eb6bf8ef27f02de66e4d8dc511bff7ce33c15":"10001":520:0:1:0:0 + +RSA Import (N,-,-,-,E) 520-bit public +mbedtls_rsa_import:"c27fbd5b63f60f14b6fbbda29444aa6639cef01ec2b89b607ca0e5cf64f4f8ea41131c8c2a0204099b2030c8b155553404464fb351a7b44e77138412164997de31":"":"":"":"10001":520:0:0:0:0 + +RSA Import (N,P,Q,D,E) 521-bit complete pair +mbedtls_rsa_import:"1993ce720408e69a459c96df92b90040b88b0f7234c46b96413d177ed08e562c9b7ed7c1fb351cafc4028d3d9a9792e35ddb8a3770cc5cf7011f778f78e75ff60af":"1f2d345a210b5f085447d9534abe78d77e820dddbb24b2eb334b7c6ba91634a0f9":"d205f332807775231b96e06f47e7c0cec8981f41c6b6e6a96eafdbc40773b20e7":"15ec8c594efc122ecadc9eb6a59dce89aba607676db3b044eb46e28ce15820a5b984349a7b74a9f86c17a8503f29c0cc5b3f68790653bce30d8b0a5ba7730a16b1":"10001":521:0:1:0:0 + +RSA Import (N,-,-,-,E) 521-bit public +mbedtls_rsa_import:"1993ce720408e69a459c96df92b90040b88b0f7234c46b96413d177ed08e562c9b7ed7c1fb351cafc4028d3d9a9792e35ddb8a3770cc5cf7011f778f78e75ff60af":"":"":"":"10001":521:0:0:0:0 + +RSA Import (N,P,Q,D,E) 522-bit complete pair +mbedtls_rsa_import:"2eeccbdf4fb0385fefd27583bdc9ac8b99e57fd6acf0c71010ae65ee0531dbf45686bb737a2a64124ab2f695a73394f7d5dd2ba7a668d872684cb49e12a7d6a49ad":"1c5785f5108bb49e43ee0b3d7261eb0efe10334ac101893a59d67e79fb3f640951":"1a7da635573970c989ca4aaa051d3a51641eed09516f8200d15effb86c3082a39d":"1e2042a744c6f2fa8cc28655a5140425c010fa68fdb0bb6c51f95551619e68034d128406fa6fc7ccd5d35a493ee8ecf98b9e987fed18353ff7e0d50ae0b65f2b841":"10001":522:0:1:0:0 + +RSA Import (N,-,-,-,E) 522-bit public +mbedtls_rsa_import:"2eeccbdf4fb0385fefd27583bdc9ac8b99e57fd6acf0c71010ae65ee0531dbf45686bb737a2a64124ab2f695a73394f7d5dd2ba7a668d872684cb49e12a7d6a49ad":"":"":"":"10001":522:0:0:0:0 + +RSA Import (N,P,Q,D,E) 523-bit complete pair +mbedtls_rsa_import:"6a8c9774b37c37d6f6c95aaf60ab27ebb426a26cd6b22fa44fe1e09f4fa47abeac2d1f84aaff436ef3f07801c617a1f990ca4ece42388d1493723ee9768730d8799":"36f10cb3d7fa6af6616991827dd988fd0687761243126e563a24977d95b3075855":"1f0771656d359a2d4907ded0e0471e27242a59f89e30a4e21fc3cffb5da3dd4635":"4cafcdde87c452e85c0d06410dc1826509ef789dff5496279bfb05d183dfed1c452fda00deb3b345fc31cd255aa1c7e2f19e50191793a7b16e6340f0723e0d5ad11":"10001":523:0:1:0:0 + +RSA Import (N,-,-,-,E) 523-bit public +mbedtls_rsa_import:"6a8c9774b37c37d6f6c95aaf60ab27ebb426a26cd6b22fa44fe1e09f4fa47abeac2d1f84aaff436ef3f07801c617a1f990ca4ece42388d1493723ee9768730d8799":"":"":"":"10001":523:0:0:0:0 + +RSA Import (N,P,Q,D,E) 524-bit complete pair +mbedtls_rsa_import:"c04c05bc77eca9c05702402622b3855ac150a737132c66d6900dc8f512e752f32ce3c777d51da5cca9105b7f8f57da571cec42a450d49e43ea359538acb3610dacf":"3f78102778bec177c9bb4f313a29afbb9c2d0089539f57aeb2976b59d17b1de699":"3079f8628b827258bb785cd0bb40623207ecf6194e65871571bf004bf0c537f5a7":"9c161921de060fd3bbcc6bdd8895474d5f54e425e43e4a4b272ac94f844498241d41f7ee7a6b90775cf5a73b3ce3015b15620494130e9198550cb3f07bdba184ac1":"10001":524:0:1:0:0 + +RSA Import (N,-,-,-,E) 524-bit public +mbedtls_rsa_import:"c04c05bc77eca9c05702402622b3855ac150a737132c66d6900dc8f512e752f32ce3c777d51da5cca9105b7f8f57da571cec42a450d49e43ea359538acb3610dacf":"":"":"":"10001":524:0:0:0:0 + +RSA Import (N,P,Q,D,E) 525-bit complete pair +mbedtls_rsa_import:"18197b4f054a0347a8e81576cf16fdb5d22ce9bb71b11df029c30e047b418ebb4b2d759f8c72f9b24a79b46ddeeeadb17b197911442f6e7bf3ea2106752e901c64fb":"676ee11f6bb61d7094148bb326d0267eb7a105549d72d360707001af8e03ecc6dd":"3ba5a5ba28f8adee0883947963c037e3a2c9e557b3edc5cca35b155e63ed3ae1b7":"d75e61ecbe87c0e817427d0f57874fb224a7dbe79912114ac6ecb1c8bafa146512b1b728d2d860e96fd283ae981ebb3272647841cdd254a5e1f075eb17df596e2c9":"10001":525:0:1:0:0 + +RSA Import (N,-,-,-,E) 525-bit public +mbedtls_rsa_import:"18197b4f054a0347a8e81576cf16fdb5d22ce9bb71b11df029c30e047b418ebb4b2d759f8c72f9b24a79b46ddeeeadb17b197911442f6e7bf3ea2106752e901c64fb":"":"":"":"10001":525:0:0:0:0 + +RSA Import (N,P,Q,D,E) 526-bit complete pair +mbedtls_rsa_import:"2de74b63625125b31a3d4ae2719d74dae2a0dacb84f220c295e8fea55080b3bacad98593ef3dd710a949b84498ba59ac0353f8e6cd4355e9bfc0ddef8ef25ce41309":"766d695ac399679b33cdc68e7bf9b604d922dee04fa60a4aa2fab3263a8b323109":"633a53fef2f6b08daddd9e496625819753284b72f41290dcc8db82e55746555201":"1ff9c25614a29a344cceed5f17edaafcde69567ff6b80382089328ef57488fea49d3e660180107bb0b1770005d814216dbd493fd7aae4891fb2320226615d67e4001":"10001":526:0:1:0:0 + +RSA Import (N,-,-,-,E) 526-bit public +mbedtls_rsa_import:"2de74b63625125b31a3d4ae2719d74dae2a0dacb84f220c295e8fea55080b3bacad98593ef3dd710a949b84498ba59ac0353f8e6cd4355e9bfc0ddef8ef25ce41309":"":"":"":"10001":526:0:0:0:0 + +RSA Import (N,P,Q,D,E) 527-bit complete pair +mbedtls_rsa_import:"54e6bb611922620e32e0e402446e3a2b8eb1be1f44a750a833ac56635a2aca00fa20cdddf6d185e60623da0ba4dd33011d5df7f7f69d95c98c4ca7fddde08ec209db":"d36b6f6e6828bc2cb35b9b5ecca60ea4d33406b11ff4fafc3b439f3fa9c521733b":"66cdc1ad01f31f5eeafff4774bf4ba95ccb58a5afae6744b560e7181f8b0a119e1":"32e1d958f7044939f33a1ecc5110b2a21a31e21cc13b793665499ab88e78687a2eb19a570263370532aac0c418867027c6275b604899b26f9913a10aaacb7895ddc1":"10001":527:0:1:0:0 + +RSA Import (N,-,-,-,E) 527-bit public +mbedtls_rsa_import:"54e6bb611922620e32e0e402446e3a2b8eb1be1f44a750a833ac56635a2aca00fa20cdddf6d185e60623da0ba4dd33011d5df7f7f69d95c98c4ca7fddde08ec209db":"":"":"":"10001":527:0:0:0:0 + +RSA Import (N,P,Q,D,E) 528-bit complete pair +mbedtls_rsa_import:"d158d6f8bf79fd0721ad50c08ada2f023bec6970a43cc709dba277046d6e2cfd65b72239c7856c7aea7d40906c4880ce828dc4906d364600cd2dd62a284c9ebfcb59":"ebdbfc4ea38f0dac4032c21663be46d045ce4bec7e6d2d773980fd92ca6aaf0f73":"e33947ec6dccc2ca956495f34923b00a490fdfef67b5332d6f084dccf58191af03":"b2e7b0373e337b1848207c5d3f8c7c15f5adf0e1f1897b33a27e7225d77b0b79b4928fd89ca267c7b334fa39949397a8870a204c9b9e98037bfd8716f0dec4802d3d":"10001":528:0:1:0:0 + +RSA Import (N,-,-,-,E) 528-bit public +mbedtls_rsa_import:"d158d6f8bf79fd0721ad50c08ada2f023bec6970a43cc709dba277046d6e2cfd65b72239c7856c7aea7d40906c4880ce828dc4906d364600cd2dd62a284c9ebfcb59":"":"":"":"10001":528:0:0:0:0 RSA Import Raw (N,P,Q,D,E), complete private key mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0:0 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 2f700289a..e82452927 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -183,7 +183,8 @@ void mbedtls_rsa_pkcs1_sign(data_t *message_str, int padding_mode, TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); - TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); @@ -221,7 +222,8 @@ void mbedtls_rsa_pkcs1_verify(data_t *message_str, int padding_mode, TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); - TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, message_str->len, message_str->x, @@ -262,7 +264,8 @@ void rsa_pkcs1_sign_raw(data_t *hash_result, TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); - TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); @@ -305,7 +308,8 @@ void rsa_pkcs1_verify_raw(data_t *hash_result, TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); - TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); @@ -341,7 +345,8 @@ void mbedtls_rsa_pkcs1_encrypt(data_t *message_str, int padding_mode, TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); - TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); @@ -382,7 +387,8 @@ void rsa_pkcs1_encrypt_bad_rng(data_t *message_str, int padding_mode, TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); - TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); @@ -432,7 +438,8 @@ void mbedtls_rsa_pkcs1_decrypt(data_t *message_str, int padding_mode, TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); - TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); @@ -477,8 +484,9 @@ void mbedtls_rsa_public(data_t *message_str, int mod, TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); /* Check test data consistency */ - TEST_ASSERT(message_str->len == (size_t) (mod / 8)); - TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); + TEST_EQUAL(message_str->len, (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); TEST_ASSERT(mbedtls_rsa_public(&ctx, message_str->x, output) == result); @@ -537,8 +545,9 @@ void mbedtls_rsa_private(data_t *message_str, int mod, TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); /* Check test data consistency */ - TEST_ASSERT(message_str->len == (size_t) (mod / 8)); - TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); + TEST_EQUAL(message_str->len, (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); @@ -851,6 +860,7 @@ void mbedtls_rsa_import(char *input_N, char *input_Q, char *input_D, char *input_E, + int bitlen, int successive, int is_priv, int res_check, @@ -936,6 +946,9 @@ void mbedtls_rsa_import(char *input_N, /* On expected success, perform some public and private * key operations to check if the key is working properly. */ if (res_complete == 0) { + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), bitlen); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (bitlen + 7) / 8); + if (is_priv) { TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check); } else { From 92fb6041391bca83b0e50836991c980066d9a66c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 1 Feb 2024 22:33:06 +0100 Subject: [PATCH 090/132] Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes Add non-regression tests. Update some test functions to not assume that byte_length == bit_length / 8. Signed-off-by: Gilles Peskine --- ChangeLog.d/rsa-bitlen.txt | 4 ++++ library/pk_wrap.c | 2 +- tests/suites/test_suite_pk.data | 16 +++++++++++++++- tests/suites/test_suite_pk.function | 22 +++++++++++++++------- tests/suites/test_suite_pkparse.data | 12 ++++++++++++ tests/suites/test_suite_pkparse.function | 4 ++++ 6 files changed, 51 insertions(+), 9 deletions(-) diff --git a/ChangeLog.d/rsa-bitlen.txt b/ChangeLog.d/rsa-bitlen.txt index 85a989442..9f0b3243f 100644 --- a/ChangeLog.d/rsa-bitlen.txt +++ b/ChangeLog.d/rsa-bitlen.txt @@ -1,3 +1,7 @@ +Bugfix + * Fix mbedtls_pk_get_bitlen() for RSA keys whose size is not a + multiple of 8. Fixes #868. + Features * The new function mbedtls_rsa_get_bitlen() returns the length of the modulus in bits, i.e. the key size for an RSA key. diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 2e00d4a25..69e1baf2e 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -58,7 +58,7 @@ static int rsa_can_do(mbedtls_pk_type_t type) static size_t rsa_get_bitlen(mbedtls_pk_context *pk) { const mbedtls_rsa_context *rsa = (const mbedtls_rsa_context *) pk->pk_ctx; - return 8 * mbedtls_rsa_get_len(rsa); + return mbedtls_rsa_get_bitlen(rsa); } #if defined(MBEDTLS_USE_PSA_CRYPTO) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 341495883..35f02cb81 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -10,7 +10,21 @@ valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee8265 PK utils: RSA Minimum key depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_GEN_KEY_MIN_BITS:(MBEDTLS_RSA_GEN_KEY_MIN_BITS /8):"RSA" +pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_GEN_KEY_MIN_BITS:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 7) / 8:"RSA" + +# mbedtls_rsa_gen_key() only supports even sizes, so we don't test min+1, +# min+3, etc. +PK utils: RSA Minimum key + 2 bits +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 2:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 2:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 2 + 7) / 8:"RSA" + +PK utils: RSA Minimum key + 4 bits +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 4:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 4:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 4 + 7) / 8:"RSA" + +PK utils: RSA Minimum key + 6 bits +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 6:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 6:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 6 + 7) / 8:"RSA" PK utils: ECKEY SECP192R1 depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 257430702..681de0ff0 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -427,7 +427,7 @@ void pk_psa_utils(int key_is_rsa) TEST_ASSERT(strcmp(mbedtls_pk_get_name(&pk), name) == 