Merge pull request #4673 from gilles-peskine-arm/psa_crypto_spm-from_platform_h
Fix and test the MBEDTLS_PSA_CRYPTO_SPM build
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
new file mode 100644
index 0000000..b9f1468
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,35 @@
+---
+name: Bug report
+about: To report a bug, please fill this form.
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+### Summary
+
+
+
+### System information
+
+Mbed TLS version (number or commit id):
+Operating system and version:
+Configuration (if not default, please attach `config.h`):
+Compiler and options (if you used a pre-built binary, please indicate how you obtained it):
+Additional environment information:
+
+### Expected behavior
+
+
+
+### Actual behavior
+
+
+
+### Steps to reproduce
+
+
+
+### Additional information
+
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
new file mode 100644
index 0000000..63076f4
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+ - name: Mbed TLS security team
+ url: mailto:mbed-tls-security@lists.trustedfirmware.org
+ about: Report a security vulnerability.
+ - name: Mbed TLS mailing list
+ url: https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
+ about: Mbed TLS community support and general discussion.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
new file mode 100644
index 0000000..3b51513
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,17 @@
+---
+name: Enhancement request
+about: To request an enhancement, please fill this form.
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+### Suggested enhancement
+
+
+
+### Justification
+
+Mbed TLS needs this because
+
diff --git a/.github/issue_template.md b/.github/issue_template.md
deleted file mode 100644
index 370066f..0000000
--- a/.github/issue_template.md
+++ /dev/null
@@ -1,46 +0,0 @@
-_Note:_ this is a template, please remove the parts that are not
-applicable (these initial notes, and the "Bug" section for a Feature request
-and vice-versa).
-
-**Note:** to report a security vulnerability, see
-[SECURITY.md](../SECURITY.md). Please do not use github issues for
-vulnerabilities.
-
-_Note:_ to get support, see [SUPPORT.md](../SUPPORT.md). Please do not use
-github issues for questions.
-
----------------------------------------------------------------
-### Description
-- Type: Bug | Enhancement / Feature Request
-- Priority: Blocker | Major | Minor
-
----------------------------------------------------------------
-## Bug
-
-**OS**
-Mbed OS|linux|windows|
-
-**mbed TLS build:**
-Version: x.x.x or git commit id
-OS version: x.x.x
-Configuration: please attach config.h file where possible
-Compiler and options (if you used a pre-built binary, please indicate how you obtained it):
-Additional environment information:
-
-**Peer device TLS stack and version**
-OpenSSL|GnuTls|Chrome|NSS(Firefox)|SecureChannel (IIS/Internet Explorer/Edge)|Other
-Version:
-
-**Expected behavior**
-
-**Actual behavior**
-
-**Steps to reproduce**
-
-----------------------------------------------------------------
-## Enhancement / Feature Request
-
-**Suggested enhancement**
-
-**Justification - why does the library need this feature?**
-
diff --git a/.travis.yml b/.travis.yml
index 542f705..48faa48 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -28,12 +28,6 @@
script:
- tests/scripts/all.sh -k test_full_cmake_gcc_asan
- - name: macOS
- os: osx
- compiler: clang
- script:
- - tests/scripts/all.sh -k test_default_out_of_box
-
- name: Windows
os: windows
before_install:
diff --git a/BRANCHES.md b/BRANCHES.md
index 8486ef0..b9926ac 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md
@@ -16,9 +16,10 @@
these only get bug fixes and security fixes.
We use [Semantic Versioning](https://semver.org/). In particular, we maintain
-API compatibility in the `master` branch between major version changes. We
-also maintain ABI compatibility within LTS branches; see the next section for
-details.
+API compatibility in the `master` branch across minor version changes (e.g.
+the API of 3.(x+1) is backward compatible with 3.x). We only break API
+compatibility on major version changes (e.g. from 3.x to 4.0). We also maintain
+ABI compatibility within LTS branches; see the next section for details.
## Backwards Compatibility
@@ -28,11 +29,28 @@
modification with any later release x.y'.z' with the same major version
number, and your code will still build, be secure, and work.
-There are rare exceptions: code that was relying on something that became
-insecure in the meantime (for example, crypto that was found to be weak) may
-need to be changed. In case security comes in conflict with backwards
-compatibility, we will put security first, but always attempt to provide a
-compatibility option.
+Note that new releases of Mbed TLS may extend the API. Here are some
+examples of changes that are common in minor releases of Mbed TLS, and are
+not considered API compatibility breaks:
+
+* Adding or reordering fields in a structure or union.
+* Removing a field from a structure, unless the field is documented as public.
+* Adding items to an enum.
+* Returning an error code that was not previously documented for a function
+ when a new error condition arises.
+* Changing which error code is returned in a case where multiple error
+ conditions apply.
+* Changing the behavior of a function from failing to succeeding, when the
+ change is a reasonable extension of the current behavior, i.e. the
+ addition of a new feature.
+
+There are rare exceptions where we break API compatibility: code that was
+relying on something that became insecure in the meantime (for example,
+crypto that was found to be weak) may need to be changed. In case security
+comes in conflict with backwards compatibility, we will put security first,
+but always attempt to provide a compatibility option.
+
+## Long-time support branches
For the LTS branches, additionally we try very hard to also maintain ABI
compatibility (same definition as API except with re-linking instead of
diff --git a/CMakeLists.txt b/CMakeLists.txt
index f648f22..efe3cab 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -16,7 +16,9 @@
# mbedtls, mbedx509, mbedcrypto and apidoc targets.
#
-cmake_minimum_required(VERSION 2.8.12)
+# We specify a minimum requirement of 3.10.2, but for now use 3.5.1 here
+# until our infrastructure catches up.
+cmake_minimum_required(VERSION 3.5.1)
# https://cmake.org/cmake/help/latest/policy/CMP0011.html
# Setting this policy is required in CMake >= 3.18.0, otherwise a warning is generated. The OLD
diff --git a/ChangeLog b/ChangeLog
index dc6e451..fcd8427 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,7 +22,7 @@
Various helpers and definitions available for use in alt implementations
have been moved out of the include/ directory and into the library/
directory. The files concerned are ecp_internal.h and rsa_internal.h
- which have also been renamed to ecp_alt.h and rsa_alt_helpers.h
+ which have also been renamed to ecp_internal_alt.h and rsa_alt_helpers.h
respectively.
* Move internal headers.
Header files that were only meant for the library's internal use and
@@ -32,8 +32,6 @@
* Drop support for parsing SSLv2 ClientHello
(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO).
* Drop support for SSLv3 (MBEDTLS_SSL_PROTO_SSL3).
- * Drop support for compatibility with our own previous buggy
- implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT).
* Drop support for TLS record-level compression (MBEDTLS_ZLIB_SUPPORT).
* Drop support for RC4 TLS ciphersuites.
* Drop support for single-DES ciphersuites.
@@ -83,8 +81,12 @@
in line with version 1.0.0 of the specification. Fix #4162.
* Fix a bug in ECDSA that would cause it to fail when the hash is all-bits
zero. Fixes #1792
- * mbedtls_mpi_read_string on "-0" produced an MPI object that was not treated
- as equal to 0 in all cases. Fix it to produce the same object as "0".
+ * Fix some cases in the bignum module where the library constructed an
+ unintended representation of the value 0 which was not processed
+ correctly by some bignum operations. This could happen when
+ mbedtls_mpi_read_string() was called on "-0", or when
+ mbedtls_mpi_mul_mpi() and mbedtls_mpi_mul_int() was called with one of
+ the arguments being negative and the other being 0. Fixes #4643.
Changes
* Fix the setting of the read timeout in the DTLS sample programs.
diff --git a/ChangeLog.d/alt-context-relaxation.txt b/ChangeLog.d/alt-context-relaxation.txt
new file mode 100644
index 0000000..10fd476
--- /dev/null
+++ b/ChangeLog.d/alt-context-relaxation.txt
@@ -0,0 +1,6 @@
+Features
+ * Alternative implementations of the AES, DHM, ECJPAKE, ECP, RSA and timing
+ modules had undocumented constraints on their context types. These
+ constraints have been relaxed.
+ See docs/architecture/alternative-implementations.md for the remaining
+ constraints.
diff --git a/ChangeLog.d/default-curves.txt b/ChangeLog.d/default-curves.txt
new file mode 100644
index 0000000..bfb0fd0
--- /dev/null
+++ b/ChangeLog.d/default-curves.txt
@@ -0,0 +1,9 @@
+Default behavior changes
+ * Some default policies for X.509 certificate verification and TLS have
+ changed: curves and hashes weaker than 255 bits are no longer accepted
+ by default. The default order in TLS now favors faster curves over larger
+ curves.
+
+Removals
+ * Remove the compile-time option
+ MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE.
diff --git a/ChangeLog.d/dhm-fields.txt b/ChangeLog.d/dhm-fields.txt
new file mode 100644
index 0000000..4d5c751
--- /dev/null
+++ b/ChangeLog.d/dhm-fields.txt
@@ -0,0 +1,9 @@
+Features
+ * The new functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen()
+ query the size of the modulus in a Diffie-Hellman context.
+ * The new function mbedtls_dhm_get_value() copy a field out of a
+ Diffie-Hellman context.
+
+API changes
+ * Instead of accessing the len field of a DHM context, which is no longer
+ supported, use the new function mbedtls_dhm_get_len() .
diff --git a/ChangeLog.d/ecjpake-point_format.txt b/ChangeLog.d/ecjpake-point_format.txt
new file mode 100644
index 0000000..6e05b23
--- /dev/null
+++ b/ChangeLog.d/ecjpake-point_format.txt
@@ -0,0 +1,4 @@
+Features
+ * Use the new function mbedtls_ecjpake_set_point_format() to select the
+ point format for ECJPAKE instead of accessing the point_format field
+ directly, which is no longer supported.
diff --git a/ChangeLog.d/ecp-window-size.txt b/ChangeLog.d/ecp-window-size.txt
new file mode 100644
index 0000000..909d4e8
--- /dev/null
+++ b/ChangeLog.d/ecp-window-size.txt
@@ -0,0 +1,3 @@
+Changes
+ * Reduce the default value of MBEDTLS_ECP_WINDOW_SIZE. This reduces RAM usage
+ during ECC operations at a negligible performance cost.
diff --git a/ChangeLog.d/ecp_max_bits.txt b/ChangeLog.d/ecp_max_bits.txt
new file mode 100644
index 0000000..b952469
--- /dev/null
+++ b/ChangeLog.d/ecp_max_bits.txt
@@ -0,0 +1,3 @@
+Removals
+ * MBEDTLS_ECP_MAX_BITS is no longer a configuration option because it is
+ now determined automatically based on supported curves.
diff --git a/ChangeLog.d/fix-ssl-cf-hmac-alt.txt b/ChangeLog.d/fix-ssl-cf-hmac-alt.txt
new file mode 100644
index 0000000..57ffa02
--- /dev/null
+++ b/ChangeLog.d/fix-ssl-cf-hmac-alt.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites
+ (when the encrypt-then-MAC extension is not in use) with some ALT
+ implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing
+ the affected side to wrongly reject valid messages. Fixes #4118.
diff --git a/ChangeLog.d/gcm-update.txt b/ChangeLog.d/gcm-update.txt
index 0fffd09..858bd0a 100644
--- a/ChangeLog.d/gcm-update.txt
+++ b/ChangeLog.d/gcm-update.txt
@@ -15,3 +15,5 @@
* The multi-part GCM interface (mbedtls_gcm_update() or
mbedtls_cipher_update()) no longer requires the size of partial inputs to
be a multiple of 16.
+ * The multi-part GCM interface now supports chunked associated data through
+ multiple calls to mbedtls_gcm_update_ad().
diff --git a/ChangeLog.d/issue4083.txt b/ChangeLog.d/issue4083.txt
new file mode 100644
index 0000000..8457337
--- /dev/null
+++ b/ChangeLog.d/issue4083.txt
@@ -0,0 +1,4 @@
+Removals
+ * Remove the following functions: mbedtls_timing_self_test(),
+ mbedtls_hardclock_poll(), mbedtls_timing_hardclock() and
+ mbedtls_set_alarm(). Fixes #4083.
diff --git a/ChangeLog.d/issue4084.txt b/ChangeLog.d/issue4084.txt
new file mode 100644
index 0000000..75273c1
--- /dev/null
+++ b/ChangeLog.d/issue4084.txt
@@ -0,0 +1,4 @@
+Removals
+ * Remove all support for MD2, MD4, RC4, Blowfish and XTEA. This removes the
+ corresponding modules and all their APIs and related configuration
+ options. Fixes #4084.
diff --git a/ChangeLog.d/issue4176.txt b/ChangeLog.d/issue4176.txt
new file mode 100644
index 0000000..ddca37f
--- /dev/null
+++ b/ChangeLog.d/issue4176.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix a resource leak in a test suite with an alternative AES
+ implementation. Fixes #4176.
diff --git a/ChangeLog.d/issue4212.txt b/ChangeLog.d/issue4212.txt
new file mode 100644
index 0000000..9e72ca9
--- /dev/null
+++ b/ChangeLog.d/issue4212.txt
@@ -0,0 +1,6 @@
+API changes
+ * In modules that implement cryptographic hash functions, many functions
+ mbedtls_xxx() now return int instead of void, and the corresponding
+ function mbedtls_xxx_ret() which was identical except for returning int
+ has been removed. This also concerns mbedtls_xxx_drbg_update(). See the
+ migration guide for more information. Fixes #4212.
diff --git a/ChangeLog.d/issue4313.txt b/ChangeLog.d/issue4313.txt
new file mode 100644
index 0000000..1fb6123
--- /dev/null
+++ b/ChangeLog.d/issue4313.txt
@@ -0,0 +1,4 @@
+Removals
+ * Remove the following macros: MBEDTLS_CHECK_PARAMS,
+ MBEDTLS_CHECK_PARAMS_ASSERT, MBEDTLS_PARAM_FAILED,
+ MBEDTLS_PARAM_FAILED_ALT. Fixes #4313.
diff --git a/ChangeLog.d/issue4378.txt b/ChangeLog.d/issue4378.txt
new file mode 100644
index 0000000..9a7522b
--- /dev/null
+++ b/ChangeLog.d/issue4378.txt
@@ -0,0 +1,4 @@
+Removals
+ * Remove the MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION config.h
+ option. The mbedtls_x509_crt_parse_der_with_ext_cb() is the way to go for
+ migration path. Fixes #4378.
diff --git a/ChangeLog.d/issue4398.txt b/ChangeLog.d/issue4398.txt
new file mode 100644
index 0000000..b7f2413
--- /dev/null
+++ b/ChangeLog.d/issue4398.txt
@@ -0,0 +1,3 @@
+API changes
+ * Replace MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE by a runtime
+ configuration function mbedtls_ssl_conf_preference_order(). Fixes #4398.
diff --git a/ChangeLog.d/issue4405.txt b/ChangeLog.d/issue4405.txt
new file mode 100644
index 0000000..c36aefa
--- /dev/null
+++ b/ChangeLog.d/issue4405.txt
@@ -0,0 +1,4 @@
+Removals
+ * Remove the MBEDTLS_X509_CHECK_KEY_USAGE and
+ MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE config.h options and let the code
+ behave as if they were always enabled. Fixes #4405.
diff --git a/ChangeLog.d/key-export.txt b/ChangeLog.d/key-export.txt
new file mode 100644
index 0000000..2fc01a4
--- /dev/null
+++ b/ChangeLog.d/key-export.txt
@@ -0,0 +1,10 @@
+API changes
+ * mbedtls_ssl_conf_export_keys_ext_cb() and
+ mbedtls_ssl_conf_export_keys_cb() have been removed and
+ replaced by a new API mbedtls_ssl_set_export_keys_cb().
+ Raw keys and IVs are no longer passed to the callback.
+ Further, callbacks now receive an additional parameter
+ indicating the type of secret that's being exported,
+ paving the way for the larger number of secrets
+ in TLS 1.3. Finally, the key export callback and
+ context are now connection-specific.
diff --git a/ChangeLog.d/mandatory-rng-param.txt b/ChangeLog.d/mandatory-rng-param.txt
new file mode 100644
index 0000000..39ee335
--- /dev/null
+++ b/ChangeLog.d/mandatory-rng-param.txt
@@ -0,0 +1,14 @@
+API changes
+ * For all functions that take a random number generator (RNG) as a
+ parameter, this parameter is now mandatory (that is, NULL is not an
+ acceptable value). Functions which previously accepted NULL and now
+ reject it are: the X.509 CRT and CSR writing functions; the PK and RSA
+ sign and decrypt function; mbedtls_rsa_private(); the functions
+ in DHM and ECDH that compute the shared secret; the scalar multiplication
+ functions in ECP.
+ * The following functions now require an RNG parameter:
+ mbedtls_ecp_check_pub_priv(), mbedtls_pk_check_pair(),
+ mbedtls_pk_parse_key(), mbedtls_pk_parse_keyfile().
+Removals
+ * The configuration option MBEDTLS_ECP_NO_INTERNAL_RNG has been removed as
+ it no longer had any effect.
diff --git a/ChangeLog.d/max-record-payload-api.txt b/ChangeLog.d/max-record-payload-api.txt
new file mode 100644
index 0000000..02b47e4
--- /dev/null
+++ b/ChangeLog.d/max-record-payload-api.txt
@@ -0,0 +1,9 @@
+API changes
+ * Remove the SSL APIs mbedtls_ssl_get_input_max_frag_len() and
+ mbedtls_ssl_get_output_max_frag_len(), and add a new API
+ mbedtls_ssl_get_max_in_record_payload(), complementing the existing
+ mbedtls_ssl_get_max_out_record_payload().
+ Uses of mbedtls_ssl_get_input_max_frag_len() and
+ mbedtls_ssl_get_input_max_frag_len() should be replaced by
+ mbedtls_ssl_get_max_in_record_payload() and
+ mbedtls_ssl_get_max_out_record_payload(), respectively.
diff --git a/ChangeLog.d/mbed-can-do-timing.txt b/ChangeLog.d/mbed-can-do-timing.txt
new file mode 100644
index 0000000..d83da02
--- /dev/null
+++ b/ChangeLog.d/mbed-can-do-timing.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Remove outdated check-config.h check that prevented implementing the
+ timing module on Mbed OS. Fixes #4633.
diff --git a/ChangeLog.d/mbedtls_debug_print_mpi.txt b/ChangeLog.d/mbedtls_debug_print_mpi.txt
new file mode 100644
index 0000000..d1b4f5b
--- /dev/null
+++ b/ChangeLog.d/mbedtls_debug_print_mpi.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix a crash in mbedtls_mpi_debug_mpi on a bignum having 0 limbs. This
+ could notably be triggered by setting the TLS debug level to 3 or above
+ and using a Montgomery curve for the key exchange. Reported by lhuang04
+ in #4578. Fixes #4608.
diff --git a/ChangeLog.d/mpi_exp_mod-zero.txt b/ChangeLog.d/mpi_exp_mod-zero.txt
new file mode 100644
index 0000000..9df9031
--- /dev/null
+++ b/ChangeLog.d/mpi_exp_mod-zero.txt
@@ -0,0 +1,7 @@
+Bugfix
+ * Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with
+ A=0 represented with 0 limbs. Up to and including Mbed TLS 2.26, this bug
+ could not be triggered by code that constructed A with one of the
+ mbedtls_mpi_read_xxx functions (including in particular TLS code) since
+ those always built an mpi object with at least one limb.
+ Credit to OSS-Fuzz. Fixes #4641.
diff --git a/ChangeLog.d/mpi_gcd-0.txt b/ChangeLog.d/mpi_gcd-0.txt
new file mode 100644
index 0000000..41e11e1
--- /dev/null
+++ b/ChangeLog.d/mpi_gcd-0.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix mbedtls_mpi_gcd(G,A,B) when the value of B is zero. This had no
+ effect on Mbed TLS's internal use of mbedtls_mpi_gcd(), but may affect
+ applications that call mbedtls_mpi_gcd() directly. Fixes #4642.
diff --git a/ChangeLog.d/mpi_read_zero.txt b/ChangeLog.d/mpi_read_zero.txt
new file mode 100644
index 0000000..0c25159
--- /dev/null
+++ b/ChangeLog.d/mpi_read_zero.txt
@@ -0,0 +1,9 @@
+Changes
+ * mbedtls_mpi_read_binary(), mbedtls_mpi_read_binary_le() and
+ mbedtls_mpi_read_string() now construct an mbedtls_mpi object with 0 limbs
+ when their input has length 0. Note that this is an implementation detail
+ and can change at any time, so this change should be transparent, but it
+ may result in mbedtls_mpi_write_binary() or mbedtls_mpi_write_string()
+ now writing an empty string where it previously wrote one or more
+ zero digits when operating from values constructed with an mpi_read
+ function and some mpi operations.
diff --git a/ChangeLog.d/one-shot-mac.txt b/ChangeLog.d/one-shot-mac.txt
new file mode 100644
index 0000000..112891d
--- /dev/null
+++ b/ChangeLog.d/one-shot-mac.txt
@@ -0,0 +1,3 @@
+Features
+ * Implement psa_mac_compute() and psa_mac_verify() as defined in the
+ PSA Cryptograpy API 1.0.0 specification.
diff --git a/ChangeLog.d/psa-read-only-keys.txt b/ChangeLog.d/psa-read-only-keys.txt
new file mode 100644
index 0000000..a4a2823
--- /dev/null
+++ b/ChangeLog.d/psa-read-only-keys.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * The PSA API no longer allows the creation or destruction of keys with a
+ read-only lifetime. The persistence level PSA_KEY_PERSISTENCE_READ_ONLY
+ can now only be used as intended, for keys that cannot be modified through
+ normal use of the API.
diff --git a/ChangeLog.d/psa-rsa-verify-alt-fix.txt b/ChangeLog.d/psa-rsa-verify-alt-fix.txt
new file mode 100644
index 0000000..74804ca
--- /dev/null
+++ b/ChangeLog.d/psa-rsa-verify-alt-fix.txt
@@ -0,0 +1,7 @@
+Bugfix
+ * psa_verify_hash() was relying on implementation-specific behavior of
+ mbedtls_rsa_rsassa_pss_verify() and was causing failures in some _ALT
+ implementations. This reliance is now removed. Fixes #3990.
+ * Disallow inputs of length different from the corresponding hash when
+ signing or verifying with PSA_ALG_RSA_PSS (The PSA Crypto API mandates
+ that PSA_ALG_RSA_PSS uses the same hash throughout the algorithm.)
diff --git a/ChangeLog.d/psa_key_derivation-bad_workflow.txt b/ChangeLog.d/psa_key_derivation-bad_workflow.txt
new file mode 100644
index 0000000..7fd03e6
--- /dev/null
+++ b/ChangeLog.d/psa_key_derivation-bad_workflow.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive
+ about missing inputs.
diff --git a/ChangeLog.d/remove-rsa-mode-parameter.txt b/ChangeLog.d/remove-rsa-mode-parameter.txt
index 854dda3..2590d3a 100644
--- a/ChangeLog.d/remove-rsa-mode-parameter.txt
+++ b/ChangeLog.d/remove-rsa-mode-parameter.txt
@@ -6,4 +6,3 @@
decryption functions now always use the private key and verification and
encryption use the public key. Verification functions also no longer have
RNG parameters.
- * The RNG is now mandatory for all private-key RSA operations.
diff --git a/ChangeLog.d/require-matching-hashlen-rsa.txt b/ChangeLog.d/require-matching-hashlen-rsa.txt
new file mode 100644
index 0000000..096b577
--- /dev/null
+++ b/ChangeLog.d/require-matching-hashlen-rsa.txt
@@ -0,0 +1,5 @@
+API changes
+ * Signature functions in the RSA and PK modules now require the hash
+ length parameter to be the size of the hash input. For RSA signatures
+ other than raw PKCS#1 v1.5, this must match the output size of the
+ specified hash algorithm.
diff --git a/ChangeLog.d/rm-truncated-hmac-ext.txt b/ChangeLog.d/rm-truncated-hmac-ext.txt
new file mode 100644
index 0000000..3739256
--- /dev/null
+++ b/ChangeLog.d/rm-truncated-hmac-ext.txt
@@ -0,0 +1,5 @@
+Removals
+ * Remove MBEDTLS_SSL_TRUNCATED_HMAC and also remove
+ MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT config option. Users are better served by
+ using a CCM-8 ciphersuite than a CBC ciphersuite with truncated HMAC.
+ See issue #4341 for more details.
diff --git a/ChangeLog.d/rsa-padding.txt b/ChangeLog.d/rsa-padding.txt
new file mode 100644
index 0000000..5f9c11f
--- /dev/null
+++ b/ChangeLog.d/rsa-padding.txt
@@ -0,0 +1,5 @@
+API changes
+ * mbedtls_rsa_init() now always selects the PKCS#1v1.5 encoding for an RSA
+ key. To use an RSA key with PSS or OAEP, call mbedtls_rsa_set_padding()
+ after initializing the context. mbedtls_rsa_set_padding() now returns an
+ error if its parameters are invalid.
diff --git a/ChangeLog.d/tool-versions.txt b/ChangeLog.d/tool-versions.txt
new file mode 100644
index 0000000..b89b384
--- /dev/null
+++ b/ChangeLog.d/tool-versions.txt
@@ -0,0 +1,4 @@
+Requirement changes
+ * Refresh the minimum supported versions of tools to build the
+ library. CMake versions older than 3.10.2 and Python older
+ than 3.6 are no longer supported.
diff --git a/ChangeLog.d/winsock.txt b/ChangeLog.d/winsock.txt
new file mode 100644
index 0000000..0b42e69
--- /dev/null
+++ b/ChangeLog.d/winsock.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with
+ MBEDTLS_ERR_NET_POLL_FAILED on Windows. Fixes #4465.
+
diff --git a/README.md b/README.md
index 3f41a0d..78d3c30 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@
To generate a local copy of the library documentation in HTML format, tailored to your compile-time configuration:
-1. Make sure that [Doxygen](http://www.doxygen.nl/) is installed. We use version 1.8.11 but slightly older or more recent versions should work.
+1. Make sure that [Doxygen](http://www.doxygen.nl/) is installed.
1. Run `make apidoc`.
1. Browse `apidoc/index.html` or `apidoc/modules.html`.
@@ -39,7 +39,7 @@
- GNU Make
- CMake
-- Microsoft Visual Studio (Microsoft Visual Studio 2013 or later)
+- Microsoft Visual Studio
The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically.
@@ -49,10 +49,13 @@
You need the following tools to build the library with the provided makefiles:
-* GNU Make or a build tool that CMake supports.
-* A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, IAR8 and Visual Studio 2013. More recent versions should work. Slightly older versions may work.
-* Python 3 to generate the test code, and to generate sample programs in the development branch.
+* GNU Make 3.82 or a build tool that CMake supports.
+* A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, IAR 8 and Visual Studio 2013. More recent versions should work. Slightly older versions may work.
+* Python 3.6 to generate the test code, and to generate sample programs in the development branch.
* Perl to run the tests, and to generate some source files in the development branch.
+* CMake 3.10.2 or later (if using CMake).
+* Microsoft Visual Studio 2013 or later (if using Visual Studio).
+* Doxygen 1.8.11 or later (if building the documentation; slightly older versions should work).
### Generated source files in the development branch
diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h
index 09b3cf5..7ca33c3 100644
--- a/configs/config-no-entropy.h
+++ b/configs/config-no-entropy.h
@@ -49,8 +49,6 @@
#define MBEDTLS_PKCS1_V21
#define MBEDTLS_SELF_TEST
#define MBEDTLS_VERSION_FEATURES
-#define MBEDTLS_X509_CHECK_KEY_USAGE
-#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
/* mbed TLS modules */
#define MBEDTLS_AES_C
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 28e6443..b62bdfa 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -84,8 +84,7 @@
#define MBEDTLS_AES_ROM_TABLES
/* Save RAM by adjusting to our exact needs */
-#define MBEDTLS_ECP_MAX_BITS 384
-#define MBEDTLS_MPI_MAX_SIZE 48 // 384 bits is 48 bytes
+#define MBEDTLS_MPI_MAX_SIZE 48 // 384-bit EC curve = 48 bytes
/* Save RAM at the expense of speed, see ecp.h */
#define MBEDTLS_ECP_WINDOW_SIZE 2
diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h
index 29e77b5..5b10063 100644
--- a/configs/config-symmetric-only.h
+++ b/configs/config-symmetric-only.h
@@ -47,11 +47,9 @@
/* Mbed Crypto modules */
#define MBEDTLS_AES_C
-#define MBEDTLS_ARC4_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BASE64_C
-#define MBEDTLS_BLOWFISH_C
#define MBEDTLS_CAMELLIA_C
#define MBEDTLS_ARIA_C
#define MBEDTLS_CCM_C
@@ -68,8 +66,6 @@
#define MBEDTLS_HMAC_DRBG_C
#define MBEDTLS_NIST_KW_C
#define MBEDTLS_MD_C
-#define MBEDTLS_MD2_C
-#define MBEDTLS_MD4_C
#define MBEDTLS_MD5_C
#define MBEDTLS_OID_C
#define MBEDTLS_PEM_PARSE_C
@@ -94,7 +90,6 @@
//#define MBEDTLS_THREADING_C
#define MBEDTLS_TIMING_C
#define MBEDTLS_VERSION_C
-#define MBEDTLS_XTEA_C
#include "mbedtls/config_psa.h"
diff --git a/configs/config-thread.h b/configs/config-thread.h
index bce9668..c1937de 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -85,8 +85,7 @@
#define MBEDTLS_AES_ROM_TABLES
/* Save RAM by adjusting to our exact needs */
-#define MBEDTLS_ECP_MAX_BITS 256
-#define MBEDTLS_MPI_MAX_SIZE 32 // 256 bits is 32 bytes
+#define MBEDTLS_MPI_MAX_SIZE 32 // 256-bit EC curve = 32 bytes
/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
diff --git a/docs/3.0-migration-guide.d/default-curves.md b/docs/3.0-migration-guide.d/default-curves.md
new file mode 100644
index 0000000..928130d
--- /dev/null
+++ b/docs/3.0-migration-guide.d/default-curves.md
@@ -0,0 +1,25 @@
+Strengthen default algorithm selection for X.509 and TLS
+--------------------------------------------------------
+
+The default X.509 verification profile (`mbedtls_x509_crt_profile_default`) and the default curve and hash selection in TLS have changed. They are now aligned, except that the X.509 profile only lists curves that support signature verification.
+
+Hashes and curves weaker than 255 bits (security strength less than 128 bits) are no longer accepted by default. The following hashes have been removed: SHA-1 (formerly only accepted for key exchanges but not for certificate signatures), SHA-224 (weaker hashes were already not accepted). The following curves have been removed: secp192r1, secp224r1, secp192k1, secp224k1.
+
+The compile-time options `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES` and `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE` are no longer available.
+
+The curve secp256k1 has also been removed from the default X.509 and TLS profiles. [RFC 8422](https://datatracker.ietf.org/doc/html/rfc8422#section-5.1.1) deprecates it in TLS, and it is very rarely used, although it is not known to be weak at the time of writing.
+
+If you still need to accept certificates signed with algorithms that have been removed from the default profile, call `mbedtls_x509_crt_verify_with_profile` instead of `mbedtls_x509_crt_verify` and pass a profile that allows the curves and hashes you want. For example, to allow SHA-224:
+```
+mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default;
+my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 );
+```
+
+If you still need to allow hashes and curves in TLS that have been removed from the default configuration, call `mbedtls_ssl_conf_sig_hashes()` and `mbedtls_ssl_conf_curves()` with the desired lists.
+
+TLS now favors faster curves over larger curves
+-----------------------------------------------
+
+The default preference order for curves in TLS now favors resource usage (performance and memory consumption) over size. The exact order is unspecified and may change, but generally you can expect 256-bit curves to be preferred over larger curves.
+
+If you prefer a different order, call `mbedtls_ssl_conf_curves()` when configuring a TLS connection.
diff --git a/docs/3.0-migration-guide.d/gcm-multipart.md b/docs/3.0-migration-guide.d/gcm-multipart.md
index 98e9fad..ebc6397 100644
--- a/docs/3.0-migration-guide.d/gcm-multipart.md
+++ b/docs/3.0-migration-guide.d/gcm-multipart.md
@@ -6,7 +6,6 @@
Applications using one-shot GCM or using GCM via the `mbedtls_cipher_xxx` or `psa_aead_xxx` interfaces do not require any changes.
* `mbedtls_gcm_starts()` now only sets the mode and the nonce (IV). Call the new function `mbedtls_gcm_update_ad()` to pass the associated data.
-* The current implementation has a limitation that `mbedtls_gcm_update_ad()` may only be called once. This limitation will be lifted shortly; watch https://github.com/ARMmbed/mbedtls/issues/4351 for updates.
* `mbedtls_gcm_update()` now takes an extra parameter to indicate the actual output length. In Mbed TLS 2.x, applications had to pass inputs consisting of whole 16-byte blocks except for the last block (this limitation has been lifted). In this case:
* As long as the input remains block-aligned, the output length is exactly the input length, as before.
* If the length of the last input is not a multiple of 16, alternative implementations may return the last partial block in the call to `mbedtls_gcm_finish()` instead of returning it in the last call to `mbedtls_gcm_update()`.
diff --git a/docs/3.0-migration-guide.d/key-export.md b/docs/3.0-migration-guide.d/key-export.md
new file mode 100644
index 0000000..f8b3505
--- /dev/null
+++ b/docs/3.0-migration-guide.d/key-export.md
@@ -0,0 +1,36 @@
+SSL key export interface change
+-------------------------------
+
+This affects users of the SSL key export APIs:
+```
+ mbedtls_ssl_conf_export_keys_cb()
+ mbedtls_ssl_conf_export_keys_ext_cb()
+```
+
+Those APIs have been removed and replaced by the new API
+`mbedtls_ssl_set_export_keys_cb()`. This API differs from
+the previous key export API in the following ways:
+
+- It is no longer bound to an SSL configuration, but to an
+ SSL context. This allows users to more easily identify the
+ connection an exported key belongs to.
+- It no longer exports raw keys and IV.
+- A secret type parameter has been added to identify which key
+ is being exported. For TLS 1.2, only the master secret is
+ exported, but upcoming TLS 1.3 support will add other kinds of keys.
+- The callback now specifies a void return type, rather than
+ returning an error code. It is the responsibility of the application
+ to handle failures in the key export callback, for example by
+ shutting down the TLS connection.
+
+For users which do not rely on raw keys and IV, adjusting to the new
+callback type should be straightforward - see the example programs
+programs/ssl/ssl_client2 and programs/ssl/ssl_server2 for callbacks
+for NSSKeylog, EAP-TLS and DTLS-SRTP.
+
+Users which require access to the raw keys used to secure application
+traffic may derive those by hand based on the master secret and the
+handshake transcript hashes which can be obtained from the raw data
+on the wire. Such users are also encouraged to reach out to the
+Mbed TLS team on the mailing list, to let the team know about their
+use case.
diff --git a/docs/3.0-migration-guide.d/mandatory-rng-param.md b/docs/3.0-migration-guide.d/mandatory-rng-param.md
new file mode 100644
index 0000000..f6aba08
--- /dev/null
+++ b/docs/3.0-migration-guide.d/mandatory-rng-param.md
@@ -0,0 +1,40 @@
+The RNG parameter is now mandatory for all functions that accept one
+--------------------------------------------------------------------
+
+This change affects all users who called a function accepting a `f_rng`
+parameter with `NULL` as the value of this argument; this is no longer
+supported.
+
+The changed functions are: the X.509 CRT and CSR writing functions; the PK and
+RSA sign and decrypt functions; `mbedtls_rsa_private()`; the functions in DHM
+and ECDH that compute the shared secret; the scalar multiplication functions in
+ECP.
+
+You now need to pass a properly seeded, cryptographically secure RNG to all
+functions that accept a `f_rng` parameter. It is of course still possible to
+pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a
+context.
+
+Alternative implementations of a module (enabled with the `MBEDTLS_module_ALT`
+configuration options) may have their own internal and are free to ignore the
+`f_rng` argument but must allow users to pass one anyway.
+
+Some functions gained an RNG parameter
+--------------------------------------
+
+This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`,
+`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and
+`mbedtls_pk_parse_keyfile()`.
+
+You now need to pass a properly seeded, cryptographically secure RNG when
+calling these functions. It is used for blinding, a counter-measure against
+side-channel attacks.
+
+The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed
+------------------------------------------------------------------
+
+This doesn't affect users of the default configuration; it only affects people
+who were explicitly setting this option.
+
+This was a trade-off between code size and counter-measures; it is no longer
+relevant as the counter-measure is now always on at no cost in code size.
diff --git a/docs/3.0-migration-guide.d/max-record-payload-api.md b/docs/3.0-migration-guide.d/max-record-payload-api.md
new file mode 100644
index 0000000..0b34915
--- /dev/null
+++ b/docs/3.0-migration-guide.d/max-record-payload-api.md
@@ -0,0 +1,11 @@
+Remove MaximumFragmentLength (MFL) query API
+-----------------------------------------------------------------
+
+This affects users which use the MFL query APIs
+`mbedtls_ssl_get_{input,output}_max_frag_len()` to
+infer upper bounds on the plaintext size of incoming and
+outgoing record.
+
+Users should switch to `mbedtls_ssl_get_max_{in,out}_record_payload()`
+instead, which also provides such upper bounds but takes more factors
+than just the MFL configuration into account.
diff --git a/docs/3.0-migration-guide.d/move_part_of_timing_module_out_of_the_library.md b/docs/3.0-migration-guide.d/move_part_of_timing_module_out_of_the_library.md
new file mode 100644
index 0000000..fa61e27
--- /dev/null
+++ b/docs/3.0-migration-guide.d/move_part_of_timing_module_out_of_the_library.md
@@ -0,0 +1,9 @@
+Move part of timing module out of the library
+--
+
+The change affects users who use any of the following functions:
+`mbedtls_timing_self_test()`, `mbedtls_hardclock_poll()`,
+`mbedtls_timing_hardclock()` and `mbedtls_set_alarm()`.
+
+If you were relying on these functions, you'll now need to change to using your
+platform's corresponding functions directly.
diff --git a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md
index e400650..d21d5ed 100644
--- a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md
+++ b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md
@@ -19,11 +19,3 @@
was only needed when using a private key). This affects all applications using
the RSA verify functions.
-RNG is now mandatory in all RSA private key operations
-------------------------------------------------------
-
-The random generator is now mandatory for blinding in all RSA private-key
-operations (`mbedtls_rsa_private`, `mbedtls_rsa_xxx_sign`,
-`mbedtls_rsa_xxx_decrypt`) as well as for encryption
-(`mbedtls_rsa_xxx_encrypt`). This means that passing a null `f_rng` is no longer
-supported.
diff --git a/docs/3.0-migration-guide.d/remove-ssl-get-session_pointer.md b/docs/3.0-migration-guide.d/remove-ssl-get-session_pointer.md
new file mode 100644
index 0000000..a4a4895
--- /dev/null
+++ b/docs/3.0-migration-guide.d/remove-ssl-get-session_pointer.md
@@ -0,0 +1,23 @@
+Remove the SSL API mbedtls_ssl_get_session_pointer()
+-----------------------------------------------------------------
+
+This affects two classes of users:
+
+1. Users who manually inspect parts of the current session through
+ direct structure field access.
+
+2. Users of session resumption who query the current session
+ via `mbedtls_ssl_get_session_pointer()` prior to saving or exporting
+ it via `mbedtls_ssl_session_copy()` or `mbedtls_ssl_session_save()`,
+ respectively.
+
+Migration paths:
+
+1. Mbed TLS 3.0 does not offer a migration path for the usecase 1: Like many
+ other Mbed TLS structures, the structure of `mbedtls_ssl_session` is no
+ longer part of the public API in Mbed TLS 3.0, and direct structure field
+ access is no longer supported. Please see the corresponding migration guide.
+
+2. Users should replace calls to `mbedtls_ssl_get_session_pointer()` by
+ calls to `mbedtls_ssl_get_session()` as demonstrated in the example
+ program `programs/ssl/ssl_client2.c`.
diff --git a/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION.md b/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION.md
new file mode 100644
index 0000000..738fa81
--- /dev/null
+++ b/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION.md
@@ -0,0 +1,17 @@
+Remove the config option MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+--------------------------------------------------------------------------
+
+This change does not affect users of the default configuration; it only affect
+users who enable this option.
+
+The X.509 standard says that implementations must reject critical extensions that
+they don't recognize, and this is what Mbed TLS does by default. This option
+allowed to continue parsing those certificates but didn't provide a convenient
+way to handle those extensions.
+
+The migration path from that option is to use the
+`mbedtls_x509_crt_parse_der_with_ext_cb()` function which is functionally
+equivalent to `mbedtls_x509_crt_parse_der()`, and/or
+`mbedtls_x509_crt_parse_der_nocopy()` but it calls the callback with every
+unsupported certificate extension and additionally the "certificate policies"
+extension if it contains any unsupported certificate policies.
diff --git a/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md b/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md
new file mode 100644
index 0000000..2acb3bf
--- /dev/null
+++ b/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md
@@ -0,0 +1,18 @@
+Remove `MBEDTLS_X509_CHECK_*_KEY_USAGE` options from `config.h`
+-------------------------------------------------------------------
+
+This change affects users who have chosen the configuration options to disable the
+library's verification of the `keyUsage` and `extendedKeyUsage` fields of x509
+certificates.
+
+The `MBEDTLS_X509_CHECK_KEY_USAGE` and `MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE`
+configuration options are removed and the X509 code now behaves as if they were
+always enabled. It is consequently not possible anymore to disable at compile
+time the verification of the `keyUsage` and `extendedKeyUsage` fields of X509
+certificates.
+
+The verification of the `keyUsage` and `extendedKeyUsage` fields is important,
+disabling it can cause security issues and it is thus not recommended. If the
+verification is for some reason undesirable, it can still be disabled by means
+of the verification callback function passed to `mbedtls_x509_crt_verify()` (see
+the documentation of this function for more information).
diff --git a/docs/3.0-migration-guide.d/remove_MD2_MD4_RC4_Blowfish_XTEA.md b/docs/3.0-migration-guide.d/remove_MD2_MD4_RC4_Blowfish_XTEA.md
new file mode 100644
index 0000000..d199f2f
--- /dev/null
+++ b/docs/3.0-migration-guide.d/remove_MD2_MD4_RC4_Blowfish_XTEA.md
@@ -0,0 +1,8 @@
+Remove MD2, MD4, RC4, Blowfish and XTEA algorithms
+--
+
+This change affects users of the MD2, MD4, RC4, Blowfish and XTEA algorithms.
+
+They are already niche or obsolete and most of them are weak or broken. For
+those reasons possible users should consider switching to modern and safe
+alternatives to be found in literature.
diff --git a/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md b/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md
index b18b310..31c2ce8 100644
--- a/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md
+++ b/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md
@@ -50,7 +50,9 @@
`mbedtls_ssl_conf_dh_param_bin()` or `mbedtls_ssl_conf_dh_param_ctx()` instead.
The function `mbedtls_ssl_get_max_frag_len()` was removed. Please use
-`mbedtls_ssl_get_output_max_frag_len()` instead.
+`mbedtls_ssl_get_max_out_record_payload()` and
+`mbedtls_ssl_get_max_in_record_payload()`
+instead.
Deprecated hex-encoded primes were removed from DHM
---------------------------------------------------
diff --git a/docs/3.0-migration-guide.d/remove_mbedtls_check_params_option.md b/docs/3.0-migration-guide.d/remove_mbedtls_check_params_option.md
new file mode 100644
index 0000000..6f43aa3
--- /dev/null
+++ b/docs/3.0-migration-guide.d/remove_mbedtls_check_params_option.md
@@ -0,0 +1,33 @@
+Remove MBEDTLS_CHECK_PARAMS option
+----------------------------------
+
+This change does not affect users who use the default configuration; it only
+affects users who enabled that option.
+
+The option `MBEDTLS_CHECK_PARAMS` (disabled by default) enabled certain kinds
+of “parameter validation”. It covered two kinds of validations:
+
+- In some functions that require a valid pointer, “parameter validation” checks
+that the pointer is non-null. With the feature disabled, a null pointer is not
+treated differently from any other invalid pointer, and typically leads to a
+runtime crash. 90% of the uses of the feature are of this kind.
