mirror of
https://github.com/cuberite/polarssl.git
synced 2025-09-23 20:48:33 -04:00
Merge pull request #10209 from bjwtaylor/remove-MBEDTLS_USE_PSA_CRYPTO-code
Remove mbedtls use psa crypto code
This commit is contained in:
commit
40486a404d
@ -78,12 +78,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||
mbedtls_ctr_drbg_init(&ctr_drbg);
|
||||
mbedtls_entropy_init(&entropy);
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
|
||||
(const unsigned char *) pers, strlen(pers)) != 0) {
|
||||
@ -179,9 +177,7 @@ exit:
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_ssl_config_free(&conf);
|
||||
mbedtls_ssl_free(&ssl);
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#else
|
||||
(void) Data;
|
||||
|
@ -61,12 +61,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||
mbedtls_ctr_drbg_init(&ctr_drbg);
|
||||
mbedtls_entropy_init(&entropy);
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
|
||||
(const unsigned char *) pers, strlen(pers)) != 0) {
|
||||
@ -124,9 +122,7 @@ exit:
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_ssl_config_free(&conf);
|
||||
mbedtls_ssl_free(&ssl);
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#else
|
||||
(void) Data;
|
||||
|
@ -58,12 +58,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||
mbedtls_ssl_config_init(&conf);
|
||||
mbedtls_ssl_cookie_init(&cookie_ctx);
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
|
||||
(const unsigned char *) pers, strlen(pers)) != 0) {
|
||||
@ -166,9 +164,7 @@ exit:
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_ssl_config_free(&conf);
|
||||
mbedtls_ssl_free(&ssl);
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#else
|
||||
(void) Data;
|
||||
|
@ -67,12 +67,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
|
||||
mbedtls_ssl_ticket_init(&ticket_ctx);
|
||||
#endif
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
|
||||
(const unsigned char *) pers, strlen(pers)) != 0) {
|
||||
@ -194,19 +192,17 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||
exit:
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
|
||||
mbedtls_ssl_ticket_free(&ticket_ctx);
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */
|
||||
mbedtls_entropy_free(&entropy);
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_ssl_config_free(&conf);
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
|
||||
mbedtls_x509_crt_free(&srvcert);
|
||||
mbedtls_pk_free(&pkey);
|
||||
#endif
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_PEM_PARSE_C */
|
||||
mbedtls_ssl_free(&ssl);
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif
|
||||
#else
|
||||
#else /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
|
||||
(void) Data;
|
||||
(void) Size;
|
||||
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
|
||||
|
@ -12,31 +12,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||
unsigned char buf[4096];
|
||||
|
||||
mbedtls_x509_crl_init(&crl);
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
ret = mbedtls_x509_crl_parse(&crl, Data, Size);
|
||||
#if !defined(MBEDTLS_X509_REMOVE_INFO)
|
||||
if (ret == 0) {
|
||||
ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl);
|
||||
}
|
||||
#else
|
||||
#else /* !MBEDTLS_X509_REMOVE_INFO */
|
||||
((void) ret);
|
||||
((void) buf);
|
||||
#endif /* !MBEDTLS_X509_REMOVE_INFO */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
exit:
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
mbedtls_x509_crl_free(&crl);
|
||||
#else
|
||||
#else /* MBEDTLS_X509_CRL_PARSE_C */
|
||||
(void) Data;
|
||||
(void) Size;
|
||||
#endif
|
||||
#endif /* MBEDTLS_X509_CRL_PARSE_C */
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -12,12 +12,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||
unsigned char buf[4096];
|
||||
|
||||
mbedtls_x509_crt_init(&crt);
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
ret = mbedtls_x509_crt_parse(&crt, Data, Size);
|
||||
#if !defined(MBEDTLS_X509_REMOVE_INFO)
|
||||
if (ret == 0) {
|
||||
@ -28,15 +26,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||
((void) buf);
|
||||
#endif /* !MBEDTLS_X509_REMOVE_INFO */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
exit:
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
mbedtls_x509_crt_free(&crt);
|
||||
#else
|
||||
#else /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
(void) Data;
|
||||
(void) Size;
|
||||
#endif
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -12,31 +12,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||
unsigned char buf[4096];
|
||||
|
||||
mbedtls_x509_csr_init(&csr);
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
ret = mbedtls_x509_csr_parse(&csr, Data, Size);
|
||||
#if !defined(MBEDTLS_X509_REMOVE_INFO)
|
||||
if (ret == 0) {
|
||||
ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr);
|
||||
}
|
||||
#else
|
||||
#else /* !MBEDTLS_X509_REMOVE_INFO */
|
||||
((void) ret);
|
||||
((void) buf);
|
||||
#endif /* !MBEDTLS_X509_REMOVE_INFO */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
exit:
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
mbedtls_x509_csr_free(&csr);
|
||||
#else
|
||||
#else /* MBEDTLS_X509_CSR_PARSE_C */
|
||||
(void) Data;
|
||||
(void) Size;
|
||||
#endif
|
||||
#endif /* MBEDTLS_X509_CSR_PARSE_C */
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -257,14 +257,12 @@ int main(int argc, char *argv[])
|
||||
mbedtls_ctr_drbg_init(&ctr_drbg);
|
||||
memset(buf, 0, sizeof(buf));
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||
(int) status);
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if (argc < 2) {
|
||||
usage:
|
||||
@ -473,9 +471,7 @@ exit:
|
||||
mbedtls_pk_free(&key);
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
mbedtls_exit(exit_code);
|
||||
}
|
||||
|
@ -55,14 +55,12 @@ int main(int argc, char *argv[])
|
||||
mbedtls_ctr_drbg_init(&ctr_drbg);
|
||||
mbedtls_pk_init(&pk);
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||
(int) status);
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if (argc != 3) {
|
||||
mbedtls_printf("usage: mbedtls_pk_sign <key_file> <filename>\n");
|
||||
@ -139,9 +137,7 @@ exit:
|
||||
mbedtls_pk_free(&pk);
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_ERROR_C)
|
||||
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
|
||||
|
@ -47,14 +47,12 @@ int main(int argc, char *argv[])
|
||||
|
||||
mbedtls_pk_init(&pk);
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||
(int) status);
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if (argc != 3) {
|
||||
mbedtls_printf("usage: mbedtls_pk_verify <key_file> <filename>\n");
|
||||
@ -115,9 +113,7 @@ int main(int argc, char *argv[])
|
||||
|
||||
exit:
|
||||
mbedtls_pk_free(&pk);
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_ERROR_C)
|
||||
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
|
||||
|
@ -57,14 +57,12 @@ int main(int argc, char *argv[])
|
||||
mbedtls_pk_init(&pk);
|
||||
mbedtls_ctr_drbg_init(&ctr_drbg);
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||
(int) status);
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if (argc != 3) {
|
||||
mbedtls_printf("usage: rsa_sign_pss <key_file> <filename>\n");
|
||||
@ -153,9 +151,7 @@ exit:
|
||||
mbedtls_pk_free(&pk);
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
mbedtls_exit(exit_code);
|
||||
}
|
||||
|
@ -51,14 +51,12 @@ int main(int argc, char *argv[])
|
||||
|
||||
mbedtls_pk_init(&pk);
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||