0); TEST_ASSERT(mbedtls_pk_get_bitlen(&pk) == bitlen); - TEST_ASSERT(mbedtls_pk_get_len(&pk) == bitlen / 8); + TEST_ASSERT(mbedtls_pk_get_len(&pk) == (bitlen + 7) / 8); if (key_is_rsa) { TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECKEY) == 0); @@ -822,7 +822,7 @@ void pk_rsa_verify_test_vec(data_t *message_str, int digest, int mod, TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); rsa = mbedtls_pk_rsa(pk); - rsa->len = mod / 8; + rsa->len = (mod + 7) / 8; TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); @@ -862,7 +862,7 @@ void pk_rsa_verify_ext_test_vec(data_t *message_str, int digest, TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); rsa = mbedtls_pk_rsa(pk); - rsa->len = mod / 8; + rsa->len = (mod + 7) / 8; TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); @@ -1143,7 +1143,7 @@ void pk_rsa_encrypt_decrypt_test(data_t *message, int mod, rsa = mbedtls_pk_rsa(pk); /* load public key */ - rsa->len = mod / 8; + rsa->len = (mod + 7) / 8; TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); @@ -1169,9 +1169,12 @@ void pk_rsa_encrypt_decrypt_test(data_t *message, int mod, TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); TEST_ASSERT(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E) == 0); - TEST_ASSERT(mbedtls_rsa_get_len(rsa) == (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(rsa), (mod + 7) / 8); TEST_ASSERT(mbedtls_rsa_complete(rsa) == 0); + TEST_EQUAL(mbedtls_pk_get_len(&pk), (mod + 7) / 8); + TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod); + memset(result, 0, sizeof(result)); rlen = 0; TEST_ASSERT(mbedtls_pk_decrypt(&pk, output, olen, @@ -1222,9 +1225,12 @@ void pk_rsa_decrypt_test_vec(data_t *cipher, int mod, TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); TEST_ASSERT(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E) == 0); - TEST_ASSERT(mbedtls_rsa_get_len(rsa) == (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(rsa), (mod + 7) / 8); TEST_ASSERT(mbedtls_rsa_complete(rsa) == 0); + TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod); + TEST_EQUAL(mbedtls_pk_get_len(&pk), (mod + 7) / 8); + /* decryption test */ memset(output, 0, sizeof(output)); olen = 0; @@ -1278,7 +1284,7 @@ void pk_wrap_rsa_decrypt_test_vec(data_t *cipher, int mod, TEST_EQUAL(mbedtls_test_read_mpi(&P, input_P), 0); TEST_EQUAL(mbedtls_test_read_mpi(&Q, input_Q), 0); TEST_EQUAL(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E), 0); - TEST_EQUAL(mbedtls_rsa_get_len(rsa), (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(rsa), (mod + 7) / 8); TEST_EQUAL(mbedtls_rsa_complete(rsa), 0); /* Turn PK context into an opaque one. */ @@ -1287,6 +1293,8 @@ void pk_wrap_rsa_decrypt_test_vec(data_t *cipher, int mod, PSA_KEY_USAGE_DECRYPT, PSA_ALG_NONE), 0); + TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod); + /* decryption test */ memset(output, 0, sizeof(output)); olen = 0; diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 707da7f38..e526311b5 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -914,6 +914,18 @@ Parse RSA Key #99.8 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384 DER, depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der":"PolarSSLTest":0 +Parse RSA Key #100.1 (512-bit) +pk_parse_keyfile_rsa:"data_files/rsa512.key":"":0 + +Parse RSA Key #100.1 (521-bit) +pk_parse_keyfile_rsa:"data_files/rsa521.key":"":0 + +Parse RSA Key #100.1 (522-bit) +pk_parse_keyfile_rsa:"data_files/rsa522.key":"":0 + +Parse RSA Key #100.1 (528-bit) +pk_parse_keyfile_rsa:"data_files/rsa528.key":"":0 + Parse Public RSA Key #1 (PKCS#8 wrapped) depends_on:MBEDTLS_PEM_PARSE_C pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs8_2048_public.pem":0 diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 14afef6e9..f4bbb215a 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -42,6 +42,10 @@ void pk_parse_keyfile_rsa(char *key_file, char *password, int result) rsa = mbedtls_pk_rsa(ctx); TEST_EQUAL(mbedtls_rsa_check_privkey(rsa), 0); + size_t bitlen = mbedtls_rsa_get_bitlen(rsa); + TEST_EQUAL(mbedtls_pk_get_bitlen(&ctx), bitlen); + TEST_EQUAL(mbedtls_pk_get_len(&ctx), (bitlen + 7) / 8); + #if defined(MBEDTLS_PSA_CRYPTO_C) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, From 34a074af37e21c64ea567fcf240ef187c7356ad0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 2 Feb 2024 10:51:59 +0100 Subject: [PATCH 091/132] Add missing dependency on PEM Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pkparse.data | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index e526311b5..1650f51b3 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -915,15 +915,19 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C: pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der":"PolarSSLTest":0 Parse RSA Key #100.1 (512-bit) +depends_on:MBEDTLS_PEM_C pk_parse_keyfile_rsa:"data_files/rsa512.key":"":0 Parse RSA Key #100.1 (521-bit) +depends_on:MBEDTLS_PEM_C pk_parse_keyfile_rsa:"data_files/rsa521.key":"":0 Parse RSA Key #100.1 (522-bit) +depends_on:MBEDTLS_PEM_C pk_parse_keyfile_rsa:"data_files/rsa522.key":"":0 Parse RSA Key #100.1 (528-bit) +depends_on:MBEDTLS_PEM_C pk_parse_keyfile_rsa:"data_files/rsa528.key":"":0 Parse Public RSA Key #1 (PKCS#8 wrapped) From 59d09486dcf930e090920a6a64325bfa30fb2beb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Feb 2024 16:58:39 +0100 Subject: [PATCH 092/132] Cosmetic fix Signed-off-by: Gilles Peskine --- ChangeLog.d/rsa-bitlen.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/rsa-bitlen.txt b/ChangeLog.d/rsa-bitlen.txt index 9f0b3243f..bcd185fa3 100644 --- a/ChangeLog.d/rsa-bitlen.txt +++ b/ChangeLog.d/rsa-bitlen.txt @@ -1,6 +1,6 @@ Bugfix * Fix mbedtls_pk_get_bitlen() for RSA keys whose size is not a - multiple of 8. Fixes #868. + multiple of 8. Fixes #868. Features * The new function mbedtls_rsa_get_bitlen() returns the length of the modulus From 069cec1737bc346615035ec63c2033c1a3de9116 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Feb 2024 16:59:17 +0100 Subject: [PATCH 093/132] Also check the RSA length for public keys Do for public keys what "Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes" did for key pairs. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pkparse.function | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index f4bbb215a..829e789c0 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -100,6 +100,10 @@ void pk_parse_public_keyfile_rsa(char *key_file, int result) rsa = mbedtls_pk_rsa(ctx); TEST_EQUAL(mbedtls_rsa_check_pubkey(rsa), 0); + size_t bitlen = mbedtls_rsa_get_bitlen(rsa); + TEST_EQUAL(mbedtls_pk_get_bitlen(&ctx), bitlen); + TEST_EQUAL(mbedtls_pk_get_len(&ctx), (bitlen + 7) / 8); + #if defined(MBEDTLS_PSA_CRYPTO_C) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, From 7238efd13689316d8fc3ef772333a5b0a438d227 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Bzdr=C4=99ga?= Date: Mon, 12 Feb 2024 21:06:54 +0100 Subject: [PATCH 094/132] changelog for bugfix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Piotr Bzdręga --- ChangeLog.d/gen-key-segfault.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/gen-key-segfault.txt diff --git a/ChangeLog.d/gen-key-segfault.txt b/ChangeLog.d/gen-key-segfault.txt new file mode 100644 index 000000000..7f8c39b09 --- /dev/null +++ b/ChangeLog.d/gen-key-segfault.txt @@ -0,0 +1,3 @@ +Bugfix + * Avoid segmentation fault caused by releasing not initialized + entropy resource in gen_key example. Fixes #8809 \ No newline at end of file From aa7416594884af048ec77d12f42efaba9c4ff7a5 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 13 Feb 2024 13:40:26 +0000 Subject: [PATCH 095/132] Fix IAR cast warning Signed-off-by: Dave Rodgman --- library/pk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pk.c b/library/pk.c index 1b481e1a2..076d3a833 100644 --- a/library/pk.c +++ b/library/pk.c @@ -385,7 +385,7 @@ static psa_algorithm_t psa_algorithm_for_rsa(const mbedtls_rsa_context *rsa, { if (mbedtls_rsa_get_padding_mode(rsa) == MBEDTLS_RSA_PKCS_V21) { if (want_crypt) { - mbedtls_md_type_t md_type = mbedtls_rsa_get_md_alg(rsa); + mbedtls_md_type_t md_type = (mbedtls_md_type_t) mbedtls_rsa_get_md_alg(rsa); return PSA_ALG_RSA_OAEP(mbedtls_md_psa_alg_from_type(md_type)); } else { return PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH); From b4cb8bef42c1751a35b839e721aa3c6a2f3dba56 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 24 Nov 2023 17:08:54 +0000 Subject: [PATCH 096/132] Fix remaining warnings from -Wshorten-64-to-32 Signed-off-by: Dave Rodgman --- library/aesce.c | 2 +- library/lms.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index eaaa5b5c3..6a9e0a1c6 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -334,7 +334,7 @@ static void aesce_setkey_enc(unsigned char *rk, * - Section 5, Nr = Nk + 6 * - Section 5.2, the length of round keys is Nb*(Nr+1) */ - const uint32_t key_len_in_words = key_bit_length / 32; /* Nk */ + const size_t key_len_in_words = key_bit_length / 32; /* Nk */ const size_t round_key_len_in_words = 4; /* Nb */ const size_t rounds_needed = key_len_in_words + 6; /* Nr */ const size_t round_keys_len_in_words = diff --git a/library/lms.c b/library/lms.c index 08fe75300..8d3cae052 100644 --- a/library/lms.c +++ b/library/lms.c @@ -65,7 +65,8 @@ static int local_err_translation(psa_status_t status) #define H_TREE_HEIGHT_MAX 10 #define MERKLE_TREE_NODE_AM(type) ((size_t) 1 << (MBEDTLS_LMS_H_TREE_HEIGHT(type) + 1u)) #define MERKLE_TREE_LEAF_NODE_AM(type) ((size_t) 1 << MBEDTLS_LMS_H_TREE_HEIGHT(type)) -#define MERKLE_TREE_INTERNAL_NODE_AM(type) ((size_t) 1 << MBEDTLS_LMS_H_TREE_HEIGHT(type)) +#define MERKLE_TREE_INTERNAL_NODE_AM(type) ((unsigned int) \ + (1u << MBEDTLS_LMS_H_TREE_HEIGHT(type))) #define D_CONST_LEN (2) static const unsigned char D_LEAF_CONSTANT_BYTES[D_CONST_LEN] = { 0x82, 0x82 }; From 971820330867c5e8181100641e4dac584bfa98be Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 13 Feb 2024 13:27:06 +0000 Subject: [PATCH 097/132] Fix deadlock with test failures Calling mbedtls_test_fail() attempts to lock the test data mutex. Unfortunately we were calling this from places where we already held this mutex, and this mutex is not recursive, so this deadlocks. Split out mbedtls_test_fail() into mbedtls_test_fail_internal() in order to address this. Signed-off-by: Paul Elliott --- tests/src/helpers.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index da0b54a00..b9233be95 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -341,11 +341,10 @@ int mbedtls_test_ascii2uc(const char c, unsigned char *uc) return 0; } -void mbedtls_test_fail(const char *test, int line_no, const char *filename) +static void mbedtls_test_fail_internal(const char *test, int line_no, const char *filename) { -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ /* Don't use accessor, we already hold mutex. */ if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { @@ -353,6 +352,15 @@ void mbedtls_test_fail(const char *test, int line_no, const char *filename) * overwrite any previous information about the failure. */ mbedtls_test_set_result(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename); } +} + +void mbedtls_test_fail(const char *test, int line_no, const char *filename) +{ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + mbedtls_test_fail_internal(test, line_no, filename); #ifdef MBEDTLS_THREADING_C mbedtls_mutex_unlock(&mbedtls_test_info_mutex); @@ -412,7 +420,7 @@ int mbedtls_test_equal(const char *test, int line_no, const char *filename, * overwrite any previous information about the failure. */ char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail(test, line_no, filename); + mbedtls_test_fail_internal(test, line_no, filename); (void) mbedtls_snprintf(buf, sizeof(buf), "lhs = 0x%016llx = %lld", value1, (long long) value1); @@ -450,7 +458,7 @@ int mbedtls_test_le_u(const char *test, int line_no, const char *filename, * overwrite any previous information about the failure. */ char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail(test, line_no, filename); + mbedtls_test_fail_internal(test, line_no, filename); (void) mbedtls_snprintf(buf, sizeof(buf), "lhs = 0x%016llx = %llu", value1, value1); @@ -488,7 +496,7 @@ int mbedtls_test_le_s(const char *test, int line_no, const char *filename, * overwrite any previous information about the failure. */ char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail(test, line_no, filename); + mbedtls_test_fail_internal(test, line_no, filename); (void) mbedtls_snprintf(buf, sizeof(buf), "lhs = 0x%016llx = %lld", (unsigned long long) value1, value1); From fff51ceccdb8b80553ce3d38e266c21e24872e9c Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 13 Feb 2024 15:32:29 +0000 Subject: [PATCH 098/132] Update ChangeLog.d/pkg-config-files-addition.txt Fix syntax errors in Changelog (and tidy up punctuation) Signed-off-by: Dave Rodgman --- ChangeLog.d/pkg-config-files-addition.