+- In some functions that take an enum-like argument, “parameter validation”
+checks that the value is a valid one. With the feature disabled, an invalid
+value causes a silent default to one of the valid values.
+
+The default reaction to a failed check was to call a function
+`mbedtls_param_failed()` which the application had to provide. If this function
+returned, its caller returned an error `MBEDTLS_ERR_xxx_BAD_INPUT_DATA`.
+
+This feature was only used in some classic (non-PSA) cryptography modules. It was
+not used in X.509, TLS or in PSA crypto, and it was not implemented in all
+classic crypto modules.
+
+This feature has been removed. The library no longer checks for NULL pointers;
+checks for enum-like arguments will be kept or re-introduced on a case-by-case
+basis, but their presence will no longer be dependent on a compile-time option.
+
+Validation of enum-like values is somewhat useful, but not extremely important,
+because the parameters concerned are usually constants in applications.
+
+For more information see issue #4313.
diff --git a/docs/3.0-migration-guide.d/rename_the__ret_functions.md b/docs/3.0-migration-guide.d/rename_the__ret_functions.md
new file mode 100644
index 0000000..875164b
--- /dev/null
+++ b/docs/3.0-migration-guide.d/rename_the__ret_functions.md
@@ -0,0 +1,43 @@
+Rename mbedtls_*_ret() cryptography functions whose deprecated variants
+have been removed
+-----------------
+
+This change affects users who were using the `mbedtls_*_ret()` cryptography
+functions.
+
+Those functions were created based on now-deprecated functions according to a
+requirement that a function needs to return a value. This change brings back the
+original names of those functions. The renamed functions are:
+
+| name before this change | after the change |
+|------------------------------|--------------------------|
+| mbedtls_ctr_drbg_update_ret | mbedtls_ctr_drbg_update |
+| mbedtls_hmac_drbg_update_ret | mbedtls_hmac_drbg_update |
+| mbedtls_md5_starts_ret | mbedtls_md5_starts |
+| mbedtls_md5_update_ret | mbedtls_md5_update |
+| mbedtls_md5_finish_ret | mbedtls_md5_finish |
+| mbedtls_md5_ret | mbedtls_md5 |
+| mbedtls_ripemd160_starts_ret | mbedtls_ripemd160_starts |
+| mbedtls_ripemd160_update_ret | mbedtls_ripemd160_update |
+| mbedtls_ripemd160_finish_ret | mbedtls_ripemd160_finish |
+| mbedtls_ripemd160_ret | mbedtls_ripemd160 |
+| mbedtls_sha1_starts_ret | mbedtls_sha1_starts |
+| mbedtls_sha1_update_ret | mbedtls_sha1_update |
+| mbedtls_sha1_finish_ret | mbedtls_sha1_finish |
+| mbedtls_sha1_ret | mbedtls_sha1 |
+| mbedtls_sha256_starts_ret | mbedtls_sha256_starts |
+| mbedtls_sha256_update_ret | mbedtls_sha256_update |
+| mbedtls_sha256_finish_ret | mbedtls_sha256_finish |
+| mbedtls_sha256_ret | mbedtls_sha256 |
+| mbedtls_sha512_starts_ret | mbedtls_sha512_starts |
+| mbedtls_sha512_update_ret | mbedtls_sha512_update |
+| mbedtls_sha512_finish_ret | mbedtls_sha512_finish |
+| mbedtls_sha512_ret | mbedtls_sha512 |
+
+To migrate to the this change the user can keep the `*_ret` names in their code
+and include the `compat_2.x.h` header file which holds macros with proper
+renaming or to rename those function in their code according to the list from
+mentioned header file.
+
+
+
diff --git a/docs/3.0-migration-guide.d/require-matching-hashlen-rsa.md b/docs/3.0-migration-guide.d/require-matching-hashlen-rsa.md
new file mode 100644
index 0000000..d59a8d3
--- /dev/null
+++ b/docs/3.0-migration-guide.d/require-matching-hashlen-rsa.md
@@ -0,0 +1,24 @@
+Signature functions now require the hash length to match the expected value
+---------------------------------------------------------------------------
+
+This affects users of the PK API as well as users of the low-level API in the RSA module. Users of the PSA API or of the ECDSA module are unaffected.
+
+All the functions in the RSA module that accept a `hashlen` parameter used to
+ignore it unless the `md_alg` parameter was `MBEDTLS_MD_NONE`, indicating raw
+data was signed. The `hashlen` parameter is now always the size that is read
+from the `hash` input buffer. This length must be equal to the output size of
+the hash algorithm used when signing a hash. (The requirements when signing
+raw data are unchanged.) This affects the following functions:
+
+* `mbedtls_rsa_pkcs1_sign`, `mbedtls_rsa_pkcs1_verify`
+* `mbedtls_rsa_rsassa_pkcs1_v15_sign`, `mbedtls_rsa_rsassa_pkcs1_v15_verify`
+* `mbedtls_rsa_rsassa_pss_sign`, `mbedtls_rsa_rsassa_pss_verify`
+* `mbedtls_rsa_rsassa_pss_sign_ext`, `mbedtls_rsa_rsassa_pss_verify_ext`
+
+The signature functions in the PK module no longer accept 0 as the `hash_len` parameter. The `hash_len` parameter is now always the size that is read from the `hash` input buffer. This affects the following functions:
+
+* `mbedtls_pk_sign`, `mbedtls_pk_verify`
+* `mbedtls_pk_sign_restartable`, `mbedtls_pk_verify_restartable`
+* `mbedtls_pk_verify_ext`
+
+The migration path is to pass the correct value to those functions.
diff --git a/docs/3.0-migration-guide.d/rsa-padding.md b/docs/3.0-migration-guide.d/rsa-padding.md
new file mode 100644
index 0000000..f10ece6
--- /dev/null
+++ b/docs/3.0-migration-guide.d/rsa-padding.md
@@ -0,0 +1,29 @@
+Remove the padding parameters from mbedtls_rsa_init()
+-----------------------------------------------------
+
+This affects all users who use the RSA encryption, decryption, sign and
+verify APIs.
+
+The function mbedtls_rsa_init() no longer supports selecting the PKCS#1 v2.1
+encoding and its hash. It just selects the PKCS#1 v1.5 encoding by default. If
+you were using the PKCS#1 v2.1 encoding you now need, subsequently to the call
+to mbedtls_rsa_init(), to call mbedtls_rsa_set_padding() to set it.
+
+To choose the padding type when initializing a context, instead of
+```C
+ mbedtls_rsa_init(ctx, padding, hash_id);
+```
+, use
+```C
+ mbedtls_rsa_init(ctx);
+ mbedtls_rsa_set_padding(ctx, padding, hash_id);
+```
+
+To use PKCS#1 v1.5 padding, instead of
+```C
+ mbedtls_rsa_init(ctx, MBEDTLS_RSA_PKCS_V15, <ignored>);
+```
+, just use
+```C
+ mbedtls_rsa_init(ctx);
+```
diff --git a/docs/3.0-migration-guide.d/ssl-ticket-api.md b/docs/3.0-migration-guide.d/ssl-ticket-api.md
new file mode 100644
index 0000000..23c53d6
--- /dev/null
+++ b/docs/3.0-migration-guide.d/ssl-ticket-api.md
@@ -0,0 +1,30 @@
+Modified semantics of mbedtls_ssl_{get,set}_session()
+-----------------------------------------------------------------
+
+This affects users who call `mbedtls_ssl_get_session()` or
+`mbedtls_ssl_set_session()` multiple times on the same SSL context
+representing an established TLS 1.2 connection.
+Those users will now observe the second call to fail with
+`MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE`.
+
+Migration path:
+- Exporting the same TLS 1.2 connection multiple times via
+ `mbedtls_ssl_get_session()` leads to multiple copies of
+ the same session. This use of `mbedtls_ssl_get_session()`
+ is discouraged, and the following should be considered:
+ * If the various session copies are later loaded into
+ fresh SSL contexts via `mbedtls_ssl_set_session()`,
+ export via `mbedtls_ssl_get_session()` only once and
+ load the same session into different contexts via
+ `mbedtls_ssl_set_session()`. Since `mbedtls_ssl_set_session()`
+ makes a copy of the session that's being loaded, this
+ is functionally equivalent.
+ * If the various session copies are later serialized
+ via `mbedtls_ssl_session_save()`, export and serialize
+ the session only once via `mbedtls_ssl_get_session()` and
+ `mbedtls_ssl_session_save()` and make copies of the raw
+ data instead.
+- Calling `mbedtls_ssl_set_session()` multiple times in Mbed TLS 2.x
+ is not useful since subsequent calls overwrite the effect of previous
+ calls. Applications achieve equivalent functional behaviour by
+ issuing only the very last call to `mbedtls_ssl_set_session()`.
diff --git a/docs/3.0-migration-guide.d/turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md b/docs/3.0-migration-guide.d/turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md
new file mode 100644
index 0000000..6a6554d
--- /dev/null
+++ b/docs/3.0-migration-guide.d/turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md
@@ -0,0 +1,14 @@
+Turn MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE configuration option into a runtime option
+--
+
+This change affects users who were enabling MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+option in the `config.h`
+
+This option has been removed and a new function with similar functionality has
+been introduced into the SSL API.
+
+This new function `mbedtls_ssl_conf_preference_order()` can be used to
+change the preferred order of ciphersuites on the server to those used on the client,
+e.g.: `mbedtls_ssl_conf_preference_order(ssl_config, MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)`
+has the same effect as enabling the removed option. The default state is to use
+the server order of suites.
diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md
index 2d031c6..1541c7a 100644
--- a/docs/3.0-migration-guide.md
+++ b/docs/3.0-migration-guide.md
@@ -22,7 +22,7 @@
Deprecated functions were removed from hashing modules
------------------------------------------------------
-Modules: MD2, MD4, MD5, SHA1, SHA256, SHA512, MD.
+Modules: MD5, SHA1, SHA256, SHA512, MD.
- The functions `mbedtls_xxx_starts()`, `mbedtls_xxx_update()`,
`mbedtls_xxx_finish()` and `mbedtls_xxx()` were removed. Please use the
@@ -59,37 +59,12 @@
If you're providing alt implementations of ECP or RSA, you'll need to add our
`library` directory to your include path when building your alt
implementations, and note that `ecp_internal.h` and `rsa_internal.h` have been
-renamed to `ecp_alt.h` and `rsa_alt_helpers.h` respectively.
+renamed to `ecp_internal_alt.h` and `rsa_alt_helpers.h` respectively.
If you're a library user and used to rely on having access to a structure or
function that's now in a private header, please reach out on the mailing list
and explain your need; we'll consider adding a new API in a future version.
-Remove the option to allow SHA-1 by default in certificates
------------------------------------------------------------
-
-This does not affect users who use the default `config.h`, as this option was
-already off by default.
-
-If you used to enable `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES` in your
-`config.h`, first please take a moment to consider whether you really still
-want to accept certificates signed with SHA-1 as those are considered insecure
-and no CA has issued them for a while. If you really need to allow SHA-1 in
-certificates, please set up a custom profile as follows:
-
-```
-const mbedtls_x509_crt_profile mbedtls_x509_crt_custom = {
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
- MBEDTLS_X509_ID_FLAG( /* other hash */ ) /* | etc */,
- 0xFFFFFFF, /* Or specific PK algs */
- 0xFFFFFFF, /* Or specific curves */
- 2048 /* Or another RSA min bitlen */
-};
-```
-Then pass it to `mbedtls_x509_crt_verify_with_profile()` if you're verifying
-a certificate chain directly, or to `mbedtls_ssl_conf_cert_profile()` if the
-verification happens during a TLS handshake.
-
Remove the certs module from the library
----------------------------------------
@@ -137,17 +112,16 @@
to date. If one of your peers is in that case, please try contacting them and
encouraging them to upgrade their software.
-Remove support for compatibility with old Mbed TLS's truncated HMAC
--------------------------------------------------------------------
+Remove support for truncated HMAC
+---------------------------------
-This doesn't affect people using the default configuration as it was already
-disabled by default.
+This affects users of truncated HMAC, that is, users who called
+`mbedtls_ssl_conf_truncated_hmac( ..., MBEDTLS_SSL_TRUNC_HMAC_ENABLED)`,
+regardless of whether the standard version was used or compatibility version
+(`MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT`).
-This only affects TLS users who enabled `MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT` and
-used the Truncated HMAC extension to communicate with peers using old version
-of Mbed TLS. Please consider using a CCM-8 ciphersuite instead of the
-Truncated HMAC extension, or convincing your peer to upgrade their version of
-Mbed TLS.
+The recommended migration path for people who want minimal overhead is to use a
+CCM-8 ciphersuite.
Remove support for TLS record-level compression
-----------------------------------------------
diff --git a/docs/architecture/alternative-implementations.md b/docs/architecture/alternative-implementations.md
new file mode 100644
index 0000000..7fe6332
--- /dev/null
+++ b/docs/architecture/alternative-implementations.md
@@ -0,0 +1,91 @@
+Alternative implementations of Mbed TLS functionality
+=====================================================
+
+This document describes how parts of the Mbed TLS functionality can be replaced at compile time to integrate the library on a platform.
+
+This document is an overview. It is not exhaustive. Please consult the documentation of individual modules and read the library header files for more details.
+
+## Platform integration
+
+Mbed TLS works out of the box on Unix/Linux/POSIX-like systems and on Windows. On embedded platforms, you may need to customize some aspects of how Mbed TLS interacts with the underlying platform. This section discusses the main areas that can be configured.
+
+The platform module (`include/mbedtls/platform.h`) controls how Mbed TLS accesses standard library features such as memory management (`calloc`, `free`), `printf`, `exit`. You can define custom functions instead of the ones from the C standard library through `MBEDTLS_PLATFORM_XXX` options in the configuration file. Many options have two mechanisms: either define `MBEDTLS_PLATFORM_XXX_MACRO` to the name of a function to call instead of the standard function `xxx`, or define `MBEDTLS_PLATFORM_XXX_ALT` and [register an alternative implementation during the platform setup](#alternative-implementations-of-platform-functions).
+
+The storage of the non-volatile seed for random generation, enabled with `MBEDTLS_ENTROPY_NV_SEED`, is also controlled via the platform module.
+
+For timing functions, you can [declare an alternative implementation of the timing module](#module-alternative-implementations).
+
+On multithreaded platforms, [declare an alternative implementation of the threading module](#module-alternative-implementations).
+
+To configure entropy sources (hardware random generators), see the `MBEDTLS_ENTROPY_XXX` options in the configuration file.
+
+For networking, the `net_sockets` module does not currently support alternative implementations. If this module does not work on your platform, disable `MBEDTLS_NET_C` and use custom functions for TLS.
+
+If your platform has a cryptographic accelerator, you can use it via a [PSA driver](#psa-cryptography-drivers) or declare an [alternative implementation of the corresponding module(s)](#module-alternative-implementations) or [of specific functions](#function-alternative-implementations). PSA drivers will ultimately replace the alternative implementation mechanism, but alternative implementation will remain supported in at least all Mbed TLS versions of the form 3.x. The interface of PSA drivers is currently still experimental and subject to change.
+
+## PSA cryptography drivers
+
+On platforms where a hardware cryptographic engine is present, you can implement a driver for this engine in the PSA interface. Drivers are supported for cryptographic operations with transparent keys (keys available in cleartext), for cryptographic operations with opaque keys (keys that are only available inside the cryptographic engine), and for random generation. Calls to `psa_xxx` functions that perform cryptographic operations are directed to drivers instead of the built-in code as applicable. See the [PSA cryptography driver interface specification](docs/proposed/psa-driver-interface.md), the [Mbed TLS PSA driver developer guide](docs/proposed/psa-driver-developer-guide.md) and the [Mbed TLS PSA driver integration guide](docs/proposed/psa-driver-integration-guide.md) for more information.
+
+As of Mbed TLS 3.0, this interface is still experimental and subject to change, and not all operations support drivers yet. The configuration option `MBEDTLS_USE_PSA_CRYPTO` causes parts of the `mbedtls_xxx` API to use PSA crypto and therefore to support drivers, however it is not yet compatible with all drivers.
+
+## Module alternative implementations
+
+You can replace the code of some modules of Mbed TLS at compile time by a custom implementation. This is possible for low-level cryptography modules (symmetric algorithms, DHM, RSA, ECP, ECJPAKE) and for some platform-related modules (threading, timing). Such custom implementations are called “alternative implementations”, or “ALT implementations” for short.
+
+The general principle of an alternative implementation is:
+* Enable `MBEDTLS_XXX_ALT` in the compile-time configuration where XXX is the module name. For example, `MBEDTLS_AES_ALT` for an implementation of the AES module. This is in addition to enabling `MBEDTLS_XXX_C`.
+* Create a header file `xxx_alt.h` that defines the context type(s) used by the module. For example, `mbedtls_aes_context` for AES.
+* Implement all the functions from the module, i.e. the functions declared in `include/mbedtls/xxx.h`.
+
+See https://tls.mbed.org/kb/development/hw_acc_guidelines for a more detailed guide.
+
+### Constraints on context types
+
+Generally, alternative implementations can define their context types to any C type except incomplete and array types (although they would normally be `struct` types). This section lists some known limitations where the context type needs to be a structure with certain fields.
+
+Where a context type needs to have a certain field, the field must have the same type and semantics as in the built-in implementation, but does not need to be at the same position in the structure. Furthermore, unless otherwise indicated, only read access is necessary: the field can be `const`, and modifications to it do not need to be supported. For example, if an alternative implementation of asymmetric cryptography uses a different representation of large integers, it is sufficient to provide a read-only copy of the fields listed here of type `mbedtls_mpi`.
+
+* AES: if `MBEDTLS_AESNI_C` or `MBEDTLS_PADLOCK_C` is enabled, `mbedtls_aes_context` must have the fields `nr` and `rk`.
+* DHM: if `MBEDTLS_DEBUG_C` is enabled, `mbedtls_dhm_context` must have the fields `P`, `Q`, `G`, `GX`, `GY` and `K`.
+* ECP: `mbedtls_ecp_group` must have the fields `id`, `P`, `A`, `B`, `G`, `N`, `pbits` and `nbits`.
+ * If `MBEDTLS_PK_PARSE_EC_EXTENDED` is enabled, those fields must be writable, and `mbedtls_ecp_point_read_binary()` must support a group structure where only `P`, `pbits`, `A` and `B` are set.
+
+It must be possible to move a context object in memory (except during the execution of a library function that takes this context as an argument). (This is necessary, for example, to support applications that populate a context on the stack of an inner function and then copy the context upwards through the call chain, or applications written in a language with automatic memory management that can move objects on the heap.) That is, call sequences like the following must work:
+```
+mbedtls_xxx_context ctx1, ctx2;
+mbedtls_xxx_init(&ctx1);
+mbedtls_xxx_setup(&ctx1, …);
+ctx2 = ctx1;
+memset(&ctx1, 0, sizeof(ctx1));
+mbedtls_xxx_do_stuff(&ctx2, …);
+mbedtls_xxx_free(&ctx2);
+```
+In practice, this means that a pointer to a context or to a part of a context does not remain valid across function calls. Alternative implementations do not need to support copying of contexts: contexts can only be cloned through explicit `clone()` functions.
+
+## Function alternative implementations
+
+In some cases, it is possible to replace a single function or a small set of functions instead of [providing an alternative implementation of the whole module](#module-alternative-implementations).
+
+### Alternative implementations of cryptographic functions
+
+Options to replace individual functions of cryptographic modules generally have a name obtained by upper-casing the function name and appending `_ALT`. If the function name contains `_internal`, `_ext` or `_ret`, this is removed in the `_ALT` symbol. When the corresponding option is enabled, the built-in implementation of the function will not be compiled, and you must provide an alternative implementation at link time.
+
+For example, enable `MBEDTLS_AES_ENCRYPT_ALT` at compile time and provide your own implementation of `mbedtls_aes_encrypt()` to provide an accelerated implementation of AES encryption that is compatible with the built-in key schedule. If you wish to implement key schedule differently, you can also enable `MBEDTLS_AES_SETKEY_ENC_ALT` and implement `mbedtls_aes_setkey_enc()`.
+
+Another example: enable `MBEDTLS_SHA256_PROCESS_ALT` and implement `mbedtls_internal_sha256_process()` to provide an accelerated implementation of SHA-256 and SHA-224.
+
+Note that since alternative implementations of individual functions cooperate with the built-in implementation of other functions, you must use the same layout for context objects as the built-in implementation. If you want to use different context types, you need to [provide an alternative implementation of the whole module](#module-alternative-implementations).
+
+### Alternative implementations of platform functions
+
+Several platform functions can be reconfigured dynamically by following the process described here. To reconfigure how Mbed TLS calls the standard library function `xxx()`:
+
+* Define the symbol `MBEDTLS_PLATFORM_XXX_ALT` at compile time.
+* During the initialization of your application, set the global variable `mbedtls_xxx` to an alternative implementation of `xxx()`.
+
+For example, to provide a custom `printf` function at run time, enable `MBEDTLS_PLATFORM_PRINTF_ALT` at compile time and assign to `mbedtls_printf` during the initialization of your application.
+
+Merely enabling `MBEDTLS_PLATFORM_XXX_ALT` does not change the behavior: by default, `mbedtls_xxx` points to the standard function `xxx`.
+
+Note that there are variations on the naming pattern. For example, some configurable functions are activated in pairs, such as `mbedtls_calloc` and `mbedtls_free` via `MBEDTLS_PLATFORM_MEMORY`. Consult the documentation of individual configuration options and of the platform module for details.
diff --git a/doxygen/input/doc_encdec.h b/doxygen/input/doc_encdec.h
index 46fb04f..96734bd 100644
--- a/doxygen/input/doc_encdec.h
+++ b/doxygen/input/doc_encdec.h
@@ -45,15 +45,11 @@
* - Symmetric:
* - AES (see \c mbedtls_aes_crypt_ecb(), \c mbedtls_aes_crypt_cbc(), \c mbedtls_aes_crypt_cfb128() and
* \c mbedtls_aes_crypt_ctr()).
- * - ARCFOUR (see \c mbedtls_arc4_crypt()).
- * - Blowfish / BF (see \c mbedtls_blowfish_crypt_ecb(), \c mbedtls_blowfish_crypt_cbc(),
- * \c mbedtls_blowfish_crypt_cfb64() and \c mbedtls_blowfish_crypt_ctr())
* - Camellia (see \c mbedtls_camellia_crypt_ecb(), \c mbedtls_camellia_crypt_cbc(),
* \c mbedtls_camellia_crypt_cfb128() and \c mbedtls_camellia_crypt_ctr()).
* - DES/3DES (see \c mbedtls_des_crypt_ecb(), \c mbedtls_des_crypt_cbc(), \c mbedtls_des3_crypt_ecb()
* and \c mbedtls_des3_crypt_cbc()).
* - GCM (AES-GCM and CAMELLIA-GCM) (see \c mbedtls_gcm_init())
- * - XTEA (see \c mbedtls_xtea_crypt_ecb()).
* - Asymmetric:
* - Diffie-Hellman-Merkle (see \c mbedtls_dhm_read_public(), \c mbedtls_dhm_make_public()
* and \c mbedtls_dhm_calc_secret()).
diff --git a/doxygen/input/doc_hashing.h b/doxygen/input/doc_hashing.h
index aaa0c78..931e6e9 100644
--- a/doxygen/input/doc_hashing.h
+++ b/doxygen/input/doc_hashing.h
@@ -34,7 +34,7 @@
* \c mbedtls_md_setup())
*
* The following hashing-algorithms are provided:
- * - MD2, MD4, MD5 128-bit one-way hash functions by Ron Rivest.
+ * - MD5 128-bit one-way hash function by Ron Rivest.
* - SHA-1, SHA-256, SHA-384/512 160-bit or more one-way hash functions by
* NIST and NSA.
*
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 0205dcf..dd84c28 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -1577,13 +1577,13 @@
# compilation will be performed. Macro expansion can be done in a controlled
# way by setting EXPAND_ONLY_PREDEF to YES.
-MACRO_EXPANSION = NO
+MACRO_EXPANSION = YES
# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
# then the macro expansion is limited to the macros specified with the
# PREDEFINED and EXPAND_AS_DEFINED tags.
-EXPAND_ONLY_PREDEF = NO
+EXPAND_ONLY_PREDEF = YES
# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
# pointed to by INCLUDE_PATH will be searched when a #include is found.
@@ -1630,7 +1630,7 @@
# Use the PREDEFINED tag if you want to use a different macro definition that
# overrules the definition found in the source code.
-EXPAND_AS_DEFINED =
+EXPAND_AS_DEFINED = MBEDTLS_PRIVATE
# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
# doxygen's preprocessor will remove all references to function-like macros
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index da741c8..e23b9ca 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -39,6 +39,7 @@
#ifndef MBEDTLS_AES_H
#define MBEDTLS_AES_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -78,9 +79,9 @@
*/
typedef struct mbedtls_aes_context
{
- int nr; /*!< The number of rounds. */
- uint32_t *rk; /*!< AES round keys. */
- uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can
+ int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */
+ uint32_t *MBEDTLS_PRIVATE(rk); /*!< AES round keys. */
+ uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can
hold 32 extra Bytes, which can be used for
one of the following purposes:
<ul><li>Alignment if VIA padlock is
@@ -97,9 +98,9 @@
*/
typedef struct mbedtls_aes_xts_context
{
- mbedtls_aes_context crypt; /*!< The AES context to use for AES block
+ mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block
encryption or decryption. */
- mbedtls_aes_context tweak; /*!< The AES context used for tweak
+ mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak
computation. */
} mbedtls_aes_xts_context;
#endif /* MBEDTLS_CIPHER_MODE_XTS */
diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h
deleted file mode 100644
index ada6083..0000000
--- a/include/mbedtls/arc4.h
+++ /dev/null
@@ -1,141 +0,0 @@
-/**
- * \file arc4.h
- *
- * \brief The ARCFOUR stream cipher
- *
- * \warning ARC4 is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers instead.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-#ifndef MBEDTLS_ARC4_H
-#define MBEDTLS_ARC4_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_ARC4_ALT)
-// Regular implementation
-//
-
-/**
- * \brief ARC4 context structure
- *
- * \warning ARC4 is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers instead.
- *
- */
-typedef struct mbedtls_arc4_context
-{
- int x; /*!< permutation index */
- int y; /*!< permutation index */
- unsigned char m[256]; /*!< permutation table */
-}
-mbedtls_arc4_context;
-
-#else /* MBEDTLS_ARC4_ALT */
-#include "arc4_alt.h"
-#endif /* MBEDTLS_ARC4_ALT */
-
-/**
- * \brief Initialize ARC4 context
- *
- * \param ctx ARC4 context to be initialized
- *
- * \warning ARC4 is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers
- * instead.
- *
- */
-void mbedtls_arc4_init( mbedtls_arc4_context *ctx );
-
-/**
- * \brief Clear ARC4 context
- *
- * \param ctx ARC4 context to be cleared
- *
- * \warning ARC4 is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers
- * instead.
- *
- */
-void mbedtls_arc4_free( mbedtls_arc4_context *ctx );
-
-/**
- * \brief ARC4 key schedule
- *
- * \param ctx ARC4 context to be setup
- * \param key the secret key
- * \param keylen length of the key, in bytes
- *
- * \warning ARC4 is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers
- * instead.
- *
- */
-void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
- unsigned int keylen );
-
-/**
- * \brief ARC4 cipher function
- *
- * \param ctx ARC4 context
- * \param length length of the input data
- * \param input buffer holding the input data
- * \param output buffer for the output data
- *
- * \return 0 if successful
- *
- * \warning ARC4 is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers
- * instead.
- *
- */
-int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
- unsigned char *output );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- *
- * \warning ARC4 is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers
- * instead.
- *
- */
-int mbedtls_arc4_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* arc4.h */
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index e984147..854aa69 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -28,6 +28,7 @@
#ifndef MBEDTLS_ARIA_H
#define MBEDTLS_ARIA_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -64,9 +65,9 @@
*/
typedef struct mbedtls_aria_context
{
- unsigned char nr; /*!< The number of rounds (12, 14 or 16) */
+ unsigned char MBEDTLS_PRIVATE(nr); /*!< The number of rounds (12, 14 or 16) */
/*! The ARIA round keys. */
- uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
+ uint32_t MBEDTLS_PRIVATE(rk)[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
}
mbedtls_aria_context;
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index d2162fe..6611981 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_ASN1_H
#define MBEDTLS_ASN1_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -148,9 +149,9 @@
*/
typedef struct mbedtls_asn1_buf
{
- int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
- size_t len; /**< ASN1 length, in octets. */
- unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
+ int MBEDTLS_PRIVATE(tag); /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
+ size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
+ unsigned char *MBEDTLS_PRIVATE(p); /**< ASN1 data, e.g. in ASCII. */
}
mbedtls_asn1_buf;
@@ -159,9 +160,9 @@
*/
typedef struct mbedtls_asn1_bitstring
{
- size_t len; /**< ASN1 length, in octets. */
- unsigned char unused_bits; /**< Number of unused bits at the end of the string */
- unsigned char *p; /**< Raw ASN1 data for the bit string */
+ size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
+ unsigned char MBEDTLS_PRIVATE(unused_bits); /**< Number of unused bits at the end of the string */
+ unsigned char *MBEDTLS_PRIVATE(p); /**< Raw ASN1 data for the bit string */
}
mbedtls_asn1_bitstring;
@@ -170,8 +171,8 @@
*/
typedef struct mbedtls_asn1_sequence
{
- mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */
- struct mbedtls_asn1_sequence *next; /**< The next entry in the sequence. */
+ mbedtls_asn1_buf MBEDTLS_PRIVATE(buf); /**< Buffer containing the given ASN.1 item. */
+ struct mbedtls_asn1_sequence *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
}
mbedtls_asn1_sequence;
@@ -180,10 +181,10 @@
*/
typedef struct mbedtls_asn1_named_data
{
- mbedtls_asn1_buf oid; /**< The object identifier. */
- mbedtls_asn1_buf val; /**< The named value. */
- struct mbedtls_asn1_named_data *next; /**< The next entry in the sequence. */
- unsigned char next_merged; /**< Merge next item into the current one? */
+ mbedtls_asn1_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
+ mbedtls_asn1_buf MBEDTLS_PRIVATE(val); /**< The named value. */
+ struct mbedtls_asn1_named_data *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
+ unsigned char MBEDTLS_PRIVATE(next_merged); /**< Merge next item into the current one? */
}
mbedtls_asn1_named_data;
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 6a79024..74deecf 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_BIGNUM_H
#define MBEDTLS_BIGNUM_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -183,9 +184,9 @@
*/
typedef struct mbedtls_mpi
{
- int s; /*!< Sign: -1 if the mpi is negative, 1 otherwise */
- size_t n; /*!< total # of limbs */
- mbedtls_mpi_uint *p; /*!< pointer to limbs */
+ int MBEDTLS_PRIVATE(s); /*!< Sign: -1 if the mpi is negative, 1 otherwise */
+ size_t MBEDTLS_PRIVATE(n); /*!< total # of limbs */
+ mbedtls_mpi_uint *MBEDTLS_PRIVATE(p); /*!< pointer to limbs */
}
mbedtls_mpi;
diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h
deleted file mode 100644
index 1ade1fc..0000000
--- a/include/mbedtls/blowfish.h
+++ /dev/null
@@ -1,278 +0,0 @@
-/**
- * \file blowfish.h
- *
- * \brief Blowfish block cipher
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_BLOWFISH_H
-#define MBEDTLS_BLOWFISH_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#include "mbedtls/platform_util.h"
-
-#define MBEDTLS_BLOWFISH_ENCRYPT 1
-#define MBEDTLS_BLOWFISH_DECRYPT 0
-#define MBEDTLS_BLOWFISH_MAX_KEY_BITS 448
-#define MBEDTLS_BLOWFISH_MIN_KEY_BITS 32
-#define MBEDTLS_BLOWFISH_ROUNDS 16 /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */
-#define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */
-
-#define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 /**< Bad input data. */
-
-#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_BLOWFISH_ALT)
-// Regular implementation
-//
-
-/**
- * \brief Blowfish context structure
- */
-typedef struct mbedtls_blowfish_context
-{
- uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */
- uint32_t S[4][256]; /*!< key dependent S-boxes */
-}
-mbedtls_blowfish_context;
-
-#else /* MBEDTLS_BLOWFISH_ALT */
-#include "blowfish_alt.h"
-#endif /* MBEDTLS_BLOWFISH_ALT */
-
-/**
- * \brief Initialize a Blowfish context.
- *
- * \param ctx The Blowfish context to be initialized.
- * This must not be \c NULL.
- */
-void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx );
-
-/**
- * \brief Clear a Blowfish context.
- *
- * \param ctx The Blowfish context to be cleared.
- * This may be \c NULL, in which case this function
- * returns immediately. If it is not \c NULL, it must
- * point to an initialized Blowfish context.
- */
-void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx );
-
-/**
- * \brief Perform a Blowfish key schedule operation.
- *
- * \param ctx The Blowfish context to perform the key schedule on.
- * \param key The encryption key. This must be a readable buffer of
- * length \p keybits Bits.
- * \param keybits The length of \p key in Bits. This must be between
- * \c 32 and \c 448 and a multiple of \c 8.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
- unsigned int keybits );
-
-/**
- * \brief Perform a Blowfish-ECB block encryption/decryption operation.
- *
- * \param ctx The Blowfish context to use. This must be initialized
- * and bound to a key.
- * \param mode The mode of operation. Possible values are
- * #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
- * #MBEDTLS_BLOWFISH_DECRYPT for decryption.
- * \param input The input block. This must be a readable buffer
- * of size \c 8 Bytes.
- * \param output The output block. This must be a writable buffer
- * of size \c 8 Bytes.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
- int mode,
- const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
- unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief Perform a Blowfish-CBC buffer encryption/decryption operation.
- *
- * \note Upon exit, the content of the IV is updated so that you can
- * call the function same function again on the following
- * block(s) of data and get the same result as if it was
- * encrypted in one call. This allows a "streaming" usage.
- * If on the other hand you need to retain the contents of the
- * IV, you should either save it manually or use the cipher
- * module instead.
- *
- * \param ctx The Blowfish context to use. This must be initialized
- * and bound to a key.
- * \param mode The mode of operation. Possible values are
- * #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
- * #MBEDTLS_BLOWFISH_DECRYPT for decryption.
- * \param length The length of the input data in Bytes. This must be
- * multiple of \c 8.
- * \param iv The initialization vector. This must be a read/write buffer
- * of length \c 8 Bytes. It is updated by this function.
- * \param input The input data. This must be a readable buffer of length
- * \p length Bytes.
- * \param output The output data. This must be a writable buffer of length
- * \p length Bytes.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/**
- * \brief Perform a Blowfish CFB buffer encryption/decryption operation.
- *
- * \note Upon exit, the content of the IV is updated so that you can
- * call the function same function again on the following
- * block(s) of data and get the same result as if it was
- * encrypted in one call. This allows a "streaming" usage.
- * If on the other hand you need to retain the contents of the
- * IV, you should either save it manually or use the cipher
- * module instead.
- *
- * \param ctx The Blowfish context to use. This must be initialized
- * and bound to a key.
- * \param mode The mode of operation. Possible values are
- * #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
- * #MBEDTLS_BLOWFISH_DECRYPT for decryption.
- * \param length The length of the input data in Bytes.
- * \param iv_off The offset in the initialiation vector.
- * The value pointed to must be smaller than \c 8 Bytes.
- * It is updated by this function to support the aforementioned
- * streaming usage.
- * \param iv The initialization vector. This must be a read/write buffer
- * of size \c 8 Bytes. It is updated after use.
- * \param input The input data. This must be a readable buffer of length
- * \p length Bytes.
- * \param output The output data. This must be a writable buffer of length
- * \p length Bytes.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output );
-#endif /*MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/**
- * \brief Perform a Blowfish-CTR buffer encryption/decryption operation.
- *
- * \warning You must never reuse a nonce value with the same key. Doing so
- * would void the encryption for the two messages encrypted with
- * the same nonce and key.
- *
- * There are two common strategies for managing nonces with CTR:
- *
- * 1. You can handle everything as a single message processed over
- * successive calls to this function. In that case, you want to
- * set \p nonce_counter and \p nc_off to 0 for the first call, and
- * then preserve the values of \p nonce_counter, \p nc_off and \p
- * stream_block across calls to this function as they will be
- * updated by this function.
- *
- * With this strategy, you must not encrypt more than 2**64
- * blocks of data with the same key.
- *
- * 2. You can encrypt separate messages by dividing the \p
- * nonce_counter buffer in two areas: the first one used for a
- * per-message nonce, handled by yourself, and the second one
- * updated by this function internally.
- *
- * For example, you might reserve the first 4 bytes for the
- * per-message nonce, and the last 4 bytes for internal use. In that
- * case, before calling this function on a new message you need to
- * set the first 4 bytes of \p nonce_counter to your chosen nonce
- * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
- * stream_block to be ignored). That way, you can encrypt at most
- * 2**32 messages of up to 2**32 blocks each with the same key.
- *
- * The per-message nonce (or information sufficient to reconstruct
- * it) needs to be communicated with the ciphertext and must be unique.
- * The recommended way to ensure uniqueness is to use a message
- * counter.
- *
- * Note that for both stategies, sizes are measured in blocks and
- * that a Blowfish block is 8 bytes.
- *
- * \warning Upon return, \p stream_block contains sensitive data. Its
- * content must not be written to insecure storage and should be
- * securely discarded as soon as it's no longer needed.
- *
- * \param ctx The Blowfish context to use. This must be initialized
- * and bound to a key.
- * \param length The length of the input data in Bytes.
- * \param nc_off The offset in the current stream_block (for resuming
- * within current cipher stream). The offset pointer
- * should be \c 0 at the start of a stream and must be
- * smaller than \c 8. It is updated by this function.
- * \param nonce_counter The 64-bit nonce and counter. This must point to a
- * read/write buffer of length \c 8 Bytes.
- * \param stream_block The saved stream-block for resuming. This must point to
- * a read/write buffer of length \c 8 Bytes.
- * \param input The input data. This must be a readable buffer of
- * length \p length Bytes.
- * \param output The output data. This must be a writable buffer of
- * length \p length Bytes.
- *
- * \return \c 0 if successful.
- * \return A negative error code on failure.
- */
-int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
- unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* blowfish.h */
diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h
index dee5c3e..d2d4f61 100644
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_CAMELLIA_H
#define MBEDTLS_CAMELLIA_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -53,8 +54,8 @@
*/
typedef struct mbedtls_camellia_context
{
- int nr; /*!< number of rounds */
- uint32_t rk[68]; /*!< CAMELLIA round keys */
+ int MBEDTLS_PRIVATE(nr); /*!< number of rounds */
+ uint32_t MBEDTLS_PRIVATE(rk)[68]; /*!< CAMELLIA round keys */
}
mbedtls_camellia_context;
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index ea03a35..9529e2f 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -46,6 +46,7 @@
#ifndef MBEDTLS_CCM_H
#define MBEDTLS_CCM_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -77,7 +78,7 @@
*/
typedef struct mbedtls_ccm_context
{
- mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
}
mbedtls_ccm_context;
@@ -344,6 +345,9 @@
* \param plaintext_len The length in bytes of the plaintext to encrypt or
* result of the decryption (thus not encompassing the
* additional data that are not encrypted).
+ * \param tag_len The length of the tag to generate in Bytes:
+ * 4, 6, 8, 10, 12, 14 or 16.
+ * For CCM*, zero is also valid.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
@@ -352,7 +356,8 @@
*/
int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
size_t total_ad_len,
- size_t plaintext_len );
+ size_t plaintext_len,
+ size_t tag_len );
/**
* \brief This function feeds an input buffer as associated data
@@ -472,9 +477,8 @@
* \param tag The buffer for holding the tag. If \p tag_len is greater
* than zero, this must be a writable buffer of at least \p
* tag_len Bytes.
- * \param tag_len The length of the tag to generate in Bytes:
- * 4, 6, 8, 10, 12, 14 or 16.
- * For CCM*, zero is also valid.
+ * \param tag_len The length of the tag. Must match the tag length passed to
+ * mbedtls_ccm_set_lengths() function.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index a6a8cda..441aaa4 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -31,6 +31,7 @@
#ifndef MBEDTLS_CHACHA20_H
#define MBEDTLS_CHACHA20_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -51,9 +52,9 @@
typedef struct mbedtls_chacha20_context
{
- uint32_t state[16]; /*! The state (before round operations). */
- uint8_t keystream8[64]; /*! Leftover keystream bytes. */
- size_t keystream_bytes_used; /*! Number of keystream bytes already used. */
+ uint32_t MBEDTLS_PRIVATE(state)[16]; /*! The state (before round operations). */
+ uint8_t MBEDTLS_PRIVATE(keystream8)[64]; /*! Leftover keystream bytes. */
+ size_t MBEDTLS_PRIVATE(keystream_bytes_used); /*! Number of keystream bytes already used. */
}
mbedtls_chacha20_context;
diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index 1007f95..7c36739 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -31,6 +31,7 @@
#ifndef MBEDTLS_CHACHAPOLY_H
#define MBEDTLS_CHACHAPOLY_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -61,12 +62,12 @@
typedef struct mbedtls_chachapoly_context
{
- mbedtls_chacha20_context chacha20_ctx; /**< The ChaCha20 context. */
- mbedtls_poly1305_context poly1305_ctx; /**< The Poly1305 context. */
- uint64_t aad_len; /**< The length (bytes) of the Additional Authenticated Data. */
- uint64_t ciphertext_len; /**< The length (bytes) of the ciphertext. */
- int state; /**< The current state of the context. */
- mbedtls_chachapoly_mode_t mode; /**< Cipher mode (encrypt or decrypt). */
+ mbedtls_chacha20_context MBEDTLS_PRIVATE(chacha20_ctx); /**< The ChaCha20 context. */
+ mbedtls_poly1305_context MBEDTLS_PRIVATE(poly1305_ctx); /**< The Poly1305 context. */
+ uint64_t MBEDTLS_PRIVATE(aad_len); /**< The length (bytes) of the Additional Authenticated Data. */
+ uint64_t MBEDTLS_PRIVATE(ciphertext_len); /**< The length (bytes) of the ciphertext. */
+ int MBEDTLS_PRIVATE(state); /**< The current state of the context. */
+ mbedtls_chachapoly_mode_t MBEDTLS_PRIVATE(mode); /**< Cipher mode (encrypt or decrypt). */
}
mbedtls_chachapoly_context;
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index e066da7..36959ed 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -55,9 +55,8 @@
#endif
#endif /* _WIN32 */
-#if defined(TARGET_LIKE_MBED) && \
- ( defined(MBEDTLS_NET_C) || defined(MBEDTLS_TIMING_C) )
-#error "The NET and TIMING modules are not available for mbed OS - please use the network and timing functions provided by mbed OS"
+#if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C)
+#error "The NET module is not available for mbed OS - please use the network functions provided by Mbed OS"
#endif
#if defined(MBEDTLS_DEPRECATED_WARNING) && \
@@ -151,14 +150,6 @@
#error "MBEDTLS_ECP_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_ECP_C) && !( \
- defined(MBEDTLS_ECP_ALT) || \
- defined(MBEDTLS_CTR_DRBG_C) || \
- defined(MBEDTLS_HMAC_DRBG_C) || \
- defined(MBEDTLS_ECP_NO_INTERNAL_RNG))
-#error "MBEDTLS_ECP_C requires a DRBG module unless MBEDTLS_ECP_NO_INTERNAL_RNG is defined or an alternative implementation is used"
-#endif
-
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
#endif
@@ -826,6 +817,10 @@
#error "MBEDTLS_SSL_PROTO_TLS1_1 (TLS v1.1 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4286"
#endif
+#if defined(MBEDTLS_CHECK_PARAMS) //no-check-names
+#error "MBEDTLS_CHECK_PARAMS was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4313"
+#endif
+
#if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY) //no-check-names
#error "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
#endif
@@ -834,6 +829,10 @@
#error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
#endif
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) //no-check-names
+#error "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4341"
+#endif
+
/*
* Avoid warning from -pedantic. This is a convenient place for this
* workaround since this is included by every single file before the
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 06a29e7..99dc7c7 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -26,6 +26,7 @@
#ifndef MBEDTLS_CIPHER_H
#define MBEDTLS_CIPHER_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -44,7 +45,7 @@
#define MBEDTLS_CIPHER_MODE_WITH_PADDING
#endif
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
+#if defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
defined(MBEDTLS_CHACHA20_C)
#define MBEDTLS_CIPHER_MODE_STREAM
#endif
@@ -72,7 +73,7 @@
/**
* \brief Supported cipher types.