(int) status);
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if (argc != 3) {
|
||||
mbedtls_printf("usage: rsa_verify_pss <key_file> <filename>\n");
|
||||
@ -131,9 +129,7 @@ int main(int argc, char *argv[])
|
||||
|
||||
exit:
|
||||
mbedtls_pk_free(&pk);
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
mbedtls_exit(exit_code);
|
||||
}
|
||||
|
@ -9,9 +9,7 @@
|
||||
|
||||
#include "ssl_test_lib.h"
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
#include "test/psa_crypto_helpers.h"
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
|
||||
int main(void)
|
||||
@ -145,7 +143,7 @@ int main(void)
|
||||
#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||
#define USAGE_IO ""
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
#define USAGE_KEY_OPAQUE \
|
||||
" key_opaque=%%d Handle your private key as if it were opaque\n" \
|
||||
" default: 0 (disabled)\n"
|
||||
@ -172,7 +170,6 @@ int main(void)
|
||||
" psk=%%s default: \"\" (disabled)\n" \
|
||||
" The PSK values are in hex, without 0x.\n" \
|
||||
" psk_identity=%%s default: \"Client_identity\"\n"
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#define USAGE_PSK_SLOT \
|
||||
" psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
|
||||
" Enable this to store the PSK configured through command line\n" \
|
||||
@ -183,9 +180,6 @@ int main(void)
|
||||
" Note: This is to test integration of PSA-based opaque PSKs with\n" \
|
||||
" Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \
|
||||
" with prepopulated key slots instead of importing raw key material.\n"
|
||||
#else
|
||||
#define USAGE_PSK_SLOT ""
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
|
||||
#else
|
||||
#define USAGE_PSK ""
|
||||
@ -309,14 +303,9 @@ int main(void)
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#define USAGE_ECJPAKE \
|
||||
" ecjpake_pw=%%s default: none (disabled)\n" \
|
||||
" ecjpake_pw_opaque=%%d default: 0 (disabled)\n"
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#define USAGE_ECJPAKE \
|
||||
" ecjpake_pw=%%s default: none (disabled)\n"
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
#define USAGE_ECJPAKE ""
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
@ -488,9 +477,7 @@ struct options {
|
||||
const char *crt_file; /* the file with the client certificate */
|
||||
const char *key_file; /* the file with the client key */
|
||||
int key_opaque; /* handle private key as if it were opaque */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
int psk_opaque;
|
||||
#endif
|
||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||
int ca_callback; /* Use callback for trusted certificate list */
|
||||
#endif
|
||||
@ -498,9 +485,7 @@ struct options {
|
||||
const char *psk; /* the pre-shared key */
|
||||
const char *psk_identity; /* the pre-shared key identity */
|
||||
const char *ecjpake_pw; /* the EC J-PAKE password */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */
|
||||
#endif
|
||||
int ec_max_ops; /* EC consecutive operations limit */
|
||||
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
@ -824,16 +809,12 @@ int main(int argc, char *argv[])
|
||||
|
||||
const char *pers = "ssl_client2";
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||
mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_algorithm_t alg = 0;
|
||||
psa_key_attributes_t key_attributes;
|
||||
#endif
|
||||
psa_status_t status;
|
||||
#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
psa_status_t status;
|
||||
#endif
|
||||
|
||||
rng_context_t rng;
|
||||
mbedtls_ssl_context ssl;
|
||||
@ -850,9 +831,7 @@ int main(int argc, char *argv[])
|
||||
mbedtls_x509_crt clicert;
|
||||
mbedtls_pk_context pkey;
|
||||
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||
char *p, *q;
|
||||
const int *list;
|
||||
@ -877,10 +856,9 @@ int main(int argc, char *argv[])
|
||||
MBEDTLS_TLS_SRTP_UNSET
|
||||
};
|
||||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||
mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
|
||||
@ -907,7 +885,6 @@ int main(int argc, char *argv[])
|
||||
memset((void *) alpn_list, 0, sizeof(alpn_list));
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||
@ -915,7 +892,6 @@ int main(int argc, char *argv[])
|
||||
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||
mbedtls_test_enable_insecure_external_rng();
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
|
||||
@ -942,17 +918,13 @@ int main(int argc, char *argv[])
|
||||
opt.key_opaque = DFL_KEY_OPAQUE;
|
||||
opt.key_pwd = DFL_KEY_PWD;
|
||||
opt.psk = DFL_PSK;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
opt.psk_opaque = DFL_PSK_OPAQUE;
|
||||
#endif
|
||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||
opt.ca_callback = DFL_CA_CALLBACK;
|
||||
#endif
|
||||
opt.psk_identity = DFL_PSK_IDENTITY;
|
||||
opt.ecjpake_pw = DFL_ECJPAKE_PW;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE;
|
||||
#endif
|
||||
opt.ec_max_ops = DFL_EC_MAX_OPS;
|
||||
opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
@ -1127,7 +1099,7 @@ usage:
|
||||
} else if (strcmp(p, "key_pwd") == 0) {
|
||||
opt.key_pwd = q;
|
||||
}
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
else if (strcmp(p, "key_opaque") == 0) {
|
||||
opt.key_opaque = atoi(q);
|
||||
}
|
||||
@ -1151,12 +1123,9 @@ usage:
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
else if (strcmp(p, "psk") == 0) {
|
||||
opt.psk = q;
|
||||
}
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
else if (strcmp(p, "psk_opaque") == 0) {
|
||||
} else if (strcmp(p, "psk_opaque") == 0) {
|
||||
opt.psk_opaque = atoi(q);
|
||||
}
|
||||
#endif
|
||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||
else if (strcmp(p, "ca_callback") == 0) {
|
||||
opt.ca_callback = atoi(q);
|
||||
@ -1166,13 +1135,9 @@ usage:
|
||||
opt.psk_identity = q;
|
||||
} else if (strcmp(p, "ecjpake_pw") == 0) {
|
||||
opt.ecjpake_pw = q;
|
||||
}
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
|
||||
} else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
|
||||
opt.ecjpake_pw_opaque = atoi(q);
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(p, "ec_max_ops") == 0) {
|
||||
} else if (strcmp(p, "ec_max_ops") == 0) {
|
||||
opt.ec_max_ops = atoi(q);
|
||||
} else if (strcmp(p, "force_ciphersuite") == 0) {
|
||||
opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
|
||||
@ -1500,7 +1465,6 @@ usage:
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (opt.psk_opaque != 0) {
|
||||
if (opt.psk == NULL) {
|
||||
mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
|
||||
@ -1515,7 +1479,6 @@ usage:
|
||||
goto usage;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if (opt.force_ciphersuite[0] > 0) {
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
@ -1550,7 +1513,6 @@ usage:
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||
if (opt.psk_opaque != 0) {
|
||||
/* Determine KDF algorithm the opaque PSK will be used in. */
|
||||
@ -1562,7 +1524,6 @@ usage:
|
||||
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
@ -1786,7 +1747,6 @@ usage:
|
||||
goto exit;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (opt.key_opaque != 0) {
|
||||
psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
|
||||
psa_key_usage_t usage = 0;
|
||||
@ -1805,7 +1765,6 @@ usage:
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
mbedtls_printf(" ok (key type: %s)\n",
|
||||
strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ?