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog.d/pkg-config-files-addition.txt b/ChangeLog.d/pkg-config-files-addition.txt index e39f62ed9..e45947067 100644 --- a/ChangeLog.d/pkg-config-files-addition.txt +++ b/ChangeLog.d/pkg-config-files-addition.txt @@ -1,2 +1,4 @@ Features - * Add pc files for pkg-config. eg.) pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509) + * Add pc files for pkg-config, e.g.: + pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509) + From e0a6f7d32007836ba25af15f279b277a6f5915df Mon Sep 17 00:00:00 2001 From: PiotrBzdrega Date: Tue, 13 Feb 2024 17:08:40 +0100 Subject: [PATCH 099/132] fill out missing dot in changelog Signed-off-by: PiotrBzdrega --- ChangeLog.d/gen-key-segfault.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/gen-key-segfault.txt b/ChangeLog.d/gen-key-segfault.txt index 7f8c39b09..4fb2d1f85 100644 --- a/ChangeLog.d/gen-key-segfault.txt +++ b/ChangeLog.d/gen-key-segfault.txt @@ -1,3 +1,3 @@ Bugfix * Avoid segmentation fault caused by releasing not initialized - entropy resource in gen_key example. Fixes #8809 \ No newline at end of file + entropy resource in gen_key example. Fixes #8809. \ No newline at end of file From f8b983c855a3b0620839085cd7c7a33416aaa091 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 13 Feb 2024 18:14:58 +0100 Subject: [PATCH 100/132] Pack the iota round constants This saves ~160 bytes of code size, at the cost of a bit of localized complexity in the code. The impact on performance is measurable but small (<5% observed on x86_64) and can go either way (there's a calculation vs memory bandwidth compromise). Signed-off-by: Gilles Peskine --- library/sha3.c | 41 +++++++++++++++++++++++++++++++++-------- 1 file changed, 33 insertions(+), 8 deletions(-) diff --git a/library/sha3.c b/library/sha3.c index 5df08f91c..27d495fc4 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -26,14 +26,35 @@ #define XOR_BYTE 0x6 -static const uint64_t rc[24] = { - 0x0000000000000001, 0x0000000000008082, 0x800000000000808a, 0x8000000080008000, - 0x000000000000808b, 0x0000000080000001, 0x8000000080008081, 0x8000000000008009, - 0x000000000000008a, 0x0000000000000088, 0x0000000080008009, 0x000000008000000a, - 0x000000008000808b, 0x800000000000008b, 0x8000000000008089, 0x8000000000008003, - 0x8000000000008002, 0x8000000000000080, 0x000000000000800a, 0x800000008000000a, - 0x8000000080008081, 0x8000000000008080, 0x0000000080000001, 0x8000000080008008, +/* Precomputed masks for the iota transform. + * + * Each round uses a 64-bit mask value. In each mask values, only + * bits whose position is of the form 2^k-1 can be set, thus only + * 7 of 64 bits of the mask need to be known for each mask value. + * + * We use a compressed encoding of the mask where bits 63, 31 and 15 + * are moved to bits 4-6. This allows us to make each mask value + * 1 byte rather than 8 bytes, saving 7*24 = 168 bytes of data (with + * perhaps a little variation due to alignment). Decompressing this + * requires a little code, but much less than the savings on the table. + * + * The impact on performance depends on the platform and compiler. + * There's a bit more computation, but less memory bandwidth. A quick + * benchmark on x86_64 shows a 7% speed improvement with GCC and a + * 5% speed penalty with Clang, compared to the naive uint64_t[24] table. + * YMMV. + */ +/* Helper macro to set the values of the higher bits in unused low positions */ +#define H(b63, b31, b15) (b63 << 6 | b31 << 5 | b15 << 4) +static const uint8_t iota_r_packed[24] = { + H(0, 0, 0) | 0x01, H(0, 0, 1) | 0x82, H(1, 0, 1) | 0x8a, H(1, 1, 1) | 0x00, + H(0, 0, 1) | 0x8b, H(0, 1, 0) | 0x01, H(1, 1, 1) | 0x81, H(1, 0, 1) | 0x09, + H(0, 0, 0) | 0x8a, H(0, 0, 0) | 0x88, H(0, 1, 1) | 0x09, H(0, 1, 0) | 0x0a, + H(0, 1, 1) | 0x8b, H(1, 0, 0) | 0x8b, H(1, 0, 1) | 0x89, H(1, 0, 1) | 0x03, + H(1, 0, 1) | 0x02, H(1, 0, 0) | 0x80, H(0, 0, 1) | 0x0a, H(1, 1, 0) | 0x0a, + H(1, 1, 1) | 0x81, H(1, 0, 1) | 0x80, H(0, 1, 0) | 0x01, H(1, 1, 1) | 0x08, }; +#undef H static const uint8_t rho[24] = { 1, 62, 28, 27, 36, 44, 6, 55, 20, @@ -132,7 +153,11 @@ static void keccak_f1600(mbedtls_sha3_context *ctx) s[24] ^= (~lane[0]) & lane[1]; /* Iota */ - s[0] ^= rc[round]; + /* Decompress the round masks (see definition of rc) */ + s[0] ^= ((iota_r_packed[round] & 0x40ull) << 57 | + (iota_r_packed[round] & 0x20ull) << 26 | + (iota_r_packed[round] & 0x10ull) << 11 | + (iota_r_packed[round] & 0x8f)); } } From dc6606b5e3ecc8ea14edadbbf47fb2da7b2bd88c Mon Sep 17 00:00:00 2001 From: PiotrBzdrega Date: Tue, 13 Feb 2024 22:17:08 +0100 Subject: [PATCH 101/132] newline at end of changelog file Signed-off-by: PiotrBzdrega --- ChangeLog.d/gen-key-segfault.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/gen-key-segfault.txt b/ChangeLog.d/gen-key-segfault.txt index 4fb2d1f85..fefc70272 100644 --- a/ChangeLog.d/gen-key-segfault.txt +++ b/ChangeLog.d/gen-key-segfault.txt @@ -1,3 +1,3 @@ Bugfix * Avoid segmentation fault caused by releasing not initialized - entropy resource in gen_key example. Fixes #8809. \ No newline at end of file + entropy resource in gen_key example. Fixes #8809. From 095e1ac71c2703e285f199f5df8016160026449b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 12 Feb 2024 11:01:37 +0100 Subject: [PATCH 102/132] pem: check data padding in DES/AES decrypted buffers Signed-off-by: Valerio Setti --- library/pem.c | 49 ++++++++++++++++++++++++---- tests/suites/test_suite_pkparse.data | 2 +- 2 files changed, 44 insertions(+), 7 deletions(-) diff --git a/library/pem.c b/library/pem.c index 7e7f86ff5..f090f4931 100644 --- a/library/pem.c +++ b/library/pem.c @@ -241,6 +241,28 @@ exit: } #endif /* MBEDTLS_AES_C */ +#if defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) +static int pem_check_pkcs_padding(unsigned char *input, size_t input_len, size_t *data_len) +{ + size_t pad_len = input[input_len - 1]; + size_t i; + + if (pad_len > input_len) { + return MBEDTLS_ERR_PEM_BAD_INPUT_DATA; + } + + *data_len = input_len - pad_len; + + for (i = *data_len; i < input_len; i++) { + if (input[i] != pad_len) { + return MBEDTLS_ERR_PEM_BAD_INPUT_DATA; + } + } + + return 0; +} +#endif /* MBEDTLS_DES_C || MBEDTLS_AES_C */ + #endif /* PEM_RFC1421 */ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const char *footer, @@ -431,21 +453,36 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const return ret; } + /* Check PKCS padding and update data length based on padding info. + * This can be used to detect invalid padding data and password + * mismatches. */ + ret = pem_check_pkcs_padding(buf, len, &len); + if (ret != 0) { + mbedtls_free(buf); + return ret; + } + /* - * The result will be ASN.1 starting with a SEQUENCE tag. Parse it - * with ASN.1 functions in order to: - * - Have an heuristic guess about password mismatches. - * - Update len variable to the amount of valid data inside buf. + * In RFC1421 PEM is used as container for DER (ASN.1) content so we + * can use ASN.1 functions to parse the main SEQUENCE tag and to get its + * length. */ unsigned char *p = buf; - ret = mbedtls_asn1_get_tag(&p, buf + len, &len, + size_t sequence_len; + ret = mbedtls_asn1_get_tag(&p, buf + len, &sequence_len, MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED); if (ret != 0) { mbedtls_free(buf); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); } /* Add also the sequence block (tag + len) to the total amount of valid data. */ - len += (p - buf); + sequence_len += (p - buf); + + /* Ensure that the reported SEQUENCE length matches the data len (i.e. no + * trailing garbage data). */ + if (len != sequence_len) { + return MBEDTLS_ERR_PEM_BAD_INPUT_DATA; + } #else mbedtls_zeroize_and_free(buf, len); return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE; diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 5b2dbb9cc..7ee77da8e 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -8,7 +8,7 @@ pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLTest":0 Parse RSA Key #3 (Wrong password) depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C -pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PEM_BAD_INPUT_DATA Parse RSA Key #4 (DES Encrypted) depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC From c1b93751b3091d2d0b9f8b4a197792d692375c3e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 12 Feb 2024 11:03:16 +0100 Subject: [PATCH 103/132] test_suite_pem: add more test cases for encrypted PEM buffers Signed-off-by: Valerio Setti --- tests/suites/test_suite_pem.data | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 32d3c279b..df9663b18 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -59,6 +59,18 @@ mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KE # The text "hello world" (which is clearly not a valid ASN.1 SEQUENCE) is encoded # with AES-128-CBC to prove that ASN.1 parsing after decoding fails. +# Since PBKDF1 isn't supported in OpenSSL, here's the steps: +# 1. generate the key (password="password"; IV=0x3132333435363738 in hex or "12345678" as string) +# echo -n "password12345678" | openssl md5 +# 2. encode data +# echo -n "hello world" | openssl aes-128-cbc -e -base64 -p -K "bbb0ddff1b944b3cc68eaaeb7ac20099" -iv "3132333435363738" PEM read (Invalid SEQUENCE encoded with AES-128-CBC) depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,765FCB151B573FC9E5FB3A0E5A198785\n\nU2FsdGVkX1/+Vl2WMhEy3zcdg14R+flkg/pW4ei4d0I=\n-----END EC PRIVATE KEY-----":"pwdpwd":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,31323334353637380000000000000000\n\nDfRGkwS+VjvR0IYsjZwW6Q==\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" + +# Same as above, but with invalid padding data. +# Generated with: +# echo -n -e "\x68\x65\x6c\x6c\x6f\x20\x77\x6f\x72\x6c\x64\x01\x02\x03\x04\x05" | openssl aes-128-cbc -e -base64 -p -K "bbb0ddff1b944b3cc68eaaeb7ac20099" -iv "3132333435363738" -nopad +PEM read (Invalid padding data for AES-128-CBC) +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,31323334353637380000000000000000\n\n333hxynfxEdXrSHQfIabxQ==\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_BAD_INPUT_DATA:"" From 3a4f2040b3e68e6f592eb129e9f2b0deeb600d43 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 12 Feb 2024 11:05:15 +0100 Subject: [PATCH 104/132] test_suite_psa_crypto: fix some test descriptions Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index dc43599a7..38e404660 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -104,7 +104,7 @@ PSA import/export RSA keypair: export buffer too small depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 -PSA import/export RSA keypair: trailing garbage ignored +PSA import/export RSA keypair: trailing garbage rejected depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT import_with_data:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ERROR_INVALID_ARGUMENT @@ -156,7 +156,7 @@ PSA import/export RSA keypair: export buffer too small, opaque depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 -PSA import/export RSA keypair: trailing garbage ignored, opaque +PSA import/export RSA keypair: trailing garbage rejected, opaque depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST import_with_data:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ERROR_INVALID_ARGUMENT From d8840ec6e589b24b6c9b927a095ef11be460f843 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 12 Feb 2024 11:28:06 +0100 Subject: [PATCH 105/132] add changelog Signed-off-by: Valerio Setti --- ChangeLog.d/8799.