*
- * \warning RC4 and DES are considered weak ciphers and their use
+ * \warning DES is considered weak cipher and its use
* constitutes a security risk. Arm recommends considering stronger
* ciphers instead.
*/
@@ -83,8 +84,6 @@
MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */
MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */
MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
- MBEDTLS_CIPHER_ID_BLOWFISH, /**< The Blowfish cipher. */
- MBEDTLS_CIPHER_ID_ARC4, /**< The RC4 cipher. */
MBEDTLS_CIPHER_ID_ARIA, /**< The Aria cipher. */
MBEDTLS_CIPHER_ID_CHACHA20, /**< The ChaCha20 cipher. */
} mbedtls_cipher_id_t;
@@ -92,7 +91,7 @@
/**
* \brief Supported {cipher type, cipher mode} pairs.
*
- * \warning RC4 and DES are considered weak ciphers and their use
+ * \warning DES is considered weak cipher and its use
* constitutes a security risk. Arm recommends considering stronger
* ciphers instead.
*/
@@ -135,11 +134,6 @@
MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */
MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */
MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */
- MBEDTLS_CIPHER_BLOWFISH_ECB, /**< Blowfish cipher with ECB mode. */
- MBEDTLS_CIPHER_BLOWFISH_CBC, /**< Blowfish cipher with CBC mode. */
- MBEDTLS_CIPHER_BLOWFISH_CFB64, /**< Blowfish cipher with CFB64 mode. */
- MBEDTLS_CIPHER_BLOWFISH_CTR, /**< Blowfish cipher with CTR mode. */
- MBEDTLS_CIPHER_ARC4_128, /**< RC4 cipher with 128-bit mode. */
MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */
MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */
MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */
@@ -267,37 +261,37 @@
/** Full cipher identifier. For example,
* MBEDTLS_CIPHER_AES_256_CBC.
*/
- mbedtls_cipher_type_t type;
+ mbedtls_cipher_type_t MBEDTLS_PRIVATE(type);
/** The cipher mode. For example, MBEDTLS_MODE_CBC. */
- mbedtls_cipher_mode_t mode;
+ mbedtls_cipher_mode_t MBEDTLS_PRIVATE(mode);
/** The cipher key length, in bits. This is the
* default length for variable sized ciphers.
* Includes parity bits for ciphers like DES.
*/
- unsigned int key_bitlen;
+ unsigned int MBEDTLS_PRIVATE(key_bitlen);
/** Name of the cipher. */
- const char * name;
+ const char * MBEDTLS_PRIVATE(name);
/** IV or nonce size, in Bytes.
* For ciphers that accept variable IV sizes,
* this is the recommended size.
*/
- unsigned int iv_size;
+ unsigned int MBEDTLS_PRIVATE(iv_size);
/** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
* MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
* cipher supports variable IV or variable key sizes, respectively.
*/
- int flags;
+ int MBEDTLS_PRIVATE(flags);
/** The block size, in Bytes. */
- unsigned int block_size;
+ unsigned int MBEDTLS_PRIVATE(block_size);
/** Struct for base cipher information and functions. */
- const mbedtls_cipher_base_t *base;
+ const mbedtls_cipher_base_t *MBEDTLS_PRIVATE(base);
} mbedtls_cipher_info_t;
@@ -307,43 +301,43 @@
typedef struct mbedtls_cipher_context_t
{
/** Information about the associated cipher. */
- const mbedtls_cipher_info_t *cipher_info;
+ const mbedtls_cipher_info_t *MBEDTLS_PRIVATE(cipher_info);
/** Key length to use. */
- int key_bitlen;
+ int MBEDTLS_PRIVATE(key_bitlen);
/** Operation that the key of the context has been
* initialized for.
*/
- mbedtls_operation_t operation;
+ mbedtls_operation_t MBEDTLS_PRIVATE(operation);
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
/** Padding functions to use, if relevant for
* the specific cipher mode.
*/
- void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
- int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
+ void (*MBEDTLS_PRIVATE(add_padding))( unsigned char *output, size_t olen, size_t data_len );
+ int (*MBEDTLS_PRIVATE(get_padding))( unsigned char *input, size_t ilen, size_t *data_len );
#endif
/** Buffer for input that has not been processed yet. */
- unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
+ unsigned char MBEDTLS_PRIVATE(unprocessed_data)[MBEDTLS_MAX_BLOCK_LENGTH];
/** Number of Bytes that have not been processed yet. */
- size_t unprocessed_len;
+ size_t MBEDTLS_PRIVATE(unprocessed_len);
/** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number
* for XTS-mode. */
- unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
+ unsigned char MBEDTLS_PRIVATE(iv)[MBEDTLS_MAX_IV_LENGTH];
/** IV size in Bytes, for ciphers with variable-length IVs. */
- size_t iv_size;
+ size_t MBEDTLS_PRIVATE(iv_size);
/** The cipher-specific context. */
- void *cipher_ctx;
+ void *MBEDTLS_PRIVATE(cipher_ctx);
#if defined(MBEDTLS_CMAC_C)
/** CMAC-specific context. */
- mbedtls_cmac_context_t *cmac_ctx;
+ mbedtls_cmac_context_t *MBEDTLS_PRIVATE(cmac_ctx);
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -354,7 +348,7 @@
* mbedtls_cipher_setup(), and set if it was established through
* mbedtls_cipher_setup_psa().
*/
- unsigned char psa_enabled;
+ unsigned char MBEDTLS_PRIVATE(psa_enabled);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
} mbedtls_cipher_context_t;
@@ -504,10 +498,10 @@
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return 0;
- return ctx->cipher_info->block_size;
+ return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size);
}
/**
@@ -523,10 +517,10 @@
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_MODE_NONE;
- return ctx->cipher_info->mode;
+ return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(mode);
}
/**
@@ -543,13 +537,13 @@
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return 0;
- if( ctx->iv_size != 0 )
- return (int) ctx->iv_size;
+ if( ctx->MBEDTLS_PRIVATE(iv_size) != 0 )
+ return (int) ctx->MBEDTLS_PRIVATE(iv_size);
- return (int) ctx->cipher_info->iv_size;
+ return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size);
}
/**
@@ -565,10 +559,10 @@
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_CIPHER_NONE );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_CIPHER_NONE;
- return ctx->cipher_info->type;
+ return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(type);
}
/**
@@ -584,10 +578,10 @@
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return 0;
- return ctx->cipher_info->name;
+ return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(name);
}
/**
@@ -604,10 +598,10 @@
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_KEY_LENGTH_NONE;
- return (int) ctx->cipher_info->key_bitlen;
+ return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen);
}
/**
@@ -623,10 +617,10 @@
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_OPERATION_NONE );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_OPERATION_NONE;
- return ctx->operation;
+ return ctx->MBEDTLS_PRIVATE(operation);
}
/**
@@ -731,8 +725,6 @@
/**
* \brief This function adds additional data for AEAD ciphers.
* Currently supported with GCM and ChaCha20+Poly1305.
- * This must be called exactly once, after
- * mbedtls_cipher_reset().
*
* \param ctx The generic cipher context. This must be initialized.
* \param ad The additional data to use. This must be a readable
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index a0563b1..65c831c 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -25,6 +25,7 @@
#ifndef MBEDTLS_CMAC_H
#define MBEDTLS_CMAC_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -55,14 +56,14 @@
struct mbedtls_cmac_context_t
{
/** The internal state of the CMAC algorithm. */
- unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX];
+ unsigned char MBEDTLS_PRIVATE(state)[MBEDTLS_CIPHER_BLKSIZE_MAX];
/** Unprocessed data - either data that was not block aligned and is still
* pending processing, or the final block. */
- unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX];
+ unsigned char MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CIPHER_BLKSIZE_MAX];
/** The length of data pending processing. */
- size_t unprocessed_len;
+ size_t MBEDTLS_PRIVATE(unprocessed_len);
};
#else /* !MBEDTLS_CMAC_ALT */
diff --git a/include/mbedtls/compat-2.x.h b/include/mbedtls/compat-2.x.h
new file mode 100644
index 0000000..cdf81dc
--- /dev/null
+++ b/include/mbedtls/compat-2.x.h
@@ -0,0 +1,58 @@
+/**
+ * \file compat-2.x.h
+ *
+ * \brief Compatibility definitions
+ *
+ * \deprecated Use the new names directly instead
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#warning "Including compat-2.x.h is deprecated"
+#endif
+
+#ifndef MBEDTLS_COMPAT2X_H
+#define MBEDTLS_COMPAT2X_H
+
+/*
+ * Macros for renamed functions
+ */
+#define mbedtls_ctr_drbg_update_ret mbedtls_ctr_drbg_update
+#define mbedtls_hmac_drbg_update_ret mbedtls_hmac_drbg_update
+#define mbedtls_md5_starts_ret mbedtls_md5_starts
+#define mbedtls_md5_update_ret mbedtls_md5_update
+#define mbedtls_md5_finish_ret mbedtls_md5_finish
+#define mbedtls_md5_ret mbedtls_md5
+#define mbedtls_ripemd160_starts_ret mbedtls_ripemd160_starts
+#define mbedtls_ripemd160_update_ret mbedtls_ripemd160_update
+#define mbedtls_ripemd160_finish_ret mbedtls_ripemd160_finish
+#define mbedtls_ripemd160_ret mbedtls_ripemd160
+#define mbedtls_sha1_starts_ret mbedtls_sha1_starts
+#define mbedtls_sha1_update_ret mbedtls_sha1_update
+#define mbedtls_sha1_finish_ret mbedtls_sha1_finish
+#define mbedtls_sha1_ret mbedtls_sha1
+#define mbedtls_sha256_starts_ret mbedtls_sha256_starts
+#define mbedtls_sha256_update_ret mbedtls_sha256_update
+#define mbedtls_sha256_finish_ret mbedtls_sha256_finish
+#define mbedtls_sha256_ret mbedtls_sha256
+#define mbedtls_sha512_starts_ret mbedtls_sha512_starts
+#define mbedtls_sha512_update_ret mbedtls_sha512_update
+#define mbedtls_sha512_finish_ret mbedtls_sha512_finish
+#define mbedtls_sha512_ret mbedtls_sha512
+
+#endif /* MBEDTLS_COMPAT2X_H */
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 9cce3cd..47605f9 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -47,7 +47,6 @@
*
* Used in:
* library/aria.c
- * library/timing.c
* library/bn_mul.h
*
* Required by:
@@ -255,72 +254,6 @@
*/
//#define MBEDTLS_DEPRECATED_REMOVED
-/**
- * \def MBEDTLS_CHECK_PARAMS
- *
- * This configuration option controls whether the library validates more of
- * the parameters passed to it.
- *
- * When this flag is not defined, the library only attempts to validate an
- * input parameter if: (1) they may come from the outside world (such as the
- * network, the filesystem, etc.) or (2) not validating them could result in
- * internal memory errors such as overflowing a buffer controlled by the
- * library. On the other hand, it doesn't attempt to validate parameters whose
- * values are fully controlled by the application (such as pointers).
- *
- * When this flag is defined, the library additionally attempts to validate
- * parameters that are fully controlled by the application, and should always
- * be valid if the application code is fully correct and trusted.
- *
- * For example, when a function accepts as input a pointer to a buffer that may
- * contain untrusted data, and its documentation mentions that this pointer
- * must not be NULL:
- * - The pointer is checked to be non-NULL only if this option is enabled.
- * - The content of the buffer is always validated.
- *
- * When this flag is defined, if a library function receives a parameter that
- * is invalid:
- * 1. The function will invoke the macro MBEDTLS_PARAM_FAILED().
- * 2. If MBEDTLS_PARAM_FAILED() did not terminate the program, the function
- * will immediately return. If the function returns an Mbed TLS error code,
- * the error code in this case is MBEDTLS_ERR_xxx_BAD_INPUT_DATA.
- *
- * When defining this flag, you also need to arrange a definition for
- * MBEDTLS_PARAM_FAILED(). You can do this by any of the following methods:
- * - By default, the library defines MBEDTLS_PARAM_FAILED() to call a
- * function mbedtls_param_failed(), but the library does not define this
- * function. If you do not make any other arrangements, you must provide
- * the function mbedtls_param_failed() in your application.
- * See `platform_util.h` for its prototype.
- * - If you enable the macro #MBEDTLS_CHECK_PARAMS_ASSERT, then the
- * library defines MBEDTLS_PARAM_FAILED(\c cond) to be `assert(cond)`.
- * You can still supply an alternative definition of
- * MBEDTLS_PARAM_FAILED(), which may call `assert`.
- * - If you define a macro MBEDTLS_PARAM_FAILED() before including `config.h`
- * or you uncomment the definition of MBEDTLS_PARAM_FAILED() in `config.h`,
- * the library will call the macro that you defined and will not supply
- * its own version. Note that if MBEDTLS_PARAM_FAILED() calls `assert`,
- * you need to enable #MBEDTLS_CHECK_PARAMS_ASSERT so that library source
- * files include `<assert.h>`.
- *
- * Uncomment to enable validation of application-controlled parameters.
- */
-//#define MBEDTLS_CHECK_PARAMS
-
-/**
- * \def MBEDTLS_CHECK_PARAMS_ASSERT
- *
- * Allow MBEDTLS_PARAM_FAILED() to call `assert`, and make it default to
- * `assert`. This macro is only used if #MBEDTLS_CHECK_PARAMS is defined.
- *
- * If this macro is not defined, then MBEDTLS_PARAM_FAILED() defaults to
- * calling a function mbedtls_param_failed(). See the documentation of
- * #MBEDTLS_CHECK_PARAMS for details.
- *
- * Uncomment to allow MBEDTLS_PARAM_FAILED() to call `assert`.
- */
-//#define MBEDTLS_CHECK_PARAMS_ASSERT
-
/* \} name SECTION: System support */
/**
@@ -334,7 +267,7 @@
/**
* \def MBEDTLS_TIMING_ALT
*
- * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
+ * Uncomment to provide your own alternate implementation for
* mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
*
* Only works if you have MBEDTLS_TIMING_C enabled.
@@ -363,16 +296,14 @@
* Uncomment a macro to enable alternate implementation of the corresponding
* module.
*
- * \warning MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their
+ * \warning MD5, DES and SHA-1 are considered weak and their
* use constitutes a security risk. If possible, we recommend
* avoiding dependencies on them, and considering stronger message
* digests and ciphers instead.
*
*/
//#define MBEDTLS_AES_ALT
-//#define MBEDTLS_ARC4_ALT
//#define MBEDTLS_ARIA_ALT
-//#define MBEDTLS_BLOWFISH_ALT
//#define MBEDTLS_CAMELLIA_ALT
//#define MBEDTLS_CCM_ALT
//#define MBEDTLS_CHACHA20_ALT
@@ -383,8 +314,6 @@
//#define MBEDTLS_ECJPAKE_ALT
//#define MBEDTLS_GCM_ALT
//#define MBEDTLS_NIST_KW_ALT
-//#define MBEDTLS_MD2_ALT
-//#define MBEDTLS_MD4_ALT
//#define MBEDTLS_MD5_ALT
//#define MBEDTLS_POLY1305_ALT
//#define MBEDTLS_RIPEMD160_ALT
@@ -392,7 +321,6 @@
//#define MBEDTLS_SHA1_ALT
//#define MBEDTLS_SHA256_ALT
//#define MBEDTLS_SHA512_ALT
-//#define MBEDTLS_XTEA_ALT
/*
* When replacing the elliptic curve module, pleace consider, that it is
@@ -406,7 +334,7 @@
//#define MBEDTLS_ECP_ALT
/**
- * \def MBEDTLS_MD2_PROCESS_ALT
+ * \def MBEDTLS_SHA256_PROCESS_ALT
*
* MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
* alternate core implementation of symmetric crypto or hash function. Keep in
@@ -428,7 +356,7 @@
* Uncomment a macro to enable alternate implementation of the corresponding
* function.
*
- * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
+ * \warning MD5, DES and SHA-1 are considered weak and their use
* constitutes a security risk. If possible, we recommend avoiding
* dependencies on them, and considering stronger message digests
* and ciphers instead.
@@ -442,8 +370,6 @@
* implementation should be provided for mbedtls_ecdsa_sign_det_ext().
*
*/
-//#define MBEDTLS_MD2_PROCESS_ALT
-//#define MBEDTLS_MD4_PROCESS_ALT
//#define MBEDTLS_MD5_PROCESS_ALT
//#define MBEDTLS_RIPEMD160_PROCESS_ALT
//#define MBEDTLS_SHA1_PROCESS_ALT
@@ -718,28 +644,6 @@
#define MBEDTLS_ECP_NIST_OPTIM
/**
- * \def MBEDTLS_ECP_NO_INTERNAL_RNG
- *
- * When this option is disabled, mbedtls_ecp_mul() will make use of an
- * internal RNG when called with a NULL \c f_rng argument, in order to protect
- * against some side-channel attacks.
- *
- * This protection introduces a dependency of the ECP module on one of the
- * DRBG modules. For very constrained implementations that don't require this
- * protection (for example, because you're only doing signature verification,
- * so not manipulating any secret, or because local/physical side-channel
- * attacks are outside your threat model), it might be desirable to get rid of
- * that dependency.
- *
- * \warning Enabling this option makes some uses of ECP vulnerable to some
- * side-channel attacks. Only enable it if you know that's not a problem for
- * your use case.
- *
- * Uncomment this macro to disable some counter-measures in ECP.
- */
-//#define MBEDTLS_ECP_NO_INTERNAL_RNG
-
-/**
* \def MBEDTLS_ECP_RESTARTABLE
*
* Enable "non-blocking" ECC operations that can return early and be resumed.
@@ -1080,8 +984,7 @@
/**
* \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
*
- * Do not add default entropy sources. These are the platform specific
- * or mbedtls_timing_hardclock poll function.
+ * Do not add default entropy sources in mbedtls_entropy_init().
*
* This is useful to have more control over the added entropy sources in an
* application.
@@ -1538,16 +1441,6 @@
#define MBEDTLS_SSL_RENEGOTIATION
/**
- * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
- *
- * Pick the ciphersuite according to the client's preferences rather than ours
- * in the SSL Server module (MBEDTLS_SSL_SRV_C).
- *
- * Uncomment this macro to respect client's ciphersuite order
- */
-//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
-
-/**
* \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
*
* Enable support for RFC 6066 max_fragment_length extension in SSL.
@@ -1656,7 +1549,7 @@
* (see Section 5 of RFC 5764), are not handled by this feature.
* Instead, after successful completion of a handshake negotiating
* the use of DTLS-SRTP, the extended key exporter API
- * mbedtls_ssl_conf_export_keys_ext_cb() should be used to implement
+ * mbedtls_ssl_conf_export_keys_cb() should be used to implement
* the key exporter described in Section 4.2 of RFC 5764 and RFC 5705
* (this is implemented in the SSL example programs).
* The resulting key should then be passed to an SRTP stack.
@@ -1725,15 +1618,6 @@
#define MBEDTLS_SSL_SERVER_NAME_INDICATION
/**
- * \def MBEDTLS_SSL_TRUNCATED_HMAC
- *
- * Enable support for RFC 6066 truncated HMAC in SSL.
- *
- * Comment this macro to disable support for truncated HMAC in SSL
- */
-#define MBEDTLS_SSL_TRUNCATED_HMAC
-
-/**
* \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
*
* When this option is enabled, the SSL buffer will be resized automatically
@@ -1880,18 +1764,6 @@
#define MBEDTLS_VERSION_FEATURES
/**
- * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
- *
- * If set, the X509 parser will not break-off when parsing an X509 certificate
- * and encountering an unknown critical extension.
- *
- * \warning Depending on your PKI use, enabling this can be a security risk!
- *
- * Uncomment to prevent an error.
- */
-//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
-
-/**
* \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
*
* If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()`
@@ -1911,33 +1783,6 @@
//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
/**
- * \def MBEDTLS_X509_CHECK_KEY_USAGE
- *
- * Enable verification of the keyUsage extension (CA and leaf certificates).
- *
- * Disabling this avoids problems with mis-issued and/or misused
- * (intermediate) CA and leaf certificates.
- *
- * \warning Depending on your PKI use, disabling this can be a security risk!
- *
- * Comment to skip keyUsage checking for both CA and leaf certificates.
- */
-#define MBEDTLS_X509_CHECK_KEY_USAGE
-
-/**
- * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
- *
- * Enable verification of the extendedKeyUsage extension (leaf certificates).
- *
- * Disabling this avoids problems with mis-issued and/or misused certificates.
- *
- * \warning Depending on your PKI use, disabling this can be a security risk!
- *
- * Comment to skip extendedKeyUsage checking for certificates.
- */
-#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
-
-/**
* \def MBEDTLS_X509_REMOVE_INFO
*
* Disable mbedtls_x509_*_info() and related APIs.
@@ -2056,24 +1901,6 @@
#define MBEDTLS_AES_C
/**
- * \def MBEDTLS_ARC4_C
- *
- * Enable the ARCFOUR stream cipher.
- *
- * Module: library/arc4.c
- * Caller: library/cipher.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- *
- * \warning ARC4 is considered a weak cipher and its use constitutes a
- * security risk. If possible, we recommend avoidng dependencies on
- * it, and considering stronger ciphers instead.
- *
- */
-#define MBEDTLS_ARC4_C
-
-/**
* \def MBEDTLS_ASN1_PARSE_C
*
* Enable the generic ASN1 parser.
@@ -2131,15 +1958,6 @@
#define MBEDTLS_BIGNUM_C
/**
- * \def MBEDTLS_BLOWFISH_C
- *
- * Enable the Blowfish block cipher.
- *
- * Module: library/blowfish.c
- */
-#define MBEDTLS_BLOWFISH_C
-
-/**
* \def MBEDTLS_CAMELLIA_C
*
* Enable the Camellia block cipher.
@@ -2542,40 +2360,6 @@
#define MBEDTLS_MD_C
/**
- * \def MBEDTLS_MD2_C
- *
- * Enable the MD2 hash algorithm.
- *
- * Module: library/md2.c
- * Caller:
- *
- * Uncomment to enable support for (rare) MD2-signed X.509 certs.
- *
- * \warning MD2 is considered a weak message digest and its use constitutes a
- * security risk. If possible, we recommend avoiding dependencies on
- * it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_MD2_C
-
-/**
- * \def MBEDTLS_MD4_C
- *
- * Enable the MD4 hash algorithm.
- *
- * Module: library/md4.c
- * Caller:
- *
- * Uncomment to enable support for (rare) MD4-signed X.509 certs.
- *
- * \warning MD4 is considered a weak message digest and its use constitutes a
- * security risk. If possible, we recommend avoiding dependencies on
- * it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_MD4_C
-
-/**
* \def MBEDTLS_MD5_C
*
* Enable the MD5 hash algorithm.
@@ -2770,7 +2554,6 @@
* Caller: library/pkparse.c
*
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
- * Can use: MBEDTLS_ARC4_C
*
* This module enables PKCS#12 functions.
*/
@@ -3215,16 +2998,6 @@
*/
#define MBEDTLS_X509_CSR_WRITE_C
-/**
- * \def MBEDTLS_XTEA_C
- *
- * Enable the XTEA block cipher.
- *
- * Module: library/xtea.c
- * Caller:
- */
-#define MBEDTLS_XTEA_C
-
/* \} name SECTION: mbed TLS modules */
/**
@@ -3260,8 +3033,7 @@
//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
/* ECP options */
-//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
-//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
+//#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< Maximum window size used */
//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
/* Entropy options */
@@ -3303,42 +3075,6 @@
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
-/**
- * \brief This macro is invoked by the library when an invalid parameter
- * is detected that is only checked with #MBEDTLS_CHECK_PARAMS
- * (see the documentation of that option for context).
- *
- * When you leave this undefined here, the library provides
- * a default definition. If the macro #MBEDTLS_CHECK_PARAMS_ASSERT
- * is defined, the default definition is `assert(cond)`,
- * otherwise the default definition calls a function
- * mbedtls_param_failed(). This function is declared in
- * `platform_util.h` for the benefit of the library, but
- * you need to define in your application.
- *
- * When you define this here, this replaces the default
- * definition in platform_util.h (which no longer declares the
- * function mbedtls_param_failed()) and it is your responsibility
- * to make sure this macro expands to something suitable (in
- * particular, that all the necessary declarations are visible
- * from within the library - you can ensure that by providing
- * them in this file next to the macro definition).
- * If you define this macro to call `assert`, also define
- * #MBEDTLS_CHECK_PARAMS_ASSERT so that library source files
- * include `<assert.h>`.
- *
- * Note that you may define this macro to expand to nothing, in
- * which case you don't have to worry about declarations or
- * definitions. However, you will then be notified about invalid
- * parameters only in non-void functions, and void function will
- * just silently return early on invalid parameters, which
- * partially negates the benefits of enabling
- * #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged.
- *
- * \param cond The expression that should evaluate to true, but doesn't.
- */
-//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
-
/* PSA options */
/**
* Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
@@ -3479,23 +3215,6 @@
//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
/**
- * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
- * signature and ciphersuite selection. Without this build-time option, SHA-1
- * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
- * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
- * default. At the time of writing, there is no practical attack on the use
- * of SHA-1 in handshake signatures, hence this option is turned on by default
- * to preserve compatibility with existing peers, but the general
- * warning applies nonetheless:
- *
- * \warning SHA-1 is considered a weak message digest and its use constitutes
- * a security risk. If possible, we recommend avoiding dependencies
- * on it, and considering stronger message digests instead.
- *
- */
-#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
-
-/**
* Uncomment the macro to let mbed TLS use your alternate implementation of
* mbedtls_platform_zeroize(). This replaces the default implementation in
* platform_util.c.
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index f5db94e..a0f2637 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -103,16 +103,6 @@
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
#endif /* PSA_WANT_ALG_HMAC */
-#if defined(PSA_WANT_ALG_MD2) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD2)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD2 1
-#define MBEDTLS_MD2_C
-#endif
-
-#if defined(PSA_WANT_ALG_MD4) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD4)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD4 1
-#define MBEDTLS_MD4_C
-#endif
-
#if defined(PSA_WANT_ALG_MD5) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
#define MBEDTLS_MD5_C
@@ -277,13 +267,6 @@
#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
#endif /* PSA_WANT_KEY_TYPE_AES */
-#if defined(PSA_WANT_KEY_TYPE_ARC4)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARC4 1
-#define MBEDTLS_ARC4_C
-#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4 */
-#endif /* PSA_WANT_KEY_TYPE_ARC4 */
-
#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
#define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1
@@ -591,16 +574,6 @@
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
#endif /* MBEDTLS_MD_C */
-#if defined(MBEDTLS_MD2_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD2 1
-#define PSA_WANT_ALG_MD2 1
-#endif
-
-#if defined(MBEDTLS_MD4_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD4 1
-#define PSA_WANT_ALG_MD4 1
-#endif
-
#if defined(MBEDTLS_MD5_C)
#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
#define PSA_WANT_ALG_MD5 1
@@ -661,13 +634,6 @@
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
#endif
-#if defined(MBEDTLS_ARC4_C)
-#define PSA_WANT_KEY_TYPE_ARC4 1
-#define PSA_WANT_ALG_STREAM_CIPHER 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARC4 1
-#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
-#endif
-
#if defined(MBEDTLS_CAMELLIA_C)
#define PSA_WANT_KEY_TYPE_CAMELLIA 1
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index 0f2c551..b8e2c71 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -40,6 +40,7 @@
#ifndef MBEDTLS_CTR_DRBG_H
#define MBEDTLS_CTR_DRBG_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -168,8 +169,8 @@
*/
typedef struct mbedtls_ctr_drbg_context
{
- unsigned char counter[16]; /*!< The counter (V). */
- int reseed_counter; /*!< The reseed counter.
+ unsigned char MBEDTLS_PRIVATE(counter)[16]; /*!< The counter (V). */
+ int MBEDTLS_PRIVATE(reseed_counter); /*!< The reseed counter.
* This is the number of requests that have
* been made since the last (re)seeding,
* minus one.
@@ -179,25 +180,25 @@
* or -1 if no nonce length has been explicitly
* set (see mbedtls_ctr_drbg_set_nonce_len()).
*/
- int prediction_resistance; /*!< This determines whether prediction
+ int MBEDTLS_PRIVATE(prediction_resistance); /*!< This determines whether prediction
resistance is enabled, that is
whether to systematically reseed before
each random generation. */
- size_t entropy_len; /*!< The amount of entropy grabbed on each
+ size_t MBEDTLS_PRIVATE(entropy_len); /*!< The amount of entropy grabbed on each
seed or reseed operation, in bytes. */
- int reseed_interval; /*!< The reseed interval.
+ int MBEDTLS_PRIVATE(reseed_interval); /*!< The reseed interval.
* This is the maximum number of requests
* that can be made between reseedings. */
- mbedtls_aes_context aes_ctx; /*!< The AES context. */
+ mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */
/*
* Callbacks (Entropy)
*/
- int (*f_entropy)(void *, unsigned char *, size_t);
+ int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t);
/*!< The entropy callback function. */
- void *p_entropy; /*!< The context for the entropy function. */
+ void *MBEDTLS_PRIVATE(p_entropy); /*!< The context for the entropy function. */
#if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized if and only if f_entropy != NULL.
@@ -207,7 +208,7 @@
* Note that this invariant may change without notice. Do not rely on it
* and do not access the mutex directly in application code.
*/
- mbedtls_threading_mutex_t mutex;
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
}
mbedtls_ctr_drbg_context;
@@ -462,9 +463,9 @@
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
* \return An error from the underlying AES cipher on failure.
*/
-int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional,
- size_t add_len );
+int mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
+ const unsigned char *additional,
+ size_t add_len );
/**
* \brief This function updates a CTR_DRBG instance with additional
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 92da73f..24d2402 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -26,6 +26,7 @@
*/
#ifndef MBEDTLS_DES_H
#define MBEDTLS_DES_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -60,7 +61,7 @@
*/
typedef struct mbedtls_des_context
{
- uint32_t sk[32]; /*!< DES subkeys */
+ uint32_t MBEDTLS_PRIVATE(sk)[32]; /*!< DES subkeys */
}
mbedtls_des_context;
@@ -69,7 +70,7 @@
*/
typedef struct mbedtls_des3_context
{
- uint32_t sk[96]; /*!< 3DES subkeys */
+ uint32_t MBEDTLS_PRIVATE(sk)[96]; /*!< 3DES subkeys */
}
mbedtls_des3_context;
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index 0e8892e..850813e 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -62,6 +62,7 @@
#ifndef MBEDTLS_DHM_H
#define MBEDTLS_DHM_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -84,6 +85,17 @@
#define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read or write of file failed. */
#define MBEDTLS_ERR_DHM_SET_GROUP_FAILED -0x3580 /**< Setting the modulus and generator failed. */
+/** Which parameter to access in mbedtls_dhm_get_value(). */
+typedef enum
+{
+ MBEDTLS_DHM_PARAM_P, /*!< The prime modulus. */
+ MBEDTLS_DHM_PARAM_G, /*!< The generator. */
+ MBEDTLS_DHM_PARAM_X, /*!< Our secret value. */
+ MBEDTLS_DHM_PARAM_GX, /*!< Our public key = \c G^X mod \c P. */
+ MBEDTLS_DHM_PARAM_GY, /*!< The public key of the peer = \c G^Y mod \c P. */
+ MBEDTLS_DHM_PARAM_K, /*!< The shared secret = \c G^(XY) mod \c P. */
+} mbedtls_dhm_parameter;
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -95,17 +107,16 @@
*/
typedef struct mbedtls_dhm_context
{
- size_t len; /*!< The size of \p P in Bytes. */
- mbedtls_mpi P; /*!< The prime modulus. */
- mbedtls_mpi G; /*!< The generator. */
- mbedtls_mpi X; /*!< Our secret value. */
- mbedtls_mpi GX; /*!< Our public key = \c G^X mod \c P. */
- mbedtls_mpi GY; /*!< The public key of the peer = \c G^Y mod \c P. */
- mbedtls_mpi K; /*!< The shared secret = \c G^(XY) mod \c P. */
- mbedtls_mpi RP; /*!< The cached value = \c R^2 mod \c P. */
- mbedtls_mpi Vi; /*!< The blinding value. */
- mbedtls_mpi Vf; /*!< The unblinding value. */
- mbedtls_mpi pX; /*!< The previous \c X. */
+ mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The prime modulus. */
+ mbedtls_mpi MBEDTLS_PRIVATE(G); /*!< The generator. */
+ mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< Our secret value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(GX); /*!< Our public key = \c G^X mod \c P. */
+ mbedtls_mpi MBEDTLS_PRIVATE(GY); /*!< The public key of the peer = \c G^Y mod \c P. */
+ mbedtls_mpi MBEDTLS_PRIVATE(K); /*!< The shared secret = \c G^(XY) mod \c P. */
+ mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< The cached value = \c R^2 mod \c P. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(pX); /*!< The previous \c X. */
}
mbedtls_dhm_context;
@@ -268,10 +279,10 @@
* \param output_size The size of the destination buffer. This must be at
* least the size of \c ctx->len (the size of \c P).
* \param olen On exit, holds the actual number of Bytes written.
- * \param f_rng The RNG function, for blinding purposes. This may
- * b \c NULL if blinding isn't needed.
- * \param p_rng The RNG context. This may be \c NULL if \p f_rng
- * doesn't need a context argument.
+ * \param f_rng The RNG function. Must not be \c NULL. Used for
+ * blinding.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be
+ * \c NULL if \p f_rng doesn't need a context parameter.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
@@ -282,6 +293,42 @@
void *p_rng );
/**
+ * \brief This function returns the size of the prime modulus in bits.
+ *
+ * \param ctx The DHM context to query.
+ *
+ * \return The size of the prime modulus in bits,
+ * i.e. the number n such that 2^(n-1) <= P < 2^n.
+ */
+size_t mbedtls_dhm_get_bitlen( const mbedtls_dhm_context *ctx );
+
+/**
+ * \brief This function returns the size of the prime modulus in bytes.
+ *
+ * \param ctx The DHM context to query.
+ *
+ * \return The size of the prime modulus in bytes,
+ * i.e. the number n such that 2^(8*(n-1)) <= P < 2^(8*n).
+ */
+size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx );
+
+/**
+ * \brief This function copies a parameter of a DHM key.
+ *
+ * \param ctx The DHM context to query.
+ * \param param The parameter to copy.
+ * \param dest The MPI object to copy the value into. It must be
+ * initialized.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_DHM_BAD_INPUT_DATA if \p field is invalid.
+ * \return An \c MBEDTLS_ERR_MPI_XXX error code if the copy fails.
+ */
+int mbedtls_dhm_get_value( const mbedtls_dhm_context *ctx,
+ mbedtls_dhm_parameter param,
+ mbedtls_mpi *dest );
+
+/**
* \brief This function frees and clears the components
* of a DHM context.
*
diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h
index 765ac5e..587035a 100644
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@@ -31,6 +31,7 @@
#ifndef MBEDTLS_ECDH_H
#define MBEDTLS_ECDH_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -102,13 +103,13 @@
*/
typedef struct mbedtls_ecdh_context_mbed
{
- mbedtls_ecp_group grp; /*!< The elliptic curve used. */
- mbedtls_mpi d; /*!< The private key. */
- mbedtls_ecp_point Q; /*!< The public key. */
- mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */
- mbedtls_mpi z; /*!< The shared secret. */
+ mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
+ mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of the peer. */
+ mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
#if defined(MBEDTLS_ECP_RESTARTABLE)
- mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
+ mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */
#endif
} mbedtls_ecdh_context_mbed;
#endif
@@ -123,35 +124,35 @@
typedef struct mbedtls_ecdh_context
{
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- mbedtls_ecp_group grp; /*!< The elliptic curve used. */
- mbedtls_mpi d; /*!< The private key. */
- mbedtls_ecp_point Q; /*!< The public key. */
- mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */
- mbedtls_mpi z; /*!< The shared secret. */
- int point_format; /*!< The format of point export in TLS messages. */
- mbedtls_ecp_point Vi; /*!< The blinding value. */
- mbedtls_ecp_point Vf; /*!< The unblinding value. */
- mbedtls_mpi _d; /*!< The previous \p d. */
+ mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
+ mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of the peer. */
+ mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
+ int MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(_d); /*!< The previous \p d. */
#if defined(MBEDTLS_ECP_RESTARTABLE)
- int restart_enabled; /*!< The flag for restartable mode. */
- mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
+ int MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. */
+ mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */
#endif /* MBEDTLS_ECP_RESTARTABLE */
#else
- uint8_t point_format; /*!< The format of point export in TLS messages
+ uint8_t MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages
as defined in RFC 4492. */
- mbedtls_ecp_group_id grp_id;/*!< The elliptic curve used. */
- mbedtls_ecdh_variant var; /*!< The ECDH implementation/structure used. */
+ mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id);/*!< The elliptic curve used. */
+ mbedtls_ecdh_variant MBEDTLS_PRIVATE(var); /*!< The ECDH implementation/structure used. */
union
{
- mbedtls_ecdh_context_mbed mbed_ecdh;
+ mbedtls_ecdh_context_mbed MBEDTLS_PRIVATE(mbed_ecdh);
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
- mbedtls_ecdh_context_everest everest_ecdh;
+ mbedtls_ecdh_context_everest MBEDTLS_PRIVATE(everest_ecdh);
#endif
- } ctx; /*!< Implementation-specific context. The
+ } MBEDTLS_PRIVATE(ctx); /*!< Implementation-specific context. The
context in use is specified by the \c var
field. */
#if defined(MBEDTLS_ECP_RESTARTABLE)
- uint8_t restart_enabled; /*!< The flag for restartable mode. Functions of
+ uint8_t MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. Functions of
an alternative implementation not supporting
restartable mode must return
MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error
@@ -221,10 +222,7 @@
* This must be initialized.
* \param d Our secret exponent (private key).
* This must be initialized.
- * \param f_rng The RNG function. This may be \c NULL if randomization
- * of intermediate results during the ECP computations is
- * not needed (discouraged). See the documentation of
- * mbedtls_ecp_mul() for more.
+ * \param f_rng The RNG function to use. This must not be \c NULL.
* \param p_rng The RNG context to be passed to \p f_rng. This may be
* \c NULL if \p f_rng is \c NULL or doesn't need a
* context argument.
@@ -427,8 +425,7 @@
* \param buf The buffer to write the generated shared key to. This
* must be a writable buffer of size \p blen Bytes.
* \param blen The length of the destination buffer \p buf in Bytes.
- * \param f_rng The RNG function, for blinding purposes. This may
- * b \c NULL if blinding isn't needed.
+ * \param f_rng The RNG function to use. This must not be \c NULL.
* \param p_rng The RNG context. This may be \c NULL if \p f_rng
* doesn't need a context argument.
*
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index 525de5d..735d377 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -29,6 +29,7 @@
#ifndef MBEDTLS_ECDSA_H
#define MBEDTLS_ECDSA_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -107,12 +108,12 @@
*/
typedef struct
{
- mbedtls_ecp_restart_ctx ecp; /*!< base context for ECP restart and
+ mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(ecp); /*!< base context for ECP restart and
shared administrative info */
- mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */
- mbedtls_ecdsa_restart_sig_ctx *sig; /*!< ecdsa_sign() sub-context */
+ mbedtls_ecdsa_restart_ver_ctx *MBEDTLS_PRIVATE(ver); /*!< ecdsa_verify() sub-context */
+ mbedtls_ecdsa_restart_sig_ctx *MBEDTLS_PRIVATE(sig); /*!< ecdsa_sign() sub-context */
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
- mbedtls_ecdsa_restart_det_ctx *det; /*!< ecdsa_sign_det() sub-context */
+ mbedtls_ecdsa_restart_det_ctx *MBEDTLS_PRIVATE(det); /*!< ecdsa_sign_det() sub-context */
#endif
} mbedtls_ecdsa_restart_ctx;
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index 891705d..27a091d 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_ECJPAKE_H
#define MBEDTLS_ECJPAKE_H
+#include "mbedtls/private_access.h"
/*
* J-PAKE is a password-authenticated key exchange that allows deriving a
@@ -73,21 +74,21 @@
*/
typedef struct mbedtls_ecjpake_context
{
- const mbedtls_md_info_t *md_info; /**< Hash to use */
- mbedtls_ecp_group grp; /**< Elliptic curve */
- mbedtls_ecjpake_role role; /**< Are we client or server? */
- int point_format; /**< Format for point export */
+ const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info); /**< Hash to use */
+ mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /**< Elliptic curve */
+ mbedtls_ecjpake_role MBEDTLS_PRIVATE(role); /**< Are we client or server? */
+ int MBEDTLS_PRIVATE(point_format); /**< Format for point export */
- mbedtls_ecp_point Xm1; /**< My public key 1 C: X1, S: X3 */
- mbedtls_ecp_point Xm2; /**< My public key 2 C: X2, S: X4 */
- mbedtls_ecp_point Xp1; /**< Peer public key 1 C: X3, S: X1 */
- mbedtls_ecp_point Xp2; /**< Peer public key 2 C: X4, S: X2 */
- mbedtls_ecp_point Xp; /**< Peer public key C: Xs, S: Xc */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xm1); /**< My public key 1 C: X1, S: X3 */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xm2); /**< My public key 2 C: X2, S: X4 */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xp1); /**< Peer public key 1 C: X3, S: X1 */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xp2); /**< Peer public key 2 C: X4, S: X2 */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xp); /**< Peer public key C: Xs, S: Xc */
- mbedtls_mpi xm1; /**< My private key 1 C: x1, S: x3 */
- mbedtls_mpi xm2; /**< My private key 2 C: x2, S: x4 */
+ mbedtls_mpi MBEDTLS_PRIVATE(xm1); /**< My private key 1 C: x1, S: x3 */
+ mbedtls_mpi MBEDTLS_PRIVATE(xm2); /**< My private key 2 C: x2, S: x4 */
- mbedtls_mpi s; /**< Pre-shared secret (passphrase) */
+ mbedtls_mpi MBEDTLS_PRIVATE(s); /**< Pre-shared secret (passphrase) */
} mbedtls_ecjpake_context;
#else /* MBEDTLS_ECJPAKE_ALT */
@@ -131,6 +132,21 @@
size_t len );
/**
+ * \brief Set the point format for future reads and writes.
+ *
+ * \param ctx The ECJPAKE context to configure.
+ * \param point_format The point format to use:
+ * #MBEDTLS_ECP_PF_UNCOMPRESSED (default)
+ * or #MBEDTLS_ECP_PF_COMPRESSED.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p point_format
+ * is invalid.
+ */
+int mbedtls_ecjpake_set_point_format( mbedtls_ecjpake_context *ctx,
+ int point_format );
+
+/**
* \brief Check if an ECJPAKE context is ready for use.
*
* \param ctx The ECJPAKE context to check. This must be
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index f53a828..db84c10 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -33,6 +33,7 @@
#ifndef MBEDTLS_ECP_H
#define MBEDTLS_ECP_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -92,6 +93,7 @@
* - Add it at the end of this enum, otherwise you'll break the ABI by
* changing the numerical value for existing curves.
* - Increment MBEDTLS_ECP_DP_MAX below if needed.
+ * - Update the calculation of MBEDTLS_ECP_MAX_BITS below.
* - Add the corresponding MBEDTLS_ECP_DP_xxx_ENABLED macro definition to
* config.h.
* - List the curve as a dependency of MBEDTLS_ECP_C and
@@ -100,7 +102,8 @@
* MBEDTLS_ECP_yyy_ENABLED above.
* - Add the necessary definitions to ecp_curves.c.
* - Add the curve to the ecp_supported_curves array in ecp.c.
- * - Add the curve to applicable profiles in x509_crt.c if applicable.
+ * - Add the curve to applicable profiles in x509_crt.c.