|
||||
@ -2006,7 +1965,6 @@ usage:
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (opt.psk_opaque != 0) {
|
||||
key_attributes = psa_key_attributes_init();
|
||||
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
|
||||
@ -2027,7 +1985,6 @@ usage:
|
||||
goto exit;
|
||||
}
|
||||
} else
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
if (psk_len > 0) {
|
||||
ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
|
||||
(const unsigned char *) opt.psk_identity,
|
||||
@ -2098,7 +2055,6 @@ usage:
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) {
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
@ -2123,9 +2079,7 @@ usage:
|
||||
goto exit;
|
||||
}
|
||||
mbedtls_printf("using opaque password\n");
|
||||
} else
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
{
|
||||
} else {
|
||||
if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
|
||||
(const unsigned char *) opt.ecjpake_pw,
|
||||
strlen(opt.ecjpake_pw))) != 0) {
|
||||
@ -3206,13 +3160,10 @@ exit:
|
||||
mbedtls_x509_crt_free(&clicert);
|
||||
mbedtls_x509_crt_free(&cacert);
|
||||
mbedtls_pk_free(&pkey);
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_destroy_key(key_slot);
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
|
||||
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||
if (opt.psk_opaque != 0) {
|
||||
/* This is ok even if the slot hasn't been
|
||||
* initialized (we might have jumed here
|
||||
@ -3229,11 +3180,9 @@ exit:
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
|
||||
MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
/*
|
||||
* In case opaque keys it's the user responsibility to keep the key valid
|
||||
* for the duration of the handshake and destroy it at the end
|
||||
@ -3252,9 +3201,8 @@ exit:
|
||||
psa_destroy_key(ecjpake_pw_slot);
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
const char *message = mbedtls_test_helper_is_psa_leaking();
|
||||
if (message) {
|
||||
if (ret == 0) {
|
||||
@ -3262,12 +3210,10 @@ exit:
|
||||
}
|
||||
mbedtls_printf("PSA memory leak detected: %s\n", message);
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
/* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
|
||||
* resources are freed by rng_free(). */
|
||||
#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \
|
||||
!defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
|
||||
#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif
|
||||
|
||||
|
@ -53,9 +53,7 @@ int main(void)
|
||||
#include <windows.h>
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
#include "test/psa_crypto_helpers.h"
|
||||
#endif
|
||||
|
||||
#include "mbedtls/pk.h"
|
||||
#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
|
||||
@ -205,7 +203,7 @@ int main(void)
|
||||
#else
|
||||
#define USAGE_IO ""
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
#define USAGE_KEY_OPAQUE \
|
||||
" key_opaque=%%d Handle your private keys as if they were opaque\n" \
|
||||
" default: 0 (disabled)\n"
|
||||
@ -248,7 +246,6 @@ int main(void)
|
||||
" The PSK values are in hex, without 0x.\n" \
|
||||
" id1,psk1[,id2,psk2[,...]]\n" \
|
||||
" psk_identity=%%s default: \"Client_identity\"\n"
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#define USAGE_PSK_SLOT \
|
||||
" psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
|
||||
" Enable this to store the PSK configured through command line\n" \
|
||||
@ -268,9 +265,6 @@ int main(void)
|
||||
" Note: This is to test integration of PSA-based opaque PSKs with\n" \
|
||||
" Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \
|
||||
" with prepopulated key slots instead of importing raw key material.\n"
|
||||
#else
|
||||
#define USAGE_PSK_SLOT ""
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
|
||||
#else
|
||||
#define USAGE_PSK ""
|
||||
@ -419,14 +413,9 @@ int main(void)
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#define USAGE_ECJPAKE \
|
||||
" ecjpake_pw=%%s default: none (disabled)\n" \
|
||||
" ecjpake_pw_opaque=%%d default: 0 (disabled)\n"
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#define USAGE_ECJPAKE \
|
||||
" ecjpake_pw=%%s default: none (disabled)\n"
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
#define USAGE_ECJPAKE ""
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
@ -641,10 +630,8 @@ struct options {
|
||||
int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */
|
||||
int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */
|
||||
int async_private_error; /* inject error in async private callback */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
int psk_opaque;
|
||||
int psk_list_opaque;
|
||||
#endif
|
||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||
int ca_callback; /* Use callback for trusted certificate list */
|
||||
#endif
|
||||
@ -652,9 +639,7 @@ struct options {
|
||||
const char *psk_identity; /* the pre-shared key identity */
|
||||
char *psk_list; /* list of PSK id/key pairs for callback */
|
||||
const char *ecjpake_pw; /* the EC J-PAKE password */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */
|
||||
#endif
|
||||
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */
|
||||
@ -962,9 +947,7 @@ struct _psk_entry {
|
||||
const char *name;
|
||||
size_t key_len;
|
||||
unsigned char key[MBEDTLS_PSK_MAX_LEN];
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_svc_key_id_t slot;
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
psk_entry *next;
|
||||
};
|
||||
|
||||
@ -976,7 +959,6 @@ static int psk_free(psk_entry *head)
|
||||
psk_entry *next;
|
||||
|
||||
while (head != NULL) {
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status;
|
||||
mbedtls_svc_key_id_t const slot = head->slot;
|
||||
|
||||
@ -986,7 +968,6 @@ static int psk_free(psk_entry *head)
|
||||
return status;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
next = head->next;
|
||||
mbedtls_free(head);
|
||||
@ -1052,12 +1033,11 @@ static int psk_callback(void *p_info, mbedtls_ssl_context *ssl,
|
||||
while (cur != NULL) {
|
||||
if (name_len == strlen(cur->name) &&
|
||||
memcmp(name, cur->name, name_len) == 0) {
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) {
|
||||
return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot);
|
||||
} else
|
||||
#endif
|
||||
return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len);
|
||||
} else {
|
||||
return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len);
|
||||
}
|
||||
}
|
||||
|
||||
cur = cur->next;
|
||||
@ -1302,7 +1282,6 @@ static void ssl_async_cancel(mbedtls_ssl_context *ssl)
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||
static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot,
|
||||
psa_algorithm_t alg,
|
||||
@ -1326,7 +1305,6 @@ static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot,
|
||||
return PSA_SUCCESS;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
static int report_cid_usage(mbedtls_ssl_context *ssl,
|
||||
@ -1543,10 +1521,8 @@ int main(int argc, char *argv[])
|
||||
io_ctx_t io_ctx;
|
||||
unsigned char *buf = 0;
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_algorithm_t alg = 0;
|
||||
mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
|
||||
size_t psk_len = 0;
|
||||
psk_entry *psk_info = NULL;
|
||||
@ -1574,10 +1550,8 @@ int main(int argc, char *argv[])
|
||||
mbedtls_x509_crt srvcert2;
|
||||
mbedtls_pk_context pkey2;
|
||||
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
|
||||
mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
|
||||
#endif
|
||||
int key_cert_init = 0, key_cert_init2 = 0;
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
@ -1609,10 +1583,9 @@ int main(int argc, char *argv[])
|
||||
unsigned char *context_buf = NULL;
|
||||
size_t context_buf_len = 0;
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
|
||||
@ -1621,9 +1594,7 @@ int main(int argc, char *argv[])
|
||||
int i;
|
||||
char *p, *q;
|
||||
const int *list;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
psa_status_t status;
|
||||
#endif
|
||||
unsigned char eap_tls_keymaterial[16];
|
||||
unsigned char eap_tls_iv[8];
|
||||
const char *eap_tls_label = "client EAP encryption";
|
||||
@ -1684,7 +1655,6 @@ int main(int argc, char *argv[])
|
||||
mbedtls_ssl_cookie_init(&cookie_ctx);
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||
@ -1692,7 +1662,6 @@ int main(int argc, char *argv[])
|
||||
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||
mbedtls_test_enable_insecure_external_rng();