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/8799.txt diff --git a/ChangeLog.d/8799.txt b/ChangeLog.d/8799.txt new file mode 100644 index 000000000..b44bb9991 --- /dev/null +++ b/ChangeLog.d/8799.txt @@ -0,0 +1,4 @@ +Bugfix + * mbedtls_pem_read_buffer() now performs a check on the padding data of + decrypted keys and it rejects invalid ones. It also parses and validates + the main ASN.1 SEQUENCE header. From 024b395f85162594cc683b1e0d65ae77dfaaafac Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 23 Jan 2024 19:56:32 +0000 Subject: [PATCH 106/132] Make psa_reserve_free_key_slot thread safe Everything needs to be done under the mutex here, we operate directly on FULL/EMPTY slots, and we can't let key_slots_initialized change before we operate on slots. Refactor to use an exit label. Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index dc38662e1..07d7f35fc 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -160,9 +160,13 @@ psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, size_t slot_idx; psa_key_slot_t *selected_slot, *unused_persistent_key_slot; +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_lock( + &mbedtls_threading_key_slot_mutex)); +#endif if (!global_data.key_slots_initialized) { status = PSA_ERROR_BAD_STATE; - goto error; + goto exit; } selected_slot = unused_persistent_key_slot = NULL; @@ -194,7 +198,7 @@ psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, psa_register_read(selected_slot); status = psa_wipe_key_slot(selected_slot); if (status != PSA_SUCCESS) { - goto error; + goto exit; } } @@ -202,21 +206,27 @@ psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, status = psa_key_slot_state_transition(selected_slot, PSA_SLOT_EMPTY, PSA_SLOT_FILLING); if (status != PSA_SUCCESS) { - goto error; + goto exit; } *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN + ((psa_key_id_t) (selected_slot - global_data.key_slots)); *p_slot = selected_slot; - return PSA_SUCCESS; + goto exit; } status = PSA_ERROR_INSUFFICIENT_MEMORY; -error: - *p_slot = NULL; - *volatile_key_id = 0; +exit: + if (status != PSA_SUCCESS) { + *p_slot = NULL; + *volatile_key_id = 0; + } +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif return status; } From 91ffe5b87187e45a0d58cf0510d773ebe804508d Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 23 Jan 2024 20:05:42 +0000 Subject: [PATCH 107/132] Make psa_finish_key_creation thread safe Hold mutex for the entirety of the call. We are writing to storage and writing to the slot state here. If we didn't keep the mutex for the whole duration then we may end up with another thread seeing that a persistent key is in storage before our slot is set to FULL; this would be unlinearizable behaviour. Signed-off-by: Ryan Everett --- library/psa_crypto.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4a0666bb8..d53a09da3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1799,6 +1799,11 @@ static psa_status_t psa_finish_key_creation( (void) slot; (void) driver; +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_lock( + &mbedtls_threading_key_slot_mutex)); +#endif + #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) { #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -1838,6 +1843,11 @@ static psa_status_t psa_finish_key_creation( status = psa_save_se_persistent_data(driver); if (status != PSA_SUCCESS) { psa_destroy_persistent_key(slot->attr.id); + +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif return status; } status = psa_crypto_stop_transaction(); @@ -1853,6 +1863,10 @@ static psa_status_t psa_finish_key_creation( } } +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif return status; } From b71014406c090349e414dec586845c415ed71dd9 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 23 Jan 2024 20:09:49 +0000 Subject: [PATCH 108/132] Make psa_fail_key_creation thread safe Hold the mutex for the entirety of the call. We need the mutex for the wipe, also hold it for aborting driver transactions as this may have side effects. We can't use the macros here as this function returns void. Signed-off-by: Ryan Everett --- library/psa_crypto.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d53a09da3..a0e58a271 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1891,6 +1891,10 @@ static void psa_fail_key_creation(psa_key_slot_t *slot, return; } +#if defined(MBEDTLS_THREADING_C) + mbedtls_mutex_lock(&mbedtls_threading_key_slot_mutex); +#endif + #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /* TODO: If the key has already been created in the secure * element, and the failure happened later (when saving metadata @@ -1909,6 +1913,10 @@ static void psa_fail_key_creation(psa_key_slot_t *slot, #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ psa_wipe_key_slot(slot); + +#if defined(MBEDTLS_THREADING_C) + mbedtls_mutex_unlock(&mbedtls_threading_key_slot_mutex); +#endif } /** Validate optional attributes during key creation. From 3d8118d9dcae661fe2cc7d958d1a6ec8ee444c5c Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 30 Jan 2024 16:58:47 +0000 Subject: [PATCH 109/132] Revert psa_reserve_free_key_slot changes, lock in start_key_creation instead This means we can hold the mutex around the call to reserve_free_key_slot in get_and_lock_key_slot, avoiding inefficient rework. (Changes to get_and_lock_key_slot are not in scope in this PR) Signed-off-by: Ryan Everett --- library/psa_crypto.c | 8 ++++++++ library/psa_crypto_slot_management.c | 24 +++++++----------------- library/psa_crypto_slot_management.h | 3 +++ 3 files changed, 18 insertions(+), 17 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a0e58a271..5300126c3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1679,7 +1679,15 @@ static psa_status_t psa_start_key_creation( return status; } +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_lock( + &mbedtls_threading_key_slot_mutex)); +#endif status = psa_reserve_free_key_slot(&volatile_key_id, p_slot); +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif if (status != PSA_SUCCESS) { return status; } diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 07d7f35fc..dc38662e1 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -160,13 +160,9 @@ psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, size_t slot_idx; psa_key_slot_t *selected_slot, *unused_persistent_key_slot; -#if defined(MBEDTLS_THREADING_C) - PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_lock( - &mbedtls_threading_key_slot_mutex)); -#endif if (!global_data.key_slots_initialized) { status = PSA_ERROR_BAD_STATE; - goto exit; + goto error; } selected_slot = unused_persistent_key_slot = NULL; @@ -198,7 +194,7 @@ psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, psa_register_read(selected_slot); status = psa_wipe_key_slot(selected_slot); if (status != PSA_SUCCESS) { - goto exit; + goto error; } } @@ -206,27 +202,21 @@ psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id, status = psa_key_slot_state_transition(selected_slot, PSA_SLOT_EMPTY, PSA_SLOT_FILLING); if (status != PSA_SUCCESS) { - goto exit; + goto error; } *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN + ((psa_key_id_t) (selected_slot - global_data.key_slots)); *p_slot = selected_slot; - goto exit; + return PSA_SUCCESS; } status = PSA_ERROR_INSUFFICIENT_MEMORY; -exit: - if (status != PSA_SUCCESS) { - *p_slot = NULL; - *volatile_key_id = 0; - } +error: + *p_slot = NULL; + *volatile_key_id = 0; -#if defined(MBEDTLS_THREADING_C) - PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( - &mbedtls_threading_key_slot_mutex)); -#endif return status; } diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 18a914496..585de1318 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -107,6 +107,9 @@ void psa_wipe_all_key_slots(void); * It is the responsibility of the caller to change the slot's state to * PSA_SLOT_EMPTY/FULL once key creation has finished. * + * If multi-threading is enabled, the caller must hold the + * global key slot mutex. + * * \param[out] volatile_key_id On success, volatile key identifier * associated to the returned slot. * \param[out] p_slot On success, a pointer to the slot. From 73feaf2682b63b7c405c0360c26f3e066c2f465a Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 14 Feb 2024 11:36:41 +0000 Subject: [PATCH 110/132] Comment on locking strategy in psa_fail_key_creation Signed-off-by: Ryan Everett --- library/psa_crypto.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5300126c3..67f6eac6f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1900,6 +1900,9 @@ static void psa_fail_key_creation(psa_key_slot_t *slot, } #if defined(MBEDTLS_THREADING_C) + /* If the lock operation fails we still wipe the slot. + * Operations will no longer work after a failed lock, + * but we still need to wipe the slot of confidential data. */ mbedtls_mutex_lock(&mbedtls_threading_key_slot_mutex); #endif From b807cc6ebaea1d353bd877a4f7e110619477eab7 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 30 Nov 2023 17:16:20 +0800 Subject: [PATCH 111/132] Add checks for PK_[PARSE/WRITE]_C when PK_HAVE_ECC_KEYS is set When PK_HAVE_ECC_KEYS is set with PK_[PARSE/WRITE]_C, it needs OID_C to be enabled. This commit adds proper checks in check_config.h Signed-off-by: Yanray Wang --- include/mbedtls/check_config.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index a7a346fe5..af78087b1 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -444,6 +444,16 @@ #error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_HAVE_ECC_KEYS) && \ + !defined(MBEDTLS_OID_C) +#error "MBEDTLS_PK_PARSE_C and MBEDTLS_PK_HAVE_ECC_KEYS require MBEDTLS_OID_C" +#endif + +#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_PK_HAVE_ECC_KEYS) && \ + !defined(MBEDTLS_OID_C) +#error "MBEDTLS_PK_WRITE_C and MBEDTLS_PK_HAVE_ECC_KEYS require MBEDTLS_OID_C" +#endif + #if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C) #error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites" #endif From e9954bb9d532acf18796f4babab391a1eb7a790e Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 30 Nov 2023 17:16:33 +0800 Subject: [PATCH 112/132] test_suite_pk.function: add correct dependency In valid_parameters_pkwrite, we first parse a public key then test with mbedtls_pk_write_xxx functions. So valid_parameters_pkwrite should depend on both MBEDTLS_PK_WRITE_C and MBEDTLS_PK_PARSE_C. Signed-off-by: Yanray Wang --- tests/suites/test_suite_pk.