+ * - Add the curve to applicable presets in ssl_tls.c.
*/
typedef enum
{
@@ -142,10 +145,10 @@
*/
typedef struct mbedtls_ecp_curve_info
{
- mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */
- uint16_t tls_id; /*!< The TLS NamedCurve identifier. */
- uint16_t bit_size; /*!< The curve size in bits. */
- const char *name; /*!< A human-friendly name. */
+ mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id); /*!< An internal identifier. */
+ uint16_t MBEDTLS_PRIVATE(tls_id); /*!< The TLS NamedCurve identifier. */
+ uint16_t MBEDTLS_PRIVATE(bit_size); /*!< The curve size in bits. */
+ const char *MBEDTLS_PRIVATE(name); /*!< A human-friendly name. */
} mbedtls_ecp_curve_info;
/**
@@ -161,9 +164,9 @@
*/
typedef struct mbedtls_ecp_point
{
- mbedtls_mpi X; /*!< The X coordinate of the ECP point. */
- mbedtls_mpi Y; /*!< The Y coordinate of the ECP point. */
- mbedtls_mpi Z; /*!< The Z coordinate of the ECP point. */
+ mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< The X coordinate of the ECP point. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Y); /*!< The Y coordinate of the ECP point. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Z); /*!< The Z coordinate of the ECP point. */
}
mbedtls_ecp_point;
@@ -203,10 +206,16 @@
* additions or subtractions. Therefore, it is only an approximative modular
* reduction. It must return 0 on success and non-zero on failure.
*
- * \note Alternative implementations must keep the group IDs distinct. If
- * two group structures have the same ID, then they must be
- * identical.
- *
+ * \note Alternative implementations of the ECP module must obey the
+ * following constraints.
+ * * Group IDs must be distinct: if two group structures have
+ * the same ID, then they must be identical.
+ * * The fields \c id, \c P, \c A, \c B, \c G, \c N,
+ * \c pbits and \c nbits must have the same type and semantics
+ * as in the built-in implementation.
+ * They must be available for reading, but direct modification
+ * of these fields does not need to be supported.
+ * They do not need to be at the same offset in the structure.
*/
typedef struct mbedtls_ecp_group
{
@@ -222,14 +231,16 @@
size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P.
For Montgomery curves: the number of bits in the
private keys. */
- unsigned int h; /*!< \internal 1 if the constants are static. */
- int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
+ /* End of public fields */
+
+ unsigned int MBEDTLS_PRIVATE(h); /*!< \internal 1 if the constants are static. */
+ int (*MBEDTLS_PRIVATE(modp))(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
mod \p P (see above).*/
- int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */
- int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */
- void *t_data; /*!< Unused. */
- mbedtls_ecp_point *T; /*!< Pre-computed points for ecp_mul_comb(). */
- size_t T_size; /*!< The number of dynamic allocated pre-computed points. */
+ int (*MBEDTLS_PRIVATE(t_pre))(mbedtls_ecp_point *, void *); /*!< Unused. */
+ int (*MBEDTLS_PRIVATE(t_post))(mbedtls_ecp_point *, void *); /*!< Unused. */
+ void *MBEDTLS_PRIVATE(t_data); /*!< Unused. */
+ mbedtls_ecp_point *MBEDTLS_PRIVATE(T); /*!< Pre-computed points for ecp_mul_comb(). */
+ size_t MBEDTLS_PRIVATE(T_size); /*!< The number of dynamic allocated pre-computed points. */
}
mbedtls_ecp_group;
@@ -241,20 +252,11 @@
* \{
*/
-#if !defined(MBEDTLS_ECP_MAX_BITS)
-/**
- * The maximum size of the groups, that is, of \c N and \c P.
- */
-#define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */
-#endif
-
-#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
-#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
-
#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
/*
* Maximum "window" size used for point multiplication.
- * Default: 6.
+ * Default: a point where higher memory usage yields disminishing performance
+ * returns.
* Minimum value: 2. Maximum value: 7.
*
* Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
@@ -271,7 +273,7 @@
* 224 475 475 453 398 342
* 192 640 640 633 587 476
*/
-#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< The maximum window size used. */
+#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< The maximum window size used. */
#endif /* MBEDTLS_ECP_WINDOW_SIZE */
#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
@@ -296,6 +298,47 @@
#include "ecp_alt.h"
#endif /* MBEDTLS_ECP_ALT */
+/**
+ * The maximum size of the groups, that is, of \c N and \c P.
+ */
+#if !defined(MBEDTLS_ECP_C)
+/* Dummy definition to help code that has optional ECP support and
+ * defines an MBEDTLS_ECP_MAX_BYTES-sized array unconditionally. */
+#define MBEDTLS_ECP_MAX_BITS 1
+/* Note: the curves must be listed in DECREASING size! */
+#elif defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 521
+#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 512
+#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 448
+#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 384
+#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 384
+#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 256
+#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 256
+#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 256
+#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 255
+#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 225 // n is slightly above 2^224
+#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 224
+#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 192
+#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 192
+#else
+#error "Missing definition of MBEDTLS_ECP_MAX_BITS"
+#endif
+
+#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
+#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
+
#if defined(MBEDTLS_ECP_RESTARTABLE)
/**
@@ -317,10 +360,10 @@
*/
typedef struct
{
- unsigned ops_done; /*!< current ops count */
- unsigned depth; /*!< call depth (0 = top-level) */
- mbedtls_ecp_restart_mul_ctx *rsm; /*!< ecp_mul_comb() sub-context */
- mbedtls_ecp_restart_muladd_ctx *ma; /*!< ecp_muladd() sub-context */
+ unsigned MBEDTLS_PRIVATE(ops_done); /*!< current ops count */
+ unsigned MBEDTLS_PRIVATE(depth); /*!< call depth (0 = top-level) */
+ mbedtls_ecp_restart_mul_ctx *MBEDTLS_PRIVATE(rsm); /*!< ecp_mul_comb() sub-context */
+ mbedtls_ecp_restart_muladd_ctx *MBEDTLS_PRIVATE(ma); /*!< ecp_muladd() sub-context */
} mbedtls_ecp_restart_ctx;
/*
@@ -370,9 +413,9 @@
*/
typedef struct mbedtls_ecp_keypair
{
- mbedtls_ecp_group grp; /*!< Elliptic curve and base point */
- mbedtls_mpi d; /*!< our secret value */
- mbedtls_ecp_point Q; /*!< our public value */
+ mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< Elliptic curve and base point */
+ mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< our secret value */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< our public value */
}
mbedtls_ecp_keypair;
@@ -463,8 +506,7 @@
/**
* \brief This function retrieves the information defined in
- * mbedtls_ecp_curve_info() for all supported curves in order
- * of preference.
+ * mbedtls_ecp_curve_info() for all supported curves.
*
* \note This function returns information about all curves
* supported by the library. Some curves may not be
@@ -869,15 +911,8 @@
* \note To prevent timing attacks, this function
* executes the exact same sequence of base-field
* operations for any valid \p m. It avoids any if-branch or
- * array index depending on the value of \p m.
- *
- * \note If \p f_rng is not NULL, it is used to randomize
- * intermediate results to prevent potential timing attacks
- * targeting these results. We recommend always providing
- * a non-NULL \p f_rng. The overhead is negligible.
- * Note: unless #MBEDTLS_ECP_NO_INTERNAL_RNG is defined, when
- * \p f_rng is NULL, an internal RNG (seeded from the value
- * of \p m) will be used instead.
+ * array index depending on the value of \p m. If also uses
+ * \p f_rng to randomize some intermediate results.
*
* \param grp The ECP group to use.
* This must be initialized and have group parameters
@@ -886,9 +921,9 @@
* This must be initialized.
* \param m The integer by which to multiply. This must be initialized.
* \param P The point to multiply. This must be initialized.
- * \param f_rng The RNG function. This may be \c NULL if randomization
- * of intermediate results isn't desired (discouraged).
- * \param p_rng The RNG context to be passed to \p p_rng.
+ * \param f_rng The RNG function. This must not be \c NULL.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be \c
+ * NULL if \p f_rng doesn't need a context.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
@@ -917,9 +952,9 @@
* This must be initialized.
* \param m The integer by which to multiply. This must be initialized.
* \param P The point to multiply. This must be initialized.
- * \param f_rng The RNG function. This may be \c NULL if randomization
- * of intermediate results isn't desired (discouraged).
- * \param p_rng The RNG context to be passed to \p p_rng.
+ * \param f_rng The RNG function. This must not be \c NULL.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be \c
+ * NULL if \p f_rng doesn't need a context.
* \param rs_ctx The restart context (NULL disables restart).
*
* \return \c 0 on success.
@@ -1223,14 +1258,18 @@
* part is ignored.
* \param prv The keypair structure holding the full keypair.
* This must be initialized.
+ * \param f_rng The RNG function. This must not be \c NULL.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be \c
+ * NULL if \p f_rng doesn't need a context.
*
* \return \c 0 on success, meaning that the keys are valid and match.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match.
* \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
* error code on calculation failure.
*/
-int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub,
- const mbedtls_ecp_keypair *prv );
+int mbedtls_ecp_check_pub_priv(
+ const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
#if defined(MBEDTLS_SELF_TEST)
diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index c51e641..78591e7 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_ENTROPY_H
#define MBEDTLS_ENTROPY_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -104,11 +105,11 @@
*/
typedef struct mbedtls_entropy_source_state
{
- mbedtls_entropy_f_source_ptr f_source; /**< The entropy source callback */
- void * p_source; /**< The callback data pointer */
- size_t size; /**< Amount received in bytes */
- size_t threshold; /**< Minimum bytes required before release */
- int strong; /**< Is the source strong? */
+ mbedtls_entropy_f_source_ptr MBEDTLS_PRIVATE(f_source); /**< The entropy source callback */
+ void * MBEDTLS_PRIVATE(p_source); /**< The callback data pointer */
+ size_t MBEDTLS_PRIVATE(size); /**< Amount received in bytes */
+ size_t MBEDTLS_PRIVATE(threshold); /**< Minimum bytes required before release */
+ int MBEDTLS_PRIVATE(strong); /**< Is the source strong? */
}
mbedtls_entropy_source_state;
@@ -117,21 +118,21 @@
*/
typedef struct mbedtls_entropy_context
{
- int accumulator_started; /* 0 after init.
+ int MBEDTLS_PRIVATE(accumulator_started); /* 0 after init.
* 1 after the first update.
* -1 after free. */
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
- mbedtls_sha512_context accumulator;
+ mbedtls_sha512_context MBEDTLS_PRIVATE(accumulator);
#else
- mbedtls_sha256_context accumulator;
+ mbedtls_sha256_context MBEDTLS_PRIVATE(accumulator);
#endif
- int source_count; /* Number of entries used in source. */
- mbedtls_entropy_source_state source[MBEDTLS_ENTROPY_MAX_SOURCES];
+ int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */
+ mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)[MBEDTLS_ENTROPY_MAX_SOURCES];
#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex; /*!< mutex */
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
#endif
#if defined(MBEDTLS_ENTROPY_NV_SEED)
- int initial_entropy_run;
+ int MBEDTLS_PRIVATE(initial_entropy_run);
#endif
}
mbedtls_entropy_context;
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 199ea3d..2835fd5 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -61,11 +61,9 @@
* ERROR 2 0x006E 0x0001
* MPI 7 0x0002-0x0010
* GCM 3 0x0012-0x0014 0x0013-0x0013
- * BLOWFISH 3 0x0016-0x0018 0x0017-0x0017
* THREADING 3 0x001A-0x001E
* AES 5 0x0020-0x0022 0x0021-0x0025
* CAMELLIA 3 0x0024-0x0026 0x0027-0x0027
- * XTEA 2 0x0028-0x0028 0x0029-0x0029
* BASE64 2 0x002A-0x002C
* OID 1 0x002E-0x002E 0x000B-0x000B
* PADLOCK 1 0x0030-0x0030
@@ -79,9 +77,6 @@
* PBKDF2 1 0x007C-0x007C
* HMAC_DRBG 4 0x0003-0x0009
* CCM 3 0x000D-0x0011
- * ARC4 1 0x0019-0x0019
- * MD2 1 0x002B-0x002B
- * MD4 1 0x002D-0x002D
* MD5 1 0x002F-0x002F
* RIPEMD160 1 0x0031-0x0031
* SHA1 1 0x0035-0x0035 0x0073-0x0073
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index a2fc2ab..06b06b4 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -30,6 +30,7 @@
#ifndef MBEDTLS_GCM_H
#define MBEDTLS_GCM_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -58,15 +59,15 @@
*/
typedef struct mbedtls_gcm_context
{
- mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
- uint64_t HL[16]; /*!< Precalculated HTable low. */
- uint64_t HH[16]; /*!< Precalculated HTable high. */
- uint64_t len; /*!< The total length of the encrypted data. */
- uint64_t add_len; /*!< The total length of the additional data. */
- unsigned char base_ectr[16]; /*!< The first ECTR for tag. */
- unsigned char y[16]; /*!< The Y working value. */
- unsigned char buf[16]; /*!< The buf working value. */
- int mode; /*!< The operation to perform:
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
+ uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */
+ uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */
+ uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data. */
+ uint64_t MBEDTLS_PRIVATE(add_len); /*!< The total length of the additional data. */
+ unsigned char MBEDTLS_PRIVATE(base_ectr)[16]; /*!< The first ECTR for tag. */
+ unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working value. */
+ unsigned char MBEDTLS_PRIVATE(buf)[16]; /*!< The buf working value. */
+ int MBEDTLS_PRIVATE(mode); /*!< The operation to perform:
#MBEDTLS_GCM_ENCRYPT or
#MBEDTLS_GCM_DECRYPT. */
}
@@ -245,11 +246,6 @@
* you do not need to call this function. You may not
* call this function after calling mbedtls_cipher_update().
*
- * \note This function may only be called once per operation:
- * you must pass the whole associated data in a single
- * call. This limitation will be lifted in a future version
- * of Mbed TLS.
- *
* \param ctx The GCM context. This must have been started with
* mbedtls_gcm_starts() and must not have yet received
* any input with mbedtls_gcm_update().
@@ -343,6 +339,10 @@
* then mbedtls_gcm_finish() never produces any output,
* so \p output_size can be \c 0.
* - \p output_size never needs to be more than \c 15.
+ * \param output_length On success, \p *output_length contains the actual
+ * length of the output written in \p output.
+ * On failure, the content of \p *output_length is
+ * unspecified.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure:
@@ -351,6 +351,7 @@
*/
int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
unsigned char *output, size_t output_size,
+ size_t *output_length,
unsigned char *tag, size_t tag_len );
/**
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 1ab3422..164a4f7 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -25,6 +25,7 @@
*/
#ifndef MBEDTLS_HMAC_DRBG_H
#define MBEDTLS_HMAC_DRBG_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -86,19 +87,19 @@
{
/* Working state: the key K is not stored explicitly,
* but is implied by the HMAC context */
- mbedtls_md_context_t md_ctx; /*!< HMAC context (inc. K) */
- unsigned char V[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */
- int reseed_counter; /*!< reseed counter */
+ mbedtls_md_context_t MBEDTLS_PRIVATE(md_ctx); /*!< HMAC context (inc. K) */
+ unsigned char MBEDTLS_PRIVATE(V)[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */
+ int MBEDTLS_PRIVATE(reseed_counter); /*!< reseed counter */
/* Administrative state */
- size_t entropy_len; /*!< entropy bytes grabbed on each (re)seed */
- int prediction_resistance; /*!< enable prediction resistance (Automatic
+ size_t MBEDTLS_PRIVATE(entropy_len); /*!< entropy bytes grabbed on each (re)seed */
+ int MBEDTLS_PRIVATE(prediction_resistance); /*!< enable prediction resistance (Automatic
reseed before every random generation) */
- int reseed_interval; /*!< reseed interval */
+ int MBEDTLS_PRIVATE(reseed_interval); /*!< reseed interval */
/* Callbacks */
- int (*f_entropy)(void *, unsigned char *, size_t); /*!< entropy function */
- void *p_entropy; /*!< context for the entropy function */
+ int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t); /*!< entropy function */
+ void *MBEDTLS_PRIVATE(p_entropy); /*!< context for the entropy function */
#if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized if and only if
@@ -109,7 +110,7 @@
* Note that this invariant may change without notice. Do not rely on it
* and do not access the mutex directly in application code.
*/
- mbedtls_threading_mutex_t mutex;
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
} mbedtls_hmac_drbg_context;
@@ -294,8 +295,8 @@
* \return \c 0 on success, or an error from the underlying
* hash calculation.
*/
-int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
- const unsigned char *additional, size_t add_len );
+int mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
+ const unsigned char *additional, size_t add_len );
/**
* \brief This function reseeds the HMAC_DRBG context, that is
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index fbc3b47..7bf8213 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -24,6 +24,7 @@
#ifndef MBEDTLS_MD_H
#define MBEDTLS_MD_H
+#include "mbedtls/private_access.h"
#include <stddef.h>
@@ -45,15 +46,13 @@
/**
* \brief Supported message digests.
*
- * \warning MD2, MD4, MD5 and SHA-1 are considered weak message digests and
+ * \warning MD5 and SHA-1 are considered weak message digests and
* their use constitutes a security risk. We recommend considering
* stronger message digests instead.
*
*/
typedef enum {
MBEDTLS_MD_NONE=0, /**< None. */
- MBEDTLS_MD_MD2, /**< The MD2 message digest. */
- MBEDTLS_MD_MD4, /**< The MD4 message digest. */
MBEDTLS_MD_MD5, /**< The MD5 message digest. */
MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */
MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */
@@ -93,13 +92,13 @@
typedef struct mbedtls_md_context_t
{
/** Information about the associated message digest. */
- const mbedtls_md_info_t *md_info;
+ const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info);
/** The digest-specific context. */
- void *md_ctx;
+ void *MBEDTLS_PRIVATE(md_ctx);
/** The HMAC part of the context. */
- void *hmac_ctx;
+ void *MBEDTLS_PRIVATE(hmac_ctx);
} mbedtls_md_context_t;
/**
diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h
deleted file mode 100644
index 950afa2..0000000
--- a/include/mbedtls/md2.h
+++ /dev/null
@@ -1,203 +0,0 @@
-/**
- * \file md2.h
- *
- * \brief MD2 message digest algorithm (hash function)
- *
- * \warning MD2 is considered a weak message digest and its use constitutes a
- * security risk. We recommend considering stronger message digests
- * instead.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-#ifndef MBEDTLS_MD2_H
-#define MBEDTLS_MD2_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_MD2_ALT)
-// Regular implementation
-//
-
-/**
- * \brief MD2 context structure
- *
- * \warning MD2 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-typedef struct mbedtls_md2_context
-{
- unsigned char cksum[16]; /*!< checksum of the data block */
- unsigned char state[48]; /*!< intermediate digest state */
- unsigned char buffer[16]; /*!< data block being processed */
- size_t left; /*!< amount of data in buffer */
-}
-mbedtls_md2_context;
-
-#else /* MBEDTLS_MD2_ALT */
-#include "md2_alt.h"
-#endif /* MBEDTLS_MD2_ALT */
-
-/**
- * \brief Initialize MD2 context
- *
- * \param ctx MD2 context to be initialized
- *
- * \warning MD2 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-void mbedtls_md2_init( mbedtls_md2_context *ctx );
-
-/**
- * \brief Clear MD2 context
- *
- * \param ctx MD2 context to be cleared
- *
- * \warning MD2 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-void mbedtls_md2_free( mbedtls_md2_context *ctx );
-
-/**
- * \brief Clone (the state of) an MD2 context
- *
- * \param dst The destination context
- * \param src The context to be cloned
- *
- * \warning MD2 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-void mbedtls_md2_clone( mbedtls_md2_context *dst,
- const mbedtls_md2_context *src );
-
-/**
- * \brief MD2 context setup
- *
- * \param ctx context to be initialized
- *
- * \return 0 if successful
- *
- * \warning MD2 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx );
-
-/**
- * \brief MD2 process buffer
- *
- * \param ctx MD2 context
- * \param input buffer holding the data
- * \param ilen length of the input data
- *
- * \return 0 if successful
- *
- * \warning MD2 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
- const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief MD2 final digest
- *
- * \param ctx MD2 context
- * \param output MD2 checksum result
- *
- * \return 0 if successful
- *
- * \warning MD2 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
- unsigned char output[16] );
-
-/**
- * \brief MD2 process data block (internal use only)
- *
- * \param ctx MD2 context
- *
- * \return 0 if successful
- *
- * \warning MD2 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-int mbedtls_internal_md2_process( mbedtls_md2_context *ctx );
-
-/**
- * \brief Output = MD2( input buffer )
- *
- * \param input buffer holding the data
- * \param ilen length of the input data
- * \param output MD2 checksum result
- *
- * \warning MD2 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-int mbedtls_md2_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- *
- * \warning MD2 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-int mbedtls_md2_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_md2.h */
diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h
deleted file mode 100644
index f9e3987..0000000
--- a/include/mbedtls/md4.h
+++ /dev/null
@@ -1,206 +0,0 @@
-/**
- * \file md4.h
- *
- * \brief MD4 message digest algorithm (hash function)
- *
- * \warning MD4 is considered a weak message digest and its use constitutes a
- * security risk. We recommend considering stronger message digests
- * instead.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-#ifndef MBEDTLS_MD4_H
-#define MBEDTLS_MD4_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_MD4_ALT)
-// Regular implementation
-//
-
-/**
- * \brief MD4 context structure
- *
- * \warning MD4 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-typedef struct mbedtls_md4_context
-{
- uint32_t total[2]; /*!< number of bytes processed */
- uint32_t state[4]; /*!< intermediate digest state */
- unsigned char buffer[64]; /*!< data block being processed */
-}
-mbedtls_md4_context;
-
-#else /* MBEDTLS_MD4_ALT */
-#include "md4_alt.h"
-#endif /* MBEDTLS_MD4_ALT */
-
-/**
- * \brief Initialize MD4 context
- *
- * \param ctx MD4 context to be initialized
- *
- * \warning MD4 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-void mbedtls_md4_init( mbedtls_md4_context *ctx );
-
-/**
- * \brief Clear MD4 context
- *
- * \param ctx MD4 context to be cleared
- *
- * \warning MD4 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-void mbedtls_md4_free( mbedtls_md4_context *ctx );
-
-/**
- * \brief Clone (the state of) an MD4 context
- *
- * \param dst The destination context
- * \param src The context to be cloned
- *
- * \warning MD4 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-void mbedtls_md4_clone( mbedtls_md4_context *dst,
- const mbedtls_md4_context *src );
-
-/**
- * \brief MD4 context setup
- *
- * \param ctx context to be initialized
- *
- * \return 0 if successful
- *
- * \warning MD4 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- */
-int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx );
-
-/**
- * \brief MD4 process buffer
- *
- * \param ctx MD4 context
- * \param input buffer holding the data
- * \param ilen length of the input data
- *
- * \return 0 if successful
- *
- * \warning MD4 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
- const unsigned char *input,
- size_t ilen );
-
-/**
- * \brief MD4 final digest
- *
- * \param ctx MD4 context
- * \param output MD4 checksum result
- *
- * \return 0 if successful
- *
- * \warning MD4 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
- unsigned char output[16] );
-
-/**
- * \brief MD4 process data block (internal use only)
- *
- * \param ctx MD4 context
- * \param data buffer holding one block of data
- *
- * \return 0 if successful
- *
- * \warning MD4 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
- const unsigned char data[64] );
-
-/**
- * \brief Output = MD4( input buffer )
- *
- * \param input buffer holding the data
- * \param ilen length of the input data
- * \param output MD4 checksum result
- *
- * \return 0 if successful
- *
- * \warning MD4 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-int mbedtls_md4_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- *
- * \warning MD4 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
- */
-int mbedtls_md4_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_md4.h */
diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h
index 71a41dc..6ef3591 100644
--- a/include/mbedtls/md5.h
+++ b/include/mbedtls/md5.h
@@ -25,6 +25,7 @@
*/
#ifndef MBEDTLS_MD5_H
#define MBEDTLS_MD5_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -53,9 +54,9 @@
*/
typedef struct mbedtls_md5_context
{
- uint32_t total[2]; /*!< number of bytes processed */
- uint32_t state[4]; /*!< intermediate digest state */
- unsigned char buffer[64]; /*!< data block being processed */
+ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
+ uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state */
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
}
mbedtls_md5_context;
@@ -113,7 +114,7 @@
* stronger message digests instead.
*
*/
-int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx );
+int mbedtls_md5_starts( mbedtls_md5_context *ctx );
/**
* \brief MD5 process buffer
@@ -129,9 +130,9 @@
* stronger message digests instead.
*
*/
-int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_md5_update( mbedtls_md5_context *ctx,
+ const unsigned char *input,
+ size_t ilen );
/**
* \brief MD5 final digest
@@ -146,8 +147,8 @@
* stronger message digests instead.
*
*/
-int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
- unsigned char output[16] );
+int mbedtls_md5_finish( mbedtls_md5_context *ctx,
+ unsigned char output[16] );
/**
* \brief MD5 process data block (internal use only)
@@ -179,9 +180,9 @@
* stronger message digests instead.
*
*/
-int mbedtls_md5_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] );
+int mbedtls_md5( const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16] );
#if defined(MBEDTLS_SELF_TEST)
diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index 319f4be..502b9f4 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -37,6 +37,7 @@
*/
#ifndef MBEDTLS_NET_SOCKETS_H
#define MBEDTLS_NET_SOCKETS_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -84,7 +85,7 @@
*/
typedef struct mbedtls_net_context
{
- int fd; /**< The underlying file descriptor */
+ int MBEDTLS_PRIVATE(fd); /**< The underlying file descriptor */
}
mbedtls_net_context;
diff --git a/include/mbedtls/nist_kw.h b/include/mbedtls/nist_kw.h
index 7f3e64a..c537b58 100644
--- a/include/mbedtls/nist_kw.h
+++ b/include/mbedtls/nist_kw.h
@@ -34,6 +34,7 @@
#ifndef MBEDTLS_NIST_KW_H
#define MBEDTLS_NIST_KW_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -65,7 +66,7 @@
* Don't make any assumptions on this context!
*/
typedef struct {
- mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
} mbedtls_nist_kw_context;
#else /* MBEDTLS_NIST_key wrapping_ALT */
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index 739a42f..1921042 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_OID_H
#define MBEDTLS_OID_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -230,8 +231,6 @@
* PKCS#1 OIDs
*/
#define MBEDTLS_OID_PKCS1_RSA MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
-#define MBEDTLS_OID_PKCS1_MD2 MBEDTLS_OID_PKCS1 "\x02" /**< md2WithRSAEncryption ::= { pkcs-1 2 } */
-#define MBEDTLS_OID_PKCS1_MD4 MBEDTLS_OID_PKCS1 "\x03" /**< md4WithRSAEncryption ::= { pkcs-1 3 } */
#define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
#define MBEDTLS_OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
#define MBEDTLS_OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
@@ -250,8 +249,6 @@
/*
* Digest algorithms
*/
-#define MBEDTLS_OID_DIGEST_ALG_MD2 MBEDTLS_OID_RSA_COMPANY "\x02\x02" /**< id-mbedtls_md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */
-#define MBEDTLS_OID_DIGEST_ALG_MD4 MBEDTLS_OID_RSA_COMPANY "\x02\x04" /**< id-mbedtls_md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */
#define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
@@ -302,8 +299,6 @@
/*
* PKCS#5 PBES1 algorithms
*/
-#define MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC MBEDTLS_OID_PKCS5 "\x01" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */
-#define MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC MBEDTLS_OID_PKCS5 "\x04" /**< pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} */
#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
@@ -319,8 +314,6 @@
*/
#define MBEDTLS_OID_PKCS12_PBE MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128 MBEDTLS_OID_PKCS12_PBE "\x01" /**< pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_40 MBEDTLS_OID_PKCS12_PBE "\x02" /**< pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} */
#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
@@ -440,11 +433,11 @@
*/
typedef struct mbedtls_oid_descriptor_t
{
- const char *asn1; /*!< OID ASN.1 representation */
- size_t asn1_len; /*!< length of asn1 */
+ const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation */
+ size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1 */
#if !defined(MBEDTLS_X509_REMOVE_INFO)
- const char *name; /*!< official name (e.g. from RFC) */
- const char *description; /*!< human friendly description */
+ const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC) */
+ const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */
#endif
} mbedtls_oid_descriptor_t;
diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h
index 4769bec..9242da6 100644
--- a/include/mbedtls/pem.h
+++ b/include/mbedtls/pem.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_PEM_H
#define MBEDTLS_PEM_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -57,9 +58,9 @@
*/
typedef struct mbedtls_pem_context
{
- unsigned char *buf; /*!< buffer for decoded data */
- size_t buflen; /*!< length of the buffer */
- unsigned char *info; /*!< buffer for extra header information */
+ unsigned char *MBEDTLS_PRIVATE(buf); /*!< buffer for decoded data */
+ size_t MBEDTLS_PRIVATE(buflen); /*!< length of the buffer */
+ unsigned char *MBEDTLS_PRIVATE(info); /*!< buffer for extra header information */
}
mbedtls_pem_context;
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 25f02ff..ec7fe6e 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -22,6 +22,7 @@
#ifndef MBEDTLS_PK_H
#define MBEDTLS_PK_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -91,8 +92,8 @@
*/
typedef struct mbedtls_pk_rsassa_pss_options
{
- mbedtls_md_type_t mgf1_hash_id;
- int expected_salt_len;
+ mbedtls_md_type_t MBEDTLS_PRIVATE(mgf1_hash_id);
+ int MBEDTLS_PRIVATE(expected_salt_len);
} mbedtls_pk_rsassa_pss_options;
@@ -163,9 +164,9 @@
*/
typedef struct mbedtls_pk_debug_item
{
- mbedtls_pk_debug_type type;
- const char *name;
- void *value;
+ mbedtls_pk_debug_type MBEDTLS_PRIVATE(type);
+ const char *MBEDTLS_PRIVATE(name);
+ void *MBEDTLS_PRIVATE(value);
} mbedtls_pk_debug_item;
/** Maximum number of item send for debugging, plus 1 */
@@ -181,8 +182,8 @@
*/
typedef struct mbedtls_pk_context
{
- const mbedtls_pk_info_t * pk_info; /**< Public key information */
- void * pk_ctx; /**< Underlying public key context */
+ const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */
+ void * MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */
} mbedtls_pk_context;
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
@@ -191,8 +192,8 @@
*/
typedef struct
{
- const mbedtls_pk_info_t * pk_info; /**< Public key information */
- void * rs_ctx; /**< Underlying restart context */
+ const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */
+ void * MBEDTLS_PRIVATE(rs_ctx); /**< Underlying restart context */
} mbedtls_pk_restart_ctx;
#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
/* Now we can declare functions that take a pointer to that */
@@ -208,7 +209,7 @@
*/
static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
{
- return( (mbedtls_rsa_context *) (pk).pk_ctx );
+ return( (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
}
#endif /* MBEDTLS_RSA_C */
@@ -221,7 +222,7 @@
*/
static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
{
- return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
+ return( (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
}
#endif /* MBEDTLS_ECP_C */
@@ -398,9 +399,17 @@
* \brief Verify signature (including padding if relevant).
*
* \param ctx The PK context to use. It must have been set up.
- * \param md_alg Hash algorithm used (see notes)
+ * \param md_alg Hash algorithm used.
+ * This can be #MBEDTLS_MD_NONE if the signature algorithm
+ * does not rely on a hash algorithm (non-deterministic
+ * ECDSA, RSA PKCS#1 v1.5).
+ * For PKCS#1 v1.5, if \p md_alg is #MBEDTLS_MD_NONE, then
+ * \p hash is the DigestInfo structure used by RFC 8017
+ * §9.2 steps 3–6. If \p md_alg is a valid hash
+ * algorithm then \p hash is the digest itself, and this
+ * function calculates the DigestInfo encoding internally.
* \param hash Hash of the message to sign
- * \param hash_len Hash length or 0 (see notes)
+ * \param hash_len Hash length
* \param sig Signature to verify
* \param sig_len Signature length
*
@@ -412,11 +421,6 @@
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
* Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
* to verify RSASSA_PSS signatures.
- *
- * \note If hash_len is 0, then the length associated with md_alg
- * is used instead, or an error returned if it is invalid.
- *
- * \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
*/
int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
@@ -489,7 +493,7 @@
* with a private key.
* \param md_alg Hash algorithm used (see notes)
* \param hash Hash of the message to sign
- * \param hash_len Hash length or 0 (see notes)
+ * \param hash_len Hash length
* \param sig Place to write the signature.
* It must have enough room for the signature.
* #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
@@ -497,7 +501,7 @@
* given the key type.
* \param sig_len On successful return,
* the number of bytes written to \p sig.
- * \param f_rng RNG function
+ * \param f_rng RNG function, must not be \c NULL.
* \param p_rng RNG parameter
*
* \return 0 on success, or a specific error code.
@@ -506,9 +510,6 @@
* There is no interface in the PK module to make RSASSA-PSS
* signatures yet.
*
- * \note If hash_len is 0, then the length associated with md_alg
- * is used instead, or an error returned if it is invalid.
- *
* \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
* For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
*/
@@ -529,7 +530,7 @@
* with a private key.
* \param md_alg Hash algorithm used (see notes for mbedtls_pk_sign())
* \param hash Hash of the message to sign
- * \param hash_len Hash length or 0 (see notes for mbedtls_pk_sign())
+ * \param hash_len Hash length
* \param sig Place to write the signature.
* It must have enough room for the signature.
* #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
@@ -537,7 +538,7 @@
* given the key type.
* \param sig_len On successful return,
* the number of bytes written to \p sig.
- * \param f_rng RNG function
+ * \param f_rng RNG function, must not be \c NULL.
* \param p_rng RNG parameter
* \param rs_ctx Restart context (NULL to disable restart)
*
@@ -562,7 +563,7 @@
* \param output Decrypted output
* \param olen Decrypted message length
* \param osize Size of the output buffer
- * \param f_rng RNG function
+ * \param f_rng RNG function, must not be \c NULL.
* \param p_rng RNG parameter
*
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
@@ -583,9 +584,11 @@
* \param output Encrypted output
* \param olen Encrypted output length
* \param osize Size of the output buffer
- * \param f_rng RNG function
+ * \param f_rng RNG function, must not be \c NULL.
* \param p_rng RNG parameter
*
+ * \note \p f_rng is used for padding generation.
+ *
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
*
* \return 0 on success, or a specific error code.
@@ -600,6 +603,8 @@
*
* \param pub Context holding a public key.
* \param prv Context holding a private (and public) key.
+ * \param f_rng RNG function, must not be \c NULL.
+ * \param p_rng RNG parameter
*
* \return \c 0 on success (keys were checked and match each other).
* \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the keys could not
@@ -607,7 +612,10 @@
* \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid.
* \return Another non-zero value if the keys do not match.
*/
-int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv );
+int mbedtls_pk_check_pair( const mbedtls_pk_context *pub,
+ const mbedtls_pk_context *prv,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
/**
* \brief Export debug information
@@ -659,6 +667,8 @@
* The empty password is not supported.
* \param pwdlen Size of the password in bytes.
* Ignored if \p pwd is \c NULL.
+ * \param f_rng RNG function, must not be \c NULL. Used for blinding.
+ * \param p_rng RNG parameter
*
* \note On entry, ctx must be empty, either freshly initialised
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
@@ -669,8 +679,9 @@
* \return 0 if successful, or a specific PK or PEM error code
*/
int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
- const unsigned char *key, size_t keylen,
- const unsigned char *pwd, size_t pwdlen );
+ const unsigned char *key, size_t keylen,
+ const unsigned char *pwd, size_t pwdlen,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/** \ingroup pk_module */
/**
@@ -710,6 +721,8 @@
* Pass a null-terminated string if expecting an encrypted
* key; a non-encrypted key will also be accepted.
* The empty password is not supported.
+ * \param f_rng RNG function, must not be \c NULL. Used for blinding.
+ * \param p_rng RNG parameter
*
* \note On entry, ctx must be empty, either freshly initialised
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
@@ -720,7 +733,8 @@
* \return 0 if successful, or a specific PK or PEM error code
*/
int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
- const char *path, const char *password );
+ const char *path, const char *password,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/** \ingroup pk_module */
/**
diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h
index 4b8ce7e..06092d3 100644
--- a/include/mbedtls/pkcs12.h
+++ b/include/mbedtls/pkcs12.h
@@ -54,25 +54,6 @@
/**
* \brief PKCS12 Password Based function (encryption / decryption)
- * for pbeWithSHAAnd128BitRC4
- *
- * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
- * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
- * \param pwd the password used (may be NULL if no password is used)
- * \param pwdlen length of the password (may be 0)
- * \param input the input data
- * \param len data length
- * \param output the output buffer
- *
- * \return 0 if successful, or a MBEDTLS_ERR_XXX code
- */
-int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *input, size_t len,
- unsigned char *output );
-
-/**
- * \brief PKCS12 Password Based function (encryption / decryption)
* for cipher-based and mbedtls_md-based PBE's
*
* \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index c944732..c50d7d2 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -30,6 +30,7 @@
*/
#ifndef MBEDTLS_PLATFORM_H
#define MBEDTLS_PLATFORM_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -367,7 +368,7 @@
*/
typedef struct mbedtls_platform_context
{
- char dummy; /**< A placeholder member, as empty structs are not portable. */
+ char MBEDTLS_PRIVATE(dummy); /**< A placeholder member, as empty structs are not portable. */
}
mbedtls_platform_context;
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index fbc2a0d..6d9cfec 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -39,78 +39,10 @@
extern "C" {
#endif
-#if defined(MBEDTLS_CHECK_PARAMS)
-
-#if defined(MBEDTLS_CHECK_PARAMS_ASSERT)
-/* Allow the user to define MBEDTLS_PARAM_FAILED to something like assert
- * (which is what our config.h suggests). */
-#include <assert.h>
-#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */
-
-#if defined(MBEDTLS_PARAM_FAILED)
-/** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h.
- *
- * This flag can be used to check whether it is safe to assume that
- * MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed().
- */
-#define MBEDTLS_PARAM_FAILED_ALT
-
-#elif defined(MBEDTLS_CHECK_PARAMS_ASSERT)
-#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
-#define MBEDTLS_PARAM_FAILED_ALT
-
-#else /* MBEDTLS_PARAM_FAILED */
-#define MBEDTLS_PARAM_FAILED( cond ) \
- mbedtls_param_failed( #cond, __FILE__, __LINE__ )
-
-/**
- * \brief User supplied callback function for parameter validation failure.
- * See #MBEDTLS_CHECK_PARAMS for context.
- *
- * This function will be called unless an alternative treatement
- * is defined through the #MBEDTLS_PARAM_FAILED macro.
- *
- * This function can return, and the operation will be aborted, or
- * alternatively, through use of setjmp()/longjmp() can resume
- * execution in the application code.
- *
- * \param failure_condition The assertion that didn't hold.
- * \param file The file where the assertion failed.
- * \param line The line in the file where the assertion failed.
- */
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line );
-#endif /* MBEDTLS_PARAM_FAILED */
-
-/* Internal macro meant to be called only from within the library. */
-#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) \
- do { \
- if( !(cond) ) \
- { \
- MBEDTLS_PARAM_FAILED( cond ); \
- return( ret ); \
- } \
- } while( 0 )
-
-/* Internal macro meant to be called only from within the library. */
-#define MBEDTLS_INTERNAL_VALIDATE( cond ) \
- do { \
- if( !(cond) ) \
- { \
- MBEDTLS_PARAM_FAILED( cond ); \
- return; \
- } \
- } while( 0 )
-
-#else /* MBEDTLS_CHECK_PARAMS */
-
/* Internal macros meant to be called only from within the library. */
#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 )
#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 )
-#endif /* MBEDTLS_CHECK_PARAMS */
-
/* Internal helper macros for deprecating API constants. */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index 1767f58..4d25385 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -31,6 +31,7 @@
#ifndef MBEDTLS_POLY1305_H
#define MBEDTLS_POLY1305_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -51,11 +52,11 @@
typedef struct mbedtls_poly1305_context
{
- uint32_t r[4]; /** The value for 'r' (low 128 bits of the key). */
- uint32_t s[4]; /** The value for 's' (high 128 bits of the key). */
- uint32_t acc[5]; /** The accumulator number. */
- uint8_t queue[16]; /** The current partial block of data. */
- size_t queue_len; /** The number of bytes stored in 'queue'. */
+ uint32_t MBEDTLS_PRIVATE(r)[4]; /** The value for 'r' (low 128 bits of the key). */
+ uint32_t MBEDTLS_PRIVATE(s)[4]; /** The value for 's' (high 128 bits of the key). */
+ uint32_t MBEDTLS_PRIVATE(acc)[5]; /** The accumulator number. */
+ uint8_t MBEDTLS_PRIVATE(queue)[16]; /** The current partial block of data. */
+ size_t MBEDTLS_PRIVATE(queue_len); /** The number of bytes stored in 'queue'. */
}
mbedtls_poly1305_context;
diff --git a/include/mbedtls/private_access.h b/include/mbedtls/private_access.h
new file mode 100644
index 0000000..98d3419
--- /dev/null
+++ b/include/mbedtls/private_access.h
@@ -0,0 +1,32 @@
+ /**
+ * \file private_access.h
+ *
+ * \brief Macro wrapper for struct's memebrs.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_PRIVATE_ACCESS_H
+#define MBEDTLS_PRIVATE_ACCESS_H
+
+#ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS
+#define MBEDTLS_PRIVATE(member) private_##member
+#else
+#define MBEDTLS_PRIVATE(member) member
+#endif
+
+#endif /* MBEDTLS_PRIVATE_ACCESS_H */
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index 75fcdac..d7b9b17 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -25,6 +25,7 @@
#ifndef MBEDTLS_PSA_UTIL_H
#define MBEDTLS_PSA_UTIL_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -120,14 +121,6 @@
{
switch( md_alg )
{
-#if defined(MBEDTLS_MD2_C)
- case MBEDTLS_MD_MD2:
- return( PSA_ALG_MD2 );
-#endif
-#if defined(MBEDTLS_MD4_C)
- case MBEDTLS_MD_MD4:
- return( PSA_ALG_MD4 );
-#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
return( PSA_ALG_MD5 );
@@ -380,7 +373,7 @@
if( curve_info == NULL )
return( 0 );
return( PSA_KEY_TYPE_ECC_KEY_PAIR(
- mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) );
+ mbedtls_ecc_group_to_psa( curve_info->MBEDTLS_PRIVATE(grp_id), bits ) ) );
}
#endif /* MBEDTLS_ECP_C */
diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h
index 1c72d60..f12f434 100644
--- a/include/mbedtls/ripemd160.h
+++ b/include/mbedtls/ripemd160.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_RIPEMD160_H
#define MBEDTLS_RIPEMD160_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -44,9 +45,9 @@
*/
typedef struct mbedtls_ripemd160_context
{
- uint32_t total[2]; /*!< number of bytes processed */
- uint32_t state[5]; /*!< intermediate digest state */
- unsigned char buffer[64]; /*!< data block being processed */
+ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
+ uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< intermediate digest state */
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
}
mbedtls_ripemd160_context;
@@ -84,7 +85,7 @@
*
* \return 0 if successful
*/
-int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx );
+int mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx );
/**
* \brief RIPEMD-160 process buffer
@@ -95,9 +96,9 @@
*
* \return 0 if successful
*/
-int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
+ const unsigned char *input,
+ size_t ilen );
/**
* \brief RIPEMD-160 final digest
@@ -107,8 +108,8 @@
*
* \return 0 if successful
*/
-int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx,
- unsigned char output[20] );
+int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
+ unsigned char output[20] );
/**
* \brief RIPEMD-160 process data block (internal use only)
@@ -130,9 +131,9 @@
*
* \return 0 if successful
*/
-int mbedtls_ripemd160_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] );
+int mbedtls_ripemd160( const unsigned char *input,
+ size_t ilen,
+ unsigned char output[20] );
#if defined(MBEDTLS_SELF_TEST)
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index ba00bff..9a070e7 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -27,6 +27,7 @@
*/
#ifndef MBEDTLS_RSA_H
#define MBEDTLS_RSA_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -81,48 +82,44 @@
/**
* \brief The RSA context structure.