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
|
||||
@ -1731,19 +1700,15 @@ int main(int argc, char *argv[])
|
||||
opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2;
|
||||
opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR;
|
||||
opt.psk = DFL_PSK;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
opt.psk_opaque = DFL_PSK_OPAQUE;
|
||||
opt.psk_list_opaque = DFL_PSK_LIST_OPAQUE;
|
||||
#endif
|
||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||
opt.ca_callback = DFL_CA_CALLBACK;
|
||||
#endif
|
||||
opt.psk_identity = DFL_PSK_IDENTITY;
|
||||
opt.psk_list = DFL_PSK_LIST;
|
||||
opt.ecjpake_pw = DFL_ECJPAKE_PW;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE;
|
||||
#endif
|
||||
opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES;
|
||||
@ -1924,7 +1889,7 @@ usage:
|
||||
} else if (strcmp(p, "key_pwd") == 0) {
|
||||
opt.key_pwd = q;
|
||||
}
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
else if (strcmp(p, "key_opaque") == 0) {
|
||||
opt.key_opaque = atoi(q);
|
||||
}
|
||||
@ -1972,14 +1937,11 @@ usage:
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
else if (strcmp(p, "psk") == 0) {
|
||||
opt.psk = q;
|
||||
}
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
else if (strcmp(p, "psk_opaque") == 0) {
|
||||
} else if (strcmp(p, "psk_opaque") == 0) {
|
||||
opt.psk_opaque = atoi(q);
|
||||
} else if (strcmp(p, "psk_list_opaque") == 0) {
|
||||
opt.psk_list_opaque = atoi(q);
|
||||
}
|
||||
#endif
|
||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||
else if (strcmp(p, "ca_callback") == 0) {
|
||||
opt.ca_callback = atoi(q);
|
||||
@ -1991,13 +1953,9 @@ usage:
|
||||
opt.psk_list = q;
|
||||
} else if (strcmp(p, "ecjpake_pw") == 0) {
|
||||
opt.ecjpake_pw = q;
|
||||
}
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
|
||||
} else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
|
||||
opt.ecjpake_pw_opaque = atoi(q);
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(p, "force_ciphersuite") == 0) {
|
||||
} else if (strcmp(p, "force_ciphersuite") == 0) {
|
||||
opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
|
||||
|
||||
if (opt.force_ciphersuite[0] == 0) {
|
||||
@ -2367,7 +2325,6 @@ usage:
|
||||
goto exit;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (opt.psk_opaque != 0) {
|
||||
if (strlen(opt.psk) == 0) {
|
||||
mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
|
||||
@ -2397,7 +2354,6 @@ usage:
|
||||
goto usage;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if (opt.force_ciphersuite[0] > 0) {
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
@ -2427,7 +2383,6 @@ usage:
|
||||
opt.min_version = ciphersuite_info->min_tls_version;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||
if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) {
|
||||
/* Determine KDF algorithm the opaque PSK will be used in. */
|
||||
@ -2439,7 +2394,6 @@ usage:
|
||||
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
@ -2732,7 +2686,6 @@ usage:
|
||||
#endif /* PSA_HAVE_ALG_SOME_ECDSA && PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (opt.key_opaque != 0) {
|
||||
psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
|
||||
psa_key_usage_t psa_usage = 0;
|
||||
@ -2768,7 +2721,6 @@ usage:
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
mbedtls_printf(" ok (key types: %s, %s)\n",
|
||||
key_cert_init ? mbedtls_pk_get_name(&pkey) : "none",
|
||||
@ -3182,7 +3134,6 @@ usage:
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||
|
||||
if (strlen(opt.psk) != 0 && strlen(opt.psk_identity) != 0) {
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (opt.psk_opaque != 0) {
|
||||
/* The algorithm has already been determined earlier. */
|
||||
status = psa_setup_psk_key_slot(&psk_slot, alg, psk, psk_len);
|
||||
@ -3199,7 +3150,6 @@ usage:
|
||||
goto exit;
|
||||
}
|
||||
} else
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
if (psk_len > 0) {
|
||||
ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
|
||||
(const unsigned char *) opt.psk_identity,
|
||||
@ -3213,7 +3163,6 @@ usage:
|
||||
}
|
||||
|
||||
if (opt.psk_list != NULL) {
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (opt.psk_list_opaque != 0) {
|
||||
psk_entry *cur_psk;
|
||||
for (cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next) {
|
||||
@ -3227,7 +3176,6 @@ usage:
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
mbedtls_ssl_conf_psk_cb(&conf, psk_callback, psk_info);
|
||||
}
|
||||
@ -3384,7 +3332,6 @@ reset:
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) {
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
@ -3409,9 +3356,7 @@ reset:
|
||||
goto exit;
|
||||
}
|
||||
mbedtls_printf("using opaque password\n");
|
||||
} else
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
{
|
||||
} else {
|
||||
if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
|
||||
(const unsigned char *) opt.ecjpake_pw,
|
||||
strlen(opt.ecjpake_pw))) != 0) {
|
||||
@ -4253,11 +4198,9 @@ exit:
|
||||
mbedtls_pk_free(&pkey);
|
||||
mbedtls_x509_crt_free(&srvcert2);
|
||||
mbedtls_pk_free(&pkey2);
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_destroy_key(key_slot);
|
||||
psa_destroy_key(key_slot2);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) {
|
||||
@ -4269,8 +4212,7 @@ exit:
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
|
||||
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||
if (opt.psk_opaque != 0) {
|
||||
/* This is ok even if the slot hasn't been
|
||||
* initialized (we might have jumed here
|
||||
@ -4284,11 +4226,9 @@ exit:
|
||||
(int) status);
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
|
||||
MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
/*
|
||||
* In case opaque keys it's the user responsibility to keep the key valid
|
||||
* for the duration of the handshake and destroy it at the end
|
||||
@ -4307,9 +4247,8 @@ exit:
|
||||
psa_destroy_key(ecjpake_pw_slot);
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
const char *message = mbedtls_test_helper_is_psa_leaking();
|
||||
if (message) {
|
||||
if (ret == 0) {
|
||||
@ -4317,12 +4256,10 @@ exit:
|
||||
}
|
||||
mbedtls_printf("PSA memory leak detected: %s\n", message);
|
||||
}
|
||||
#endif
|
||||
|
||||
/* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
|
||||
* resources are freed by rng_free(). */
|
||||
#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) \
|
||||
&& !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
|
||||
#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif
|
||||
|
||||
|
@ -83,13 +83,11 @@ void rng_init(rng_context_t *rng)
|
||||
|
||||
int rng_seed(rng_context_t *rng, int reproducible, const char *pers)
|
||||
{
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (reproducible) {
|
||||
mbedtls_fprintf(stderr,
|
||||
"MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n");
|
||||
"reproducible mode is not supported.\n");
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
|
||||
/* The PSA crypto RNG does its own seeding. */
|
||||
(void) rng;
|
||||
@ -217,7 +215,6 @@ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
|
||||
psa_algorithm_t *psa_alg1,
|
||||
psa_algorithm_t *psa_alg2,
|
||||
@ -301,7 +298,6 @@ int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algor
|
||||
return 0;
|
||||
}
|
||||
#endif /* MBEDTLS_PK_C */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||
int ca_callback(void *data, mbedtls_x509_crt const *child,
|
||||
|
@ -14,9 +14,7 @@
|
||||
#include "mbedtls/md.h"
|
||||
|
||||
#undef HAVE_RNG
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) || \
|
||||
defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG))
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||
#define HAVE_RNG
|
||||
#elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
|
||||
#define HAVE_RNG
|
||||
@ -55,10 +53,8 @@
|
||||
#include "mbedtls/base64.h"
|
||||
#include "test/certs.h"
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
|
||||
#include "psa/crypto.h"
|
||||
#include "mbedtls/psa_util.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||
#include "mbedtls/memory_buffer_alloc.h"
|
||||
@ -108,30 +104,7 @@ void my_debug(void *ctx, int level,
|
||||
mbedtls_time_t dummy_constant_time(mbedtls_time_t *time);
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
|
||||
/* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use
|
||||
* mbedtls_psa_get_random() rather than entropy+DRBG as a random generator.