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 681de0ff0..ff843cb8d 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -681,7 +681,7 @@ void valid_parameters() } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C:MBEDTLS_PK_PARSE_C */ void valid_parameters_pkwrite(data_t *key_data) { mbedtls_pk_context pk; From 687bfcb54ca7cf59cc59dd2ad6b46e705e7b8826 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 1 Dec 2023 12:15:17 +0800 Subject: [PATCH 113/132] pk: remove duplicate define of MBEDTLS_PK_HAVE_ECC_KEYS In pk.h, MBEDTLS_PK_HAVE_ECC_KEYS is enabled if ECP_C is defined or USE_PSA_CRYPTO && PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY are defined. But this logic is duplicate with its definition in config_adjust_legacy_crypto.h. Signed-off-by: Yanray Wang --- include/mbedtls/pk.h | 7 ------- 1 file changed, 7 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 66f39015f..919543cc6 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -181,13 +181,6 @@ typedef struct mbedtls_pk_rsassa_pss_options { #define MBEDTLS_PK_USE_PSA_EC_DATA #endif -/* Helper symbol to state that the PK module has support for EC keys. This - * can either be provided through the legacy ECP solution or through the - * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C) -#define MBEDTLS_PK_HAVE_ECC_KEYS -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ - /** * \brief Types for interfacing with the debug module */ From 5b118d4aed8b3e211c00d55c48298aea5f14c03f Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 5 Dec 2023 10:31:54 +0800 Subject: [PATCH 114/132] Check MBEDTLS_PK_{PARSE,WRITE}_C requires MBEDTLS_OID_C - check_config.h: add this dependency check - mbedtls_config.h: update corresponding requirement documentation Signed-off-by: Yanray Wang --- include/mbedtls/check_config.h | 16 ++++------------ include/mbedtls/mbedtls_config.h | 4 ++-- 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index af78087b1..6aa87b8a9 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -436,24 +436,16 @@ #error "MBEDTLS_PK_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C) +#if defined(MBEDTLS_PK_PARSE_C) && \ + (!defined(MBEDTLS_PK_C) || !defined(MBEDTLS_OID_C)) #error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C) +#if defined(MBEDTLS_PK_WRITE_C) && \ + (!defined(MBEDTLS_PK_C) || !defined(MBEDTLS_OID_C)) #error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_HAVE_ECC_KEYS) && \ - !defined(MBEDTLS_OID_C) -#error "MBEDTLS_PK_PARSE_C and MBEDTLS_PK_HAVE_ECC_KEYS require MBEDTLS_OID_C" -#endif - -#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_PK_HAVE_ECC_KEYS) && \ - !defined(MBEDTLS_OID_C) -#error "MBEDTLS_PK_WRITE_C and MBEDTLS_PK_HAVE_ECC_KEYS require MBEDTLS_OID_C" -#endif - #if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C) #error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites" #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 6a5828c74..edf4a0b30 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3059,7 +3059,7 @@ * Caller: library/x509_crt.c * library/x509_csr.c * - * Requires: MBEDTLS_PK_C + * Requires: MBEDTLS_PK_C, MBEDTLS_OID_C * * Uncomment to enable generic public key parse functions. */ @@ -3073,7 +3073,7 @@ * Module: library/pkwrite.c * Caller: library/x509write.c * - * Requires: MBEDTLS_PK_C + * Requires: MBEDTLS_PK_C, MBEDTLS_OID_C * * Uncomment to enable generic public key write functions. */ From 072a068f9f184a9b2ede7f4e940ca35e3b49ea3e Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 5 Dec 2023 10:53:04 +0800 Subject: [PATCH 115/132] check_config: combine check for MBEDTLS_PK_PARSE_C - check_config.h: combine separate check for MBEDTLS_PK_PARSE_C - mbedtls_config.h: update documentation for `Requires` Signed-off-by: Yanray Wang --- include/mbedtls/check_config.h | 8 +++----- include/mbedtls/mbedtls_config.h | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 6aa87b8a9..1ccd24edf 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -207,10 +207,6 @@ #error "MBEDTLS_ECP_C defined (or a subset enabled), but not all prerequisites" #endif -#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C) -#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_ENTROPY_C) && \ !(defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA256)) #error "MBEDTLS_ENTROPY_C defined, but not all prerequisites" @@ -437,7 +433,9 @@ #endif #if defined(MBEDTLS_PK_PARSE_C) && \ - (!defined(MBEDTLS_PK_C) || !defined(MBEDTLS_OID_C)) + (!defined(MBEDTLS_ASN1_PARSE_C) || \ + !defined(MBEDTLS_OID_C) || \ + !defined(MBEDTLS_PK_C)) #error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index edf4a0b30..2cfb4fcab 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3059,7 +3059,7 @@ * Caller: library/x509_crt.c * library/x509_csr.c * - * Requires: MBEDTLS_PK_C, MBEDTLS_OID_C + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_C * * Uncomment to enable generic public key parse functions. */ From a8f8eb1e356564bd5aeb3b0c34795188105798f1 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 5 Dec 2023 11:00:33 +0800 Subject: [PATCH 116/132] check_config: add missing dependency check for MBEDTLS_PK_WRITE_C MBEDTLS_PK_WRITE_C requires MBEDTLS_ASN1_WRITE_C, but there is no corresponding check in check_config.h. In addition, corresponding documentation for `Requires` is updated in mbedtls_config.h. Signed-off-by: Yanray Wang --- include/mbedtls/check_config.h | 4 +++- include/mbedtls/mbedtls_config.h | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 1ccd24edf..576efeae0 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -440,7 +440,9 @@ #endif #if defined(MBEDTLS_PK_WRITE_C) && \ - (!defined(MBEDTLS_PK_C) || !defined(MBEDTLS_OID_C)) + (!defined(MBEDTLS_ASN1_WRITE_C) || \ + !defined(MBEDTLS_OID_C) || \ + !defined(MBEDTLS_PK_C)) #error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 2cfb4fcab..254e75a1a 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3073,7 +3073,7 @@ * Module: library/pkwrite.c * Caller: library/x509write.c * - * Requires: MBEDTLS_PK_C, MBEDTLS_OID_C + * Requires: MBEDTLS_ASN1_WRITE_C, MBEDTLS_OID_C, MBEDTLS_PK_C * * Uncomment to enable generic public key write functions. */ From 93ecbef6a89464e62c3225f423667e9541a48f22 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Feb 2024 11:44:48 +0100 Subject: [PATCH 117/132] pk_wrap: set proper PSA algin rsa wrappers based on padding mode set in RSA context Signed-off-by: Valerio Setti --- library/pk_wrap.c | 50 ++++++++++++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 20 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 69e1baf2e..b472cfbb7 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -74,8 +74,7 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, int key_len; unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES]; unsigned char *p = buf + sizeof(buf); - psa_algorithm_t psa_alg_md = - PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg)); + psa_algorithm_t psa_alg_md; size_t rsa_len = mbedtls_rsa_get_len(rsa); #if SIZE_MAX > UINT_MAX @@ -84,6 +83,12 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, } #endif + if (mbedtls_rsa_get_padding_mode(rsa) == MBEDTLS_RSA_PKCS_V21) { + psa_alg_md = PSA_ALG_RSA_PSS(mbedtls_md_psa_alg_from_type(md_alg)); + } else { + psa_alg_md = PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg)); + } + if (sig_len < rsa_len) { return MBEDTLS_ERR_RSA_VERIFY_FAILED; } @@ -235,10 +240,14 @@ static int rsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, if (psa_md_alg == 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } + psa_algorithm_t psa_alg; + if (mbedtls_rsa_get_padding_mode(mbedtls_pk_rsa(*pk)) == MBEDTLS_RSA_PKCS_V21) { + psa_alg = PSA_ALG_RSA_PSS(psa_md_alg); + } else { + psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN(psa_md_alg); + } - return mbedtls_pk_psa_rsa_sign_ext(PSA_ALG_RSA_PKCS1V15_SIGN( - psa_md_alg), - pk->pk_ctx, hash, hash_len, + return mbedtls_pk_psa_rsa_sign_ext(psa_alg, pk->pk_ctx, hash, hash_len, sig, sig_size, sig_len); } #else /* MBEDTLS_USE_PSA_CRYPTO */ @@ -276,6 +285,7 @@ static int rsa_decrypt_wrap(mbedtls_pk_context *pk, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_algorithm_t psa_md_alg, decrypt_alg; psa_status_t status; int key_len; unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES]; @@ -284,12 +294,6 @@ static int rsa_decrypt_wrap(mbedtls_pk_context *pk, ((void) f_rng); ((void) p_rng); -#if !defined(MBEDTLS_RSA_ALT) - if (rsa->padding != MBEDTLS_RSA_PKCS_V15) { - return MBEDTLS_ERR_RSA_INVALID_PADDING; - } -#endif /* !MBEDTLS_RSA_ALT */ - if (ilen != mbedtls_rsa_get_len(rsa)) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -301,7 +305,13 @@ static int rsa_decrypt_wrap(mbedtls_pk_context *pk, psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT); + if (mbedtls_rsa_get_padding_mode(rsa) == MBEDTLS_RSA_PKCS_V21) { + psa_md_alg = mbedtls_md_psa_alg_from_type(mbedtls_rsa_get_md_alg(rsa)); + decrypt_alg = PSA_ALG_RSA_OAEP(psa_md_alg); + } else { + decrypt_alg = PSA_ALG_RSA_PKCS1V15_CRYPT; + } + psa_set_key_algorithm(&attributes, decrypt_alg); status = psa_import_key(&attributes, buf + sizeof(buf) - key_len, key_len, @@ -311,7 +321,7 @@ static int rsa_decrypt_wrap(mbedtls_pk_context *pk, goto cleanup; } - status = psa_asymmetric_decrypt(key_id, PSA_ALG_RSA_PKCS1V15_CRYPT, + status = psa_asymmetric_decrypt(key_id, decrypt_alg, input, ilen, NULL, 0, output, osize, olen); @@ -358,6 +368,7 @@ static int rsa_encrypt_wrap(mbedtls_pk_context *pk, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_algorithm_t psa_md_alg; psa_status_t status; int key_len; unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES]; @@ -366,12 +377,6 @@ static int rsa_encrypt_wrap(mbedtls_pk_context *pk, ((void) f_rng); ((void) p_rng); -#if !defined(MBEDTLS_RSA_ALT) - if (rsa->padding != MBEDTLS_RSA_PKCS_V15) { - return MBEDTLS_ERR_RSA_INVALID_PADDING; - } -#endif - if (mbedtls_rsa_get_len(rsa) > osize) { return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE; } @@ -382,7 +387,12 @@ static int rsa_encrypt_wrap(mbedtls_pk_context *pk, } psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT); + if (mbedtls_rsa_get_padding_mode(rsa) == MBEDTLS_RSA_PKCS_V21) { + psa_md_alg = mbedtls_md_psa_alg_from_type(mbedtls_rsa_get_md_alg(rsa)); + psa_set_key_algorithm(&attributes, PSA_ALG_RSA_OAEP(psa_md_alg)); + } else { + psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT); + } psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY); status = psa_import_key(&attributes, From 0f286d5453488acbc0ae2191ea80f1156eabbbb4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 16 Feb 2024 14:30:58 +0100 Subject: [PATCH 118/132] pem: reject empty PEM contents Signed-off-by: Valerio Setti --- library/pem.c | 5 +++++ tests/suites/test_suite_pem.data | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/library/pem.c b/library/pem.c index f090f4931..a111970bb 100644 --- a/library/pem.c +++ b/library/pem.c @@ -244,6 +244,7 @@ exit: #if defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) static int pem_check_pkcs_padding(unsigned char *input, size_t input_len, size_t *data_len) { + /* input_len > 0 is guaranteed by mbedtls_pem_read_buffer(). */ size_t pad_len = input[input_len - 1]; size_t i; @@ -412,6 +413,10 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); } + if (len == 0) { + return MBEDTLS_ERR_PEM_BAD_INPUT_DATA; + } + if ((buf = mbedtls_calloc(1, len)) == NULL) { return MBEDTLS_ERR_PEM_ALLOC_FAILED; } diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index df9663b18..a900a33b9 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -22,6 +22,10 @@ mbedtls_pem_write_buffer_lengths PEM read (unencrypted, valid) mbedtls_pem_read_buffer:"^":"$":"^\nTWJlZCBUTFM=\n$":"":0:"4d62656420544c53" +PEM read (unencrypted, empty content) +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\n\n-----END EC PRIVATE KEY-----":"":MBEDTLS_ERR_PEM_BAD_INPUT_DATA:"" + PEM read (DES-EDE3-CBC + invalid iv) depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV:"" From 46ee81d2593f456afa1f387d7af139fae1515ae0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 13 Feb 2024 20:05:29 +0100 Subject: [PATCH 119/132] test_suite_pk: add test cases for RSA keys (sign/verify & crypt/decrypt) Signed-off-by: Gilles Peskine Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.data | 86 ++++++++++++++++++++++------- tests/suites/test_suite_pk.function | 71 +++++++++++++++++++----- 2 files changed, 124 insertions(+), 33 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 35f02cb81..9c0bb23a3 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -326,13 +326,33 @@ PK can do ext: MBEDTLS_PK_RSA, check RSA_PSS(SHA256) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_can_do_ext:0:MBEDTLS_PK_RSA:0:0:0:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 -RSA verify test vector #1 (good) +RSA verify test vector: PKCS1v1.5 (explicit), SHA1, good depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15 -pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":0 +pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":0 -RSA verify test vector #2 (bad) +RSA verify test vector: PKCS1v1.5 (default), SHA1, good depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15 -pk_rsa_verify_test_vec:"9f294f0c7b32da6221a3ef83654322038e8968fa":MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"3203b7647fb7e345aa457681e5131777f1adc371f2fba8534928c4e52ef6206a856425d6269352ecbf64db2f6ad82397768cafdd8cd272e512d617ad67992226da6bc291c31404c17fd4b7e2beb20eff284a44f4d7af47fd6629e2c95809fa7f2241a04f70ac70d3271bb13258af1ed5c5988c95df7fa26603515791075feccd":MBEDTLS_ERR_RSA_VERIFY_FAILED +pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":-1:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":0 + +RSA verify test vector: PKCS1v1.5, SHA1, wrong signature +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15 +pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b8":MBEDTLS_ERR_RSA_VERIFY_FAILED + +RSA verify test vector: PSS, SHA1, good +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V21 +pk_rsa_verify_test_vec:"37b66ae0445843353d47ecb0b4fd14c110e62d6a":MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:1024:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":"010001":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e":0 + +RSA verify test vector: PSS, SHA1, wrong signature +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V21 +pk_rsa_verify_test_vec:"37b66ae0445843353d47ecb0b4fd14c110e62d6a":MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:1024:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":"010001":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747f":MBEDTLS_ERR_RSA_VERIFY_FAILED + +RSA verify test vector: PSS, SHA1, signature is PKCS1v1.5 +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V21 +pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":MBEDTLS_ERR_RSA_VERIFY_FAILED + +RSA verify test vector: PKCS1v1.5, SHA1, signature is PSS +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15 +pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e":MBEDTLS_ERR_RSA_VERIFY_FAILED ECDSA verify test vector #1 (good) depends_on:MBEDTLS_ECP_HAVE_SECP192R1 @@ -384,51 +404,79 @@ pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723e ECDSA sign-verify: SECP192R1 depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP192R1 -pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:0:0 +pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:0:0:0:0 ECDSA sign-verify: SECP256R1 depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1 -pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:0:0 +pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:0:0:0:0 ECDSA sign-verify: SECP384R1 depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1 -pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:0:0 +pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:0:0:0:0 ECDSA sign-verify: SECP521R1 depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP521R1 -pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:0:0 +pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:0:0:0:0 ECDSA sign-verify: BP256R1 depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_BP256R1 -pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP256R1:0:0 +pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP256R1:0:0:0:0 ECDSA sign-verify: BP512R1 depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_BP512R1 -pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP512R1:0:0 +pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP512R1:0:0:0:0 EC(DSA) sign-verify: SECP192R1 depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP192R1 -pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0 +pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0:0:0 EC_DH (no) sign-verify: SECP192R1 depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1 -pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:0:0:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH -RSA sign-verify -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512 -pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:0 +RSA sign-verify, PKCS1v1.5, SHA1 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA1 +pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:0:0 + +RSA sign-verify, PKCS1v2.1, SHA1 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA1 +pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:0:0 + +RSA sign-verify, PKCS1v1.5, SHA256 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA256 +pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:0:0 + +RSA sign-verify, PKCS1v2.1, SHA256 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA256 +pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA256:0:0 RSA encrypt-decrypt test depends_on:MBEDTLS_PKCS1_V15 pk_rsa_encrypt_decrypt_test:"4E636AF98E40F3ADCFCCB698F4E80B9F":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":0 -RSA decrypt test vector #1 +RSA decrypt test vector - PKCS1v1.5 depends_on:MBEDTLS_PKCS1_V15 -pk_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":0 +pk_rsa_decrypt_test_vec:"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":1024:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":0 -RSA decrypt test vector #2 +RSA decrypt test vector - PKCS1v1.5, corrupted encrypted data depends_on:MBEDTLS_PKCS1_V15 -pk_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404feb284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING +pk_rsa_decrypt_test_vec:"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43d":1024:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING + +RSA decrypt test vector - PKCS1v2.1 +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA1 +pk_rsa_decrypt_test_vec:"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955":1024:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":0 + +RSA decrypt test vector - PKCS1v2.1, corrupted encrypted data +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA1 +pk_rsa_decrypt_test_vec:"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0956":1024:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING + +RSA decrypt test vector - PKCS1v1.5, but data is PKCS1v2.1 encrypted +depends_on:MBEDTLS_PKCS1_V15 +pk_rsa_decrypt_test_vec:"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0956":1024:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING + +RSA decrypt test vector - PKCS1v2.1, but data is PKCS1v1.5 encrypted +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA1 +pk_rsa_decrypt_test_vec:"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":1024:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING RSA Opaque decrypt test vector #1 depends_on:MBEDTLS_PKCS1_V15 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index ff843cb8d..946c52f8b 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -800,9 +800,9 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ -void pk_rsa_verify_test_vec(data_t *message_str, int digest, int mod, - char *input_N, char *input_E, - data_t *result_str, int result) +void pk_rsa_verify_test_vec(data_t *message_str, int padding, int digest, + int mod, char *input_N, char *input_E, + data_t *result_str, int expected_result) { mbedtls_rsa_context *rsa; mbedtls_pk_context pk; @@ -817,28 +817,54 @@ void pk_rsa_verify_test_vec(data_t *message_str, int digest, int mod, #endif mbedtls_pk_init(&pk); - USE_PSA_INIT(); + MD_OR_USE_PSA_INIT(); TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); rsa = mbedtls_pk_rsa(pk); rsa->len = (mod + 7) / 8; + if (padding >= 0) { + TEST_EQUAL(mbedtls_rsa_set_padding(rsa, padding, MBEDTLS_MD_NONE), 0); + } + TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); - TEST_ASSERT(mbedtls_pk_verify(&pk, digest, message_str->x, 0, - result_str->x, mbedtls_pk_get_len(&pk)) == result); + int actual_result; + actual_result = mbedtls_pk_verify(&pk, digest, message_str->x, 0, + result_str->x, mbedtls_pk_get_len(&pk)); +#if !defined(MBEDTLS_USE_PSA_CRYPTO) + if (actual_result == MBEDTLS_ERR_RSA_INVALID_PADDING && + expected_result == MBEDTLS_ERR_RSA_VERIFY_FAILED) { + /* Tolerate INVALID_PADDING error for an invalid signature with + * the legacy API (but not with PSA). */ + } else +#endif + { + TEST_EQUAL(actual_result, expected_result); + } - TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, digest, message_str->x, 0, - result_str->x, mbedtls_pk_get_len( - &pk), rs_ctx) == result); + actual_result = mbedtls_pk_verify_restartable(&pk, digest, message_str->x, 0, + result_str->x, + mbedtls_pk_get_len(&pk), + rs_ctx); +#if !defined(MBEDTLS_USE_PSA_CRYPTO) + if (actual_result == MBEDTLS_ERR_RSA_INVALID_PADDING && + expected_result == MBEDTLS_ERR_RSA_VERIFY_FAILED) { + /* Tolerate INVALID_PADDING error for an invalid signature with + * the legacy API (but not with PSA). */ + } else +#endif + { + TEST_EQUAL(actual_result, expected_result); + } exit: #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_pk_restart_free(rs_ctx); #endif mbedtls_pk_free(&pk); - USE_PSA_DONE(); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -1027,7 +1053,8 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256 */ -void pk_sign_verify(int type, int curve_or_keybits, int sign_ret, int verify_ret) +void pk_sign_verify(int type, int curve_or_keybits, int rsa_padding, int rsa_md_alg, + int sign_ret, int verify_ret) { mbedtls_pk_context pk; size_t sig_len; @@ -1055,6 +1082,17 @@ void pk_sign_verify(int type, int curve_or_keybits, int sign_ret, int verify_ret TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); TEST_ASSERT(pk_genkey(&pk, curve_or_keybits) == 0); +#if defined(MBEDTLS_RSA_C) + if (type == MBEDTLS_PK_RSA) { + /* Just pick SHA1 here as hashing algorithm as we're more interested + * in checking the compatibility between */ + TEST_ASSERT(mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), rsa_padding, rsa_md_alg) == 0); + } +#else + (void) rsa_padding; + (void) rsa_md_alg; +#endif /* MBEDTLS_RSA_C */ + TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, MBEDTLS_MD_SHA256, hash, hash_len, sig, sizeof(sig), &sig_len, @@ -1194,7 +1232,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ -void pk_rsa_decrypt_test_vec(data_t *cipher, int mod, +void pk_rsa_decrypt_test_vec(data_t *cipher, int mod, int padding, int md_alg, char *input_P, char *input_Q, char *input_N, char *input_E, data_t *clear, int ret) @@ -1209,7 +1247,7 @@ void pk_rsa_decrypt_test_vec(data_t *cipher, int mod, mbedtls_pk_init(&pk); mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); - USE_PSA_INIT(); + MD_OR_USE_PSA_INIT(); memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); @@ -1231,6 +1269,11 @@ void pk_rsa_decrypt_test_vec(data_t *cipher, int mod, TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod); TEST_EQUAL(mbedtls_pk_get_len(&pk), (mod + 7) / 8); + /* set padding mode */ + if (padding >= 0) { + TEST_EQUAL(mbedtls_rsa_set_padding(rsa, padding, md_alg), 0); + } + /* decryption test */ memset(output, 0, sizeof(output)); olen = 0; @@ -1246,7 +1289,7 @@ exit: mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); mbedtls_pk_free(&pk); - USE_PSA_DONE(); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ From 90ea4fd201568470044197b2463338c5f32a993b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 15 Feb 2024 15:42:24 +0100 Subject: [PATCH 120/132] pk: fix documentation for sign/verify and encrypt/decrypt Remove exception warnings about PKCS1v1.5, since now both padding formats are treated properly no matter if USE_PSA_CRYPTO is defined or not. Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 919543cc6..c37121f8a 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -616,10 +616,6 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid * signature in \p sig but its length is less than \p sig_len, * or a specific error code. - * - * \note For RSA keys, the default padding type is PKCS#1 v1.5. - * Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... ) - * to verify RSASSA_PSS signatures. */ int mbedtls_pk_verify(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, @@ -708,10 +704,6 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, * * \return 0 on success, or a specific error code. * - * \note For RSA keys, the default padding type is PKCS#1 v1.5. - * There is no interface in the PK module to make RSASSA-PSS - * signatures yet. - * * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. * For ECDSA, md_alg may never be MBEDTLS_MD_NONE. */ @@ -806,8 +798,6 @@ int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx, * \param f_rng RNG function, must not be \c NULL. * \param p_rng RNG parameter * - * \note For RSA keys, the default padding type is PKCS#1 v1.5. - * * \return 0 on success, or a specific error code. */ int mbedtls_pk_decrypt(mbedtls_pk_context *ctx, @@ -829,8 +819,6 @@ int mbedtls_pk_decrypt(mbedtls_pk_context *ctx, * * \note \p f_rng is used for padding generation. * - * \note For RSA keys, the default padding type is PKCS#1 v1.5. - * * \return 0 on success, or a specific error code. */ int mbedtls_pk_encrypt(mbedtls_pk_context *ctx, From 8aff4ef274688be38423820091895a2f30187f28 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 16 Feb 2024 14:31:51 +0100 Subject: [PATCH 121/132] test_suite_pem: add more test cases for invalid padding data Signed-off-by: Valerio Setti --- library/pem.c | 2 +- tests/suites/test_suite_pem.data | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/library/pem.c b/library/pem.c index a111970bb..3f01d3bdd 100644 --- a/library/pem.c +++ b/library/pem.c @@ -463,7 +463,7 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const * mismatches. */ ret = pem_check_pkcs_padding(buf, len, &len); if (ret != 0) { - mbedtls_free(buf); + mbedtls_zeroize_and_free(buf, len); return ret; } diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index a900a33b9..e3bb7e4da 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -78,3 +78,17 @@ mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KE PEM read (Invalid padding data for AES-128-CBC) depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,31323334353637380000000000000000\n\n333hxynfxEdXrSHQfIabxQ==\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_BAD_INPUT_DATA:"" + +# Padding data (0x11) is larger than AES block size (16). +# Generated with: +# echo -n -e "\x68\x65\x6c\x6c\x6f\x20\x77\x6f\x72\x6c\x64\x11\x11\x11\x11\x11" | openssl aes-128-cbc -e -base64 -p -K "bbb0ddff1b944b3cc68eaaeb7ac20099" -iv "3132333435363738" -nopad +PEM read (AES-128-CBC, padding data is larger than AES block length) +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,31323334353637380000000000000000\n\n5wA/XVXHuMsQAAOGFQmK0g==\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_BAD_INPUT_DATA:"" + +# Padding data (0x9) is larger than AES block size (8). +# Generated with: +# echo -n -e "\x68\x65\x6c\x6c\x6f\x09\x09\x09" | openssl des-cbc -e -base64 -p -K "bbb0ddff1b944b3cc68eaaeb7ac20099" -iv "3132333435363738" -nopad +PEM read (DES-CBC, padding data is larger than DES block length) +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,3132333435363738\n\n6a+B2WineBM=\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_BAD_INPUT_DATA:"" From 4cc6522a85473e6ae49e1558988cde408739305e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 16 Feb 2024 14:40:42 +0100 Subject: [PATCH 122/132] pem: do not parse ASN1 data after decryption (removes ASN1 dependency) Now that we have padding verification after decryption and since this can be used to validate the password as well there is no need to parse ASN1 content any more, so we can simplify/remove that dependency. Signed-off-by: Valerio Setti --- ChangeLog.d/8799.txt | 3 +-- include/mbedtls/asn1.h | 5 ++--- library/asn1parse.c | 5 ++--- library/pem.c | 23 ----------------------- tests/suites/test_suite_pem.data | 13 +++---------- tests/suites/test_suite_pem.function | 1 - 6 files changed, 8 insertions(+), 42 deletions(-) diff --git a/ChangeLog.d/8799.txt b/ChangeLog.d/8799.txt index b44bb9991..50e7c118c 100644 --- a/ChangeLog.d/8799.txt +++ b/ChangeLog.d/8799.txt @@ -1,4 +1,3 @@ Bugfix * mbedtls_pem_read_buffer() now performs a check on the padding data of - decrypted keys and it rejects invalid ones. It also parses and validates - the main ASN.1 SEQUENCE header. + decrypted keys and it rejects invalid ones. diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index d8ee46930..ff019f432 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -198,7 +198,7 @@ typedef struct mbedtls_asn1_named_data { mbedtls_asn1_named_data; #if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) || \ - defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) || defined(MBEDTLS_PEM_PARSE_C) + defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) /** * \brief Get the length of an ASN.1 element. * Updates the pointer to immediately behind the length. @@ -245,8 +245,7 @@ int mbedtls_asn1_get_len(unsigned char **p, int mbedtls_asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag); -#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C || - MBEDTLS_PSA_UTIL_HAVE_ECDSA || MBEDTLS_PEM_PARSE_C */ +#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA */ #if defined(MBEDTLS_ASN1_PARSE_C) /** diff --git a/library/asn1parse.c b/library/asn1parse.c index 644b43ba9..e33fdf71d 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -8,7 +8,7 @@ #include "common.h" #if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) || \ - defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) || defined(MBEDTLS_PEM_PARSE_C) + defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) #include "mbedtls/asn1.h" #include "mbedtls/platform_util.h" @@ -74,8 +74,7 @@ int mbedtls_asn1_get_tag(unsigned char **p, return mbedtls_asn1_get_len(p, end, len); } -#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C || - MBEDTLS_PSA_UTIL_HAVE_ECDSA || MBEDTLS_PEM_PARSE_C */ +#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA */ #if defined(MBEDTLS_ASN1_PARSE_C) int mbedtls_asn1_get_bool(unsigned char **p, diff --git a/library/pem.c b/library/pem.c index 3f01d3bdd..48180eed4 100644 --- a/library/pem.c +++ b/library/pem.c @@ -17,7 +17,6 @@ #include "mbedtls/cipher.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" -#include "mbedtls/asn1.h" #include @@ -466,28 +465,6 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const mbedtls_zeroize_and_free(buf, len); return ret; } - - /* - * In RFC1421 PEM is used as container for DER (ASN.1) content so we - * can use ASN.1 functions to parse the main SEQUENCE tag and to get its - * length. - */ - unsigned char *p = buf; - size_t sequence_len; - ret = mbedtls_asn1_get_tag(&p, buf + len, &sequence_len, - MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED); - if (ret != 0) { - mbedtls_free(buf); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); - } - /* Add also the sequence block (tag + len) to the total amount of valid data. */ - sequence_len += (p - buf); - - /* Ensure that the reported SEQUENCE length matches the data len (i.e. no - * trailing garbage data). */ - if (len != sequence_len) { - return MBEDTLS_ERR_PEM_BAD_INPUT_DATA; - } #else mbedtls_zeroize_and_free(buf, len); return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE; diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index e3bb7e4da..6f8af6c31 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -61,21 +61,14 @@ PEM read (valid EC key encoded with AES-128-CBC) depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,151F851B6A7F3FBDAA5B7173117D0127\n\nLw+0OM+0Bwcl+ls/vxQbLrVshGc7bsNPvvtj2sJeMFFEq3V1mj/IO++0KK/CDhMH\nh6CZPsmgVOeM5uFpqYaq0fJbUduN2eDMWszWRm0SFkY=\n-----END EC PRIVATE KEY-----":"pwdpwd":0:"3041020101040f00d8023c809afd45e426d1a4dbe0ffa00706052b81040004a1220320000400da1ecfa53d528237625e119e2e0500d2eb671724f16deb6a63749516b7" -# The text "hello world" (which is clearly not a valid ASN.1 SEQUENCE) is encoded -# with AES-128-CBC to prove that ASN.1 parsing after decoding fails. +# The text "hello world" together with some invalid padding data is encoded +# with AES-128-CBC in order to test padding validation. # Since PBKDF1 isn't supported in OpenSSL, here's the steps: # 1. generate the key (password="password"; IV=0x3132333435363738 in hex or "12345678" as string) # echo -n "password12345678" | openssl md5 # 2. encode data -# echo -n "hello world" | openssl aes-128-cbc -e -base64 -p -K "bbb0ddff1b944b3cc68eaaeb7ac20099" -iv "3132333435363738" -PEM read (Invalid SEQUENCE encoded with AES-128-CBC) -depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,31323334353637380000000000000000\n\nDfRGkwS+VjvR0IYsjZwW6Q==\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" - -# Same as above, but with invalid padding data. -# Generated with: # echo -n -e "\x68\x65\x6c\x6c\x6f\x20\x77\x6f\x72\x6c\x64\x01\x02\x03\x04\x05" | openssl aes-128-cbc -e -base64 -p -K "bbb0ddff1b944b3cc68eaaeb7ac20099" -iv "3132333435363738" -nopad -PEM read (Invalid padding data for AES-128-CBC) +PEM read (AES-128-CBC, invalid padding data) depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,31323334353637380000000000000000\n\n333hxynfxEdXrSHQfIabxQ==\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_BAD_INPUT_DATA:"" diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function index 2acc16e9f..413dc551c 100644 --- a/tests/suites/test_suite_pem.function +++ b/tests/suites/test_suite_pem.function @@ -3,7 +3,6 @@ #include "mbedtls/pem.h" #include "mbedtls/des.h" #include "mbedtls/aes.h" -#include "mbedtls/asn1.h" /* END_HEADER */ /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */ From eba4ca19c6494c2ca81e577696b64e93c158b80a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 19 Feb 2024 07:42:18 +0100 Subject: [PATCH 123/132] test_suite_pem: solve driver test disparities Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 3 +-- tests/suites/test_suite_pem.data | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 6503f9a27..2da16b9cf 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -571,8 +571,7 @@ KNOWN_TASKS = { 'test_suite_pem': [ # Following tests require AES_C, but this is diabled in the # accelerated component. - 'PEM read (AES-128-CBC + invalid iv)', - 'PEM read (malformed PEM AES-128-CBC)', + re.compile('PEM read .*AES.*'), 'PEM read (unknown encryption algorithm)', ], 'test_suite_error': [ diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 6f8af6c31..53b8494e3 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -23,7 +23,6 @@ PEM read (unencrypted, valid) mbedtls_pem_read_buffer:"^":"$":"^\nTWJlZCBUTFM=\n$":"":0:"4d62656420544c53" PEM read (unencrypted, empty content) -depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\n\n-----END EC PRIVATE KEY-----":"":MBEDTLS_ERR_PEM_BAD_INPUT_DATA:"" PEM read (DES-EDE3-CBC + invalid iv) From e10674d54758008fa20c19019511ac04da3abb06 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 19 Feb 2024 14:52:24 +0100 Subject: [PATCH 124/132] test_suite_pem: fix comment in test case Signed-off-by: Valerio Setti --- tests/suites/test_suite_pem.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 53b8494e3..b5bcb406e 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -78,7 +78,7 @@ PEM read (AES-128-CBC, padding data is larger than AES block length) depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,31323334353637380000000000000000\n\n5wA/XVXHuMsQAAOGFQmK0g==\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_BAD_INPUT_DATA:"" -# Padding data (0x9) is larger than AES block size (8). +# Padding data (0x9) is larger than DES block size (8). # Generated with: # echo -n -e "\x68\x65\x6c\x6c\x6f\x09\x09\x09" | openssl des-cbc -e -base64 -p -K "bbb0ddff1b944b3cc68eaaeb7ac20099" -iv "3132333435363738" -nopad PEM read (DES-CBC, padding data is larger than DES block length) From e88a1c5b85163f21d12bda2a6ed64e56bc4cf87c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 19 Feb 2024 15:08:49 +0100 Subject: [PATCH 125/132] pem: fix return values in pem_check_pkcs_padding() Return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH instead of MBEDTLS_ERR_PEM_BAD_INPUT_DATA in case of errors. This commit also fix related failures in test pkparse and pem test suites. Signed-off-by: Valerio Setti --- library/pem.c | 4 ++-- tests/suites/test_suite_pem.data | 6 +++--- tests/suites/test_suite_pkparse.data | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/library/pem.c b/library/pem.c index 48180eed4..1b1edc06b 100644 --- a/library/pem.c +++ b/library/pem.c @@ -248,14 +248,14 @@ static int pem_check_pkcs_padding(unsigned char *input, size_t input_len, size_t size_t i; if (pad_len > input_len) { - return MBEDTLS_ERR_PEM_BAD_INPUT_DATA; + return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH; } *data_len = input_len - pad_len; for (i = *data_len; i < input_len; i++) { if (input[i] != pad_len) { - return MBEDTLS_ERR_PEM_BAD_INPUT_DATA; + return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH; } } diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index b5bcb406e..007ba104a 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -69,18 +69,18 @@ mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KE # echo -n -e "\x68\x65\x6c\x6c\x6f\x20\x77\x6f\x72\x6c\x64\x01\x02\x03\x04\x05" | openssl aes-128-cbc -e -base64 -p -K "bbb0ddff1b944b3cc68eaaeb7ac20099" -iv "3132333435363738" -nopad PEM read (AES-128-CBC, invalid padding data) depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,31323334353637380000000000000000\n\n333hxynfxEdXrSHQfIabxQ==\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_BAD_INPUT_DATA:"" +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,31323334353637380000000000000000\n\n333hxynfxEdXrSHQfIabxQ==\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_PASSWORD_MISMATCH:"" # Padding data (0x11) is larger than AES block size (16). # Generated with: # echo -n -e "\x68\x65\x6c\x6c\x6f\x20\x77\x6f\x72\x6c\x64\x11\x11\x11\x11\x11" | openssl aes-128-cbc -e -base64 -p -K "bbb0ddff1b944b3cc68eaaeb7ac20099" -iv "3132333435363738" -nopad PEM read (AES-128-CBC, padding data is larger than AES block length) depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,31323334353637380000000000000000\n\n5wA/XVXHuMsQAAOGFQmK0g==\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_BAD_INPUT_DATA:"" +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,31323334353637380000000000000000\n\n5wA/XVXHuMsQAAOGFQmK0g==\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_PASSWORD_MISMATCH:"" # Padding data (0x9) is larger than DES block size (8). # Generated with: # echo -n -e "\x68\x65\x6c\x6c\x6f\x09\x09\x09" | openssl des-cbc -e -base64 -p -K "bbb0ddff1b944b3cc68eaaeb7ac20099" -iv "3132333435363738" -nopad PEM read (DES-CBC, padding data is larger than DES block length) depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC -mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,3132333435363738\n\n6a+B2WineBM=\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_BAD_INPUT_DATA:"" +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,3132333435363738\n\n6a+B2WineBM=\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_PASSWORD_MISMATCH:"" diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 7ee77da8e..762fd52a2 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -8,7 +8,7 @@ pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLTest":0 Parse RSA Key #3 (Wrong password) depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C -pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PEM_BAD_INPUT_DATA +pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #4 (DES Encrypted) depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC From f966a978067e8358ed9a6ce8404f09fc67579be1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 19 Feb 2024 15:30:27 +0100 Subject: [PATCH 126/132] test_suite_pk: remove leftover comment Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 946c52f8b..1aca4bdcf 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1084,8 +1084,6 @@ void pk_sign_verify(int type, int curve_or_keybits, int rsa_padding, int rsa_md_ #if defined(MBEDTLS_RSA_C) if (type == MBEDTLS_PK_RSA) { - /* Just pick SHA1 here as hashing algorithm as we're more interested - * in checking the compatibility between */ TEST_ASSERT(mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), rsa_padding, rsa_md_alg) == 0); } #else From 85e568c76d620347cea08ee345011553bd7550b1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 19 Feb 2024 15:45:00 +0100 Subject: [PATCH 127/132] pk: fix documentation for RSA sign/verify and encrypt/decrypt Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index c37121f8a..df11de6ac 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -612,6 +612,13 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, * \param sig Signature to verify * \param sig_len Signature length * + * \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is + * either PKCS#1 v1.5 or PSS (accepting any salt length), + * depending on the padding mode in the underlying RSA context. + * For a pk object constructed by parsing, this is PKCS#1 v1.5 + * by default. Use mbedtls_pk_verify_ext() to explicitly select + * a different algorithm. + * * \return 0 on success (signature is valid), * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid * signature in \p sig but its length is less than \p sig_len, @@ -702,6 +709,14 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, * \param f_rng RNG function, must not be \c NULL. * \param p_rng RNG parameter * + * \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is + * either PKCS#1 v1.5 or PSS (using the largest possible salt + * length up to the hash length), depending on the padding mode + * in the underlying RSA context. For a pk object constructed + * by parsing, this is PKCS#1 v1.5 by default. Use + * mbedtls_pk_verify_ext() to explicitly select a different + * algorithm. + * * \return 0 on success, or a specific error code. * * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. @@ -798,6 +813,11 @@ int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx, * \param f_rng RNG function, must not be \c NULL. * \param p_rng RNG parameter * + * \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is + * either PKCS#1 v1.5 or OAEP, depending on the padding mode in + * the underlying RSA context. For a pk object constructed by + * parsing, this is PKCS#1 v1.5 by default. + * * \return 0 on success, or a specific error code. */ int mbedtls_pk_decrypt(mbedtls_pk_context *ctx, @@ -817,6 +837,11 @@ int mbedtls_pk_decrypt(mbedtls_pk_context *ctx, * \param f_rng RNG function, must not be \c NULL. * \param p_rng RNG parameter * + * \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is + * either PKCS#1 v1.5 or OAEP, depending on the padding mode in + * the underlying RSA context. For a pk object constructed by + * parsing, this is PKCS#1 v1.5 by default. + * * \note \p f_rng is used for padding generation. * * \return 0 on success, or a specific error code. From 80bc5d6aad7b3ed071af6987b254562030c0cb2c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 19 Feb 2024 16:13:47 +0100 Subject: [PATCH 128/132] test_suite_pk: fix data in some RSA related test cases Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.data | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 9c0bb23a3..11dc3194f 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -352,7 +352,7 @@ pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_RSA_PK RSA verify test vector: PKCS1v1.5, SHA1, signature is PSS depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15 -pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e":MBEDTLS_ERR_RSA_VERIFY_FAILED +pk_rsa_verify_test_vec:"37b66ae0445843353d47ecb0b4fd14c110e62d6a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":"010001":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e":MBEDTLS_ERR_RSA_VERIFY_FAILED ECDSA verify test vector #1 (good) depends_on:MBEDTLS_ECP_HAVE_SECP192R1 @@ -456,11 +456,11 @@ pk_rsa_encrypt_decrypt_test:"4E636AF98E40F3ADCFCCB698F4E80B9F":2048:"e79a373182b RSA decrypt test vector - PKCS1v1.5 depends_on:MBEDTLS_PKCS1_V15 -pk_rsa_decrypt_test_vec:"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":1024:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":0 +pk_rsa_decrypt_test_vec:"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":1024:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_NONE:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":0 RSA decrypt test vector - PKCS1v1.5, corrupted encrypted data depends_on:MBEDTLS_PKCS1_V15 -pk_rsa_decrypt_test_vec:"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43d":1024:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING +pk_rsa_decrypt_test_vec:"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43d":1024:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_NONE:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING RSA decrypt test vector - PKCS1v2.1 depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA1 @@ -472,7 +472,7 @@ pk_rsa_decrypt_test_vec:"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30 RSA decrypt test vector - PKCS1v1.5, but data is PKCS1v2.1 encrypted depends_on:MBEDTLS_PKCS1_V15 -pk_rsa_decrypt_test_vec:"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0956":1024:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING +pk_rsa_decrypt_test_vec:"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955":1024:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_NONE:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING RSA decrypt test vector - PKCS1v2.1, but data is PKCS1v1.5 encrypted depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA1 From 02f30230c4fb8fe8bf4d75e4146620a5bea914a9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 20 Feb 2024 10:22:36 +0100 Subject: [PATCH 129/132] pem: zeroize the entire buffer in case of errors in mbedtls_pem_read_buffer() Signed-off-by: Valerio Setti --- library/pem.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/pem.c b/library/pem.c index 1b1edc06b..0fee5df43 100644 --- a/library/pem.c +++ b/library/pem.c @@ -453,18 +453,20 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const #endif /* MBEDTLS_AES_C */ if (ret != 0) { - mbedtls_free(buf); + mbedtls_zeroize_and_free(buf, len); return ret; } /* Check PKCS padding and update data length based on padding info. * This can be used to detect invalid padding data and password * mismatches. */ - ret = pem_check_pkcs_padding(buf, len, &len); + size_t unpadded_len; + ret = pem_check_pkcs_padding(buf, len, &unpadded_len); if (ret != 0) { mbedtls_zeroize_and_free(buf, len); return ret; } + len = unpadded_len; #else mbedtls_zeroize_and_free(buf, len); return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE; From 7e1596d24cffb8f0675e6be5cf6d6510b09142dd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 20 Feb 2024 10:23:49 +0100 Subject: [PATCH 130/132] rsa: remove leftovers from mbedtls_rsa_parse_[pub]key() Signed-off-by: Valerio Setti --- library/rsa.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 2c3386912..da32659b7 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -112,8 +112,6 @@ int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, si return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - end = p + len; - if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) { return ret; } @@ -248,8 +246,6 @@ int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key, return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - end = p + len; - /* Import N */ if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { return ret; From 56457b9eacb0ab9fe1bf80995b909388bcf52e88 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 20 Feb 2024 10:47:47 +0100 Subject: [PATCH 131/132] add changelog Signed-off-by: Valerio Setti --- ChangeLog.d/8824.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/8824.txt diff --git a/ChangeLog.d/8824.txt b/ChangeLog.d/8824.txt new file mode 100644 index 000000000..fb34c0161 --- /dev/null +++ b/ChangeLog.d/8824.txt @@ -0,0 +1,6 @@ +Bugfix + * Fix mbedtls_pk_sign(), mbedtls_pk_verify(), mbedtls_pk_decrypt() or + mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in + the RSA context. Before they always used PKCS#1 v1.5 even when the RSA + context was configured for PKCS#1 v2.1 (PSS/OAEP). Fixes #8824. + From 3e6ac1b5d1f19c6448d934198960c24b2d7ba523 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 20 Feb 2024 11:28:00 +0100 Subject: [PATCH 132/132] fix changelog Signed-off-by: Valerio Setti --- ChangeLog.d/8824.txt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/8824.txt b/ChangeLog.d/8824.txt index fb34c0161..abc305fcf 100644 --- a/ChangeLog.d/8824.txt +++ b/ChangeLog.d/8824.txt @@ -1,6 +1,7 @@ Bugfix - * Fix mbedtls_pk_sign(), mbedtls_pk_verify(), mbedtls_pk_decrypt() or + * Fix mbedtls_pk_sign(), mbedtls_pk_verify(), mbedtls_pk_decrypt() and mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in - the RSA context. Before they always used PKCS#1 v1.5 even when the RSA - context was configured for PKCS#1 v2.1 (PSS/OAEP). Fixes #8824. + the RSA context. Before, if MBEDTLS_USE_PSA_CRYPTO was enabled, they always + used PKCS#1 v1.5 even when the RSA context was configured for PKCS#1 v2.1 + (PSS/OAEP). Fixes #8824.