- *
- * \note Direct manipulation of the members of this structure
- * is deprecated. All manipulation should instead be done through
- * the public interface functions.
*/
typedef struct mbedtls_rsa_context
{
- int ver; /*!< Reserved for internal purposes.
+ int MBEDTLS_PRIVATE(ver); /*!< Reserved for internal purposes.
* Do not set this field in application
* code. Its meaning might change without
* notice. */
- size_t len; /*!< The size of \p N in Bytes. */
+ size_t MBEDTLS_PRIVATE(len); /*!< The size of \p N in Bytes. */
- mbedtls_mpi N; /*!< The public modulus. */
- mbedtls_mpi E; /*!< The public exponent. */
+ mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The public modulus. */
+ mbedtls_mpi MBEDTLS_PRIVATE(E); /*!< The public exponent. */
- mbedtls_mpi D; /*!< The private exponent. */
- mbedtls_mpi P; /*!< The first prime factor. */
- mbedtls_mpi Q; /*!< The second prime factor. */
+ mbedtls_mpi MBEDTLS_PRIVATE(D); /*!< The private exponent. */
+ mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The first prime factor. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Q); /*!< The second prime factor. */
- mbedtls_mpi DP; /*!< <code>D % (P - 1)</code>. */
- mbedtls_mpi DQ; /*!< <code>D % (Q - 1)</code>. */
- mbedtls_mpi QP; /*!< <code>1 / (Q % P)</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(DP); /*!< <code>D % (P - 1)</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(DQ); /*!< <code>D % (Q - 1)</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(QP); /*!< <code>1 / (Q % P)</code>. */
- mbedtls_mpi RN; /*!< cached <code>R^2 mod N</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(RN); /*!< cached <code>R^2 mod N</code>. */
- mbedtls_mpi RP; /*!< cached <code>R^2 mod P</code>. */
- mbedtls_mpi RQ; /*!< cached <code>R^2 mod Q</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< cached <code>R^2 mod P</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(RQ); /*!< cached <code>R^2 mod Q</code>. */
- mbedtls_mpi Vi; /*!< The cached blinding value. */
- mbedtls_mpi Vf; /*!< The cached un-blinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The cached blinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The cached un-blinding value. */
- int padding; /*!< Selects padding mode:
+ int MBEDTLS_PRIVATE(padding); /*!< Selects padding mode:
#MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
#MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
- int hash_id; /*!< Hash identifier of mbedtls_md_type_t type,
+ int MBEDTLS_PRIVATE(hash_id); /*!< Hash identifier of mbedtls_md_type_t type,
as specified in md.h for use in the MGF
mask generating function used in the
EME-OAEP and EMSA-PSS encodings. */
#if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized iff ver != 0. */
- mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex. */
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< Thread-safety mutex. */
#endif
}
mbedtls_rsa_context;
@@ -134,33 +131,51 @@
/**
* \brief This function initializes an RSA context.
*
+ * \note This function initializes the padding and the hash
+ * identifier to respectively #MBEDTLS_RSA_PKCS_V15 and
+ * #MBEDTLS_MD_NONE. See mbedtls_rsa_set_padding() for more
+ * information about those parameters.
+ *
+ * \param ctx The RSA context to initialize. This must not be \c NULL.
+ */
+void mbedtls_rsa_init( mbedtls_rsa_context *ctx );
+
+/**
+ * \brief This function sets padding for an already initialized RSA
+ * context.
+ *
* \note Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
* encryption scheme and the RSASSA-PSS signature scheme.
*
* \note The \p hash_id parameter is ignored when using
* #MBEDTLS_RSA_PKCS_V15 padding.
*
- * \note The choice of padding mode is strictly enforced for private key
- * operations, since there might be security concerns in
+ * \note The choice of padding mode is strictly enforced for private
+ * key operations, since there might be security concerns in
* mixing padding modes. For public key operations it is
* a default value, which can be overridden by calling specific
- * \c rsa_rsaes_xxx or \c rsa_rsassa_xxx functions.
+ * \c mbedtls_rsa_rsaes_xxx or \c mbedtls_rsa_rsassa_xxx
+ * functions.
*
* \note The hash selected in \p hash_id is always used for OEAP
* encryption. For PSS signatures, it is always used for
* making signatures, but can be overridden for verifying them.
* If set to #MBEDTLS_MD_NONE, it is always overridden.
*
- * \param ctx The RSA context to initialize. This must not be \c NULL.
+ * \param ctx The initialized RSA context to be configured.
* \param padding The padding mode to use. This must be either
* #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
- * \param hash_id The hash identifier of ::mbedtls_md_type_t type, if
- * \p padding is #MBEDTLS_RSA_PKCS_V21. It is unused
- * otherwise.
+ * \param hash_id The hash identifier for PSS or OAEP, if \p padding is
+ * #MBEDTLS_RSA_PKCS_V21. #MBEDTLS_MD_NONE is accepted by this
+ * function but may be not suitable for some operations.
+ * Ignored if \p padding is #MBEDTLS_RSA_PKCS_V15.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_RSA_INVALID_PADDING failure:
+ * \p padding or \p hash_id is invalid.
*/
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
- int padding,
- int hash_id );
+int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
+ mbedtls_md_type_t hash_id );
/**
* \brief This function imports a set of core parameters into an
@@ -392,18 +407,6 @@
mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP );
/**
- * \brief This function sets padding for an already initialized RSA
- * context. See mbedtls_rsa_init() for details.
- *
- * \param ctx The initialized RSA context to be configured.
- * \param padding The padding mode to use. This must be either
- * #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
- * \param hash_id The #MBEDTLS_RSA_PKCS_V21 hash identifier.
- */
-void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
- int hash_id );
-
-/**
* \brief This function retrieves the length of RSA modulus in Bytes.
*
* \param ctx The initialized RSA context.
@@ -793,13 +796,11 @@
* if \p f_rng doesn't need a context argument.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest.
- * Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hashlen The length of the message digest or raw data in Bytes.
+ * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+ * output length of the corresponding hash algorithm.
* \param hash The buffer holding the message digest or raw data.
- * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- * buffer of length \p hashlen Bytes. If \p md_alg is not
- * #MBEDTLS_MD_NONE, it must be a readable buffer of length
- * the size of the hash corresponding to \p md_alg.
+ * This must be a readable buffer of at least \p hashlen Bytes.
* \param sig The buffer to hold the signature. This must be a writable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus. A buffer length of
@@ -827,13 +828,11 @@
* if \p f_rng doesn't need a context argument.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest.
- * Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hashlen The length of the message digest or raw data in Bytes.
+ * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+ * output length of the corresponding hash algorithm.
* \param hash The buffer holding the message digest or raw data.
- * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- * buffer of length \p hashlen Bytes. If \p md_alg is not
- * #MBEDTLS_MD_NONE, it must be a readable buffer of length
- * the size of the hash corresponding to \p md_alg.
+ * This must be a readable buffer of at least \p hashlen Bytes.
* \param sig The buffer to hold the signature. This must be a writable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus. A buffer length of
@@ -854,12 +853,13 @@
* \brief This function performs a PKCS#1 v2.1 PSS signature
* operation (RSASSA-PSS-SIGN).
*
- * \note The \p hash_id in the RSA context is the one used for the
- * encoding. \p md_alg in the function call is the type of hash
- * that is encoded. According to <em>RFC-3447: Public-Key
+ * \note The \c hash_id set in \p ctx by calling
+ * mbedtls_rsa_set_padding() selects the hash used for the
+ * encoding operation and for the mask generation function
+ * (MGF1). For more details on the encoding operation and the
+ * mask generation function, consult <em>RFC-3447: Public-Key
* Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- * Specifications</em> it is advised to keep both hashes the
- * same.
+ * Specifications</em>.
*
* \note This function enforces that the provided salt length complies
* with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1 v2.2) §9.1.1
@@ -874,13 +874,11 @@
* if \p f_rng doesn't need a context argument.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest.
- * Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hashlen The length of the message digest or raw data in Bytes.
+ * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+ * output length of the corresponding hash algorithm.
* \param hash The buffer holding the message digest or raw data.
- * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- * buffer of length \p hashlen Bytes. If \p md_alg is not
- * #MBEDTLS_MD_NONE, it must be a readable buffer of length
- * the size of the hash corresponding to \p md_alg.
+ * This must be a readable buffer of at least \p hashlen Bytes.
* \param saltlen The length of the salt that should be used.
* If passed #MBEDTLS_RSA_SALT_LEN_ANY, the function will use
* the largest possible salt length up to the hash length,
@@ -907,12 +905,13 @@
* \brief This function performs a PKCS#1 v2.1 PSS signature
* operation (RSASSA-PSS-SIGN).
*
- * \note The \p hash_id in the RSA context is the one used for the
- * encoding. \p md_alg in the function call is the type of hash
- * that is encoded. According to <em>RFC-3447: Public-Key
+ * \note The \c hash_id set in \p ctx by calling
+ * mbedtls_rsa_set_padding() selects the hash used for the
+ * encoding operation and for the mask generation function
+ * (MGF1). For more details on the encoding operation and the
+ * mask generation function, consult <em>RFC-3447: Public-Key
* Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- * Specifications</em> it is advised to keep both hashes the
- * same.
+ * Specifications</em>.
*
* \note This function always uses the maximum possible salt size,
* up to the length of the payload hash. This choice of salt
@@ -930,13 +929,11 @@
* if \p f_rng doesn't need a context argument.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest.
- * Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hashlen The length of the message digest or raw data in Bytes.
+ * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+ * output length of the corresponding hash algorithm.
* \param hash The buffer holding the message digest or raw data.
- * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- * buffer of length \p hashlen Bytes. If \p md_alg is not
- * #MBEDTLS_MD_NONE, it must be a readable buffer of length
- * the size of the hash corresponding to \p md_alg.
+ * This must be a readable buffer of at least \p hashlen Bytes.
* \param sig The buffer to hold the signature. This must be a writable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus. A buffer length of
@@ -967,13 +964,11 @@
* \param ctx The initialized RSA public key context to use.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest.
- * This is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hashlen The length of the message digest or raw data in Bytes.
+ * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+ * output length of the corresponding hash algorithm.
* \param hash The buffer holding the message digest or raw data.
- * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- * buffer of length \p hashlen Bytes. If \p md_alg is not
- * #MBEDTLS_MD_NONE, it must be a readable buffer of length
- * the size of the hash corresponding to \p md_alg.
+ * This must be a readable buffer of at least \p hashlen Bytes.
* \param sig The buffer holding the signature. This must be a readable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus.
@@ -994,13 +989,11 @@
* \param ctx The initialized RSA public key context to use.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest.
- * This is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hashlen The length of the message digest or raw data in Bytes.
+ * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+ * output length of the corresponding hash algorithm.
* \param hash The buffer holding the message digest or raw data.
- * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- * buffer of length \p hashlen Bytes. If \p md_alg is not
- * #MBEDTLS_MD_NONE, it must be a readable buffer of length
- * the size of the hash corresponding to \p md_alg.
+ * This must be a readable buffer of at least \p hashlen Bytes.
* \param sig The buffer holding the signature. This must be a readable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus.
@@ -1018,27 +1011,24 @@
* \brief This function performs a PKCS#1 v2.1 PSS verification
* operation (RSASSA-PSS-VERIFY).
*
- * The hash function for the MGF mask generating function
- * is that specified in the RSA context.
- *
- * \note The \p hash_id in the RSA context is the one used for the
- * verification. \p md_alg in the function call is the type of
- * hash that is verified. According to <em>RFC-3447: Public-Key
+ * \note The \c hash_id set in \p ctx by calling
+ * mbedtls_rsa_set_padding() selects the hash used for the
+ * encoding operation and for the mask generation function
+ * (MGF1). For more details on the encoding operation and the
+ * mask generation function, consult <em>RFC-3447: Public-Key
* Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- * Specifications</em> it is advised to keep both hashes the
- * same. If \p hash_id in the RSA context is unset,
- * the \p md_alg from the function call is used.
+ * Specifications</em>. If the \c hash_id set in \p ctx by
+ * mbedtls_rsa_set_padding() is #MBEDTLS_MD_NONE, the \p md_alg
+ * parameter is used.
*
* \param ctx The initialized RSA public key context to use.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest.
- * This is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hashlen The length of the message digest or raw data in Bytes.
+ * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+ * output length of the corresponding hash algorithm.
* \param hash The buffer holding the message digest or raw data.
- * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- * buffer of length \p hashlen Bytes. If \p md_alg is not
- * #MBEDTLS_MD_NONE, it must be a readable buffer of length
- * the size of the hash corresponding to \p md_alg.
+ * This must be a readable buffer of at least \p hashlen Bytes.
* \param sig The buffer holding the signature. This must be a readable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus.
@@ -1056,25 +1046,27 @@
* \brief This function performs a PKCS#1 v2.1 PSS verification
* operation (RSASSA-PSS-VERIFY).
*
- * The hash function for the MGF mask generating function
- * is that specified in \p mgf1_hash_id.
- *
* \note The \p sig buffer must be as large as the size
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
*
- * \note The \p hash_id in the RSA context is ignored.
+ * \note The \c hash_id set in \p ctx by mbedtls_rsa_set_padding() is
+ * ignored.
*
* \param ctx The initialized RSA public key context to use.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest.
- * This is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hashlen The length of the message digest or raw data in Bytes.
+ * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+ * output length of the corresponding hash algorithm.
* \param hash The buffer holding the message digest or raw data.
- * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- * buffer of length \p hashlen Bytes. If \p md_alg is not
- * #MBEDTLS_MD_NONE, it must be a readable buffer of length
- * the size of the hash corresponding to \p md_alg.
- * \param mgf1_hash_id The message digest used for mask generation.
+ * This must be a readable buffer of at least \p hashlen Bytes.
+ * \param mgf1_hash_id The message digest algorithm used for the
+ * verification operation and the mask generation
+ * function (MGF1). For more details on the encoding
+ * operation and the mask generation function, consult
+ * <em>RFC-3447: Public-Key Cryptography Standards
+ * (PKCS) #1 v2.1: RSA Cryptography
+ * Specifications</em>.
* \param expected_salt_len The length of the salt used in padding. Use
* #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
* \param sig The buffer holding the signature. This must be a readable
diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h
index 56ff948..0975e2d 100644
--- a/include/mbedtls/sha1.h
+++ b/include/mbedtls/sha1.h
@@ -28,6 +28,7 @@
*/
#ifndef MBEDTLS_SHA1_H
#define MBEDTLS_SHA1_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -58,9 +59,9 @@
*/
typedef struct mbedtls_sha1_context
{
- uint32_t total[2]; /*!< The number of Bytes processed. */
- uint32_t state[5]; /*!< The intermediate digest state. */
- unsigned char buffer[64]; /*!< The data block being processed. */
+ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
+ uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< The intermediate digest state. */
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
}
mbedtls_sha1_context;
@@ -123,7 +124,7 @@
* \return A negative error code on failure.
*
*/
-int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx );
+int mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
/**
* \brief This function feeds an input buffer into an ongoing SHA-1
@@ -142,9 +143,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_sha1_update( mbedtls_sha1_context *ctx,
+ const unsigned char *input,
+ size_t ilen );
/**
* \brief This function finishes the SHA-1 operation, and writes
@@ -162,8 +163,8 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
- unsigned char output[20] );
+int mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
+ unsigned char output[20] );
/**
* \brief SHA-1 process data block (internal use only).
@@ -206,9 +207,9 @@
* \return A negative error code on failure.
*
*/
-int mbedtls_sha1_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] );
+int mbedtls_sha1( const unsigned char *input,
+ size_t ilen,
+ unsigned char output[20] );
#if defined(MBEDTLS_SELF_TEST)
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index 22c2c7d..76bed43 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -24,6 +24,7 @@
*/
#ifndef MBEDTLS_SHA256_H
#define MBEDTLS_SHA256_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -49,14 +50,14 @@
*
* The structure is used both for SHA-256 and for SHA-224
* checksum calculations. The choice between these two is
- * made in the call to mbedtls_sha256_starts_ret().
+ * made in the call to mbedtls_sha256_starts().
*/
typedef struct mbedtls_sha256_context
{
- uint32_t total[2]; /*!< The number of Bytes processed. */
- uint32_t state[8]; /*!< The intermediate digest state. */
- unsigned char buffer[64]; /*!< The data block being processed. */
- int is224; /*!< Determines which function to use:
+ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
+ uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
+ int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use:
0: Use SHA-256, or 1: Use SHA-224. */
}
mbedtls_sha256_context;
@@ -101,7 +102,7 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 );
+int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 );
/**
* \brief This function feeds an input buffer into an ongoing
@@ -116,9 +117,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_sha256_update( mbedtls_sha256_context *ctx,
+ const unsigned char *input,
+ size_t ilen );
/**
* \brief This function finishes the SHA-256 operation, and writes
@@ -133,8 +134,8 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
- unsigned char *output );
+int mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
+ unsigned char *output );
/**
* \brief This function processes a single data block within
@@ -170,10 +171,10 @@
* \param is224 Determines which function to use. This must be
* either \c 0 for SHA-256, or \c 1 for SHA-224.
*/
-int mbedtls_sha256_ret( const unsigned char *input,
- size_t ilen,
- unsigned char *output,
- int is224 );
+int mbedtls_sha256( const unsigned char *input,
+ size_t ilen,
+ unsigned char *output,
+ int is224 );
#if defined(MBEDTLS_SELF_TEST)
diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h
index 04222f4..00d8338 100644
--- a/include/mbedtls/sha512.h
+++ b/include/mbedtls/sha512.h
@@ -23,6 +23,7 @@
*/
#ifndef MBEDTLS_SHA512_H
#define MBEDTLS_SHA512_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -48,16 +49,16 @@
*
* The structure is used both for SHA-384 and for SHA-512
* checksum calculations. The choice between these two is
- * made in the call to mbedtls_sha512_starts_ret().
+ * made in the call to mbedtls_sha512_starts().
*/
typedef struct mbedtls_sha512_context
{
- uint64_t total[2]; /*!< The number of Bytes processed. */
- uint64_t state[8]; /*!< The intermediate digest state. */
- unsigned char buffer[128]; /*!< The data block being processed. */
+ uint64_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
+ uint64_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
+ unsigned char MBEDTLS_PRIVATE(buffer)[128]; /*!< The data block being processed. */
#if defined(MBEDTLS_SHA384_C)
- int is384; /*!< Determines which function to use:
- 0: Use SHA-512, or 1: Use SHA-384. */
+ int MBEDTLS_PRIVATE(is384); /*!< Determines which function to use:
+ 0: Use SHA-512, or 1: Use SHA-384. */
#endif
}
mbedtls_sha512_context;
@@ -108,7 +109,7 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 );
+int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 );
/**
* \brief This function feeds an input buffer into an ongoing
@@ -123,9 +124,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_sha512_update( mbedtls_sha512_context *ctx,
+ const unsigned char *input,
+ size_t ilen );
/**
* \brief This function finishes the SHA-512 operation, and writes
@@ -140,8 +141,8 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
- unsigned char *output );
+int mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
+ unsigned char *output );
/**
* \brief This function processes a single data block within
@@ -184,10 +185,10 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha512_ret( const unsigned char *input,
- size_t ilen,
- unsigned char *output,
- int is384 );
+int mbedtls_sha512( const unsigned char *input,
+ size_t ilen,
+ unsigned char *output,
+ int is384 );
#if defined(MBEDTLS_SELF_TEST)
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index dc37bc3..02b59ed 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_H
#define MBEDTLS_SSL_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -200,6 +201,9 @@
#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0
#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1
+#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT 1
+#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER 0
+
/*
* Default range for DTLS retransmission timer value, in milliseconds.
* RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
@@ -454,18 +458,6 @@
}
mbedtls_ssl_states;
-/*
- * The tls_prf function types.
- */
-typedef enum
-{
- MBEDTLS_SSL_TLS_PRF_NONE,
- MBEDTLS_SSL_TLS_PRF_TLS1,
- MBEDTLS_SSL_TLS_PRF_SHA384,
- MBEDTLS_SSL_TLS_PRF_SHA256
-}
-mbedtls_tls_prf_types;
-
/**
* \brief Callback type: send data on the network.
*
@@ -897,11 +889,11 @@
typedef struct mbedtls_dtls_srtp_info_t
{
/*! The SRTP profile that was negotiated. */
- mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile;
+ mbedtls_ssl_srtp_profile MBEDTLS_PRIVATE(chosen_dtls_srtp_profile);
/*! The length of mki_value. */
- uint16_t mki_len;
+ uint16_t MBEDTLS_PRIVATE(mki_len);
/*! The mki_value used, with max size of 256 bytes. */
- unsigned char mki_value[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
+ unsigned char MBEDTLS_PRIVATE(mki_value)[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
}
mbedtls_dtls_srtp_info;
@@ -921,46 +913,95 @@
struct mbedtls_ssl_session
{
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t start; /*!< starting time */
+ mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
#endif
- int ciphersuite; /*!< chosen ciphersuite */
- int compression; /*!< chosen compression */
- size_t id_len; /*!< session id length */
- unsigned char id[32]; /*!< session identifier */
- unsigned char master[48]; /*!< the master secret */
+ int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */
+ int MBEDTLS_PRIVATE(compression); /*!< chosen compression */
+ size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */
+ unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */
+ unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */
+
+ unsigned char exported;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- mbedtls_x509_crt *peer_cert; /*!< peer X.509 cert chain */
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/*! The digest of the peer's end-CRT. This must be kept to detect CRT
* changes during renegotiation, mitigating the triple handshake attack. */
- unsigned char *peer_cert_digest;
- size_t peer_cert_digest_len;
- mbedtls_md_type_t peer_cert_digest_type;
+ unsigned char *MBEDTLS_PRIVATE(peer_cert_digest);
+ size_t MBEDTLS_PRIVATE(peer_cert_digest_len);
+ mbedtls_md_type_t MBEDTLS_PRIVATE(peer_cert_digest_type);
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
- uint32_t verify_result; /*!< verification result */
+ uint32_t MBEDTLS_PRIVATE(verify_result); /*!< verification result */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
- unsigned char *ticket; /*!< RFC 5077 session ticket */
- size_t ticket_len; /*!< session ticket length */
- uint32_t ticket_lifetime; /*!< ticket lifetime hint */
+ unsigned char *MBEDTLS_PRIVATE(ticket); /*!< RFC 5077 session ticket */
+ size_t MBEDTLS_PRIVATE(ticket_len); /*!< session ticket length */
+ uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */
+ unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- int trunc_hmac; /*!< flag for truncated hmac activation */
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- int encrypt_then_mac; /*!< flag for EtM activation */
+ int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
#endif
};
+/*
+ * Identifiers for PRFs used in various versions of TLS.
+ */
+typedef enum
+{
+ MBEDTLS_SSL_TLS_PRF_NONE,
+ MBEDTLS_SSL_TLS_PRF_SHA384,
+ MBEDTLS_SSL_TLS_PRF_SHA256,
+ MBEDTLS_SSL_HKDF_EXPAND_SHA384,
+ MBEDTLS_SSL_HKDF_EXPAND_SHA256
+}
+mbedtls_tls_prf_types;
+
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+typedef enum
+{
+ MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET = 0,
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+ MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_EARLY_SECRET,
+ MBEDTLS_SSL_KEY_EXPORT_TLS13_EARLY_EXPORTER_SECRET,
+ MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
+ MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET,
+ MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET,
+ MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET,
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+} mbedtls_ssl_key_export_type;
+
+/**
+ * \brief Callback type: Export key alongside random values for
+ * session identification, and PRF for
+ * implementation of TLS key exporters.
+ *
+ * \param p_expkey Context for the callback.
+ * \param type The type of the key that is being exported.
+ * \param secret The address of the buffer holding the secret
+ * that's being exporterd.
+ * \param secret_len The length of \p secret in bytes.
+ * \param client_random The client random bytes.
+ * \param server_random The server random bytes.
+ * \param tls_prf_type The identifier for the PRF used in the handshake
+ * to which the key belongs.
+ */
+typedef void mbedtls_ssl_export_keys_t( void *p_expkey,
+ mbedtls_ssl_key_export_type type,
+ const unsigned char *secret,
+ size_t secret_len,
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
+ mbedtls_tls_prf_types tls_prf_type );
+#endif /* MBEDTLS_SSL_EXPORT_KEYS */
+
/**
* SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
*/
@@ -973,114 +1014,101 @@
*/
/** Allowed ciphersuites for (D)TLS 1.2 (0-terminated) */
- const int *ciphersuite_list;
+ const int *MBEDTLS_PRIVATE(ciphersuite_list);
/** Callback for printing debug output */
- void (*f_dbg)(void *, int, const char *, int, const char *);
- void *p_dbg; /*!< context for the debug function */
+ void (*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *);
+ void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */
/** Callback for getting (pseudo-)random numbers */
- int (*f_rng)(void *, unsigned char *, size_t);
- void *p_rng; /*!< context for the RNG function */
+ int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
/** Callback to retrieve a session from the cache */
- mbedtls_ssl_cache_get_t *f_get_cache;
+ mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache);
/** Callback to store a session into the cache */
- mbedtls_ssl_cache_set_t *f_set_cache;
- void *p_cache; /*!< context for cache callbacks */
+ mbedtls_ssl_cache_set_t *MBEDTLS_PRIVATE(f_set_cache);
+ void *MBEDTLS_PRIVATE(p_cache); /*!< context for cache callbacks */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/** Callback for setting cert according to SNI extension */
- int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
- void *p_sni; /*!< context for SNI callback */
+ int (*MBEDTLS_PRIVATE(f_sni))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_sni); /*!< context for SNI callback */
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
- void *p_vrfy; /*!< context for X.509 verify calllback */
+ int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
+ void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
/** Callback to retrieve PSK key from identity */
- int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
- void *p_psk; /*!< context for PSK callback */
+ int (*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_psk); /*!< context for PSK callback */
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a cookie for ClientHello veirifcation */
- int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
+ int (*MBEDTLS_PRIVATE(f_cookie_write))( void *, unsigned char **, unsigned char *,
const unsigned char *, size_t );
/** Callback to verify validity of a ClientHello cookie */
- int (*f_cookie_check)( void *, const unsigned char *, size_t,
+ int (*MBEDTLS_PRIVATE(f_cookie_check))( void *, const unsigned char *, size_t,
const unsigned char *, size_t );
- void *p_cookie; /*!< context for the cookie callbacks */
+ void *MBEDTLS_PRIVATE(p_cookie); /*!< context for the cookie callbacks */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a session ticket */
- int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
+ int (*MBEDTLS_PRIVATE(f_ticket_write))( void *, const mbedtls_ssl_session *,
unsigned char *, const unsigned char *, size_t *, uint32_t * );
/** Callback to parse a session ticket into a session structure */
- int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
- void *p_ticket; /*!< context for the ticket callbacks */
+ int (*MBEDTLS_PRIVATE(f_ticket_parse))( void *, mbedtls_ssl_session *, unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
- /** Callback to export key block and master secret */
- int (*f_export_keys)( void *, const unsigned char *,
- const unsigned char *, size_t, size_t, size_t );
- /** Callback to export key block, master secret,
- * tls_prf and random bytes. Should replace f_export_keys */
- int (*f_export_keys_ext)( void *, const unsigned char *,
- const unsigned char *, size_t, size_t, size_t,
- const unsigned char[32], const unsigned char[32],
- mbedtls_tls_prf_types );
- void *p_export_keys; /*!< context for key export callback */
-#endif
-
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- size_t cid_len; /*!< The length of CIDs for incoming DTLS records. */
+ size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
- mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */
- mbedtls_x509_crt *ca_chain; /*!< trusted CAs */
- mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */
+ const mbedtls_x509_crt_profile *MBEDTLS_PRIVATE(cert_profile); /*!< verification profile */
+ mbedtls_ssl_key_cert *MBEDTLS_PRIVATE(key_cert); /*!< own certificate/key pair(s) */
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(ca_chain); /*!< trusted CAs */
+ mbedtls_x509_crl *MBEDTLS_PRIVATE(ca_crl); /*!< trusted CAs CRLs */
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
- mbedtls_x509_crt_ca_cb_t f_ca_cb;
- void *p_ca_cb;
+ mbedtls_x509_crt_ca_cb_t MBEDTLS_PRIVATE(f_ca_cb);
+ void *MBEDTLS_PRIVATE(p_ca_cb);
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- mbedtls_ssl_async_sign_t *f_async_sign_start; /*!< start asynchronous signature operation */
- mbedtls_ssl_async_decrypt_t *f_async_decrypt_start; /*!< start asynchronous decryption operation */
+ mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */
+ mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
- mbedtls_ssl_async_resume_t *f_async_resume; /*!< resume asynchronous operation */
- mbedtls_ssl_async_cancel_t *f_async_cancel; /*!< cancel asynchronous operation */
- void *p_async_config_data; /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
+ mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */
+ mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */
+ void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- const int *sig_hashes; /*!< allowed signature hashes */
+ const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
#endif
#if defined(MBEDTLS_ECP_C)
- const mbedtls_ecp_group_id *curve_list; /*!< allowed curves */
+ const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
#endif
#if defined(MBEDTLS_DHM_C)
- mbedtls_mpi dhm_P; /*!< prime modulus for DHM */
- mbedtls_mpi dhm_G; /*!< generator for DHM */
+ mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */
+ mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_id_t psk_opaque; /*!< PSA key slot holding opaque PSK. This field
+ psa_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
* should only be set via
* mbedtls_ssl_conf_psk_opaque().
* If either no PSK or a raw PSK have been
@@ -1088,22 +1116,22 @@
*/
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- unsigned char *psk; /*!< The raw pre-shared key. This field should
+ unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field should
* only be set via mbedtls_ssl_conf_psk().
* If either no PSK or an opaque PSK
* have been configured, this has value NULL. */
- size_t psk_len; /*!< The length of the raw pre-shared key.
+ size_t MBEDTLS_PRIVATE(psk_len); /*!< The length of the raw pre-shared key.
* This field should only be set via
* mbedtls_ssl_conf_psk().
* Its value is non-zero if and only if
* \c psk is not \c NULL. */
- unsigned char *psk_identity; /*!< The PSK identity for PSK negotiation.
+ unsigned char *MBEDTLS_PRIVATE(psk_identity); /*!< The PSK identity for PSK negotiation.
* This field should only be set via
* mbedtls_ssl_conf_psk().
* This is set if and only if either
* \c psk or \c psk_opaque are set. */
- size_t psk_identity_len;/*!< The length of PSK identity.
+ size_t MBEDTLS_PRIVATE(psk_identity_len);/*!< The length of PSK identity.
* This field should only be set via
* mbedtls_ssl_conf_psk().
* Its value is non-zero if and only if
@@ -1112,264 +1140,264 @@
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_ALPN)
- const char **alpn_list; /*!< ordered list of protocols */
+ const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/*! ordered list of supported srtp profile */
- const mbedtls_ssl_srtp_profile *dtls_srtp_profile_list;
+ const mbedtls_ssl_srtp_profile *MBEDTLS_PRIVATE(dtls_srtp_profile_list);
/*! number of supported profiles */
- size_t dtls_srtp_profile_list_len;
+ size_t MBEDTLS_PRIVATE(dtls_srtp_profile_list_len);
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/*
* Numerical settings (int then char)
*/
- uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read (ms) */
+ uint32_t MBEDTLS_PRIVATE(read_timeout); /*!< timeout for mbedtls_ssl_read (ms) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint32_t hs_timeout_min; /*!< initial value of the handshake
+ uint32_t MBEDTLS_PRIVATE(hs_timeout_min); /*!< initial value of the handshake
retransmission timeout (ms) */
- uint32_t hs_timeout_max; /*!< maximum value of the handshake
+ uint32_t MBEDTLS_PRIVATE(hs_timeout_max); /*!< maximum value of the handshake
retransmission timeout (ms) */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- int renego_max_records; /*!< grace period for renegotiation */
- unsigned char renego_period[8]; /*!< value of the record counters
+ int MBEDTLS_PRIVATE(renego_max_records); /*!< grace period for renegotiation */
+ unsigned char MBEDTLS_PRIVATE(renego_period)[8]; /*!< value of the record counters
that triggers renegotiation */
#endif
- unsigned int badmac_limit; /*!< limit of records with a bad MAC */
+ unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
- unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */
+ unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */
#endif
- unsigned char max_major_ver; /*!< max. major version used */
- unsigned char max_minor_ver; /*!< max. minor version used */
- unsigned char min_major_ver; /*!< min. major version used */
- unsigned char min_minor_ver; /*!< min. minor version used */
+ unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used */
+ unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used */
+ unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used */
+ unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */
/*
* Flags (bitfields)
*/
- unsigned int endpoint : 1; /*!< 0: client, 1: server */
- unsigned int transport : 1; /*!< stream (TLS) or datagram (DTLS) */
- unsigned int authmode : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
+ unsigned int MBEDTLS_PRIVATE(endpoint) : 1; /*!< 0: client, 1: server */
+ unsigned int MBEDTLS_PRIVATE(transport) : 1; /*!< stream (TLS) or datagram (DTLS) */
+ unsigned int MBEDTLS_PRIVATE(authmode) : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
- unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX */
+ unsigned int MBEDTLS_PRIVATE(allow_legacy_renegotiation) : 2 ; /*!< MBEDTLS_LEGACY_XXX */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- unsigned int mfl_code : 3; /*!< desired fragment length */
+ unsigned int MBEDTLS_PRIVATE(mfl_code) : 3; /*!< desired fragment length */
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- unsigned int encrypt_then_mac : 1 ; /*!< negotiate encrypt-then-mac? */
+ unsigned int MBEDTLS_PRIVATE(encrypt_then_mac) : 1 ; /*!< negotiate encrypt-then-mac? */
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- unsigned int extended_ms : 1; /*!< negotiate extended master secret? */
+ unsigned int MBEDTLS_PRIVATE(extended_ms) : 1; /*!< negotiate extended master secret? */
#endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- unsigned int anti_replay : 1; /*!< detect and prevent replay? */
+ unsigned int MBEDTLS_PRIVATE(anti_replay) : 1; /*!< detect and prevent replay? */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- unsigned int disable_renegotiation : 1; /*!< disable renegotiation? */
-#endif
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- unsigned int trunc_hmac : 1; /*!< negotiate truncated hmac? */
+ unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable renegotiation? */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- unsigned int session_tickets : 1; /*!< use session tickets? */
+ unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets? */
#endif
#if defined(MBEDTLS_SSL_SRV_C)
- unsigned int cert_req_ca_list : 1; /*!< enable sending CA list in
+ unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA list in
Certificate Request messages? */
+ unsigned int respect_cli_pref : 1; /*!< pick the ciphersuite according to
+ the client's preferences rather
+ than ours */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned int ignore_unexpected_cid : 1; /*!< Determines whether DTLS
+ unsigned int MBEDTLS_PRIVATE(ignore_unexpected_cid) : 1; /*!< Determines whether DTLS
* record with unexpected CID
* should lead to failure. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- unsigned int dtls_srtp_mki_support : 1; /* support having mki_value
+ unsigned int MBEDTLS_PRIVATE(dtls_srtp_mki_support) : 1; /* support having mki_value
in the use_srtp extension */
#endif
};
struct mbedtls_ssl_context
{
- const mbedtls_ssl_config *conf; /*!< configuration information */
+ const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration information */
/*
* Miscellaneous
*/
- int state; /*!< SSL handshake: current state */
+ int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- int renego_status; /*!< Initial, in progress, pending? */
- int renego_records_seen; /*!< Records since renego request, or with DTLS,
+ int MBEDTLS_PRIVATE(renego_status); /*!< Initial, in progress, pending? */
+ int MBEDTLS_PRIVATE(renego_records_seen); /*!< Records since renego request, or with DTLS,
number of retransmissions of request if
renego_max_records is < 0 */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
- int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
- int minor_ver; /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
- unsigned badmac_seen; /*!< records with a bad MAC received */
+ int MBEDTLS_PRIVATE(major_ver); /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
+ int MBEDTLS_PRIVATE(minor_ver); /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
+ unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
- void *p_vrfy; /*!< context for X.509 verify callback */
+ int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
+ void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify callback */
#endif
- mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
- mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */
- mbedtls_ssl_recv_timeout_t *f_recv_timeout;
+ mbedtls_ssl_send_t *MBEDTLS_PRIVATE(f_send); /*!< Callback for network send */
+ mbedtls_ssl_recv_t *MBEDTLS_PRIVATE(f_recv); /*!< Callback for network receive */
+ mbedtls_ssl_recv_timeout_t *MBEDTLS_PRIVATE(f_recv_timeout);
/*!< Callback for network receive with timeout */
- void *p_bio; /*!< context for I/O operations */
+ void *MBEDTLS_PRIVATE(p_bio); /*!< context for I/O operations */
/*
* Session layer
*/
- mbedtls_ssl_session *session_in; /*!< current session data (in) */
- mbedtls_ssl_session *session_out; /*!< current session data (out) */
- mbedtls_ssl_session *session; /*!< negotiated session data */
- mbedtls_ssl_session *session_negotiate; /*!< session data in negotiation */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_in); /*!< current session data (in) */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_out); /*!< current session data (out) */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session); /*!< negotiated session data */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_negotiate); /*!< session data in negotiation */
- mbedtls_ssl_handshake_params *handshake; /*!< params required only during
+ mbedtls_ssl_handshake_params *MBEDTLS_PRIVATE(handshake); /*!< params required only during
the handshake process */
/*
* Record layer transformations
*/
- mbedtls_ssl_transform *transform_in; /*!< current transform params (in) */
- mbedtls_ssl_transform *transform_out; /*!< current transform params (in) */
- mbedtls_ssl_transform *transform; /*!< negotiated transform params */
- mbedtls_ssl_transform *transform_negotiate; /*!< transform params in negotiation */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (in) */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation */
/*
* Timers
*/
- void *p_timer; /*!< context for the timer callbacks */
+ void *MBEDTLS_PRIVATE(p_timer); /*!< context for the timer callbacks */
- mbedtls_ssl_set_timer_t *f_set_timer; /*!< set timer callback */
- mbedtls_ssl_get_timer_t *f_get_timer; /*!< get timer callback */
+ mbedtls_ssl_set_timer_t *MBEDTLS_PRIVATE(f_set_timer); /*!< set timer callback */
+ mbedtls_ssl_get_timer_t *MBEDTLS_PRIVATE(f_get_timer); /*!< get timer callback */
/*
* Record layer (incoming data)
*/
- unsigned char *in_buf; /*!< input buffer */
- unsigned char *in_ctr; /*!< 64-bit incoming message counter
+ unsigned char *MBEDTLS_PRIVATE(in_buf); /*!< input buffer */
+ unsigned char *MBEDTLS_PRIVATE(in_ctr); /*!< 64-bit incoming message counter
TLS: maintained by us
DTLS: read from peer */
- unsigned char *in_hdr; /*!< start of record header */
+ unsigned char *MBEDTLS_PRIVATE(in_hdr); /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned char *in_cid; /*!< The start of the CID;
+ unsigned char *MBEDTLS_PRIVATE(in_cid); /*!< The start of the CID;
* (the end is marked by in_len). */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- unsigned char *in_len; /*!< two-bytes message length field */
- unsigned char *in_iv; /*!< ivlen-byte IV */
- unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */
- unsigned char *in_offt; /*!< read offset in application data */
+ unsigned char *MBEDTLS_PRIVATE(in_len); /*!< two-bytes message length field */
+ unsigned char *MBEDTLS_PRIVATE(in_iv); /*!< ivlen-byte IV */
+ unsigned char *MBEDTLS_PRIVATE(in_msg); /*!< message contents (in_iv+ivlen) */
+ unsigned char *MBEDTLS_PRIVATE(in_offt); /*!< read offset in application data */
- int in_msgtype; /*!< record header: message type */
- size_t in_msglen; /*!< record header: message length */
- size_t in_left; /*!< amount of data read so far */
+ int MBEDTLS_PRIVATE(in_msgtype); /*!< record header: message type */
+ size_t MBEDTLS_PRIVATE(in_msglen); /*!< record header: message length */
+ size_t MBEDTLS_PRIVATE(in_left); /*!< amount of data read so far */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t in_buf_len; /*!< length of input buffer */
+ size_t MBEDTLS_PRIVATE(in_buf_len); /*!< length of input buffer */
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint16_t in_epoch; /*!< DTLS epoch for incoming records */
- size_t next_record_offset; /*!< offset of the next record in datagram
+ uint16_t MBEDTLS_PRIVATE(in_epoch); /*!< DTLS epoch for incoming records */
+ size_t MBEDTLS_PRIVATE(next_record_offset); /*!< offset of the next record in datagram
(equal to in_left if none) */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- uint64_t in_window_top; /*!< last validated record seq_num */
- uint64_t in_window; /*!< bitmask for replay detection */
+ uint64_t MBEDTLS_PRIVATE(in_window_top); /*!< last validated record seq_num */
+ uint64_t MBEDTLS_PRIVATE(in_window); /*!< bitmask for replay detection */
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
- size_t in_hslen; /*!< current handshake message length,
+ size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length,
including the handshake header */
- int nb_zero; /*!< # of 0-length encrypted messages */
+ int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */
- int keep_current_message; /*!< drop or reuse current message
+ int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message
on next call to record layer? */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint8_t disable_datagram_packing; /*!< Disable packing multiple records
+ uint8_t MBEDTLS_PRIVATE(disable_datagram_packing); /*!< Disable packing multiple records
* within a single datagram. */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/*
* Record layer (outgoing data)
*/
- unsigned char *out_buf; /*!< output buffer */
- unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
- unsigned char *out_hdr; /*!< start of record header */
+ unsigned char *MBEDTLS_PRIVATE(out_buf); /*!< output buffer */
+ unsigned char *MBEDTLS_PRIVATE(out_ctr); /*!< 64-bit outgoing message counter */
+ unsigned char *MBEDTLS_PRIVATE(out_hdr); /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned char *out_cid; /*!< The start of the CID;
+ unsigned char *MBEDTLS_PRIVATE(out_cid); /*!< The start of the CID;
* (the end is marked by in_len). */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- unsigned char *out_len; /*!< two-bytes message length field */
- unsigned char *out_iv; /*!< ivlen-byte IV */
- unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */
+ unsigned char *MBEDTLS_PRIVATE(out_len); /*!< two-bytes message length field */
+ unsigned char *MBEDTLS_PRIVATE(out_iv); /*!< ivlen-byte IV */
+ unsigned char *MBEDTLS_PRIVATE(out_msg); /*!< message contents (out_iv+ivlen) */
- int out_msgtype; /*!< record header: message type */
- size_t out_msglen; /*!< record header: message length */
- size_t out_left; /*!< amount of data not yet written */
+ int MBEDTLS_PRIVATE(out_msgtype); /*!< record header: message type */
+ size_t MBEDTLS_PRIVATE(out_msglen); /*!< record header: message length */
+ size_t MBEDTLS_PRIVATE(out_left); /*!< amount of data not yet written */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t out_buf_len; /*!< length of output buffer */
+ size_t MBEDTLS_PRIVATE(out_buf_len); /*!< length of output buffer */
#endif
- unsigned char cur_out_ctr[8]; /*!< Outgoing record sequence number. */
+ unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[8]; /*!< Outgoing record sequence number. */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint16_t mtu; /*!< path mtu, used to fragment outgoing messages */
+ uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing messages */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/*
* PKI layer
*/
- int client_auth; /*!< flag for client auth. */
+ int MBEDTLS_PRIVATE(client_auth); /*!< flag for client auth. */
/*
* User settings
*/
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- char *hostname; /*!< expected peer CN for verification
+ char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification
(and SNI if available) */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ALPN)
- const char *alpn_chosen; /*!< negotiated protocol */
+ const char *MBEDTLS_PRIVATE(alpn_chosen); /*!< negotiated protocol */
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/*
* use_srtp extension
*/
- mbedtls_dtls_srtp_info dtls_srtp_info;
+ mbedtls_dtls_srtp_info MBEDTLS_PRIVATE(dtls_srtp_info);
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/*
* Information for DTLS hello verify
*/
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
- unsigned char *cli_id; /*!< transport-level ID of the client */
- size_t cli_id_len; /*!< length of cli_id */
+ unsigned char *MBEDTLS_PRIVATE(cli_id); /*!< transport-level ID of the client */
+ size_t MBEDTLS_PRIVATE(cli_id_len); /*!< length of cli_id */
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
/*
* Secure renegotiation
*/
/* needed to know when to send extension on server */
- int secure_renegotiation; /*!< does peer support legacy or
+ int MBEDTLS_PRIVATE(secure_renegotiation); /*!< does peer support legacy or
secure renegotiation */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- size_t verify_data_len; /*!< length of verify data stored */
- char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
- char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
+ size_t MBEDTLS_PRIVATE(verify_data_len); /*!< length of verify data stored */
+ char MBEDTLS_PRIVATE(own_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
+ char MBEDTLS_PRIVATE(peer_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -1379,13 +1407,19 @@
* all subsequent handshakes. This may be different from the
* CID currently used in case the user has re-configured the CID
* after an initial handshake. */
- unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
- uint8_t own_cid_len; /*!< The length of \c own_cid. */
- uint8_t negotiate_cid; /*!< This indicates whether the CID extension should
+ unsigned char MBEDTLS_PRIVATE(own_cid)[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
+ uint8_t MBEDTLS_PRIVATE(own_cid_len); /*!< The length of \c own_cid. */
+ uint8_t MBEDTLS_PRIVATE(negotiate_cid); /*!< This indicates whether the CID extension should
* be negotiated in the next handshake or not.