|
||||
*
|
||||
* The constraints are:
|
||||
* - Without the entropy module, the PSA RNG is the only option.
|
||||
* - Without at least one of the DRBG modules, the PSA RNG is the only option.
|
||||
* - The PSA RNG does not support explicit seeding, so it is incompatible with
|
||||
* the reproducible mode used by test programs.
|
||||
* - For good overall test coverage, there should be at least one configuration
|
||||
* where the test programs use the PSA RNG while the PSA RNG is itself based
|
||||
* on entropy+DRBG, and at least one configuration where the test programs
|
||||
* do not use the PSA RNG even though it's there.
|
||||
*
|
||||
* A simple choice that meets the constraints is to use the PSA RNG whenever
|
||||
* MBEDTLS_USE_PSA_CRYPTO is enabled. There's no real technical reason the
|
||||
* choice to use the PSA RNG in the test programs and the choice to use
|
||||
* PSA crypto when TLS code needs crypto have to be tied together, but it
|
||||
* happens to be a good match. It's also a good match from an application
|
||||
* perspective: either PSA is preferred for TLS (both for crypto and for
|
||||
* random generation) or it isn't.
|
||||
*/
|
||||
#define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG
|
||||
#endif
|
||||
|
||||
/** A context for random number generation (RNG).
|
||||
*/
|
||||
@ -213,7 +186,6 @@ int rng_get(void *p_rng, unsigned char *output, size_t output_len);
|
||||
*/
|
||||
int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2);
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/** Parse given opaque key algorithms to obtain psa algs and usage
|
||||
* that will be passed to mbedtls_pk_wrap_as_opaque().
|
||||
*
|
||||
@ -259,9 +231,8 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
|
||||
int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2,
|
||||
psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id);
|
||||
#endif /* MBEDTLS_PK_C */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||
/* The test implementation of the PSA external RNG is insecure. When
|
||||
* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto
|
||||
* function that makes use of an RNG, you must call
|
||||
|
@ -152,14 +152,12 @@ int main(int argc, char *argv[])
|
||||
memset(&cacrl, 0, sizeof(mbedtls_x509_crl));
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||
(int) status);
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if (argc < 2) {
|
||||
usage:
|
||||
@ -446,9 +444,7 @@ exit:
|
||||
#endif
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
mbedtls_exit(exit_code);
|
||||
}
|
||||
|
@ -162,14 +162,12 @@ int main(int argc, char *argv[])
|
||||
memset(buf, 0, sizeof(buf));
|
||||
mbedtls_entropy_init(&entropy);
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||
(int) status);
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if (argc < 2) {
|
||||
usage:
|
||||
@ -502,9 +500,7 @@ exit:
|
||||
mbedtls_pk_free(&key);
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
cur = opt.san_list;
|
||||
while (cur != NULL) {
|
||||
|
@ -326,14 +326,12 @@ int main(int argc, char *argv[])
|
||||
memset(buf, 0, sizeof(buf));
|
||||
memset(serial, 0, sizeof(serial));
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||
(int) status);
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if (argc < 2) {
|
||||
usage:
|
||||
@ -1026,9 +1024,7 @@ exit:
|
||||
mbedtls_pk_free(&loaded_issuer_key);
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
mbedtls_exit(exit_code);
|
||||
}
|
||||
|
@ -60,14 +60,12 @@ int main(int argc, char *argv[])
|
||||
*/
|
||||
mbedtls_x509_crl_init(&crl);
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||
(int) status);
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if (argc < 2) {
|
||||
usage:
|
||||
@ -124,9 +122,7 @@ usage:
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crl_free(&crl);
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
mbedtls_exit(exit_code);
|
||||
}
|
||||
|
@ -86,14 +86,12 @@ int main(int argc, char *argv[])
|
||||
struct mbedtls_timing_hr_time timer;
|
||||
unsigned long ms;
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||
(int) status);
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if (argc <= 1) {
|
||||
mbedtls_printf(USAGE);
|
||||
@ -159,9 +157,7 @@ int main(int argc, char *argv[])
|
||||
exit_code = MBEDTLS_EXIT_SUCCESS;
|
||||
|
||||
exit:
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
mbedtls_exit(exit_code);
|
||||
}
|
||||
#endif /* necessary configuration */
|
||||
|
@ -60,14 +60,12 @@ int main(int argc, char *argv[])
|
||||
*/
|
||||
mbedtls_x509_csr_init(&csr);
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||
(int) status);
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if (argc < 2) {
|
||||
usage:
|
||||
@ -124,9 +122,7 @@ usage:
|
||||
|
||||
exit:
|
||||
mbedtls_x509_csr_free(&csr);
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
mbedtls_exit(exit_code);
|
||||
}
|
||||
|
@ -31,11 +31,9 @@
|
||||
#include "mbedtls/ssl_cache.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||
psa_to_ssl_errors, \
|
||||
psa_generic_status_to_mbedtls)
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
#if defined(PSA_WANT_KEY_TYPE_AES)
|
||||
@ -751,18 +749,11 @@ int mbedtls_test_get_tls13_ticket(
|
||||
|
||||
#define ECJPAKE_TEST_PWD "bla"
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \
|
||||
ret = (use_opaque_arg) ? \
|
||||
mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl, pwd_slot) : \
|
||||
mbedtls_ssl_set_hs_ecjpake_password(&ssl, pwd_string, pwd_len); \
|
||||
TEST_EQUAL(ret, exp_ret_val)
|
||||
#else
|
||||
#define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \
|
||||
ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, \
|
||||
pwd_string, pwd_len); \
|
||||
TEST_EQUAL(ret, exp_ret_val)
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#define TEST_AVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \
|
||||
TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \
|
||||
|
@ -66,7 +66,7 @@ component_release_test_valgrind_constant_flow_no_asm () {
|
||||
# - or alternatively, build with debug info and manually run the offending
|
||||
# test suite with valgrind --track-origins=yes, then check if the origin
|
||||
# was TEST_CF_SECRET() or something else.
|
||||
msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO, minus MBEDTLS_HAVE_ASM with constant flow testing"
|
||||
msg "build: cmake release GCC, full config minus MBEDTLS_HAVE_ASM with constant flow testing"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
|
||||
scripts/config.py unset MBEDTLS_AESNI_C
|
||||
@ -77,7 +77,7 @@ component_release_test_valgrind_constant_flow_no_asm () {
|
||||
|
||||
# this only shows a summary of the results (how many of each type)
|
||||
# details are left in Testing/<date>/DynamicAnalysis.xml
|
||||
msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, minus MBEDTLS_HAVE_ASM, valgrind + constant flow)"
|
||||
msg "test: some suites (full minus MBEDTLS_HAVE_ASM, valgrind + constant flow)"
|
||||
make memcheck
|
||||
}
|
||||
|
||||
@ -150,7 +150,7 @@ component_test_memsan () {
|
||||
|
||||
component_release_test_valgrind () {
|
||||
msg "build: Release (clang)"
|
||||
# default config, in particular without MBEDTLS_USE_PSA_CRYPTO
|
||||
# default config
|
||||
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
|
||||
make
|
||||
|
||||
@ -178,7 +178,7 @@ component_release_test_valgrind () {
|
||||
|
||||
component_release_test_valgrind_psa () {
|
||||
msg "build: Release, full (clang)"
|
||||
# full config, in particular with MBEDTLS_USE_PSA_CRYPTO
|
||||
# full config
|
||||
scripts/config.py full
|
||||
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
|
||||
make
|
||||
|
@ -644,11 +644,9 @@ static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep)
|
||||
ep->cert = NULL;
|
||||
}
|
||||
if (ep->pkey != NULL) {
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (mbedtls_pk_get_type(ep->pkey) == MBEDTLS_PK_OPAQUE) {
|
||||
psa_destroy_key(ep->pkey->priv_id);
|
||||
}
|
||||
#endif
|
||||
mbedtls_pk_free(ep->pkey);
|
||||
mbedtls_free(ep->pkey);
|
||||
ep->pkey = NULL;
|
||||
@ -725,9 +723,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
|
||||
int i = 0;
|
||||
int ret = -1;
|
||||
int ok = 0;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
#endif
|
||||
|
||||
if (ep == NULL) {
|
||||
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||
@ -759,7 +755,6 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
|
||||
TEST_EQUAL(load_endpoint_ecc(ep), 0);
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (opaque_alg != 0) {
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
/* Use a fake key usage to get a successful initial guess for the PSA attributes. */
|
||||
@ -776,11 +771,6 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
|
||||
mbedtls_pk_init(ep->pkey);
|
||||
TEST_EQUAL(mbedtls_pk_wrap_psa(ep->pkey, key_slot), 0);
|
||||
}
|
||||
#else
|
||||
(void) opaque_alg;
|
||||
(void) opaque_alg2;
|
||||
(void) opaque_usage;
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_conf_ca_chain(&(ep->conf), ep->ca_chain, NULL);
|
||||
|
||||
@ -1212,7 +1202,6 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform,
|
||||
unsigned char *output,
|
||||
size_t *olen)
|
||||
{
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
|
||||
size_t part_len;
|
||||
@ -1246,10 +1235,6 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform,
|
||||
|
||||
*olen += part_len;
|
||||
return 0;
|
||||
#else
|
||||
return mbedtls_cipher_crypt(&transform->cipher_ctx_enc,
|
||||
iv, iv_len, input, ilen, output, olen);
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && PSA_WANT_ALG_CBC_NO_PADDING &&
|
||||
PSA_WANT_KEY_TYPE_AES */
|
||||
@ -1383,14 +1368,10 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
|
||||
size_t key_bits = 0;
|
||||
int ret = 0;
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_key_type_t key_type;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_algorithm_t alg;
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
#else
|
||||
mbedtls_cipher_info_t const *cipher_info;
|
||||
#endif
|
||||
|
||||
size_t keylen, maclen, ivlen = 0;
|
||||
unsigned char *key0 = NULL, *key1 = NULL;
|
||||
@ -1422,58 +1403,10 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
|
||||
memset(key0, 0x1, keylen);
|
||||
memset(key1, 0x2, keylen);
|
||||
|
||||
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/* Pick cipher */
|
||||
cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type);
|
||||
CHK(cipher_info != NULL);
|
||||
CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16);
|
||||
CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0);
|
||||
|
||||
/* Setup cipher contexts */
|
||||
CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0);
|
||||
CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0);
|
||||
CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0);
|
||||
CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0);
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
if (cipher_mode == MBEDTLS_MODE_CBC) {
|
||||
CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc,
|
||||
MBEDTLS_PADDING_NONE) == 0);
|
||||
CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec,
|
||||
MBEDTLS_PADDING_NONE) == 0);
|
||||
CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc,
|
||||
MBEDTLS_PADDING_NONE) == 0);
|
||||
CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec,
|
||||
MBEDTLS_PADDING_NONE) == 0);
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0,
|
||||
(keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
|
||||
MBEDTLS_ENCRYPT)
|
||||
== 0);
|
||||
CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1,
|
||||
(keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
|
||||
MBEDTLS_DECRYPT)
|
||||
== 0);
|
||||
CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1,
|
||||
(keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
|
||||
MBEDTLS_ENCRYPT)
|
||||
== 0);
|
||||
CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0,
|
||||
(keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
|
||||
MBEDTLS_DECRYPT)
|
||||
== 0);
|
||||
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* Setup MAC contexts */
|
||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
|
||||
if (cipher_mode == MBEDTLS_MODE_CBC ||
|
||||
cipher_mode == MBEDTLS_MODE_STREAM) {
|
||||
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id);
|
||||
CHK(md_info != NULL);
|
||||
#endif
|
||||
maclen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) hash_id);
|
||||
CHK(maclen != 0);
|
||||
/* Pick hash keys */
|
||||
@ -1482,7 +1415,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
|
||||
memset(md0, 0x5, maclen);
|
||||
memset(md1, 0x6, maclen);
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
alg = mbedtls_md_psa_alg_from_type(hash_id);
|
||||
|
||||
CHK(alg != 0);
|
||||
@ -1523,21 +1455,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
|
||||
CHK(psa_import_key(&attributes,
|
||||
md0, maclen,
|
||||
&t_out->psa_mac_dec) == PSA_SUCCESS);
|
||||
#else
|
||||
CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0);
|
||||
CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0);
|
||||
CHK(mbedtls_md_setup(&t_in->md_ctx_enc, md_info, 1) == 0);
|
||||
CHK(mbedtls_md_setup(&t_in->md_ctx_dec, md_info, 1) == 0);
|
||||
|
||||
CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc,
|
||||
md0, maclen) == 0);
|
||||
CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec,
|
||||
md1, maclen) == 0);
|
||||
CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc,
|
||||
md1, maclen) == 0);
|
||||
CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec,
|
||||
md0, maclen) == 0);
|
||||
#endif
|
||||
}
|
||||
#else
|
||||
((void) hash_id);
|
||||
@ -1657,7 +1574,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
|
||||
t_out->out_cid_len = (uint8_t) cid0_len;
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
status = mbedtls_ssl_cipher_to_psa(cipher_type,
|
||||
t_in->taglen,
|
||||
&alg,
|
||||
@ -1720,7 +1636,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
cleanup:
|
||||
|
||||
@ -1737,9 +1652,7 @@ cleanup:
|
||||
int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record,
|
||||
mbedtls_ssl_transform *transform_out)
|
||||
{
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
|
||||
#endif
|
||||
|
||||
/* Serialized version of record header for MAC purposes */
|
||||
unsigned char add_data[13];
|
||||
@ -1751,7 +1664,6 @@ int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record,
|
||||
add_data[12] = (record->data_len >> 0) & 0xff;
|
||||
|
||||
/* MAC with additional data */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
size_t sign_mac_length = 0;
|
||||
TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation,
|
||||
transform_out->psa_mac_enc,
|
||||
@ -1767,26 +1679,13 @@ int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record,
|
||||
TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation,
|
||||
mac, sizeof(mac),
|
||||
&sign_mac_length));
|
||||
#else
|
||||
TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13));
|
||||
TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc,
|
||||
record->buf + record->data_offset,
|
||||
record->data_len));
|
||||
/* Use a temporary buffer for the MAC, because with the truncated HMAC
|
||||
* extension, there might not be enough room in the record for the
|
||||
* full-length MAC. */
|
||||
unsigned char mac[MBEDTLS_MD_MAX_SIZE];
|
||||
TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac));
|
||||
#endif
|
||||
memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen);
|
||||
record->data_len += transform_out->maclen;
|
||||
|
||||
return 0;
|
||||
|
||||
exit:
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_mac_abort(&operation);
|
||||
#endif
|
||||
return -1;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
|
||||
@ -1840,7 +1739,6 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session,
|
||||
return -1;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type(
|
||||
MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE);
|
||||
size_t hash_size = 0;
|
||||
@ -1851,12 +1749,6 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session,
|
||||
MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN,
|
||||
&hash_size);
|
||||
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||
#else
|
||||
ret = mbedtls_md(mbedtls_md_info_from_type(
|
||||
MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE),
|
||||
tmp_crt.raw.p, tmp_crt.raw.len,
|
||||
session->peer_cert_digest);