* Possible values are #MBEDTLS_SSL_CID_ENABLED
* and #MBEDTLS_SSL_CID_DISABLED. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+ /** Callback to export key block and master secret */
+ mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys);
+ void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */
+#endif
};
/**
@@ -1528,7 +1562,7 @@
* \brief Set the random number generator callback
*
* \param conf SSL configuration
- * \param f_rng RNG function
+ * \param f_rng RNG function (mandatory)
* \param p_rng RNG parameter
*/
void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
@@ -1909,70 +1943,6 @@
size_t *tlen,
uint32_t *lifetime );
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
-/**
- * \brief Callback type: Export key block and master secret
- *
- * \note This is required for certain uses of TLS, e.g. EAP-TLS
- * (RFC 5216) and Thread. The key pointers are ephemeral and
- * therefore must not be stored. The master secret and keys
- * should not be used directly except as an input to a key
- * derivation function.
- *
- * \param p_expkey Context for the callback
- * \param ms Pointer to master secret (fixed length: 48 bytes)
- * \param kb Pointer to key block, see RFC 5246 section 6.3
- * (variable length: 2 * maclen + 2 * keylen + 2 * ivlen).
- * \param maclen MAC length
- * \param keylen Key length
- * \param ivlen IV length
- *
- * \return 0 if successful, or
- * a specific MBEDTLS_ERR_XXX code.
- */
-typedef int mbedtls_ssl_export_keys_t( void *p_expkey,
- const unsigned char *ms,
- const unsigned char *kb,
- size_t maclen,
- size_t keylen,
- size_t ivlen );
-
-/**
- * \brief Callback type: Export key block, master secret,
- * handshake randbytes and the tls_prf function
- * used to derive keys.
- *
- * \note This is required for certain uses of TLS, e.g. EAP-TLS
- * (RFC 5216) and Thread. The key pointers are ephemeral and
- * therefore must not be stored. The master secret and keys
- * should not be used directly except as an input to a key
- * derivation function.
- *
- * \param p_expkey Context for the callback.
- * \param ms Pointer to master secret (fixed length: 48 bytes).
- * \param kb Pointer to key block, see RFC 5246 section 6.3.
- * (variable length: 2 * maclen + 2 * keylen + 2 * ivlen).
- * \param maclen MAC length.
- * \param keylen Key length.
- * \param ivlen IV length.
- * \param client_random The client random bytes.
- * \param server_random The server random bytes.
- * \param tls_prf_type The tls_prf enum type.
- *
- * \return 0 if successful, or
- * a specific MBEDTLS_ERR_XXX code.
- */
-typedef int mbedtls_ssl_export_keys_ext_t( void *p_expkey,
- const unsigned char *ms,
- const unsigned char *kb,
- size_t maclen,
- size_t keylen,
- size_t ivlen,
- const unsigned char client_random[32],
- const unsigned char server_random[32],
- mbedtls_tls_prf_types tls_prf_type );
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
-
/**
* \brief Callback type: parse and load session ticket
*
@@ -2024,34 +1994,26 @@
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
/**
- * \brief Configure key export callback.
- * (Default: none.)
+ * \brief Configure a key export callback.
+ * (Default: none.)
*
- * \note See \c mbedtls_ssl_export_keys_t.
+ * This API can be used for two purposes:
+ * - Debugging: Use this API to e.g. generate an NSSKeylog
+ * file and use it to inspect encrypted traffic in tools
+ * such as Wireshark.
+ * - Application-specific export: Use this API to implement
+ * key exporters, e.g. for EAP-TLS or DTLS-SRTP.
*
- * \param conf SSL configuration context
- * \param f_export_keys Callback for exporting keys
- * \param p_export_keys Context for the callback
+ *
+ * \param ssl The SSL context to which the export
+ * callback should be attached.
+ * \param f_export_keys The callback for the key export.
+ * \param p_export_keys The opaque context pointer to be passed to the
+ * callback \p f_export_keys.
*/
-void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
- mbedtls_ssl_export_keys_t *f_export_keys,
- void *p_export_keys );
-
-/**
- * \brief Configure extended key export callback.
- * (Default: none.)
- *
- * \note See \c mbedtls_ssl_export_keys_ext_t.
- * \warning Exported key material must not be used for any purpose
- * before the (D)TLS handshake is completed
- *
- * \param conf SSL configuration context
- * \param f_export_keys_ext Callback for exporting keys
- * \param p_export_keys Context for the callback
- */
-void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf,
- mbedtls_ssl_export_keys_ext_t *f_export_keys_ext,
- void *p_export_keys );
+void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl,
+ mbedtls_ssl_export_keys_t *f_export_keys,
+ void *p_export_keys );
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@@ -2384,18 +2346,49 @@
#if defined(MBEDTLS_SSL_CLI_C)
/**
- * \brief Request resumption of session (client-side only)
- * Session data is copied from presented session structure.
+ * \brief Load a session for session resumption.
*
- * \param ssl SSL context
- * \param session session context
+ * Sessions loaded through this call will be considered
+ * for session resumption in the next handshake.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
- * arguments are otherwise invalid
+ * \note Even if this call succeeds, it is not guaranteed that
+ * the next handshake will indeed be shortened through the
+ * use of session resumption: The server is always free
+ * to reject any attempt for resumption and fall back to
+ * a full handshake.
+ *
+ * \note This function can handle a variety of mechanisms for session
+ * resumption: For TLS 1.2, both session ID-based resumption and
+ * ticket-based resumption will be considered. For TLS 1.3,
+ * once implemented, sessions equate to tickets, and loading
+ * one or more sessions via this call will lead to their
+ * corresponding tickets being advertised as resumption PSKs
+ * by the client.
+ *
+ * \note Calling this function multiple times will only be useful
+ * once TLS 1.3 is supported. For TLS 1.2 connections, this
+ * function should be called at most once.
+ *
+ * \param ssl The SSL context representing the connection which should
+ * be attempted to be setup using session resumption. This
+ * must be initialized via mbedtls_ssl_init() and bound to
+ * an SSL configuration via mbedtls_ssl_setup(), but
+ * the handshake must not yet have been started.
+ * \param session The session to be considered for session resumption.
+ * This must be a session previously exported via
+ * mbedtls_ssl_get_session(), and potentially serialized and
+ * deserialized through mbedtls_ssl_session_save() and
+ * mbedtls_ssl_session_load() in the meantime.
+ *
+ * \return \c 0 if successful.
+ * \return \c MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the session
+ * could not be loaded because of an implementation limitation.
+ * This error is non-fatal, and has no observable effect on
+ * the SSL context or the session that was attempted to be loaded.
+ * \return Another negative error code on other kinds of failure.
*
* \sa mbedtls_ssl_get_session()
+ * \sa mbedtls_ssl_session_load()
*/
int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
#endif /* MBEDTLS_SSL_CLI_C */
@@ -2444,7 +2437,6 @@
* of session cache or session tickets.
*
* \see mbedtls_ssl_session_load()
- * \see mbedtls_ssl_get_session_pointer()
*
* \param session The session structure to be saved.
* \param buf The buffer to write the serialized data to. It must be a
@@ -2468,23 +2460,6 @@
size_t *olen );
/**
- * \brief Get a pointer to the current session structure, for example
- * to serialize it.
- *
- * \warning Ownership of the session remains with the SSL context, and
- * the returned pointer is only guaranteed to be valid until
- * the next API call operating on the same \p ssl context.
- *
- * \see mbedtls_ssl_session_save()
- *
- * \param ssl The SSL context.
- *
- * \return A pointer to the current session if successful.
- * \return \c NULL if no session is active.
- */
-const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_context *ssl );
-
-/**
* \brief Set the list of allowed ciphersuites and the preference
* order. First in the list has the highest preference.
* (Overrides all version-specific lists)
@@ -2492,9 +2467,12 @@
* The ciphersuites array is not copied, and must remain
* valid for the lifetime of the ssl_config.
*
- * Note: The server uses its own preferences
- * over the preference of the client unless
- * MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!
+ * Note: By default, the server chooses its preferred
+ * ciphersuite among those that the client supports. If
+ * mbedtls_ssl_conf_preference_order() is called to prefer
+ * the client's preferences, the server instead chooses
+ * the client's preferred ciphersuite among those that
+ * the server supports.
*
* \param conf SSL configuration
* \param ciphersuites 0-terminated list of allowed ciphersuites
@@ -2883,7 +2861,6 @@
#if defined(MBEDTLS_ECP_C)
/**
* \brief Set the allowed curves in order of preference.
- * (Default: all defined curves.)
*
* On server: this only affects selection of the ECDHE curve;
* the curves used for ECDH and ECDSA are determined by the
@@ -2904,6 +2881,19 @@
* \note This list should be ordered by decreasing preference
* (preferred curve first).
*
+ * \note The default list is the same set of curves that
+ * #mbedtls_x509_crt_profile_default allows, plus
+ * ECDHE-only curves selected according to the same criteria.
+ * The order favors curves with the lowest resource usage.
+ *
+ * \note New minor versions of Mbed TLS may extend this list,
+ * for example if new curves are added to the library.
+ * New minor versions of Mbed TLS will not remove items
+ * from this list unless serious security concerns require it.
+ * New minor versions of Mbed TLS may change the order in
+ * keeping with the general principle of favoring the lowest
+ * resource usage.
+ *
* \param conf SSL configuration
* \param curves Ordered list of allowed curves,
* terminated by MBEDTLS_ECP_DP_NONE.
@@ -2915,7 +2905,6 @@
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/**
* \brief Set the allowed hashes for signatures during the handshake.
- * (Default: all available hashes except MD5.)
*
* \note This only affects which hashes are offered and can be used
* for signatures during the handshake. Hashes for message
@@ -2927,6 +2916,18 @@
* \note This list should be ordered by decreasing preference
* (preferred hash first).
*
+ * \note By default, all supported hashes whose length is at least
+ * 256 bits are allowed. This is the same set as the default
+ * for certificate verification
+ * (#mbedtls_x509_crt_profile_default).
+ * The preference order is currently unspecified and may
+ * change in future versions.
+ *
+ * \note New minor versions of Mbed TLS may extend this list,
+ * for example if new curves are added to the library.
+ * New minor versions of Mbed TLS will not remove items
+ * from this list unless serious security concerns require it.
+ *
* \param conf SSL configuration
* \param hashes Ordered list of allowed signature hashes,
* terminated by \c MBEDTLS_MD_NONE.
@@ -3292,17 +3293,18 @@
int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+#if defined(MBEDTLS_SSL_SRV_C)
/**
- * \brief Activate negotiation of truncated HMAC
- * (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
+ * \brief Pick the ciphersuites order according to the second parameter
+ * in the SSL Server module (MBEDTLS_SSL_SRV_C).
+ * (Default, if never called: MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER)
*
* \param conf SSL configuration
- * \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or
- * MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
+ * \param order Server or client (MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER
+ * or MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)
*/
-void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order );
+#endif /* MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
/**
@@ -3536,45 +3538,15 @@
*/
int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-/**
- * \brief Return the maximum fragment length (payload, in bytes) for
- * the output buffer. For the client, this is the configured
- * value. For the server, it is the minimum of two - the
- * configured value and the negotiated one.
- *
- * \sa mbedtls_ssl_conf_max_frag_len()
- * \sa mbedtls_ssl_get_max_record_payload()
- *
- * \param ssl SSL context
- *
- * \return Current maximum fragment length for the output buffer.
- */
-size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief Return the maximum fragment length (payload, in bytes) for
- * the input buffer. This is the negotiated maximum fragment
- * length, or, if there is none, MBEDTLS_SSL_IN_CONTENT_LEN.
- * If it is not defined either, the value is 2^14. This function
- * works as its predecessor, \c mbedtls_ssl_get_max_frag_len().
- *
- * \sa mbedtls_ssl_conf_max_frag_len()
- * \sa mbedtls_ssl_get_max_record_payload()
- *
- * \param ssl SSL context
- *
- * \return Current maximum fragment length for the output buffer.
- */
-size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
/**
* \brief Return the current maximum outgoing record payload in bytes.
- * This takes into account the config.h setting \c
- * MBEDTLS_SSL_OUT_CONTENT_LEN, the configured and negotiated
- * max fragment length extension if used, and for DTLS the
- * path MTU as configured and current record expansion.
+ *
+ * \note The logic to determine the maximum outgoing record payload is
+ * version-specific. It takes into account various factors, such as
+ * the config.h setting \c MBEDTLS_SSL_OUT_CONTENT_LEN, extensions
+ * such as the max fragment length or record size limit extension if
+ * used, and for DTLS the path MTU as configured and current
+ * record expansion.
*
* \note With DTLS, \c mbedtls_ssl_write() will return an error if
* called with a larger length value.
@@ -3583,9 +3555,7 @@
* to the caller to call \c mbedtls_ssl_write() again in
* order to send the remaining bytes if any.
*
- * \sa mbedtls_ssl_set_mtu()
- * \sa mbedtls_ssl_get_output_max_frag_len()
- * \sa mbedtls_ssl_get_input_max_frag_len()
+ * \sa mbedtls_ssl_get_max_out_record_payload()
* \sa mbedtls_ssl_get_record_expansion()
*
* \param ssl SSL context
@@ -3595,6 +3565,26 @@
*/
int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl );
+/**
+ * \brief Return the current maximum incoming record payload in bytes.
+ *
+ * \note The logic to determine the maximum outgoing record payload is
+ * version-specific. It takes into account various factors, such as
+ * the config.h setting \c MBEDTLS_SSL_IN_CONTENT_LEN, extensions
+ * such as the max fragment length extension or record size limit
+ * extension if used, and the current record expansion.
+ *
+ * \sa mbedtls_ssl_set_mtu()
+ * \sa mbedtls_ssl_get_max_in_record_payload()
+ * \sa mbedtls_ssl_get_record_expansion()
+ *
+ * \param ssl SSL context
+ *
+ * \return Current maximum payload for an outgoing record,
+ * or a negative error code.
+ */
+int mbedtls_ssl_get_max_in_record_payload( const mbedtls_ssl_context *ssl );
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
* \brief Return the peer certificate from the current connection.
@@ -3631,32 +3621,41 @@
#if defined(MBEDTLS_SSL_CLI_C)
/**
- * \brief Save session in order to resume it later (client-side only)
- * Session data is copied to presented session structure.
+ * \brief Export a session in order to resume it later.
*
+ * \param ssl The SSL context representing the connection for which to
+ * to export a session structure for later resumption.
+ * \param session The target structure in which to store the exported session.
+ * This must have been initialized with mbedtls_ssl_init_session()
+ * but otherwise be unused.
*
- * \param ssl SSL context
- * \param session session context
+ * \note This function can handle a variety of mechanisms for session
+ * resumption: For TLS 1.2, both session ID-based resumption and
+ * ticket-based resumption will be considered. For TLS 1.3,
+ * once implemented, sessions equate to tickets, and calling
+ * this function multiple times will export the available
+ * tickets one a time until no further tickets are available,
+ * in which case MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE will
+ * be returned.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
- * arguments are otherwise invalid.
+ * \note Calling this function multiple times will only be useful
+ * once TLS 1.3 is supported. For TLS 1.2 connections, this
+ * function should be called at most once.
*
- * \note Only the server certificate is copied, and not the full chain,
- * so you should not attempt to validate the certificate again
- * by calling \c mbedtls_x509_crt_verify() on it.
- * Instead, you should use the results from the verification
- * in the original handshake by calling \c mbedtls_ssl_get_verify_result()
- * after loading the session again into a new SSL context
- * using \c mbedtls_ssl_set_session().
- *
- * \note Once the session object is not needed anymore, you should
- * free it by calling \c mbedtls_ssl_session_free().
+ * \return \c 0 if successful. In this case, \p session can be used for
+ * session resumption by passing it to mbedtls_ssl_set_session(),
+ * and serialized for storage via mbedtls_ssl_session_save().
+ * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no further session
+ * is available for export.
+ * This error is a non-fatal, and has no observable effect on
+ * the SSL context or the destination session.
+ * \return Another negative error code on other kinds of failure.
*
* \sa mbedtls_ssl_set_session()
+ * \sa mbedtls_ssl_session_save()
*/
-int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session );
+int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl,
+ mbedtls_ssl_session *session );
#endif /* MBEDTLS_SSL_CLI_C */
/**
@@ -3893,7 +3892,7 @@
* or negotiated with the peer), then:
* - with TLS, less bytes than requested are written.
* - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
- * \c mbedtls_ssl_get_output_max_frag_len() may be used to
+ * \c mbedtls_ssl_get_max_out_record_payload() may be used to
* query the active maximum fragment length.
*
* \note Attempting to write 0 bytes will result in an empty TLS
diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index ac7b77c..d995f8f 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_CACHE_H
#define MBEDTLS_SSL_CACHE_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -65,16 +66,16 @@
struct mbedtls_ssl_cache_entry
{
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t timestamp; /*!< entry timestamp */
+ mbedtls_time_t MBEDTLS_PRIVATE(timestamp); /*!< entry timestamp */
#endif
- unsigned char session_id[32]; /*!< session ID */
- size_t session_id_len;
+ unsigned char MBEDTLS_PRIVATE(session_id)[32]; /*!< session ID */
+ size_t MBEDTLS_PRIVATE(session_id_len);
- unsigned char *session; /*!< serialized session */
- size_t session_len;
+ unsigned char *MBEDTLS_PRIVATE(session); /*!< serialized session */
+ size_t MBEDTLS_PRIVATE(session_len);
- mbedtls_ssl_cache_entry *next; /*!< chain pointer */
+ mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next); /*!< chain pointer */
};
/**
@@ -82,11 +83,11 @@
*/
struct mbedtls_ssl_cache_context
{
- mbedtls_ssl_cache_entry *chain; /*!< start of the chain */
- int timeout; /*!< cache entry timeout */
- int max_entries; /*!< maximum entries */
+ mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain); /*!< start of the chain */
+ int MBEDTLS_PRIVATE(timeout); /*!< cache entry timeout */
+ int MBEDTLS_PRIVATE(max_entries); /*!< maximum entries */
#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex; /*!< mutex */
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
#endif
};
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index fd7f24c..e343c9c 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_CIPHERSUITES_H
#define MBEDTLS_SSL_CIPHERSUITES_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -362,19 +363,19 @@
*/
struct mbedtls_ssl_ciphersuite_t
{
- int id;
- const char * name;
+ int MBEDTLS_PRIVATE(id);
+ const char * MBEDTLS_PRIVATE(name);
- mbedtls_cipher_type_t cipher;
- mbedtls_md_type_t mac;
- mbedtls_key_exchange_type_t key_exchange;
+ mbedtls_cipher_type_t MBEDTLS_PRIVATE(cipher);
+ mbedtls_md_type_t MBEDTLS_PRIVATE(mac);
+ mbedtls_key_exchange_type_t MBEDTLS_PRIVATE(key_exchange);
- int min_major_ver;
- int min_minor_ver;
- int max_major_ver;
- int max_minor_ver;
+ int MBEDTLS_PRIVATE(min_major_ver);
+ int MBEDTLS_PRIVATE(min_minor_ver);
+ int MBEDTLS_PRIVATE(max_major_ver);
+ int MBEDTLS_PRIVATE(max_minor_ver);
- unsigned char flags;
+ unsigned char MBEDTLS_PRIVATE(flags);
};
const int *mbedtls_ssl_list_ciphersuites( void );
@@ -393,7 +394,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
@@ -412,7 +413,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
@@ -430,7 +431,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
@@ -444,7 +445,7 @@
static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
@@ -461,7 +462,7 @@
static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
@@ -480,7 +481,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
@@ -495,7 +496,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
@@ -511,7 +512,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index 0a23870..c4f042c 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_COOKIE_H
#define MBEDTLS_SSL_COOKIE_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -56,15 +57,15 @@
*/
typedef struct mbedtls_ssl_cookie_ctx
{
- mbedtls_md_context_t hmac_ctx; /*!< context for the HMAC portion */
+ mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */
#if !defined(MBEDTLS_HAVE_TIME)
- unsigned long serial; /*!< serial number for expiration */
+ unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */
#endif
- unsigned long timeout; /*!< timeout delay, in seconds if HAVE_TIME,
+ unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME,
or in number of tickets issued */
#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex;
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
} mbedtls_ssl_cookie_ctx;
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index a882eed..1047dbb 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_TICKET_H
#define MBEDTLS_SSL_TICKET_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -50,9 +51,9 @@
*/
typedef struct mbedtls_ssl_ticket_key
{
- unsigned char name[4]; /*!< random key identifier */
- uint32_t generation_time; /*!< key generation timestamp (seconds) */
- mbedtls_cipher_context_t ctx; /*!< context for auth enc/decryption */
+ unsigned char MBEDTLS_PRIVATE(name)[4]; /*!< random key identifier */
+ uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */
}
mbedtls_ssl_ticket_key;
@@ -61,17 +62,17 @@
*/
typedef struct mbedtls_ssl_ticket_context
{
- mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */
- unsigned char active; /*!< index of the currently active key */
+ mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */
+ unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */
- uint32_t ticket_lifetime; /*!< lifetime of tickets in seconds */
+ uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */
/** Callback for getting (pseudo-)random numbers */
- int (*f_rng)(void *, unsigned char *, size_t);
- void *p_rng; /*!< context for the RNG function */
+ int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex;
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
}
mbedtls_ssl_ticket_context;
@@ -89,7 +90,7 @@
* \brief Prepare context to be actually used
*
* \param ctx Context to be set up
- * \param f_rng RNG callback function
+ * \param f_rng RNG callback function (mandatory)
* \param p_rng RNG callback context
* \param cipher AEAD cipher to use for ticket protection.
* Recommended value: MBEDTLS_CIPHER_AES_256_GCM.
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 1047f8f..fae96c2 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_THREADING_H
#define MBEDTLS_THREADING_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -41,11 +42,11 @@
#include <pthread.h>
typedef struct mbedtls_threading_mutex_t
{
- pthread_mutex_t mutex;
+ pthread_mutex_t MBEDTLS_PRIVATE(mutex);
/* is_valid is 0 after a failed init or a free, and nonzero after a
* successful init. This field is not considered part of the public
* API of Mbed TLS and may change without notice. */
- char is_valid;
+ char MBEDTLS_PRIVATE(is_valid);
} mbedtls_threading_mutex_t;
#endif
diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h
index b7290cf..6ffc812 100644
--- a/include/mbedtls/timing.h
+++ b/include/mbedtls/timing.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_TIMING_H
#define MBEDTLS_TIMING_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -43,7 +44,7 @@
*/
struct mbedtls_timing_hr_time
{
- unsigned char opaque[32];
+ unsigned char MBEDTLS_PRIVATE(opaque)[32];
};
/**
@@ -51,61 +52,19 @@
*/
typedef struct mbedtls_timing_delay_context
{
- struct mbedtls_timing_hr_time timer;
- uint32_t int_ms;
- uint32_t fin_ms;
+ struct mbedtls_timing_hr_time MBEDTLS_PRIVATE(timer);
+ uint32_t MBEDTLS_PRIVATE(int_ms);
+ uint32_t MBEDTLS_PRIVATE(fin_ms);
} mbedtls_timing_delay_context;
#else /* MBEDTLS_TIMING_ALT */
#include "timing_alt.h"
#endif /* MBEDTLS_TIMING_ALT */
-extern volatile int mbedtls_timing_alarmed;
-
-/**
- * \brief Return the CPU cycle counter value
- *
- * \warning This is only a best effort! Do not rely on this!
- * In particular, it is known to be unreliable on virtual
- * machines.
- *
- * \note This value starts at an unspecified origin and
- * may wrap around.
- */
-unsigned long mbedtls_timing_hardclock( void );
-
-/**
- * \brief Return the elapsed time in milliseconds
- *
- * \param val points to a timer structure
- * \param reset If 0, query the elapsed time. Otherwise (re)start the timer.
- *
- * \return Elapsed time since the previous reset in ms. When
- * restarting, this is always 0.
- *
- * \note To initialize a timer, call this function with reset=1.
- *
- * Determining the elapsed time and resetting the timer is not
- * atomic on all platforms, so after the sequence
- * `{ get_timer(1); ...; time1 = get_timer(1); ...; time2 =
- * get_timer(0) }` the value time1+time2 is only approximately
- * the delay since the first reset.
- */
+/* Internal use */
unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset );
/**
- * \brief Setup an alarm clock
- *
- * \param seconds delay before the "mbedtls_timing_alarmed" flag is set
- * (must be >=0)
- *
- * \warning Only one alarm at a time is supported. In a threaded
- * context, this means one for the whole process, not one per
- * thread.
- */
-void mbedtls_set_alarm( int seconds );
-
-/**
* \brief Set a pair of delays to watch
* (See \c mbedtls_timing_get_delay().)
*
@@ -135,15 +94,6 @@
*/
int mbedtls_timing_get_delay( void *data );
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if a test failed
- */
-int mbedtls_timing_self_test( int verbose );
-#endif
-
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 3091de1..b7a969a 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_X509_H
#define MBEDTLS_X509_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -229,8 +230,8 @@
/** Container for date and time (precision in seconds). */
typedef struct mbedtls_x509_time
{
- int year, mon, day; /**< Date. */
- int hour, min, sec; /**< Time. */
+ int MBEDTLS_PRIVATE(year), MBEDTLS_PRIVATE(mon), MBEDTLS_PRIVATE(day); /**< Date. */
+ int MBEDTLS_PRIVATE(hour), MBEDTLS_PRIVATE(min), MBEDTLS_PRIVATE(sec); /**< Time. */
}
mbedtls_x509_time;
diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index fcaa149..440da12 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_X509_CRL_H
#define MBEDTLS_X509_CRL_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -49,15 +50,15 @@
*/
typedef struct mbedtls_x509_crl_entry
{
- mbedtls_x509_buf raw;
+ mbedtls_x509_buf MBEDTLS_PRIVATE(raw);
- mbedtls_x509_buf serial;
+ mbedtls_x509_buf MBEDTLS_PRIVATE(serial);
- mbedtls_x509_time revocation_date;
+ mbedtls_x509_time MBEDTLS_PRIVATE(revocation_date);
- mbedtls_x509_buf entry_ext;
+ mbedtls_x509_buf MBEDTLS_PRIVATE(entry_ext);
- struct mbedtls_x509_crl_entry *next;
+ struct mbedtls_x509_crl_entry *MBEDTLS_PRIVATE(next);
}
mbedtls_x509_crl_entry;
@@ -67,30 +68,30 @@
*/
typedef struct mbedtls_x509_crl
{
- mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
- mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
- int version; /**< CRL version (1=v1, 2=v2) */
- mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */
+ int MBEDTLS_PRIVATE(version); /**< CRL version (1=v1, 2=v2) */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< CRL signature type identifier */
- mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). */
- mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */
+ mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
- mbedtls_x509_time this_update;
- mbedtls_x509_time next_update;
+ mbedtls_x509_time MBEDTLS_PRIVATE(this_update);
+ mbedtls_x509_time MBEDTLS_PRIVATE(next_update);
- mbedtls_x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */
+ mbedtls_x509_crl_entry MBEDTLS_PRIVATE(entry); /**< The CRL entries containing the certificate revocation times for this CA. */
- mbedtls_x509_buf crl_ext;
+ mbedtls_x509_buf MBEDTLS_PRIVATE(crl_ext);
- mbedtls_x509_buf sig_oid2;
- mbedtls_x509_buf sig;
- mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
- mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
- void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2);
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
+ mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
+ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+ void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
- struct mbedtls_x509_crl *next;
+ struct mbedtls_x509_crl *MBEDTLS_PRIVATE(next);
}
mbedtls_x509_crl;
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 23a20d1..9b0a495 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_X509_CRT_H
#define MBEDTLS_X509_CRT_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -51,50 +52,50 @@
*/
typedef struct mbedtls_x509_crt
{
- int own_buffer; /**< Indicates if \c raw is owned
+ int MBEDTLS_PRIVATE(own_buffer); /**< Indicates if \c raw is owned
* by the structure or not. */
- mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
- mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
- int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
- mbedtls_x509_buf serial; /**< Unique id for certificate issued by a specific CA. */
- mbedtls_x509_buf sig_oid; /**< Signature algorithm, e.g. sha1RSA */
+ int MBEDTLS_PRIVATE(version); /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(serial); /**< Unique id for certificate issued by a specific CA. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< Signature algorithm, e.g. sha1RSA */
- mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */
- mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). Used for quick comparison. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). Used for quick comparison. */
- mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */
- mbedtls_x509_name subject; /**< The parsed subject data (named information object). */
+ mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
+ mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
- mbedtls_x509_time valid_from; /**< Start time of certificate validity. */
- mbedtls_x509_time valid_to; /**< End time of certificate validity. */
+ mbedtls_x509_time MBEDTLS_PRIVATE(valid_from); /**< Start time of certificate validity. */
+ mbedtls_x509_time MBEDTLS_PRIVATE(valid_to); /**< End time of certificate validity. */
- mbedtls_x509_buf pk_raw;
- mbedtls_pk_context pk; /**< Container for the public key context. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(pk_raw);
+ mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
- mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
- mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
- mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */
- mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_id); /**< Optional X.509 v2/v3 issuer unique identifier. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(subject_id); /**< Optional X.509 v2/v3 subject unique identifier. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(v3_ext); /**< Optional X.509 v3 extensions. */
+ mbedtls_x509_sequence MBEDTLS_PRIVATE(subject_alt_names); /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
- mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
+ mbedtls_x509_sequence MBEDTLS_PRIVATE(certificate_policies); /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
- int ext_types; /**< Bit string containing detected and parsed extensions */
- int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
- int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
+ int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */
+ int MBEDTLS_PRIVATE(ca_istrue); /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
+ int MBEDTLS_PRIVATE(max_pathlen); /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
- unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */
+ unsigned int MBEDTLS_PRIVATE(key_usage); /**< Optional key usage extension value: See the values in x509.h */
- mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
+ mbedtls_x509_sequence MBEDTLS_PRIVATE(ext_key_usage); /**< Optional list of extended key usage OIDs. */
- unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
+ unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape certificate type extension value: See the values in x509.h */
- mbedtls_x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
- mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
- mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
- void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part signed with the private key. */
+ mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
+ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+ void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
- struct mbedtls_x509_crt *next; /**< Next certificate in the CA-chain. */
+ struct mbedtls_x509_crt *MBEDTLS_PRIVATE(next); /**< Next certificate in the CA-chain. */
}
mbedtls_x509_crt;
@@ -111,7 +112,7 @@
* To check the value of the type id, you should use
* \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
*/
- mbedtls_x509_buf type_id; /**< The type id. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(type_id); /**< The type id. */
union
{
/**
@@ -122,12 +123,12 @@
*/
struct
{
- mbedtls_x509_buf oid; /**< The object identifier. */
- mbedtls_x509_buf val; /**< The named value. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(val); /**< The named value. */
}
- hardware_module_name;
+ MBEDTLS_PRIVATE(hardware_module_name);
}
- value;
+ MBEDTLS_PRIVATE(value);
}
mbedtls_x509_san_other_name;
@@ -136,12 +137,12 @@
*/
typedef struct mbedtls_x509_subject_alternative_name
{
- int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
+ int MBEDTLS_PRIVATE(type); /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
union {
- mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
- mbedtls_x509_buf unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */
+ mbedtls_x509_san_other_name MBEDTLS_PRIVATE(other_name); /**< The otherName supported type. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(unstructured_name); /**< The buffer for the un constructed types. Only dnsName currently supported */
}
- san; /**< A union of the supported SAN types */
+ MBEDTLS_PRIVATE(san); /**< A union of the supported SAN types */
}
mbedtls_x509_subject_alternative_name;
@@ -155,6 +156,26 @@
* Security profile for certificate verification.
*
* All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().
+ *
+ * The fields of this structure are part of the public API and can be
+ * manipulated directly by applications. Future versions of the library may
+ * add extra fields or reorder existing fields.
+ *
+ * You can create custom profiles by starting from a copy of
+ * an existing profile, such as mbedtls_x509_crt_profile_default or
+ * mbedtls_x509_ctr_profile_none and then tune it to your needs.
+ *
+ * For example to allow SHA-224 in addition to the default:
+ *
+ * mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default;
+ * my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 );
+ *
+ * Or to allow only RSA-3072+ with SHA-256:
+ *
+ * mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_none;
+ * my_profile.allowed_mds = MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 );
+ * my_profile.allowed_pks = MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA );
+ * my_profile.rsa_min_bitlen = 3072;
*/
typedef struct mbedtls_x509_crt_profile
{
@@ -249,16 +270,16 @@
*/
typedef struct mbedtls_x509write_cert
{
- int version;
- mbedtls_mpi serial;
- mbedtls_pk_context *subject_key;
- mbedtls_pk_context *issuer_key;
- mbedtls_asn1_named_data *subject;
- mbedtls_asn1_named_data *issuer;
- mbedtls_md_type_t md_alg;
- char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
- char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
- mbedtls_asn1_named_data *extensions;
+ int MBEDTLS_PRIVATE(version);
+ mbedtls_mpi MBEDTLS_PRIVATE(serial);
+ mbedtls_pk_context *MBEDTLS_PRIVATE(subject_key);
+ mbedtls_pk_context *MBEDTLS_PRIVATE(issuer_key);
+ mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject);
+ mbedtls_asn1_named_data *MBEDTLS_PRIVATE(issuer);
+ mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg);
+ char MBEDTLS_PRIVATE(not_before)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
+ char MBEDTLS_PRIVATE(not_after)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
+ mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions);
}
mbedtls_x509write_cert;
@@ -266,8 +287,8 @@
* Item in a verification chain: cert and flags for it
*/
typedef struct {
- mbedtls_x509_crt *crt;
- uint32_t flags;
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(crt);
+ uint32_t MBEDTLS_PRIVATE(flags);
} mbedtls_x509_crt_verify_chain_item;
/**
@@ -280,15 +301,15 @@
*/
typedef struct
{
- mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
- unsigned len;
+ mbedtls_x509_crt_verify_chain_item MBEDTLS_PRIVATE(items)[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
+ unsigned MBEDTLS_PRIVATE(len);
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
/* This stores the list of potential trusted signers obtained from
* the CA callback used for the CRT verification, if configured.
* We must track it somewhere because the callback passes its
* ownership to the caller. */
- mbedtls_x509_crt *trust_ca_cb_result;
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(trust_ca_cb_result);
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
} mbedtls_x509_crt_verify_chain;
@@ -300,23 +321,23 @@
typedef struct
{
/* for check_signature() */
- mbedtls_pk_restart_ctx pk;
+ mbedtls_pk_restart_ctx MBEDTLS_PRIVATE(pk);
/* for find_parent_in() */
- mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */
- mbedtls_x509_crt *fallback_parent;
- int fallback_signature_is_good;
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in progress */
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(fallback_parent);
+ int MBEDTLS_PRIVATE(fallback_signature_is_good);
/* for find_parent() */
- int parent_is_trusted; /* -1 if find_parent is not in progress */
+ int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in progress */
/* for verify_chain() */
enum {
x509_crt_rs_none,
x509_crt_rs_find_parent,
- } in_progress; /* none if no operation is in progress */
- int self_cnt;
- mbedtls_x509_crt_verify_chain ver_chain;
+ } MBEDTLS_PRIVATE(in_progress); /* none if no operation is in progress */
+ int MBEDTLS_PRIVATE(self_cnt);
+ mbedtls_x509_crt_verify_chain MBEDTLS_PRIVATE(ver_chain);
} mbedtls_x509_crt_restart_ctx;
@@ -331,12 +352,22 @@
/**
* Default security profile. Should provide a good balance between security
* and compatibility with current deployments.
+ *
+ * This profile permits:
+ * - SHA2 hashes with at least 256 bits: SHA-256, SHA-384, SHA-512.
+ * - Elliptic curves with 255 bits and above except secp256k1.
+ * - RSA with 2048 bits and above.
+ *
+ * New minor versions of Mbed TLS may extend this profile, for example if
+ * new algorithms are added to the library. New minor versions of Mbed TLS will
+ * not reduce this profile unless serious security concerns require it.
*/
extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
/**
* Expected next default profile. Recommended for new deployments.
- * Currently targets a 128-bit security level, except for RSA-2048.
+ * Currently targets a 128-bit security level, except for allowing RSA-2048.
+ * This profile may change at any time.
*/
extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;
@@ -346,6 +377,12 @@
extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
/**
+ * Empty profile that allows nothing. Useful as a basis for constructing
+ * custom profiles.
+ */
+extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none;
+
+/**
* \brief Parse a single DER formatted certificate and add it
* to the end of the provided chained list.
*
@@ -827,7 +864,6 @@
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
/**
* \brief Check usage of certificate against keyUsage extension.
*
@@ -851,9 +887,7 @@
*/
int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
unsigned int usage );
-#endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */
-#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
/**
* \brief Check usage of certificate against extendedKeyUsage.
*
@@ -870,7 +904,6 @@
int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
const char *usage_oid,
size_t usage_len );
-#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
#if defined(MBEDTLS_X509_CRL_PARSE_C)
/**
@@ -1111,16 +1144,13 @@
* \param ctx certificate to write away
* \param buf buffer to write to
* \param size size of the buffer
- * \param f_rng RNG function (for signature, see note)
+ * \param f_rng RNG function. This must not be \c NULL.
* \param p_rng RNG parameter
*
* \return length of data written if successful, or a specific
* error code
*
- * \note f_rng may be NULL if RSA is used for signature and the
- * signature is made offline (otherwise f_rng is desirable
- * for countermeasures against timing attacks).
- * ECDSA signatures always require a non-NULL f_rng.
+ * \note \p f_rng is used for the signature operation.
*/
int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -1133,15 +1163,12 @@
* \param ctx certificate to write away
* \param buf buffer to write to
* \param size size of the buffer
- * \param f_rng RNG function (for signature, see note)
+ * \param f_rng RNG function. This must not be \c NULL.
* \param p_rng RNG parameter
*
* \return 0 if successful, or a specific error code
*
- * \note f_rng may be NULL if RSA is used for signature and the
- * signature is made offline (otherwise f_rng is desirable
- * for countermeasures against timing attacks).
- * ECDSA signatures always require a non-NULL f_rng.
+ * \note \p f_rng is used for the signature operation.
*/
int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 4b8564c..a0f1278 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_X509_CSR_H
#define MBEDTLS_X509_CSR_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -48,21 +49,21 @@
*/
typedef struct mbedtls_x509_csr
{
- mbedtls_x509_buf raw; /**< The raw CSR data (DER). */
- mbedtls_x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw CSR data (DER). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(cri); /**< The raw CertificateRequestInfo body (DER). */
- int version; /**< CSR version (1=v1). */
+ int MBEDTLS_PRIVATE(version); /**< CSR version (1=v1). */
- mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). */
- mbedtls_x509_name subject; /**< The parsed subject data (named information object). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). */
+ mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
- mbedtls_pk_context pk; /**< Container for the public key context. */
+ mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
- mbedtls_x509_buf sig_oid;
- mbedtls_x509_buf sig;
- mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
- mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
- void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid);
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
+ mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
+ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+ void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
}
mbedtls_x509_csr;
@@ -71,10 +72,10 @@
*/
typedef struct mbedtls_x509write_csr
{
- mbedtls_pk_context *key;
- mbedtls_asn1_named_data *subject;
- mbedtls_md_type_t md_alg;
- mbedtls_asn1_named_data *extensions;
+ mbedtls_pk_context *MBEDTLS_PRIVATE(key);
+ mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject);
+ mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg);
+ mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions);
}
mbedtls_x509write_csr;
@@ -263,16 +264,13 @@
* \param ctx CSR to write away
* \param buf buffer to write to
* \param size size of the buffer
- * \param f_rng RNG function (for signature, see note)
+ * \param f_rng RNG function. This must not be \c NULL.
* \param p_rng RNG parameter
*
* \return length of data written if successful, or a specific
* error code
*
- * \note f_rng may be NULL if RSA is used for signature and the
- * signature is made offline (otherwise f_rng is desirable
- * for countermeasures against timing attacks).
- * ECDSA signatures always require a non-NULL f_rng.
+ * \note \p f_rng is used for the signature operation.
*/
int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -286,15 +284,12 @@
* \param ctx CSR to write away
* \param buf buffer to write to
* \param size size of the buffer
- * \param f_rng RNG function (for signature, see note)
+ * \param f_rng RNG function. This must not be \c NULL.
* \param p_rng RNG parameter
*
* \return 0 if successful, or a specific error code
*
- * \note f_rng may be NULL if RSA is used for signature and the
- * signature is made offline (otherwise f_rng is desirable
- * for countermeasures against timing attacks).
- * ECDSA signatures always require a non-NULL f_rng.
+ * \note \p f_rng is used for the signature operation.
*/
int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h
deleted file mode 100644
index 5ce2fe4..0000000
--- a/include/mbedtls/xtea.h
+++ /dev/null
@@ -1,134 +0,0 @@
-/**
- * \file xtea.h
- *
- * \brief XTEA block cipher (32-bit)
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_XTEA_H
-#define MBEDTLS_XTEA_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#define MBEDTLS_XTEA_ENCRYPT 1
-#define MBEDTLS_XTEA_DECRYPT 0
-
-#define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_XTEA_ALT)
-// Regular implementation
-//
-
-/**
- * \brief XTEA context structure
- */
-typedef struct mbedtls_xtea_context
-{
- uint32_t k[4]; /*!< key */
-}
-mbedtls_xtea_context;
-
-#else /* MBEDTLS_XTEA_ALT */
-#include "xtea_alt.h"
-#endif /* MBEDTLS_XTEA_ALT */
-
-/**
- * \brief Initialize XTEA context
- *
- * \param ctx XTEA context to be initialized
- */
-void mbedtls_xtea_init( mbedtls_xtea_context *ctx );
-
-/**
- * \brief Clear XTEA context
- *
- * \param ctx XTEA context to be cleared
- */
-void mbedtls_xtea_free( mbedtls_xtea_context *ctx );
-
-/**
- * \brief XTEA key schedule
- *
- * \param ctx XTEA context to be initialized
- * \param key the secret key
- */
-void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] );
-
-/**
- * \brief XTEA cipher function
- *
- * \param ctx XTEA context
- * \param mode MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT
- * \param input 8-byte input block
- * \param output 8-byte output block
- *
- * \return 0 if successful
- */
-int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx,
- int mode,
- const unsigned char input[8],
- unsigned char output[8] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief XTEA CBC cipher function
- *
- * \param ctx XTEA context
- * \param mode MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT
- * \param length the length of input, multiple of 8
- * \param iv initialization vector for CBC mode
- * \param input input block
- * \param output output block
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0
- */
-int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[8],
- const unsigned char *input,
- unsigned char *output);
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- */
-int mbedtls_xtea_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* xtea.h */
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 6aa7ccc..3532fef 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -112,12 +112,6 @@
* This macro returns a suitable initializer for a key attribute structure
* of type #psa_key_attributes_t.
*/
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_KEY_ATTRIBUTES_INIT {0}
-#endif
/** Return an initial value for a key attributes structure.
*/
@@ -938,8 +932,8 @@
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation. */
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice. */
typedef struct psa_hash_operation_s psa_hash_operation_t;
/** \def PSA_HASH_OPERATION_INIT
@@ -947,12 +941,6 @@
* This macro returns a suitable initializer for a hash operation object
* of type #psa_hash_operation_t.
*/
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_HASH_OPERATION_INIT {0}
-#endif
/** Return an initial value for a hash operation object.
*/
@@ -1307,9 +1295,10 @@
* operation = psa_mac_operation_init();
* \endcode
*
+ *
* This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation. */
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice. */
typedef struct psa_mac_operation_s psa_mac_operation_t;
/** \def PSA_MAC_OPERATION_INIT
@@ -1317,12 +1306,6 @@
* This macro returns a suitable initializer for a MAC operation object of type
* #psa_mac_operation_t.
*/
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_MAC_OPERATION_INIT {0}
-#endif
/** Return an initial value for a MAC operation object.
*/
@@ -1732,8 +1715,8 @@
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation. */
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice. */
typedef struct psa_cipher_operation_s psa_cipher_operation_t;
/** \def PSA_CIPHER_OPERATION_INIT
@@ -1741,12 +1724,6 @@
* This macro returns a suitable initializer for a cipher operation object of
* type #psa_cipher_operation_t.
*/
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_CIPHER_OPERATION_INIT {0}
-#endif
/** Return an initial value for a cipher operation object.
*/
@@ -2261,8 +2238,8 @@
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation. */
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice. */
typedef struct psa_aead_operation_s psa_aead_operation_t;
/** \def PSA_AEAD_OPERATION_INIT
@@ -2270,12 +2247,6 @@
* This macro returns a suitable initializer for an AEAD operation object of
* type #psa_aead_operation_t.
*/
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_AEAD_OPERATION_INIT {0}
-#endif
/** Return an initial value for an AEAD operation object.
*/
@@ -3260,8 +3231,8 @@
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation.
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice.
*/
typedef struct psa_key_derivation_s psa_key_derivation_operation_t;
@@ -3270,12 +3241,6 @@
* This macro returns a suitable initializer for a key derivation operation
* object of type #psa_key_derivation_operation_t.
*/
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_KEY_DERIVATION_OPERATION_INIT {0}
-#endif
/** Return an initial value for a key derivation operation object.
*/
@@ -3717,7 +3682,6 @@
* The following key types defined in this specification follow this scheme:
*
* - #PSA_KEY_TYPE_AES;
- * - #PSA_KEY_TYPE_ARC4;
* - #PSA_KEY_TYPE_CAMELLIA;
* - #PSA_KEY_TYPE_DERIVE;
* - #PSA_KEY_TYPE_HMAC;
diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h
index 1d11b00..b05660f 100644
--- a/include/psa/crypto_builtin_composites.h
+++ b/include/psa/crypto_builtin_composites.h
@@ -32,6 +32,7 @@
#ifndef PSA_CRYPTO_BUILTIN_COMPOSITES_H
#define PSA_CRYPTO_BUILTIN_COMPOSITES_H
+#include "mbedtls/private_access.h"
#include <psa/crypto_driver_common.h>
@@ -47,11 +48,11 @@
typedef struct
{
/** The HMAC algorithm in use */
- psa_algorithm_t alg;
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
/** The hash context. */
struct psa_hash_operation_s hash_ctx;
/** The HMAC part of the context. */
- uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
+ uint8_t MBEDTLS_PRIVATE(opad)[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
} mbedtls_psa_hmac_operation_t;
#define MBEDTLS_PSA_HMAC_OPERATION_INIT {0, PSA_HASH_OPERATION_INIT, {0}}
@@ -61,17 +62,17 @@
typedef struct
{
- psa_algorithm_t alg;
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
union
{
- unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
+ unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
- mbedtls_psa_hmac_operation_t hmac;
+ mbedtls_psa_hmac_operation_t MBEDTLS_PRIVATE(hmac);
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
- mbedtls_cipher_context_t cmac;
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cmac);
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
- } ctx;
+ } MBEDTLS_PRIVATE(ctx);
} mbedtls_psa_mac_operation_t;
#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}}
diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h
index 75801a1..20451c9 100644
--- a/include/psa/crypto_builtin_primitives.h
+++ b/include/psa/crypto_builtin_primitives.h
@@ -32,6 +32,7 @@
#ifndef PSA_CRYPTO_BUILTIN_PRIMITIVES_H
#define PSA_CRYPTO_BUILTIN_PRIMITIVES_H
+#include "mbedtls/private_access.h"
#include <psa/crypto_driver_common.h>
@@ -39,17 +40,13 @@
* Hash multi-part operation definitions.
*/
-#include "mbedtls/md2.h"
-#include "mbedtls/md4.h"
#include "mbedtls/md5.h"
#include "mbedtls/ripemd160.h"
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) || \
@@ -61,32 +58,26 @@
typedef struct
{
- psa_algorithm_t alg;
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
union
{
- unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
-#if defined(MBEDTLS_MD2_C)
- mbedtls_md2_context md2;
-#endif
-#if defined(MBEDTLS_MD4_C)
- mbedtls_md4_context md4;
-#endif
+ unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */
#if defined(MBEDTLS_MD5_C)
- mbedtls_md5_context md5;
+ mbedtls_md5_context MBEDTLS_PRIVATE(md5);
#endif
#if defined(MBEDTLS_RIPEMD160_C)
- mbedtls_ripemd160_context ripemd160;
+ mbedtls_ripemd160_context MBEDTLS_PRIVATE(ripemd160);
#endif
#if defined(MBEDTLS_SHA1_C)
- mbedtls_sha1_context sha1;
+ mbedtls_sha1_context MBEDTLS_PRIVATE(sha1);
#endif
#if defined(MBEDTLS_SHA256_C)
- mbedtls_sha256_context sha256;
+ mbedtls_sha256_context MBEDTLS_PRIVATE(sha256);
#endif
#if defined(MBEDTLS_SHA512_C)
- mbedtls_sha512_context sha512;
+ mbedtls_sha512_context MBEDTLS_PRIVATE(sha512);
#endif
- } ctx;
+ } MBEDTLS_PRIVATE(ctx);
} mbedtls_psa_hash_operation_t;
#define MBEDTLS_PSA_HASH_OPERATION_INIT {0, {0}}
@@ -110,10 +101,10 @@
typedef struct {
/* Context structure for the Mbed TLS cipher implementation. */
- psa_algorithm_t alg;
- uint8_t iv_length;
- uint8_t block_length;
- mbedtls_cipher_context_t cipher;
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
+ uint8_t MBEDTLS_PRIVATE(iv_length);
+ uint8_t MBEDTLS_PRIVATE(block_length);
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher);
} mbedtls_psa_cipher_operation_t;
#define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}}
diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h
index eb16492..32ef1c2 100644
--- a/include/psa/crypto_config.h
+++ b/include/psa/crypto_config.h
@@ -69,8 +69,6 @@
#define PSA_WANT_ALG_GCM 1
#define PSA_WANT_ALG_HKDF 1
#define PSA_WANT_ALG_HMAC 1
-#define PSA_WANT_ALG_MD2 1
-#define PSA_WANT_ALG_MD4 1
#define PSA_WANT_ALG_MD5 1
#define PSA_WANT_ALG_OFB 1
/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
@@ -118,7 +116,6 @@
#define PSA_WANT_KEY_TYPE_DERIVE 1
#define PSA_WANT_KEY_TYPE_HMAC 1
#define PSA_WANT_KEY_TYPE_AES 1
-#define PSA_WANT_KEY_TYPE_ARC4 1
#define PSA_WANT_KEY_TYPE_CAMELLIA 1
#define PSA_WANT_KEY_TYPE_CHACHA20 1
#define PSA_WANT_KEY_TYPE_DES 1
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index a7b4ab5..51c0859 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -27,6 +27,7 @@
#ifndef PSA_CRYPTO_EXTRA_H
#define PSA_CRYPTO_EXTRA_H
+#include "mbedtls/private_access.h"
#include "mbedtls/platform_util.h"
@@ -71,7 +72,7 @@
psa_key_attributes_t *attributes,
psa_algorithm_t alg2)
{
- attributes->core.policy.alg2 = alg2;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) = alg2;
}
/** Retrieve the enrollment algorithm policy from key attributes.
@@ -83,7 +84,7 @@
static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.policy.alg2 );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) );
}
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@@ -141,8 +142,8 @@
psa_key_attributes_t *attributes,
psa_key_slot_number_t slot_number )
{
- attributes->core.flags |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
- attributes->slot_number = slot_number;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
+ attributes->MBEDTLS_PRIVATE(slot_number) = slot_number;
}
/** Remove the slot number attribute from a key attribute structure.
@@ -154,7 +155,7 @@
static inline void psa_clear_key_slot_number(
psa_key_attributes_t *attributes )
{
- attributes->core.flags &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
}
/** Register a key that is already present in a secure element.
@@ -226,26 +227,26 @@
typedef struct mbedtls_psa_stats_s
{
/** Number of slots containing key material for a volatile key. */
- size_t volatile_slots;
+ size_t MBEDTLS_PRIVATE(volatile_slots);
/** Number of slots containing key material for a key which is in
* internal persistent storage. */
- size_t persistent_slots;
+ size_t MBEDTLS_PRIVATE(persistent_slots);
/** Number of slots containing a reference to a key in a
* secure element. */
- size_t external_slots;
+ size_t MBEDTLS_PRIVATE(external_slots);
/** Number of slots which are occupied, but do not contain
* key material yet. */
- size_t half_filled_slots;
+ size_t MBEDTLS_PRIVATE(half_filled_slots);
/** Number of slots that contain cache data. */
- size_t cache_slots;
+ size_t MBEDTLS_PRIVATE(cache_slots);
/** Number of slots that are not used for anything. */
- size_t empty_slots;
+ size_t MBEDTLS_PRIVATE(empty_slots);
/** Number of slots that are locked. */
- size_t locked_slots;
+ size_t MBEDTLS_PRIVATE(locked_slots);
/** Largest key id value among open keys in internal persistent storage. */
- psa_key_id_t max_open_internal_key_id;
+ psa_key_id_t MBEDTLS_PRIVATE(max_open_internal_key_id);
/** Largest key id value among open keys in secure elements. */
- psa_key_id_t max_open_external_key_id;
+ psa_key_id_t MBEDTLS_PRIVATE(max_open_external_key_id);
} mbedtls_psa_stats_t;
/** \brief Get statistics about
@@ -813,6 +814,1009 @@
/** @} */
+/** \addtogroup crypto_types
+ * @{
+ */
+
+#define PSA_ALG_CATEGORY_PAKE ((psa_algorithm_t)0x0a000000)
+
+/** Whether the specified algorithm is a password-authenticated key exchange.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is a password-authenticated key exchange (PAKE)
+ * algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \p alg is not a supported
+ * algorithm identifier.
+ */
+#define PSA_ALG_IS_PAKE(alg) \
+ (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_PAKE)
+
+/** The Password-authenticated key exchange by juggling (J-PAKE) algorithm.
+ *
+ * This is J-PAKE as defined by RFC 8236, instantiated with the following
+ * parameters:
+ *
+ * - The group can be either an elliptic curve or defined over a finite field.
+ * - Schnorr NIZK proof as defined by RFC 8235 and using the same group as the
+ * J-PAKE algorithm.
+ * - A cryptographic hash function.
+ *
+ * To select these parameters and set up the cipher suite, call these functions
+ * in any order:
+ *
+ * \code
+ * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_JPAKE);
+ * psa_pake_cs_set_primitive(cipher_suite,
+ * PSA_PAKE_PRIMITIVE(type, family, bits));
+ * psa_pake_cs_set_hash(cipher_suite, hash);
+ * \endcode
+ *
+ * For more information on how to set a specific curve or field, refer to the
+ * documentation of the individual \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
+ *
+ * After initializing a J-PAKE operation, call
+ *
+ * \code
+ * psa_pake_setup(operation, cipher_suite);
+ * psa_pake_set_user(operation, ...);
+ * psa_pake_set_peer(operation, ...);
+ * psa_pake_set_password_key(operation, ...);
+ * \endcode
+ *
+ * The password is read as a byte array and must be non-empty. This can be the
+ * password itself (in some pre-defined character encoding) or some value
+ * derived from the password as mandated by some higher level protocol.
+ *
+ * (The implementation converts this byte array to a number as described in
+ * Section 2.3.8 of _SEC 1: Elliptic Curve Cryptography_
+ * (https://www.secg.org/sec1-v2.pdf), before reducing it modulo \c q. Here
+ * \c q is order of the group defined by the primitive set in the cipher suite.
+ * The \c psa_pake_set_password_xxx() functions return an error if the result
+ * of the reduction is 0.)
+ *
+ * The key exchange flow for J-PAKE is as follows:
+ * -# To get the first round data that needs to be sent to the peer, call
+ * \code
+ * // Get g1
+ * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...);
+ * // Get the ZKP public key for x1
+ * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...);
+ * // Get the ZKP proof for x1
+ * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...);
+ * // Get g2
+ * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...);
+ * // Get the ZKP public key for x2
+ * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...);
+ * // Get the ZKP proof for x2
+ * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...);
+ * \endcode
+ * -# To provide the first round data received from the peer to the operation,
+ * call
+ * \code
+ * // Set g3
+ * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...);
+ * // Set the ZKP public key for x3
+ * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...);
+ * // Set the ZKP proof for x3
+ * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...);
+ * // Set g4
+ * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...);
+ * // Set the ZKP public key for x4
+ * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...);
+ * // Set the ZKP proof for x4
+ * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...);
+ * \endcode
+ * -# To get the second round data that needs to be sent to the peer, call
+ * \code
+ * // Get A
+ * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...);
+ * // Get ZKP public key for x2*s
+ * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...);
+ * // Get ZKP proof for x2*s
+ * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...);
+ * \endcode
+ * -# To provide the second round data received from the peer to the operation,
+ * call
+ * \code
+ * // Set B
+ * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...);
+ * // Set ZKP public key for x4*s
+ * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...);
+ * // Set ZKP proof for x4*s
+ * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...);
+ * \endcode
+ * -# To access the shared secret call
+ * \code
+ * // Get Ka=Kb=K
+ * psa_pake_get_implicit_key()
+ * \endcode
+ *
+ * For more information consult the documentation of the individual
+ * \c PSA_PAKE_STEP_XXX constants.
+ *
+ * At this point there is a cryptographic guarantee that only the authenticated
+ * party who used the same password is able to compute the key. But there is no
+ * guarantee that the peer is the party it claims to be and was able to do so.
+ *
+ * That is, the authentication is only implicit (the peer is not authenticated
+ * at this point, and no action should be taken that assume that they are - like
+ * for example accessing restricted files).
+ *
+ * To make the authentication explicit there are various methods, see Section 5
+ * of RFC 8236 for two examples.
+ *
+ */
+#define PSA_ALG_JPAKE ((psa_algorithm_t)0x0a000100)
+
+/** @} */
+
+/** \defgroup pake Password-authenticated key exchange (PAKE)
+ *
+ * This is a proposed PAKE interface for the PSA Crypto API. It is not part of
+ * the official PSA Crypto API yet.
+ *
+ * \note The content of this section is not part of the stable API and ABI
+ * of Mbed Crypto and may change arbitrarily from version to version.
+ * Same holds for the corresponding macros #PSA_ALG_CATEGORY_PAKE and
+ * #PSA_ALG_JPAKE.
+ * @{
+ */
+
+/** \brief Encoding of the side of PAKE
+ *
+ * Encodes which side of the algorithm is being executed. For more information
+ * see the documentation of individual \c PSA_PAKE_SIDE_XXX constants.
+ */
+typedef uint8_t psa_pake_side_t;
+
+/** Encoding of input and output indicators for PAKE.
+ *
+ * Some PAKE algorithms need to exchange more data than just a single key share.
+ * This type is for encoding additional input and output data for such
+ * algorithms.
+ */
+typedef uint8_t psa_pake_step_t;
+
+/** Encoding of the type of the PAKE's primitive.
+ *
+ * Values defined by this standard will never be in the range 0x80-0xff.
+ * Vendors who define additional types must use an encoding in this range.
+ *
+ * For more information see the documentation of individual
+ * \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
+ */
+typedef uint8_t psa_pake_primitive_type_t;
+
+/** \brief Encoding of the family of the primitive associated with the PAKE.
+ *
+ * For more information see the documentation of individual
+ * \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
+ */
+typedef uint8_t psa_pake_family_t;
+
+/** \brief Encoding of the primitive associated with the PAKE.
+ *
+ * For more information see the documentation of the #PSA_PAKE_PRIMITIVE macro.
+ */
+typedef uint32_t psa_pake_primitive_t;
+
+/** The first peer in a balanced PAKE.
+ *
+ * Although balanced PAKE algorithms are symmetric, some of them needs an
+ * ordering of peers for the transcript calculations. If the algorithm does not
+ * need this, both #PSA_PAKE_SIDE_FIRST and #PSA_PAKE_SIDE_SECOND are
+ * accepted.
+ */
+#define PSA_PAKE_SIDE_FIRST ((psa_pake_side_t)0x01)
+
+/** The second peer in a balanced PAKE.
+ *
+ * Although balanced PAKE algorithms are symmetric, some of them needs an
+ * ordering of peers for the transcript calculations. If the algorithm does not
+ * need this, either #PSA_PAKE_SIDE_FIRST or #PSA_PAKE_SIDE_SECOND are
+ * accepted.
+ */
+#define PSA_PAKE_SIDE_SECOND ((psa_pake_side_t)0x02)
+
+/** The client in an augmented PAKE.
+ *
+ * Augmented PAKE algorithms need to differentiate between client and server.
+ */
+#define PSA_PAKE_SIDE_CLIENT ((psa_pake_side_t)0x11)
+
+/** The server in an augmented PAKE.
+ *
+ * Augmented PAKE algorithms need to differentiate between client and server.
+ */
+#define PSA_PAKE_SIDE_SERVER ((psa_pake_side_t)0x12)
+
+/** The PAKE primitive type indicating the use of elliptic curves.
+ *
+ * The values of the \c family and \c bits fields of the cipher suite identify a
+ * specific elliptic curve, using the same mapping that is used for ECC
+ * (::psa_ecc_family_t) keys.
+ *
+ * (Here \c family means the value returned by psa_pake_cs_get_family() and
+ * \c bits means the value returned by psa_pake_cs_get_bits().)
+ *
+ * Input and output during the operation can involve group elements and scalar
+ * values:
+ * -# The format for group elements is the same as for public keys on the
+ * specific curve would be. For more information, consult the documentation of
+ * psa_export_public_key().
+ * -# The format for scalars is the same as for private keys on the specific
+ * curve would be. For more information, consult the documentation of
+ * psa_export_key().
+ */
+#define PSA_PAKE_PRIMITIVE_TYPE_ECC ((psa_pake_primitive_type_t)0x01)
+
+/** The PAKE primitive type indicating the use of Diffie-Hellman groups.
+ *
+ * The values of the \c family and \c bits fields of the cipher suite identify
+ * a specific Diffie-Hellman group, using the same mapping that is used for
+ * Diffie-Hellman (::psa_dh_family_t) keys.
+ *
+ * (Here \c family means the value returned by psa_pake_cs_get_family() and
+ * \c bits means the value returned by psa_pake_cs_get_bits().)
+ *
+ * Input and output during the operation can involve group elements and scalar
+ * values:
+ * -# The format for group elements is the same as for public keys on the
+ * specific group would be. For more information, consult the documentation of
+ * psa_export_public_key().
+ * -# The format for scalars is the same as for private keys on the specific
+ * group would be. For more information, consult the documentation of
+ * psa_export_key().
+ */
+#define PSA_PAKE_PRIMITIVE_TYPE_DH ((psa_pake_primitive_type_t)0x02)
+
+/** Construct a PAKE primitive from type, family and bit-size.
+ *
+ * \param pake_type The type of the primitive
+ * (value of type ::psa_pake_primitive_type_t).
+ * \param pake_family The family of the primitive
+ * (the type and interpretation of this parameter depends
+ * on \p type, for more information consult the
+ * documentation of individual ::psa_pake_primitive_type_t
+ * constants).
+ * \param pake_bits The bit-size of the primitive
+ * (Value of type \c size_t. The interpretation
+ * of this parameter depends on \p family, for more
+ * information consult the documentation of individual
+ * ::psa_pake_primitive_type_t constants).
+ *
+ * \return The constructed primitive value of type ::psa_pake_primitive_t.
+ * Return 0 if the requested primitive can't be encoded as
+ * ::psa_pake_primitive_t.
+ */
+#define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits) \
+ ((pake_bits & 0xFFFF) != pake_bits) ? 0 : \
+ ((psa_pake_primitive_t) (((pake_type) << 24 | \
+ (pake_family) << 16) | (pake_bits)))
+
+/** The key share being sent to or received from the peer.
+ *
+ * The format for both input and output at this step is the same as for public
+ * keys on the group determined by the primitive (::psa_pake_primitive_t) would
+ * be.
+ *
+ * For more information on the format, consult the documentation of
+ * psa_export_public_key().
+ *
+ * For information regarding how the group is determined, consult the
+ * documentation #PSA_PAKE_PRIMITIVE.
+ */
+#define PSA_PAKE_STEP_KEY_SHARE ((psa_pake_step_t)0x01)
+
+/** A Schnorr NIZKP public key.
+ *
+ * This is the ephemeral public key in the Schnorr Non-Interactive
+ * Zero-Knowledge Proof (the value denoted by the letter 'V' in RFC 8235).
+ *
+ * The format for both input and output at this step is the same as for public
+ * keys on the group determined by the primitive (::psa_pake_primitive_t) would
+ * be.
+ *
+ * For more information on the format, consult the documentation of
+ * psa_export_public_key().
+ *
+ * For information regarding how the group is determined, consult the
+ * documentation #PSA_PAKE_PRIMITIVE.
+ */
+#define PSA_PAKE_STEP_ZK_PUBLIC ((psa_pake_step_t)0x02)
+
+/** A Schnorr NIZKP proof.
+ *
+ * This is the proof in the Schnorr Non-Interactive Zero-Knowledge Proof (the
+ * value denoted by the letter 'r' in RFC 8235).
+ *
+ * Both for input and output, the value at this step is an integer less than
+ * the order of the group selected in the cipher suite. The format depends on
+ * the group as well:
+ *
+ * - For Montgomery curves, the encoding is little endian.
+ * - For everything else the encoding is big endian (see Section 2.3.8 of
+ * _SEC 1: Elliptic Curve Cryptography_ at https://www.secg.org/sec1-v2.pdf).
+ *
+ * In both cases leading zeroes are allowed as long as the length in bytes does
+ * not exceed the byte length of the group order.
+ *
+ * For information regarding how the group is determined, consult the
+ * documentation #PSA_PAKE_PRIMITIVE.
+ */
+#define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t)0x03)
+
+/** The type of the data strucure for PAKE cipher suites.
+ *
+ * This is an implementation-defined \c struct. Applications should not
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice.
+ */
+typedef struct psa_pake_cipher_suite_s psa_pake_cipher_suite_t;
+
+/** Retrieve the PAKE algorithm from a PAKE cipher suite.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate its argument exactly once.
+ *
+ * \param[in] cipher_suite The cipher suite structure to query.
+ *
+ * \return The PAKE algorithm stored in the cipher suite structure.
+ */
+static psa_algorithm_t psa_pake_cs_get_algorithm(
+ const psa_pake_cipher_suite_t* cipher_suite
+ );
+
+/** Declare the PAKE algorithm for the cipher suite.
+ *
+ * This function overwrites any PAKE algorithm
+ * previously set in \p cipher_suite.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate each of its arguments exactly once.
+ *
+ * \param[out] cipher_suite The cipher suite structure to write to.
+ * \param algorithm The PAKE algorithm to write.
+ * (`PSA_ALG_XXX` values of type ::psa_algorithm_t
+ * such that #PSA_ALG_IS_PAKE(\c alg) is true.)
+ * If this is 0, the PAKE algorithm in
+ * \p cipher_suite becomes unspecified.
+ */
+static void psa_pake_cs_set_algorithm(
+ psa_pake_cipher_suite_t* cipher_suite,
+ psa_algorithm_t algorithm
+ );
+
+/** Retrieve the primitive from a PAKE cipher suite.
+ *
+ * This function may be declared as `static` (i.e. without external linkage).
+ * This function may be provided as a function-like macro, but in this case it
+ * must evaluate its argument exactly once.
+ *
+ * \param[in] cipher_suite The cipher suite structure to query.
+ *
+ * \return The primitive stored in the cipher suite structure.
+ */
+static psa_pake_primitive_t psa_pake_cs_get_primitive(
+ const psa_pake_cipher_suite_t* cipher_suite
+ );
+
+/** Declare the primitive for a PAKE cipher suite.
+ *
+ * This function overwrites any primitive previously set in \p cipher_suite.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate each of its arguments exactly once.
+ *
+ * \param[out] cipher_suite The cipher suite structure to write to.
+ * \param primitive The primitive to write. If this is 0, the
+ * primitive type in \p cipher_suite becomes
+ * unspecified.
+ */
+static void psa_pake_cs_set_primitive(
+ psa_pake_cipher_suite_t* cipher_suite,
+ psa_pake_primitive_t primitive
+ );
+
+/** Retrieve the hash algorithm from a PAKE cipher suite.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate its argument exactly once.
+ *
+ * \param[in] cipher_suite The cipher suite structure to query.
+ *
+ * \return The hash algorithm stored in the cipher suite structure. The return
+ * value is 0 if the PAKE is not parametrised by a hash algorithm or if
+ * the hash algorithm is not set.
+ */
+static psa_algorithm_t psa_pake_cs_get_hash(
+ const psa_pake_cipher_suite_t* cipher_suite
+ );
+
+/** Declare the hash algorithm for a PAKE cipher suite.
+ *
+ * This function overwrites any hash algorithm
+ * previously set in \p cipher_suite.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate each of its arguments exactly once.
+ *
+ * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+ * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+ * for more information.
+ *
+ * \param[out] cipher_suite The cipher suite structure to write to.
+ * \param hash The hash involved in the cipher suite.
+ * (`PSA_ALG_XXX` values of type ::psa_algorithm_t
+ * such that #PSA_ALG_IS_HASH(\c alg) is true.)
+ * If this is 0, the hash algorithm in
+ * \p cipher_suite becomes unspecified.
+ */
+static void psa_pake_cs_set_hash(
+ psa_pake_cipher_suite_t* cipher_suite,
+ psa_algorithm_t hash
+ );
+
+/** The type of the state data structure for PAKE operations.
+ *
+ * Before calling any function on a PAKE operation object, the application
+ * must initialize it by any of the following means:
+ * - Set the structure to all-bits-zero, for example:
+ * \code
+ * psa_pake_operation_t operation;
+ * memset(&operation, 0, sizeof(operation));
+ * \endcode
+ * - Initialize the structure to logical zero values, for example:
+ * \code
+ * psa_pake_operation_t operation = {0};
+ * \endcode
+ * - Initialize the structure to the initializer #PSA_PAKE_OPERATION_INIT,
+ * for example:
+ * \code
+ * psa_pake_operation_t operation = PSA_PAKE_OPERATION_INIT;
+ * \endcode
+ * - Assign the result of the function psa_pake_operation_init()
+ * to the structure, for example:
+ * \code
+ * psa_pake_operation_t operation;
+ * operation = psa_pake_operation_init();
+ * \endcode
+ *
+ * This is an implementation-defined \c struct. Applications should not
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice. */
+typedef struct psa_pake_operation_s psa_pake_operation_t;
+
+/** Return an initial value for an PAKE operation object.
+ */
+static psa_pake_operation_t psa_pake_operation_init(void);
+
+/** Set the session information for a password-authenticated key exchange.
+ *
+ * The sequence of operations to set up a password-authenticated key exchange
+ * is as follows:
+ * -# Allocate an operation object which will be passed to all the functions
+ * listed here.
+ * -# Initialize the operation object with one of the methods described in the
+ * documentation for #psa_pake_operation_t, e.g.
+ * #PSA_PAKE_OPERATION_INIT.
+ * -# Call psa_pake_setup() to specify the cipher suite.
+ * -# Call \c psa_pake_set_xxx() functions on the operation to complete the
+ * setup. The exact sequence of \c psa_pake_set_xxx() functions that needs
+ * to be called depends on the algorithm in use.
+ *
+ * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+ * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+ * for more information.
+ *
+ * A typical sequence of calls to perform a password-authenticated key
+ * exchange:
+ * -# Call psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to get the
+ * key share that needs to be sent to the peer.
+ * -# Call psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to provide
+ * the key share that was received from the peer.
+ * -# Depending on the algorithm additional calls to psa_pake_output() and
+ * psa_pake_input() might be necessary.
+ * -# Call psa_pake_get_implicit_key() for accessing the shared secret.
+ *
+ * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+ * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+ * for more information.
+ *
+ * If an error occurs at any step after a call to psa_pake_setup(),
+ * the operation will need to be reset by a call to psa_pake_abort(). The
+ * application may call psa_pake_abort() at any time after the operation
+ * has been initialized.
+ *
+ * After a successful call to psa_pake_setup(), the application must
+ * eventually terminate the operation. The following events terminate an
+ * operation:
+ * - A call to psa_pake_abort().
+ * - A successful call to psa_pake_get_implicit_key().
+ *
+ * \param[in,out] operation The operation object to set up. It must have
+ * been initialized but not set up yet.
+ * \param cipher_suite The cipher suite to use. (A cipher suite fully
+ * characterizes a PAKE algorithm and determines
+ * the algorithm as well.)
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * The \p cipher_suite is not supported or is not valid.
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_pake_setup(psa_pake_operation_t *operation,
+ psa_pake_cipher_suite_t cipher_suite);
+
+/** Set the password for a password-authenticated key exchange from key ID.
+ *
+ * Call this function when the password, or a value derived from the password,
+ * is already present in the key store.
+ *
+ * \param[in,out] operation The operation object to set the password for. It
+ * must have been set up by psa_pake_setup() and
+ * not yet in use (neither psa_pake_output() nor
+ * psa_pake_input() has been called yet). It must
+ * be on operation for which the password hasn't
+ * been set yet (psa_pake_set_password_key()
+ * hasn't been called yet).
+ * \param password Identifier of the key holding the password or a
+ * value derived from the password (eg. by a
+ * memory-hard function). It must remain valid
+ * until the operation terminates. It must be of
+ * type #PSA_KEY_TYPE_PASSWORD or
+ * #PSA_KEY_TYPE_PASSWORD_HASH. It has to allow
+ * the usage #PSA_KEY_USAGE_DERIVE.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must have been set up.)
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p key is not compatible with the algorithm or the cipher suite.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation,
+ mbedtls_svc_key_id_t password);
+
+/** Set the user ID for a password-authenticated key exchange.
+ *
+ * Call this function to set the user ID. For PAKE algorithms that associate a
+ * user identifier with each side of the session you need to call
+ * psa_pake_set_peer() as well. For PAKE algorithms that associate a single
+ * user identifier with the session, call psa_pake_set_user() only.
+ *
+ * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+ * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+ * for more information.
+ *
+ * \param[in,out] operation The operation object to set the user ID for. It
+ * must have been set up by psa_pake_setup() and
+ * not yet in use (neither psa_pake_output() nor
+ * psa_pake_input() has been called yet). It must
+ * be on operation for which the user ID hasn't
+ * been set (psa_pake_set_user() hasn't been
+ * called yet).
+ * \param[in] user_id The user ID to authenticate with.
+ * \param user_id_len Size of the \p user_id buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p user_id is NULL.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_pake_set_user(psa_pake_operation_t *operation,
+ const uint8_t *user_id,
+ size_t user_id_len);
+
+/** Set the peer ID for a password-authenticated key exchange.
+ *
+ * Call this function in addition to psa_pake_set_user() for PAKE algorithms
+ * that associate a user identifier with each side of the session. For PAKE
+ * algorithms that associate a single user identifier with the session, call
+ * psa_pake_set_user() only.
+ *
+ * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+ * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+ * for more information.
+ *
+ * \param[in,out] operation The operation object to set the peer ID for. It
+ * must have been set up by psa_pake_setup() and
+ * not yet in use (neither psa_pake_output() nor
+ * psa_pake_input() has been called yet). It must
+ * be on operation for which the peer ID hasn't
+ * been set (psa_pake_set_peer() hasn't been
+ * called yet).
+ * \param[in] peer_id The peer's ID to authenticate.
+ * \param peer_id_len Size of the \p peer_id buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * The algorithm doesn't associate a second identity with the session.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p user_id is NULL.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation,
+ const uint8_t *peer_id,
+ size_t peer_id_len);
+
+/** Set the side for a password-authenticated key exchange.
+ *
+ * Not all PAKE algorithms need to differentiate the communicating entities.
+ * It is optional to call this function for PAKEs that don't require a side
+ * parameter. For such PAKEs the side parameter is ignored.
+ *
+ * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+ * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+ * for more information.
+ *
+ * \param[in,out] operation The operation object to set the side for. It
+ * must have been set up by psa_pake_setup() and
+ * not yet in use (neither psa_pake_output() nor
+ * psa_pake_input() has been called yet). It must
+ * be on operation for which the side hasn't been
+ * set (psa_pake_set_side() hasn't been called
+ * yet).
+ * \param side A value of type ::psa_pake_side_t signaling the
+ * side of the algorithm that is being set up. For
+ * more information see the documentation of
+ * \c PSA_PAKE_SIDE_XXX constants.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * The \p side for this algorithm is not supported or is not valid.
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_pake_set_side(psa_pake_operation_t *operation,
+ psa_pake_side_t side);
+
+/** Get output for a step of a password-authenticated key exchange.
+ *
+ * Depending on the algorithm being executed, you might need to call this
+ * function several times or you might not need to call this at all.
+ *
+ * The exact sequence of calls to perform a password-authenticated key
+ * exchange depends on the algorithm in use. Refer to the documentation of
+ * individual PAKE algorithm types (`PSA_ALG_XXX` values of type
+ * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more
+ * information.
+ *
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_pake_abort().
+ *
+ * \param[in,out] operation Active PAKE operation.
+ * \param step The step of the algorithm for which the output is
+ * requested.
+ * \param[out] output Buffer where the output is to be written in the
+ * format appropriate for this \p step. Refer to
+ * the documentation of the individual
+ * \c PSA_PAKE_STEP_XXX constants for more
+ * information.
+ * \param output_size Size of the \p output buffer in bytes. This must
+ * be at least #PSA_PAKE_OUTPUT_SIZE(\p alg, \c
+ * cipher_suite, \p type).
+ *
+ * \param[out] output_length On success, the number of bytes of the returned
+ * output.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be active, but beyond that
+ * validity is specific to the algorithm).
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p output buffer is too small.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_pake_output(psa_pake_operation_t *operation,
+ psa_pake_step_t step,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
+
+/** Provide input for a step of a password-authenticated key exchange.
+ *
+ * Depending on the algorithm being executed, you might need to call this
+ * function several times or you might not need to call this at all.
+ *
+ * The exact sequence of calls to perform a password-authenticated key
+ * exchange depends on the algorithm in use. Refer to the documentation of
+ * individual PAKE algorithm types (`PSA_ALG_XXX` values of type
+ * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more
+ * information.
+ *
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_pake_abort().
+ *
+ * \param[in,out] operation Active PAKE operation.
+ * \param step The step for which the input is provided.
+ * \param[out] input Buffer containing the input in the format
+ * appropriate for this \p step. Refer to the
+ * documentation of the individual
+ * \c PSA_PAKE_STEP_XXX constants for more
+ * information.
+ * \param[out] input_length Size of the \p input buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be active, but beyond that
+ * validity is specific to the algorithm).
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The input is not valid for the algorithm, ciphersuite or \p step.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_pake_input(psa_pake_operation_t *operation,
+ psa_pake_step_t step,
+ uint8_t *input,
+ size_t input_length);
+
+/** Get implicitly confirmed shared secret from a PAKE.
+ *
+ * At this point there is a cryptographic guarantee that only the authenticated
+ * party who used the same password is able to compute the key. But there is no
+ * guarantee that the peer is the party it claims to be and was able to do so.
+ *
+ * That is, the authentication is only implicit. Since the peer is not
+ * authenticated yet, no action should be taken yet that assumes that the peer
+ * is who it claims to be. For example, do not access restricted files on the
+ * peer's behalf until an explicit authentication has succeeded.
+ *
+ * This function can be called after the key exchange phase of the operation
+ * has completed. It imports the shared secret output of the PAKE into the
+ * provided derivation operation. The input step
+ * #PSA_KEY_DERIVATION_INPUT_SECRET is used when placing the shared key
+ * material in the key derivation operation.
+ *
+ * The exact sequence of calls to perform a password-authenticated key
+ * exchange depends on the algorithm in use. Refer to the documentation of
+ * individual PAKE algorithm types (`PSA_ALG_XXX` values of type
+ * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more
+ * information.
+ *
+ * When this function returns successfully, \p operation becomes inactive.
+ * If this function returns an error status, both \p operation
+ * and \p key_derivation operations enter an error state and must be aborted by
+ * calling psa_pake_abort() and psa_key_derivation_abort() respectively.
+ *
+ * \param[in,out] operation Active PAKE operation.
+ * \param[out] output A key derivation operation that is ready
+ * for an input step of type
+ * #PSA_KEY_DERIVATION_INPUT_SECRET.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The PAKE operation state is not valid (it must be active, but beyond
+ * that validity is specific to the algorithm).
+ * \retval #PSA_ERROR_BAD_STATE
+ * The state of \p output is not valid for
+ * the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the
+ * step is out of order or the application has done this step already
+ * and it may not be repeated.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * #PSA_KEY_DERIVATION_INPUT_SECRET is not compatible with the output’s
+ * algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation,
+ psa_key_derivation_operation_t *output);
+
+/**@}*/
+
+/** A sufficient output buffer size for psa_pake_output().
+ *
+ * If the size of the output buffer is at least this large, it is guaranteed
+ * that psa_pake_output() will not fail due to an insufficient output buffer
+ * size. The actual size of the output might be smaller in any given call.
+ *
+ * See also #PSA_PAKE_OUTPUT_MAX_SIZE
+ *
+ * \param alg A PAKE algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_PAKE(\p alg) is true).
+ * \param primitive A primitive of type ::psa_pake_primitive_t that is
+ * compatible with algorithm \p alg.
+ * \param output_step A value of type ::psa_pake_step_t that is valid for the
+ * algorithm \p alg.
+ * \return A sufficient output buffer size for the specified
+ * output, cipher suite and algorithm. If the cipher suite,
+ * the output type or PAKE algorithm is not recognized, or
+ * the parameters are incompatible, return 0.
+ */
+#define PSA_PAKE_OUTPUT_SIZE(alg, primitive, output_step) 0
+
+/** A sufficient input buffer size for psa_pake_input().
+ *
+ * The value returned by this macro is guaranteed to be large enough for any
+ * valid input to psa_pake_input() in an operation with the specified
+ * parameters.
+ *
+ * See also #PSA_PAKE_INPUT_MAX_SIZE
+ *
+ * \param alg A PAKE algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_PAKE(\p alg) is true).
+ * \param primitive A primitive of type ::psa_pake_primitive_t that is
+ * compatible with algorithm \p alg.
+ * \param input_step A value of type ::psa_pake_step_t that is valid for the
+ * algorithm \p alg.
+ * \return A sufficient input buffer size for the specified
+ * input, cipher suite and algorithm. If the cipher suite,
+ * the input type or PAKE algorithm is not recognized, or
+ * the parameters are incompatible, return 0.
+ */
+#define PSA_PAKE_INPUT_SIZE(alg, primitive, input_step) 0
+
+/** Output buffer size for psa_pake_output() for any of the supported cipher
+ * suites and PAKE algorithms.
+ *
+ * This macro must expand to a compile-time constant integer.
+ *
+ * See also #PSA_PAKE_OUTPUT_SIZE(\p alg, \p cipher_suite, \p output).
+ */
+#define PSA_PAKE_OUTPUT_MAX_SIZE 0
+
+/** Input buffer size for psa_pake_input() for any of the supported cipher
+ * suites and PAKE algorithms.
+ *
+ * This macro must expand to a compile-time constant integer.
+ *
+ * See also #PSA_PAKE_INPUT_SIZE(\p alg, \p cipher_suite, \p input).
+ */
+#define PSA_PAKE_INPUT_MAX_SIZE 0
+
+struct psa_pake_cipher_suite_s
+{
+ psa_algorithm_t algorithm;
+ psa_pake_primitive_type_t type;
+ psa_pake_family_t family;
+ uint16_t bits;
+ psa_algorithm_t hash;
+};
+
+static inline psa_algorithm_t psa_pake_cs_get_algorithm(
+ const psa_pake_cipher_suite_t *cipher_suite)
+{
+ return(cipher_suite->algorithm);
+}
+
+static inline void psa_pake_cs_set_algorithm(
+ psa_pake_cipher_suite_t *cipher_suite,
+ psa_algorithm_t algorithm)
+{
+ if(!PSA_ALG_IS_PAKE(algorithm))
+ cipher_suite->algorithm = 0;
+ else
+ cipher_suite->algorithm = algorithm;
+}
+
+static inline psa_pake_primitive_t psa_pake_cs_get_primitive(
+ const psa_pake_cipher_suite_t *cipher_suite)
+{
+ return(PSA_PAKE_PRIMITIVE(cipher_suite->type, cipher_suite->family,
+ cipher_suite->bits));
+}
+
+static inline void psa_pake_cs_set_primitive(
+ psa_pake_cipher_suite_t *cipher_suite,
+ psa_pake_primitive_t primitive)
+{
+ cipher_suite->type = (psa_pake_primitive_type_t) (primitive >> 24);
+ cipher_suite->family = (psa_pake_family_t) (0xFF & (primitive >> 16));
+ cipher_suite->bits = (uint16_t) (0xFFFF & primitive);
+}
+
+static inline psa_algorithm_t psa_pake_cs_get_hash(
+ const psa_pake_cipher_suite_t *cipher_suite)
+{
+ return(cipher_suite->hash);
+}
+
+static inline void psa_pake_cs_set_hash(
+ psa_pake_cipher_suite_t *cipher_suite,
+ psa_algorithm_t hash)
+{
+ if(!PSA_ALG_IS_HASH(hash))
+ cipher_suite->hash = 0;
+ else
+ cipher_suite->hash = hash;
+}
+
+struct psa_pake_operation_s
+{
+ psa_algorithm_t alg;
+ union
+ {
+ /* Make the union non-empty even with no supported algorithms. */
+ uint8_t dummy;
+ } ctx;
+};
+
+/* This only zeroes out the first byte in the union, the rest is unspecified. */
+#define PSA_PAKE_OPERATION_INIT {0, {0}}
+static inline struct psa_pake_operation_s psa_pake_operation_init(void)
+{
+ const struct psa_pake_operation_s v = PSA_PAKE_OPERATION_INIT;
+ return(v);
+}
+
#ifdef __cplusplus
}
#endif
diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h
index 66f4687..edf7210 100644
--- a/include/psa/crypto_platform.h
+++ b/include/psa/crypto_platform.h
@@ -32,6 +32,7 @@
#ifndef PSA_CRYPTO_PLATFORM_H
#define PSA_CRYPTO_PLATFORM_H
+#include "mbedtls/private_access.h"
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
* in each of its header files. */
@@ -104,7 +105,7 @@
* are expected to replace it with a custom definition.
*/
typedef struct {
- uintptr_t opaque[2];
+ uintptr_t MBEDTLS_PRIVATE(opaque)[2];
} mbedtls_psa_external_random_context_t;
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
index 1dc8f9b..91a6d0b 100644
--- a/include/psa/crypto_se_driver.h
+++ b/include/psa/crypto_se_driver.h
@@ -33,6 +33,7 @@
*/
#ifndef PSA_CRYPTO_SE_DRIVER_H
#define PSA_CRYPTO_SE_DRIVER_H
+#include "mbedtls/private_access.h"
#include "crypto_driver_common.h"
@@ -97,21 +98,21 @@
* - psa_destroy_key() causes a call to
* psa_drv_se_key_management_t::p_destroy.