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
@ -9445,12 +9445,12 @@ run_test "EC restart: TLS, max_ops=65535" \
|
||||
|
||||
# The following test cases for restartable ECDH come in two variants:
|
||||
# * The "(USE_PSA)" variant expects the current behavior, which is the behavior
|
||||
# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is disabled. This tests
|
||||
# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled. This tests
|
||||
# the partial implementation where ECDH in TLS is not actually restartable.
|
||||
# * The "(no USE_PSA)" variant expects the desired behavior. These test
|
||||
# cases cannot currently pass because the implementation of restartable ECC
|
||||
# in TLS is partial: ECDH is not actually restartable. This is the behavior
|
||||
# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled.
|
||||
# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is disabled.
|
||||
#
|
||||
# As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294,
|
||||
# we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test
|
||||
|
@ -16,15 +16,10 @@ void ssl_cf_hmac(int hash)
|
||||
* Test the function mbedtls_ct_hmac() against a reference
|
||||
* implementation.
|
||||
*/
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_algorithm_t alg;
|
||||
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
|
||||
#else
|
||||
mbedtls_md_context_t ctx, ref_ctx;
|
||||
const mbedtls_md_info_t *md_info;
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
size_t out_len, block_size;
|
||||
size_t min_in_len, in_len, max_in_len, i;
|
||||
/* TLS additional data is 13 bytes (hence the "lucky 13" name) */
|
||||
@ -36,7 +31,6 @@ void ssl_cf_hmac(int hash)
|
||||
|
||||
USE_PSA_INIT();
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
alg = PSA_ALG_HMAC(mbedtls_md_psa_alg_from_type(hash));
|
||||
|
||||
out_len = PSA_HASH_LENGTH(alg);
|
||||
@ -47,36 +41,15 @@ void ssl_cf_hmac(int hash)
|
||||
PSA_KEY_USAGE_VERIFY_HASH);
|
||||
psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(alg));
|
||||
psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
|
||||
#else
|
||||
mbedtls_md_init(&ctx);
|
||||
mbedtls_md_init(&ref_ctx);
|
||||
|
||||
md_info = mbedtls_md_info_from_type(hash);
|
||||
TEST_ASSERT(md_info != NULL);
|
||||
out_len = mbedtls_md_get_size(md_info);
|
||||
TEST_ASSERT(out_len != 0);
|
||||
block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64;
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* Use allocated out buffer to catch overwrites */
|
||||
TEST_CALLOC(out, out_len);
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/* Set up dummy key */
|
||||
memset(ref_out, 42, sizeof(ref_out));
|
||||
TEST_EQUAL(PSA_SUCCESS, psa_import_key(&attributes,
|
||||
ref_out, out_len,
|
||||
&key));
|
||||
#else
|
||||
/* Set up contexts with the given hash and a dummy key */
|
||||
TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 1));
|
||||
TEST_EQUAL(0, mbedtls_md_setup(&ref_ctx, md_info, 1));
|
||||
memset(ref_out, 42, sizeof(ref_out));
|
||||
TEST_EQUAL(0, mbedtls_md_hmac_starts(&ctx, ref_out, out_len));
|
||||
TEST_EQUAL(0, mbedtls_md_hmac_starts(&ref_ctx, ref_out, out_len));
|
||||
memset(ref_out, 0, sizeof(ref_out));
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Test all possible lengths up to a point. The difference between
|
||||
* max_in_len and min_in_len is at most 255, and make sure they both vary
|
||||
@ -101,22 +74,14 @@ void ssl_cf_hmac(int hash)
|
||||
|
||||
/* Get the function's result */
|
||||
TEST_CF_SECRET(&in_len, sizeof(in_len));
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
TEST_EQUAL(0, mbedtls_ct_hmac(key, PSA_ALG_HMAC(alg),
|
||||
add_data, sizeof(add_data),
|
||||
data, in_len,
|
||||
min_in_len, max_in_len,
|
||||
out));
|
||||
#else
|
||||
TEST_EQUAL(0, mbedtls_ct_hmac(&ctx, add_data, sizeof(add_data),
|
||||
data, in_len,
|
||||
min_in_len, max_in_len,
|
||||
out));
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
TEST_CF_PUBLIC(&in_len, sizeof(in_len));
|
||||
TEST_CF_PUBLIC(out, out_len);
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
TEST_EQUAL(PSA_SUCCESS, psa_mac_verify_setup(&operation,
|
||||
key, alg));
|
||||
TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data,
|
||||
@ -125,17 +90,6 @@ void ssl_cf_hmac(int hash)
|
||||
data, in_len));
|
||||
TEST_EQUAL(PSA_SUCCESS, psa_mac_verify_finish(&operation,
|
||||
out, out_len));
|
||||
#else
|
||||
/* Compute the reference result */
|
||||
TEST_EQUAL(0, mbedtls_md_hmac_update(&ref_ctx, add_data,
|
||||
sizeof(add_data)));
|
||||
TEST_EQUAL(0, mbedtls_md_hmac_update(&ref_ctx, data, in_len));
|
||||
TEST_EQUAL(0, mbedtls_md_hmac_finish(&ref_ctx, ref_out));
|
||||
TEST_EQUAL(0, mbedtls_md_hmac_reset(&ref_ctx));
|
||||
|
||||
/* Compare */
|
||||
TEST_MEMORY_COMPARE(out, out_len, ref_out, out_len);
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
}
|
||||
|
||||
mbedtls_free(data);
|
||||
@ -143,13 +97,8 @@ void ssl_cf_hmac(int hash)
|
||||
}
|
||||
|
||||
exit:
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_mac_abort(&operation);
|
||||
psa_destroy_key(key);
|
||||
#else
|
||||
mbedtls_md_free(&ref_ctx);
|
||||
mbedtls_md_free(&ctx);
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
mbedtls_free(data);
|
||||
mbedtls_free(out);
|
||||
|
@ -440,23 +440,23 @@ depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_R
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque
|
||||
@ -464,19 +464,19 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH
|
||||
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256
|
||||
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg
|
||||
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage
|
||||
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque
|
||||
@ -484,15 +484,15 @@ depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDIN
|
||||
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque
|
||||
@ -500,19 +500,19 @@ depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_P
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_PSA_CRYPTO_C
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_PSA_CRYPTO_C
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Sending app data via TLS, MFL=512 without fragmentation
|
||||
@ -3236,7 +3236,7 @@ depends_on:MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||
ssl_ecjpake_set_password:0
|
||||
|
||||
EC-JPAKE set opaque password
|
||||
depends_on:MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||
ssl_ecjpake_set_password:1
|
||||
|
||||
Test Elliptic curves' info parsing
|
||||
|
@ -3422,7 +3422,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||
void test_multiple_psks_opaque(int mode)
|
||||
{
|
||||
/*
|
||||
@ -3768,7 +3768,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
|
||||
void raw_key_agreement_fail(int bad_server_ecdhe_key)
|
||||
{
|
||||
enum { BUFFSIZE = 17000 };
|
||||
@ -3941,11 +3941,7 @@ void ssl_ecjpake_set_password(int use_opaque_arg)
|
||||
{
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_svc_key_id_t pwd_slot = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
(void) use_opaque_arg;
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
unsigned char pwd_string[sizeof(ECJPAKE_TEST_PWD)] = "";
|
||||
size_t pwd_len = 0;
|
||||
int ret;
|
||||
@ -3971,7 +3967,6 @@ void ssl_ecjpake_set_password(int use_opaque_arg)
|
||||
pwd_len = strlen(ECJPAKE_TEST_PWD);
|
||||
memcpy(pwd_string, ECJPAKE_TEST_PWD, pwd_len);
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (use_opaque_arg) {
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
@ -3998,16 +3993,13 @@ void ssl_ecjpake_set_password(int use_opaque_arg)
|
||||
PSA_ASSERT(psa_import_key(&attributes, pwd_string,
|
||||
pwd_len, &pwd_slot));
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* final check which should work without errors */
|
||||
ECJPAKE_TEST_SET_PASSWORD(0);
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (use_opaque_arg) {
|
||||
psa_destroy_key(pwd_slot);
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
mbedtls_ssl_free(&ssl);
|
||||
mbedtls_ssl_config_free(&conf);
|
||||
|
||||
|
@ -900,7 +900,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_
|
||||
x509_verify:"../framework/data_files/server9-defaults.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #68 (RSASSA-PSS, wrong salt_len, USE_PSA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1
|
||||
x509_verify:"../framework/data_files/server9-bad-saltlen.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #70 (v1 trusted CA)
|
||||
|
@ -123,23 +123,23 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5
|
||||
x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"../framework/data_files/server1.ca_noauthid.crt":1:1:"../framework/data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, Opaque
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5
|
||||
x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.crt":2:0:"../framework/data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, Opaque, key_usage
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5
|
||||
x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"../framework/data_files/server1.key_usage.crt":2:0:"../framework/data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, Opaque, ns_cert_type
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5
|
||||
x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"../framework/data_files/server1.cert_type.crt":2:0:"../framework/data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, Opaque, version 1
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5
|
||||
x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"../framework/data_files/server1.v1.crt":2:0:"../framework/data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, Opaque, CA
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5
|
||||
x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.ca.crt":2:1:"../framework/data_files/test-ca.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, Full length serial
|
||||
@ -159,7 +159,7 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINIST
|
||||
x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"../framework/data_files/server5.crt":0:0:"../framework/data_files/test-ca2.crt":0
|
||||
|
||||
Certificate write check Server5 ECDSA, Opaque
|
||||
depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256
|
||||
x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"../framework/data_files/test-ca2.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, SubjectAltNames
|
||||
|
@ -15,8 +15,7 @@
|
||||
#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
|
||||
#include "mbedtls/psa_util.h"
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||
defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C)
|
||||
#if defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C)
|
||||
static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen)
|
||||
{
|
||||
unsigned char hash[PSA_HASH_MAX_SIZE];
|
||||
@ -53,7 +52,7 @@ cleanup:
|
||||
mbedtls_x509_csr_free(&csr);
|
||||
return ret;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */
|
||||
#endif /* MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */
|
||||
|
||||
#if defined(MBEDTLS_X509_CSR_WRITE_C)
|
||||
|
||||
@ -131,11 +130,9 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
|
||||
mbedtls_x509write_csr req;
|
||||
unsigned char buf[4096];
|
||||
int ret;
|
||||
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
unsigned char check_buf[4000];
|
||||
FILE *f;
|
||||
size_t olen = 0;
|
||||
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
|
||||
size_t pem_len = 0, buf_index;
|
||||
int der_len = -1;
|
||||
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
|
||||
@ -215,20 +212,14 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
|
||||
TEST_ASSERT(buf[buf_index] == 0);
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
// When using PSA crypto, RNG isn't controllable, so cert_req_check_file can't be used
|
||||
(void) cert_req_check_file;
|
||||
buf[pem_len] = '\0';
|
||||
TEST_ASSERT(x509_crt_verifycsr(buf, pem_len + 1) == 0);
|
||||
#else
|
||||
f = fopen(cert_req_check_file, "r");
|
||||
TEST_ASSERT(f != NULL);
|
||||
olen = fread(check_buf, 1, sizeof(check_buf), f);
|
||||
fclose(f);
|
||||
f = fopen(cert_req_check_file, "r"); //open the file
|
||||
TEST_ASSERT(f != NULL); //check the file has been opened.
|
||||
olen = fread(check_buf, 1, sizeof(check_buf), f); // read the file
|
||||
fclose(f); // close the file
|
||||
|
||||
TEST_ASSERT(olen >= pem_len - 1);
|
||||
TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
|
||||
der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf));
|
||||
TEST_ASSERT(der_len >= 0);
|
||||
@ -237,14 +228,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
|
||||
goto exit;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
// When using PSA crypto, RNG isn't controllable, result length isn't
|
||||
// deterministic over multiple runs, removing a single byte isn't enough to
|
||||
// go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case
|
||||
der_len /= 2;
|
||||
#else
|
||||
der_len -= 1;
|
||||
#endif
|
||||
ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len));
|
||||
TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
|
||||
|
||||
@ -256,7 +240,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C:MBEDTLS_USE_PSA_CRYPTO */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */
|
||||
void x509_csr_check_opaque(char *key_file, int md_type, int key_usage,
|
||||
int cert_type)
|
||||
{
|
||||
@ -342,10 +326,8 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
|
||||
int der_len = -1;
|
||||
FILE *f;
|
||||
mbedtls_test_rnd_pseudo_info rnd_info;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
#endif
|
||||
mbedtls_pk_type_t issuer_key_type;
|
||||
mbedtls_x509_san_list san_ip;
|
||||
mbedtls_x509_san_list san_dns;
|
||||
@ -409,7 +391,6 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
|
||||
|
||||
issuer_key_type = mbedtls_pk_get_type(&issuer_key);
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/* Turn the issuer PK context into an opaque one. */
|
||||
if (pk_wrap == 2) {
|
||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&issuer_key, PSA_KEY_USAGE_SIGN_HASH,
|
||||
@ -419,7 +400,6 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
|
||||
mbedtls_pk_init(&issuer_key);
|
||||
TEST_EQUAL(mbedtls_pk_wrap_psa(&issuer_key, key_id), 0);
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if (pk_wrap == 2) {
|
||||
TEST_ASSERT(mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_OPAQUE);
|
||||
@ -570,14 +550,6 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
|
||||
TEST_ASSERT(p < end);
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
// When using PSA crypto, RNG isn't controllable, result length isn't
|
||||
// deterministic over multiple runs, removing a single byte isn't enough to
|
||||
// go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case
|
||||
if (issuer_key_type != MBEDTLS_PK_RSA) {
|
||||
der_len /= 2;
|
||||
} else
|
||||
#endif
|
||||
der_len -= 1;
|
||||
|
||||
ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len));
|
||||
@ -592,9 +564,7 @@ exit:
|
||||
#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
|
||||
mbedtls_mpi_free(&serial_mpi);
|
||||
#endif
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_destroy_key(key_id);
|
||||
#endif
|
||||
MD_OR_USE_PSA_DONE();
|
||||
}
|
||||
/* END_CASE */
|
||||
|
Loading…
x
Reference in New Issue
Block a user