*/
- const void *const persistent_data;
+ const void *const MBEDTLS_PRIVATE(persistent_data);
/** The size of \c persistent_data in bytes.
*
* This is always equal to the value of the `persistent_data_size` field
* of the ::psa_drv_se_t structure when the driver is registered.
*/
- const size_t persistent_data_size;
+ const size_t MBEDTLS_PRIVATE(persistent_data_size);
/** Driver transient data.
*
* The core initializes this value to 0 and does not read or modify it
* afterwards. The driver may store whatever it wants in this field.
*/
- uintptr_t transient_data;
+ uintptr_t MBEDTLS_PRIVATE(transient_data);
} psa_drv_se_context_t;
/** \brief A driver initialization function.
@@ -323,28 +324,28 @@
/**The size in bytes of the hardware-specific secure element MAC context
* structure
*/
- size_t context_size;
+ size_t MBEDTLS_PRIVATE(context_size);
/** Function that performs a MAC setup operation
*/
- psa_drv_se_mac_setup_t p_setup;
+ psa_drv_se_mac_setup_t MBEDTLS_PRIVATE(p_setup);
/** Function that performs a MAC update operation
*/
- psa_drv_se_mac_update_t p_update;
+ psa_drv_se_mac_update_t MBEDTLS_PRIVATE(p_update);
/** Function that completes a MAC operation
*/
- psa_drv_se_mac_finish_t p_finish;
+ psa_drv_se_mac_finish_t MBEDTLS_PRIVATE(p_finish);
/** Function that completes a MAC operation with a verify check
*/
- psa_drv_se_mac_finish_verify_t p_finish_verify;
+ psa_drv_se_mac_finish_verify_t MBEDTLS_PRIVATE(p_finish_verify);
/** Function that aborts a previoustly started MAC operation
*/
- psa_drv_se_mac_abort_t p_abort;
+ psa_drv_se_mac_abort_t MBEDTLS_PRIVATE(p_abort);
/** Function that performs a MAC operation in one call
*/
- psa_drv_se_mac_generate_t p_mac;
+ psa_drv_se_mac_generate_t MBEDTLS_PRIVATE(p_mac);
/** Function that performs a MAC and verify operation in one call
*/
- psa_drv_se_mac_verify_t p_mac_verify;
+ psa_drv_se_mac_verify_t MBEDTLS_PRIVATE(p_mac_verify);
} psa_drv_se_mac_t;
/**@}*/
@@ -510,22 +511,22 @@
/** The size in bytes of the hardware-specific secure element cipher
* context structure
*/
- size_t context_size;
+ size_t MBEDTLS_PRIVATE(context_size);
/** Function that performs a cipher setup operation */
- psa_drv_se_cipher_setup_t p_setup;
+ psa_drv_se_cipher_setup_t MBEDTLS_PRIVATE(p_setup);
/** Function that sets a cipher IV (if necessary) */
- psa_drv_se_cipher_set_iv_t p_set_iv;
+ psa_drv_se_cipher_set_iv_t MBEDTLS_PRIVATE(p_set_iv);
/** Function that performs a cipher update operation */
- psa_drv_se_cipher_update_t p_update;
+ psa_drv_se_cipher_update_t MBEDTLS_PRIVATE(p_update);
/** Function that completes a cipher operation */
- psa_drv_se_cipher_finish_t p_finish;
+ psa_drv_se_cipher_finish_t MBEDTLS_PRIVATE(p_finish);
/** Function that aborts a cipher operation */
- psa_drv_se_cipher_abort_t p_abort;
+ psa_drv_se_cipher_abort_t MBEDTLS_PRIVATE(p_abort);
/** Function that performs ECB mode for a cipher operation
* (Danger: ECB mode should not be used directly by clients of the PSA
* Crypto Client API)
*/
- psa_drv_se_cipher_ecb_t p_ecb;
+ psa_drv_se_cipher_ecb_t MBEDTLS_PRIVATE(p_ecb);
} psa_drv_se_cipher_t;
/**@}*/
@@ -681,13 +682,13 @@
*/
typedef struct {
/** Function that performs an asymmetric sign operation */
- psa_drv_se_asymmetric_sign_t p_sign;
+ psa_drv_se_asymmetric_sign_t MBEDTLS_PRIVATE(p_sign);
/** Function that performs an asymmetric verify operation */
- psa_drv_se_asymmetric_verify_t p_verify;
+ psa_drv_se_asymmetric_verify_t MBEDTLS_PRIVATE(p_verify);
/** Function that performs an asymmetric encrypt operation */
- psa_drv_se_asymmetric_encrypt_t p_encrypt;
+ psa_drv_se_asymmetric_encrypt_t MBEDTLS_PRIVATE(p_encrypt);
/** Function that performs an asymmetric decrypt operation */
- psa_drv_se_asymmetric_decrypt_t p_decrypt;
+ psa_drv_se_asymmetric_decrypt_t MBEDTLS_PRIVATE(p_decrypt);
} psa_drv_se_asymmetric_t;
/**@}*/
@@ -798,9 +799,9 @@
*/
typedef struct {
/** Function that performs the AEAD encrypt operation */
- psa_drv_se_aead_encrypt_t p_encrypt;
+ psa_drv_se_aead_encrypt_t MBEDTLS_PRIVATE(p_encrypt);
/** Function that performs the AEAD decrypt operation */
- psa_drv_se_aead_decrypt_t p_decrypt;
+ psa_drv_se_aead_decrypt_t MBEDTLS_PRIVATE(p_decrypt);
} psa_drv_se_aead_t;
/**@}*/
@@ -1120,19 +1121,19 @@
*/
typedef struct {
/** Function that allocates a slot for a key. */
- psa_drv_se_allocate_key_t p_allocate;
+ psa_drv_se_allocate_key_t MBEDTLS_PRIVATE(p_allocate);
/** Function that checks the validity of a slot for a key. */
- psa_drv_se_validate_slot_number_t p_validate_slot_number;
+ psa_drv_se_validate_slot_number_t MBEDTLS_PRIVATE(p_validate_slot_number);
/** Function that performs a key import operation */
- psa_drv_se_import_key_t p_import;
+ psa_drv_se_import_key_t MBEDTLS_PRIVATE(p_import);
/** Function that performs a generation */
- psa_drv_se_generate_key_t p_generate;
+ psa_drv_se_generate_key_t MBEDTLS_PRIVATE(p_generate);
/** Function that performs a key destroy operation */
- psa_drv_se_destroy_key_t p_destroy;
+ psa_drv_se_destroy_key_t MBEDTLS_PRIVATE(p_destroy);
/** Function that performs a key export operation */
- psa_drv_se_export_key_t p_export;
+ psa_drv_se_export_key_t MBEDTLS_PRIVATE(p_export);
/** Function that performs a public key export operation */
- psa_drv_se_export_key_t p_export_public;
+ psa_drv_se_export_key_t MBEDTLS_PRIVATE(p_export_public);
} psa_drv_se_key_management_t;
/**@}*/
@@ -1263,16 +1264,16 @@
*/
typedef struct {
/** The driver-specific size of the key derivation context */
- size_t context_size;
+ size_t MBEDTLS_PRIVATE(context_size);
/** Function that performs a key derivation setup */
- psa_drv_se_key_derivation_setup_t p_setup;
+ psa_drv_se_key_derivation_setup_t MBEDTLS_PRIVATE(p_setup);
/** Function that sets key derivation collateral */
- psa_drv_se_key_derivation_collateral_t p_collateral;
+ psa_drv_se_key_derivation_collateral_t MBEDTLS_PRIVATE(p_collateral);
/** Function that performs a final key derivation step */
- psa_drv_se_key_derivation_derive_t p_derive;
+ psa_drv_se_key_derivation_derive_t MBEDTLS_PRIVATE(p_derive);
/** Function that perforsm a final key derivation or agreement and
* exports the key */
- psa_drv_se_key_derivation_export_t p_export;
+ psa_drv_se_key_derivation_export_t MBEDTLS_PRIVATE(p_export);
} psa_drv_se_key_derivation_t;
/**@}*/
@@ -1293,7 +1294,7 @@
* a different version of this specification.
* Use #PSA_DRV_SE_HAL_VERSION.
*/
- uint32_t hal_version;
+ uint32_t MBEDTLS_PRIVATE(hal_version);
/** The size of the driver's persistent data in bytes.
*
@@ -1303,7 +1304,7 @@
* for more information about why and how a driver can use
* persistent data.
*/
- size_t persistent_data_size;
+ size_t MBEDTLS_PRIVATE(persistent_data_size);
/** The driver initialization function.
*
@@ -1315,14 +1316,14 @@
* If this field is \c NULL, it is equivalent to a function that does
* nothing and returns #PSA_SUCCESS.
*/
- psa_drv_se_init_t p_init;
+ psa_drv_se_init_t MBEDTLS_PRIVATE(p_init);
- const psa_drv_se_key_management_t *key_management;
- const psa_drv_se_mac_t *mac;
- const psa_drv_se_cipher_t *cipher;
- const psa_drv_se_aead_t *aead;
- const psa_drv_se_asymmetric_t *asymmetric;
- const psa_drv_se_key_derivation_t *derivation;
+ const psa_drv_se_key_management_t *MBEDTLS_PRIVATE(key_management);
+ const psa_drv_se_mac_t *MBEDTLS_PRIVATE(mac);
+ const psa_drv_se_cipher_t *MBEDTLS_PRIVATE(cipher);
+ const psa_drv_se_aead_t *MBEDTLS_PRIVATE(aead);
+ const psa_drv_se_asymmetric_t *MBEDTLS_PRIVATE(asymmetric);
+ const psa_drv_se_key_derivation_t *MBEDTLS_PRIVATE(derivation);
} psa_drv_se_t;
/** The current version of the secure element driver HAL.
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 79f9673..15cdb41 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -68,8 +68,6 @@
*/
#define PSA_HASH_LENGTH(alg) \
( \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 47012fd..0afdf84 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -60,6 +60,7 @@
#ifndef PSA_CRYPTO_STRUCT_H
#define PSA_CRYPTO_STRUCT_H
+#include "mbedtls/private_access.h"
#ifdef __cplusplus
extern "C" {
@@ -88,11 +89,11 @@
* ID values are auto-generated in psa_driver_wrappers.h.
* ID value zero means the context is not valid or not assigned to
* any driver (i.e. the driver context is not active, in use). */
- unsigned int id;
- psa_driver_hash_context_t ctx;
+ unsigned int MBEDTLS_PRIVATE(id);
+ psa_driver_hash_context_t MBEDTLS_PRIVATE(ctx);
};
-#define PSA_HASH_OPERATION_INIT {0, {0}}
+#define PSA_HASH_OPERATION_INIT { 0, { 0 } }
static inline struct psa_hash_operation_s psa_hash_operation_init( void )
{
const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
@@ -107,17 +108,17 @@
* ID values are auto-generated in psa_crypto_driver_wrappers.h
* ID value zero means the context is not valid or not assigned to
* any driver (i.e. none of the driver contexts are active). */
- unsigned int id;
+ unsigned int MBEDTLS_PRIVATE(id);
- unsigned int iv_required : 1;
- unsigned int iv_set : 1;
+ unsigned int MBEDTLS_PRIVATE(iv_required) : 1;
+ unsigned int MBEDTLS_PRIVATE(iv_set) : 1;
- uint8_t default_iv_length;
+ uint8_t MBEDTLS_PRIVATE(default_iv_length);
- psa_driver_cipher_context_t ctx;
+ psa_driver_cipher_context_t MBEDTLS_PRIVATE(ctx);
};
-#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, {0}}
+#define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } }
static inline struct psa_cipher_operation_s psa_cipher_operation_init( void )
{
const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT;
@@ -136,13 +137,13 @@
* ID values are auto-generated in psa_driver_wrappers.h
* ID value zero means the context is not valid or not assigned to
* any driver (i.e. none of the driver contexts are active). */
- unsigned int id;
- uint8_t mac_size;
- unsigned int is_sign : 1;
- psa_driver_mac_context_t ctx;
+ unsigned int MBEDTLS_PRIVATE(id);
+ uint8_t MBEDTLS_PRIVATE(mac_size);
+ unsigned int MBEDTLS_PRIVATE(is_sign) : 1;
+ psa_driver_mac_context_t MBEDTLS_PRIVATE(ctx);
};
-#define PSA_MAC_OPERATION_INIT {0, 0, 0, {0}}
+#define PSA_MAC_OPERATION_INIT { 0, 0, 0, { 0 } }
static inline struct psa_mac_operation_s psa_mac_operation_init( void )
{
const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
@@ -151,19 +152,19 @@
struct psa_aead_operation_s
{
- psa_algorithm_t alg;
- unsigned int key_set : 1;
- unsigned int iv_set : 1;
- uint8_t iv_size;
- uint8_t block_size;
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
+ unsigned int MBEDTLS_PRIVATE(key_set) : 1;
+ unsigned int MBEDTLS_PRIVATE(iv_set) : 1;
+ uint8_t MBEDTLS_PRIVATE(iv_size);
+ uint8_t MBEDTLS_PRIVATE(block_size);
union
{
- unsigned dummy; /* Enable easier initializing of the union. */
- mbedtls_cipher_context_t cipher;
- } ctx;
+ unsigned MBEDTLS_PRIVATE(dummy); /* Enable easier initializing of the union. */
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher);
+ } MBEDTLS_PRIVATE(ctx);
};
-#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, {0}}
+#define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, { 0 } }
static inline struct psa_aead_operation_s psa_aead_operation_init( void )
{
const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
@@ -173,18 +174,18 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
typedef struct
{
- uint8_t *info;
- size_t info_length;
- psa_mac_operation_t hmac;
- uint8_t prk[PSA_HASH_MAX_SIZE];
- uint8_t output_block[PSA_HASH_MAX_SIZE];
+ uint8_t *MBEDTLS_PRIVATE(info);
+ size_t MBEDTLS_PRIVATE(info_length);
+ psa_mac_operation_t MBEDTLS_PRIVATE(hmac);
+ uint8_t MBEDTLS_PRIVATE(prk)[PSA_HASH_MAX_SIZE];
+ uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE];
#if PSA_HASH_MAX_SIZE > 0xff
#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
#endif
- uint8_t offset_in_block;
- uint8_t block_number;
- unsigned int state : 2;
- unsigned int info_set : 1;
+ uint8_t MBEDTLS_PRIVATE(offset_in_block);
+ uint8_t MBEDTLS_PRIVATE(block_number);
+ unsigned int MBEDTLS_PRIVATE(state) : 2;
+ unsigned int MBEDTLS_PRIVATE(info_set) : 1;
} psa_hkdf_key_derivation_t;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */
@@ -207,50 +208,51 @@
/* Indicates how many bytes in the current HMAC block have
* not yet been read by the user. */
- uint8_t left_in_block;
+ uint8_t MBEDTLS_PRIVATE(left_in_block);
/* The 1-based number of the block. */
- uint8_t block_number;
+ uint8_t MBEDTLS_PRIVATE(block_number);
- psa_tls12_prf_key_derivation_state_t state;
+ psa_tls12_prf_key_derivation_state_t MBEDTLS_PRIVATE(state);
- uint8_t *secret;
- size_t secret_length;
- uint8_t *seed;
- size_t seed_length;
- uint8_t *label;
- size_t label_length;
+ uint8_t *MBEDTLS_PRIVATE(secret);
+ size_t MBEDTLS_PRIVATE(secret_length);
+ uint8_t *MBEDTLS_PRIVATE(seed);
+ size_t MBEDTLS_PRIVATE(seed_length);
+ uint8_t *MBEDTLS_PRIVATE(label);
+ size_t MBEDTLS_PRIVATE(label_length);
- uint8_t Ai[PSA_HASH_MAX_SIZE];
+ uint8_t MBEDTLS_PRIVATE(Ai)[PSA_HASH_MAX_SIZE];
- /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */
- uint8_t output_block[PSA_HASH_MAX_SIZE];
+ /* `HMAC_hash( prk, A( i ) + seed )` in the notation of RFC 5246, Sect. 5. */
+ uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE];
} psa_tls12_prf_key_derivation_t;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
struct psa_key_derivation_s
{
- psa_algorithm_t alg;
- unsigned int can_output_key : 1;
- size_t capacity;
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
+ unsigned int MBEDTLS_PRIVATE(can_output_key) : 1;
+ size_t MBEDTLS_PRIVATE(capacity);
union
{
/* Make the union non-empty even with no supported algorithms. */
- uint8_t dummy;
+ uint8_t MBEDTLS_PRIVATE(dummy);
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
- psa_hkdf_key_derivation_t hkdf;
+ psa_hkdf_key_derivation_t MBEDTLS_PRIVATE(hkdf);
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
- psa_tls12_prf_key_derivation_t tls12_prf;
+ psa_tls12_prf_key_derivation_t MBEDTLS_PRIVATE(tls12_prf);
#endif
- } ctx;
+ } MBEDTLS_PRIVATE(ctx);
};
/* This only zeroes out the first byte in the union, the rest is unspecified. */
-#define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, 0, {0}}
-static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void )
+#define PSA_KEY_DERIVATION_OPERATION_INIT { 0, 0, 0, { 0 } }
+static inline struct psa_key_derivation_s psa_key_derivation_operation_init(
+ void )
{
const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT;
return( v );
@@ -258,13 +260,13 @@
struct psa_key_policy_s
{
- psa_key_usage_t usage;
- psa_algorithm_t alg;
- psa_algorithm_t alg2;
+ psa_key_usage_t MBEDTLS_PRIVATE(usage);
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
+ psa_algorithm_t MBEDTLS_PRIVATE(alg2);
};
typedef struct psa_key_policy_s psa_key_policy_t;
-#define PSA_KEY_POLICY_INIT {0, 0, 0}
+#define PSA_KEY_POLICY_INIT { 0, 0, 0 }
static inline struct psa_key_policy_s psa_key_policy_init( void )
{
const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT;
@@ -276,7 +278,7 @@
typedef uint16_t psa_key_bits_t;
/* The maximum value of the type used to represent bit-sizes.
* This is used to mark an invalid key size. */
-#define PSA_KEY_BITS_TOO_LARGE ( (psa_key_bits_t) ( -1 ) )
+#define PSA_KEY_BITS_TOO_LARGE ( ( psa_key_bits_t ) -1 )
/* The maximum size of a key in bits.
* Currently defined as the maximum that can be represented, rounded down
* to a whole number of bytes.
@@ -309,30 +311,33 @@
typedef struct
{
- psa_key_type_t type;
- psa_key_bits_t bits;
- psa_key_lifetime_t lifetime;
- mbedtls_svc_key_id_t id;
- psa_key_policy_t policy;
- psa_key_attributes_flag_t flags;
+ psa_key_type_t MBEDTLS_PRIVATE(type);
+ psa_key_bits_t MBEDTLS_PRIVATE(bits);
+ psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime);
+ mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id);
+ psa_key_policy_t MBEDTLS_PRIVATE(policy);
+ psa_key_attributes_flag_t MBEDTLS_PRIVATE(flags);
} psa_core_key_attributes_t;
-#define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, MBEDTLS_SVC_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0}
+#define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0, \
+ PSA_KEY_LIFETIME_VOLATILE, \
+ MBEDTLS_SVC_KEY_ID_INIT, \
+ PSA_KEY_POLICY_INIT, 0 }
struct psa_key_attributes_s
{
- psa_core_key_attributes_t core;
+ psa_core_key_attributes_t MBEDTLS_PRIVATE(core);
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- psa_key_slot_number_t slot_number;
+ psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- void *domain_parameters;
- size_t domain_parameters_size;
+ void *MBEDTLS_PRIVATE(domain_parameters);
+ size_t MBEDTLS_PRIVATE(domain_parameters_size);
};
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0}
+#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0 }
#else
-#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0}
+#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0 }
#endif
static inline struct psa_key_attributes_s psa_key_attributes_init( void )
@@ -344,13 +349,13 @@
static inline void psa_set_key_id( psa_key_attributes_t *attributes,
mbedtls_svc_key_id_t key )
{
- psa_key_lifetime_t lifetime = attributes->core.lifetime;
+ psa_key_lifetime_t lifetime = attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime);
- attributes->core.id = key;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = key;
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
- attributes->core.lifetime =
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) =
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_LIFETIME_PERSISTENT,
PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) );
@@ -358,77 +363,77 @@
}
static inline mbedtls_svc_key_id_t psa_get_key_id(
- const psa_key_attributes_t *attributes)
+ const psa_key_attributes_t *attributes )
{
- return( attributes->core.id );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) );
}
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
static inline void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes,
mbedtls_key_owner_id_t owner )
{
- attributes->core.id.owner = owner;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = owner;
}
#endif
-static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
- psa_key_lifetime_t lifetime)
+static inline void psa_set_key_lifetime( psa_key_attributes_t *attributes,
+ psa_key_lifetime_t lifetime )
{
- attributes->core.lifetime = lifetime;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) = lifetime;
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
- attributes->core.id.key_id = 0;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id) = 0;
#else
- attributes->core.id = 0;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = 0;
#endif
}
}
static inline psa_key_lifetime_t psa_get_key_lifetime(
- const psa_key_attributes_t *attributes)
+ const psa_key_attributes_t *attributes )
{
- return( attributes->core.lifetime );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) );
}
-static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
- psa_key_usage_t usage_flags)
+static inline void psa_set_key_usage_flags( psa_key_attributes_t *attributes,
+ psa_key_usage_t usage_flags )
{
- attributes->core.policy.usage = usage_flags;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags;
}
static inline psa_key_usage_t psa_get_key_usage_flags(
- const psa_key_attributes_t *attributes)
+ const psa_key_attributes_t *attributes )
{
- return( attributes->core.policy.usage );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) );
}
-static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
- psa_algorithm_t alg)
+static inline void psa_set_key_algorithm( psa_key_attributes_t *attributes,
+ psa_algorithm_t alg )
{
- attributes->core.policy.alg = alg;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) = alg;
}
static inline psa_algorithm_t psa_get_key_algorithm(
- const psa_key_attributes_t *attributes)
+ const psa_key_attributes_t *attributes )
{
- return( attributes->core.policy.alg );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) );
}
/* This function is declared in crypto_extra.h, which comes after this
* header file, but we need the function here, so repeat the declaration. */
-psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
+psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes,
psa_key_type_t type,
const uint8_t *data,
- size_t data_length);
+ size_t data_length );
-static inline void psa_set_key_type(psa_key_attributes_t *attributes,
- psa_key_type_t type)
+static inline void psa_set_key_type( psa_key_attributes_t *attributes,
+ psa_key_type_t type )
{
- if( attributes->domain_parameters == NULL )
+ if( attributes->MBEDTLS_PRIVATE(domain_parameters) == NULL )
{
/* Common case: quick path */
- attributes->core.type = type;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) = type;
}
else
{
@@ -441,24 +446,24 @@
}
static inline psa_key_type_t psa_get_key_type(
- const psa_key_attributes_t *attributes)
+ const psa_key_attributes_t *attributes )
{
- return( attributes->core.type );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) );
}
-static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
- size_t bits)
+static inline void psa_set_key_bits( psa_key_attributes_t *attributes,
+ size_t bits )
{
if( bits > PSA_MAX_KEY_BITS )
- attributes->core.bits = PSA_KEY_BITS_TOO_LARGE;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = PSA_KEY_BITS_TOO_LARGE;
else
- attributes->core.bits = (psa_key_bits_t) bits;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = (psa_key_bits_t) bits;
}
static inline size_t psa_get_key_bits(
- const psa_key_attributes_t *attributes)
+ const psa_key_attributes_t *attributes )
{
- return( attributes->core.bits );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) );
}
#ifdef __cplusplus
diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
index 386c7d7..2cf965d 100644
--- a/include/psa/crypto_types.h
+++ b/include/psa/crypto_types.h
@@ -32,6 +32,7 @@
#ifndef PSA_CRYPTO_TYPES_H
#define PSA_CRYPTO_TYPES_H
+#include "mbedtls/private_access.h"
#include "crypto_platform.h"
@@ -234,8 +235,8 @@
*/
typedef struct
{
- psa_key_id_t key_id;
- mbedtls_key_owner_id_t owner;
+ psa_key_id_t MBEDTLS_PRIVATE(key_id);
+ mbedtls_key_owner_id_t MBEDTLS_PRIVATE(owner);
} mbedtls_svc_key_id_t;
#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 497bd8f..7d2f432 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -33,6 +33,7 @@
#ifndef PSA_CRYPTO_VALUES_H
#define PSA_CRYPTO_VALUES_H
+#include "mbedtls/private_access.h"
/** \defgroup error Error codes
* @{
@@ -480,12 +481,6 @@
* Camellia block cipher. */
#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x2403)
-/** Key for the RC4 stream cipher.
- *
- * Note that RC4 is weak and deprecated and should only be used in
- * legacy protocols. */
-#define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x2002)
-
/** Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm.
*
* ChaCha20 and the ChaCha20_Poly1305 construction are defined in RFC 7539.
@@ -849,10 +844,6 @@
(alg) & PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG)
#define PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff)
-/** MD2 */
-#define PSA_ALG_MD2 ((psa_algorithm_t)0x02000001)
-/** MD4 */
-#define PSA_ALG_MD4 ((psa_algorithm_t)0x02000002)
/** MD5 */
#define PSA_ALG_MD5 ((psa_algorithm_t)0x02000003)
/** PSA_ALG_RIPEMD160 */
@@ -1114,7 +1105,6 @@
*
* The underlying stream cipher is determined by the key type.
* - To use ChaCha20, use a key type of #PSA_KEY_TYPE_CHACHA20.
- * - To use ARC4, use a key type of #PSA_KEY_TYPE_ARC4.
*/
#define PSA_ALG_STREAM_CIPHER ((psa_algorithm_t)0x04800100)
@@ -2030,6 +2020,27 @@
(PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
PSA_KEY_PERSISTENCE_VOLATILE)
+/** Whether a key lifetime indicates that the key is read-only.
+ *
+ * Read-only keys cannot be created or destroyed through the PSA Crypto API.
+ * They must be created through platform-specific means that bypass the API.
+ *
+ * Some platforms may offer ways to destroy read-only keys. For example,
+ * consider a platform with multiple levels of privilege, where a
+ * low-privilege application can use a key but is not allowed to destroy
+ * it, and the platform exposes the key to the application with a read-only
+ * lifetime. High-privilege code can destroy the key even though the
+ * application sees the key as read-only.
+ *
+ * \param lifetime The lifetime value to query (value of type
+ * ::psa_key_lifetime_t).
+ *
+ * \return \c 1 if the key is read-only, otherwise \c 0.
+ */
+#define PSA_KEY_LIFETIME_IS_READ_ONLY(lifetime) \
+ (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
+ PSA_KEY_PERSISTENCE_READ_ONLY)
+
/** Construct a lifetime from a persistence level and a location.
*
* \param persistence The persistence level
@@ -2124,8 +2135,8 @@
static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id )
{
- return( (mbedtls_svc_key_id_t){ .key_id = key_id,
- .owner = owner_id } );
+ return( (mbedtls_svc_key_id_t){ .MBEDTLS_PRIVATE(key_id) = key_id,
+ .MBEDTLS_PRIVATE(owner) = owner_id } );
}
/** Compare two key identifiers.
@@ -2138,8 +2149,8 @@
static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
mbedtls_svc_key_id_t id2 )
{
- return( ( id1.key_id == id2.key_id ) &&
- mbedtls_key_owner_id_equal( id1.owner, id2.owner ) );
+ return( ( id1.MBEDTLS_PRIVATE(key_id) == id2.MBEDTLS_PRIVATE(key_id) ) &&
+ mbedtls_key_owner_id_equal( id1.MBEDTLS_PRIVATE(owner), id2.MBEDTLS_PRIVATE(owner) ) );
}
/** Check whether a key identifier is null.
@@ -2150,7 +2161,7 @@
*/
static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
{
- return( ( key.key_id == 0 ) && ( key.owner == 0 ) );
+ return( key.MBEDTLS_PRIVATE(key_id) == 0 );
}
#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index f31820a..d6ecba5 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -13,13 +13,11 @@
set(src_crypto
aes.c
aesni.c
- arc4.c
aria.c
asn1parse.c
asn1write.c
base64.c
bignum.c
- blowfish.c
camellia.c
ccm.c
chacha20.c
@@ -42,8 +40,6 @@
hkdf.c
hmac_drbg.c
md.c
- md2.c
- md4.c
md5.c
memory_buffer_alloc.c
mps_reader.c
@@ -84,7 +80,6 @@
timing.c
version.c
version_features.c
- xtea.c
)
list(APPEND src_crypto ${thirdparty_src})
diff --git a/library/Makefile b/library/Makefile
index 90a477d..62fd997 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -72,13 +72,11 @@
OBJS_CRYPTO= \
aes.o \
aesni.o \
- arc4.o \
aria.o \
asn1parse.o \
asn1write.o \
base64.o \
bignum.o \
- blowfish.o \
camellia.o \
ccm.o \
chacha20.o \
@@ -101,8 +99,6 @@
hkdf.o \
hmac_drbg.o \
md.o \
- md2.o \
- md4.o \
md5.o \
memory_buffer_alloc.o \
mps_reader.o \
@@ -143,7 +139,6 @@
timing.o \
version.o \
version_features.o \
- xtea.o \
# This line is intentionally left blank
include ../3rdparty/Makefile.inc
diff --git a/library/arc4.c b/library/arc4.c
deleted file mode 100644
index b34dc5e..0000000
--- a/library/arc4.c
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- * An implementation of the ARCFOUR algorithm
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * The ARCFOUR algorithm was publicly disclosed on 94/09.
- *
- * http://groups.google.com/group/sci.crypt/msg/10a300c9d21afca0
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_ARC4_C)
-
-#include "mbedtls/arc4.h"
-#include "mbedtls/platform_util.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#if !defined(MBEDTLS_ARC4_ALT)
-
-void mbedtls_arc4_init( mbedtls_arc4_context *ctx )
-{
- memset( ctx, 0, sizeof( mbedtls_arc4_context ) );
-}
-
-void mbedtls_arc4_free( mbedtls_arc4_context *ctx )
-{
- if( ctx == NULL )
- return;
-
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_arc4_context ) );
-}
-
-/*
- * ARC4 key schedule
- */
-void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
- unsigned int keylen )
-{
- int i, j, a;
- unsigned int k;
- unsigned char *m;
-
- ctx->x = 0;
- ctx->y = 0;
- m = ctx->m;
-
- for( i = 0; i < 256; i++ )
- m[i] = (unsigned char) i;
-
- j = k = 0;
-
- for( i = 0; i < 256; i++, k++ )
- {
- if( k >= keylen ) k = 0;
-
- a = m[i];
- j = ( j + a + key[k] ) & 0xFF;
- m[i] = m[j];
- m[j] = (unsigned char) a;
- }
-}
-
-/*
- * ARC4 cipher function
- */
-int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
- unsigned char *output )
-{
- int x, y, a, b;
- size_t i;
- unsigned char *m;
-
- x = ctx->x;
- y = ctx->y;
- m = ctx->m;
-
- for( i = 0; i < length; i++ )
- {
- x = ( x + 1 ) & 0xFF; a = m[x];
- y = ( y + a ) & 0xFF; b = m[y];
-
- m[x] = (unsigned char) b;
- m[y] = (unsigned char) a;
-
- output[i] = (unsigned char)
- ( input[i] ^ m[(unsigned char)( a + b )] );
- }
-
- ctx->x = x;
- ctx->y = y;
-
- return( 0 );
-}
-
-#endif /* !MBEDTLS_ARC4_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * ARC4 tests vectors as posted by Eric Rescorla in sep. 1994:
- *
- * http://groups.google.com/group/comp.security.misc/msg/10a300c9d21afca0
- */
-static const unsigned char arc4_test_key[3][8] =
-{
- { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
- { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-};
-
-static const unsigned char arc4_test_pt[3][8] =
-{
- { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-};
-
-static const unsigned char arc4_test_ct[3][8] =
-{
- { 0x75, 0xB7, 0x87, 0x80, 0x99, 0xE0, 0xC5, 0x96 },
- { 0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79 },
- { 0xDE, 0x18, 0x89, 0x41, 0xA3, 0x37, 0x5D, 0x3A }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_arc4_self_test( int verbose )
-{
- int i, ret = 0;
- unsigned char ibuf[8];
- unsigned char obuf[8];
- mbedtls_arc4_context ctx;
-
- mbedtls_arc4_init( &ctx );
-
- for( i = 0; i < 3; i++ )
- {
- if( verbose != 0 )
- mbedtls_printf( " ARC4 test #%d: ", i + 1 );
-
- memcpy( ibuf, arc4_test_pt[i], 8 );
-
- mbedtls_arc4_setup( &ctx, arc4_test_key[i], 8 );
- mbedtls_arc4_crypt( &ctx, 8, ibuf, obuf );
-
- if( memcmp( obuf, arc4_test_ct[i], 8 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
- }
-
- if( verbose != 0 )
- mbedtls_printf( "\n" );
-
-exit:
- mbedtls_arc4_free( &ctx );
-
- return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_ARC4_C */
diff --git a/library/bignum.c b/library/bignum.c
index c49d63e..10d824f 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -203,7 +203,13 @@
}
/*
- * Copy the contents of Y into X
+ * Copy the contents of Y into X.
+ *
+ * This function is not constant-time. Leading zeros in Y may be removed.
+ *
+ * Ensure that X does not shrink. This is not guaranteed by the public API,
+ * but some code in the bignum module relies on this property, for example
+ * in mbedtls_mpi_exp_mod().
*/
int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y )
{
@@ -217,7 +223,11 @@
if( Y->n == 0 )
{
- mbedtls_mpi_free( X );
+ if( X->n != 0 )
+ {
+ X->s = 1;
+ memset( X->p, 0, X->n * ciL );
+ }
return( 0 );
}
@@ -502,6 +512,12 @@
mbedtls_mpi_init( &T );
+ if( s[0] == 0 )
+ {
+ mbedtls_mpi_free( X );
+ return( 0 );
+ }
+
if( s[0] == '-' )
{
++s;
@@ -1625,6 +1641,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, j;
mbedtls_mpi TA, TB;
+ int result_is_zero = 0;
MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( A != NULL );
MPI_VALIDATE_RET( B != NULL );
@@ -1637,10 +1654,14 @@
for( i = A->n; i > 0; i-- )
if( A->p[i - 1] != 0 )
break;
+ if( i == 0 )
+ result_is_zero = 1;
for( j = B->n; j > 0; j-- )
if( B->p[j - 1] != 0 )
break;
+ if( j == 0 )
+ result_is_zero = 1;
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
@@ -1648,7 +1669,14 @@
for( ; j > 0; j-- )
mpi_mul_hlp( i, A->p, X->p + j - 1, B->p[j - 1] );
- X->s = A->s * B->s;
+ /* If the result is 0, we don't shortcut the operation, which reduces
+ * but does not eliminate side channels leaking the zero-ness. We do
+ * need to take care to set the sign bit properly since the library does
+ * not fully support an MPI object with a value of 0 and s == -1. */
+ if( result_is_zero )
+ X->s = 1;
+ else
+ X->s = A->s * B->s;
cleanup:
@@ -2175,6 +2203,11 @@
#endif
j = N->n + 1;
+ /* All W[i] and X must have at least N->n limbs for the mpi_montmul()
+ * and mpi_montred() calls later. Here we ensure that W[1] and X are
+ * large enough, and later we'll grow other W[i] to the same length.
+ * They must not be shrunk midway through this function!
+ */
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], j ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) );
@@ -2209,10 +2242,18 @@
* W[1] = A * R^2 * R^-1 mod N = A * R mod N
*/
if( mbedtls_mpi_cmp_mpi( A, N ) >= 0 )
+ {
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &W[1], A, N ) );
+ /* This should be a no-op because W[1] is already that large before
+ * mbedtls_mpi_mod_mpi(), but it's necessary to avoid an overflow
+ * in mpi_montmul() below, so let's make sure. */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], N->n + 1 ) );
+ }
else
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) );
+ /* Note that this is safe because W[1] always has at least N->n limbs
+ * (it grew above and was preserved by mbedtls_mpi_copy()). */
mpi_montmul( &W[1], &RR, N, mm, &T );
/*
@@ -2368,19 +2409,67 @@
lz = mbedtls_mpi_lsb( &TA );
lzt = mbedtls_mpi_lsb( &TB );
+ /* The loop below gives the correct result when A==0 but not when B==0.
+ * So have a special case for B==0. Leverage the fact that we just
+ * calculated the lsb and lsb(B)==0 iff B is odd or 0 to make the test
+ * slightly more efficient than cmp_int(). */
+ if( lzt == 0 && mbedtls_mpi_get_bit( &TB, 0 ) == 0 )
+ {
+ ret = mbedtls_mpi_copy( G, A );
+ goto cleanup;
+ }
+
if( lzt < lz )
lz = lzt;
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, lz ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, lz ) );
-
TA.s = TB.s = 1;
+ /* We mostly follow the procedure described in HAC 14.54, but with some
+ * minor differences:
+ * - Sequences of multiplications or divisions by 2 are grouped into a
+ * single shift operation.
+ * - The procedure in HAC assumes that 0 < TB <= TA.
+ * - The condition TB <= TA is not actually necessary for correctness.
+ * TA and TB have symmetric roles except for the loop termination
+ * condition, and the shifts at the beginning of the loop body
+ * remove any significance from the ordering of TA vs TB before
+ * the shifts.
+ * - If TA = 0, the loop goes through 0 iterations and the result is
+ * correctly TB.
+ * - The case TB = 0 was short-circuited above.
+ *
+ * For the correctness proof below, decompose the original values of
+ * A and B as
+ * A = sa * 2^a * A' with A'=0 or A' odd, and sa = +-1
+ * B = sb * 2^b * B' with B'=0 or B' odd, and sb = +-1
+ * Then gcd(A, B) = 2^{min(a,b)} * gcd(A',B'),
+ * and gcd(A',B') is odd or 0.
+ *
+ * At the beginning, we have TA = |A| and TB = |B| so gcd(A,B) = gcd(TA,TB).
+ * The code maintains the following invariant:
+ * gcd(A,B) = 2^k * gcd(TA,TB) for some k (I)
+ */
+
+ /* Proof that the loop terminates:
+ * At each iteration, either the right-shift by 1 is made on a nonzero
+ * value and the nonnegative integer bitlen(TA) + bitlen(TB) decreases
+ * by at least 1, or the right-shift by 1 is made on zero and then
+ * TA becomes 0 which ends the loop (TB cannot be 0 if it is right-shifted
+ * since in that case TB is calculated from TB-TA with the condition TB>TA).
+ */
while( mbedtls_mpi_cmp_int( &TA, 0 ) != 0 )
{
+ /* Divisions by 2 preserve the invariant (I). */
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, mbedtls_mpi_lsb( &TA ) ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, mbedtls_mpi_lsb( &TB ) ) );
+ /* Set either TA or TB to |TA-TB|/2. Since TA and TB are both odd,
+ * TA-TB is even so the division by 2 has an integer result.
+ * Invariant (I) is preserved since any odd divisor of both TA and TB
+ * also divides |TA-TB|/2, and any odd divisor of both TA and |TA-TB|/2
+ * also divides TB, and any odd divisior of both TB and |TA-TB|/2 also
+ * divides TA.
+ */
if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TA, &TA, &TB ) );
@@ -2391,8 +2480,18 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TB, &TB, &TA ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, 1 ) );
}
+ /* Note that one of TA or TB is still odd. */
}
+ /* By invariant (I), gcd(A,B) = 2^k * gcd(TA,TB) for some k.
+ * At the loop exit, TA = 0, so gcd(TA,TB) = TB.
+ * - If there was at least one loop iteration, then one of TA or TB is odd,
+ * and TA = 0, so TB is odd and gcd(TA,TB) = gcd(A',B'). In this case,
+ * lz = min(a,b) so gcd(A,B) = 2^lz * TB.
+ * - If there was no loop iteration, then A was 0, and gcd(A,B) = B.
+ * In this case, lz = 0 and B = TB so gcd(A,B) = B = 2^lz * TB as well.
+ */
+
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &TB, lz ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( G, &TB ) );
diff --git a/library/blowfish.c b/library/blowfish.c
deleted file mode 100644
index 76da448..0000000
--- a/library/blowfish.c
+++ /dev/null
@@ -1,690 +0,0 @@
-/*
- * Blowfish implementation
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * The Blowfish block cipher was designed by Bruce Schneier in 1993.
- * http://www.schneier.com/blowfish.html
- * http://en.wikipedia.org/wiki/Blowfish_%28cipher%29
- *
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_BLOWFISH_C)
-
-#include "mbedtls/blowfish.h"
-#include "mbedtls/platform_util.h"
-
-#include <string.h>
-
-#if !defined(MBEDTLS_BLOWFISH_ALT)
-
-/* Parameter validation macros */
-#define BLOWFISH_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA )
-#define BLOWFISH_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
-/*
- * 32-bit integer manipulation macros (big endian)
- */
-#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i) \
-{ \
- (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
- | ( (uint32_t) (b)[(i) + 1] << 16 ) \
- | ( (uint32_t) (b)[(i) + 2] << 8 ) \
- | ( (uint32_t) (b)[(i) + 3] ); \
-}
-#endif
-
-#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i) \
-{ \
- (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
- (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
- (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
- (b)[(i) + 3] = (unsigned char) ( (n) ); \
-}
-#endif
-
-static const uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2] = {
- 0x243F6A88L, 0x85A308D3L, 0x13198A2EL, 0x03707344L,
- 0xA4093822L, 0x299F31D0L, 0x082EFA98L, 0xEC4E6C89L,
- 0x452821E6L, 0x38D01377L, 0xBE5466CFL, 0x34E90C6CL,
- 0xC0AC29B7L, 0xC97C50DDL, 0x3F84D5B5L, 0xB5470917L,
- 0x9216D5D9L, 0x8979FB1BL
-};
-
-/* declarations of data at the end of this file */
-static const uint32_t S[4][256];
-
-static uint32_t F( mbedtls_blowfish_context *ctx, uint32_t x )
-{
- unsigned short a, b, c, d;
- uint32_t y;
-
- d = (unsigned short)(x & 0xFF);
- x >>= 8;
- c = (unsigned short)(x & 0xFF);
- x >>= 8;
- b = (unsigned short)(x & 0xFF);
- x >>= 8;
- a = (unsigned short)(x & 0xFF);
- y = ctx->S[0][a] + ctx->S[1][b];
- y = y ^ ctx->S[2][c];
- y = y + ctx->S[3][d];
-
- return( y );
-}
-
-static void blowfish_enc( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr )
-{
- uint32_t Xl, Xr, temp;
- short i;
-
- Xl = *xl;
- Xr = *xr;
-
- for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS; ++i )
- {
- Xl = Xl ^ ctx->P[i];
- Xr = F( ctx, Xl ) ^ Xr;
-
- temp = Xl;
- Xl = Xr;
- Xr = temp;
- }
-
- temp = Xl;
- Xl = Xr;
- Xr = temp;
-
- Xr = Xr ^ ctx->P[MBEDTLS_BLOWFISH_ROUNDS];
- Xl = Xl ^ ctx->P[MBEDTLS_BLOWFISH_ROUNDS + 1];
-
- *xl = Xl;
- *xr = Xr;
-}
-
-static void blowfish_dec( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr )
-{
- uint32_t Xl, Xr, temp;
- short i;
-
- Xl = *xl;
- Xr = *xr;
-
- for( i = MBEDTLS_BLOWFISH_ROUNDS + 1; i > 1; --i )
- {
- Xl = Xl ^ ctx->P[i];
- Xr = F( ctx, Xl ) ^ Xr;
-
- temp = Xl;
- Xl = Xr;
- Xr = temp;
- }
-
- temp = Xl;
- Xl = Xr;
- Xr = temp;
-
- Xr = Xr ^ ctx->P[1];
- Xl = Xl ^ ctx->P[0];
-
- *xl = Xl;
- *xr = Xr;
-}
-
-void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx )
-{
- BLOWFISH_VALIDATE( ctx != NULL );
- memset( ctx, 0, sizeof( mbedtls_blowfish_context ) );
-}
-
-void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx )
-{
- if( ctx == NULL )
- return;
-
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_blowfish_context ) );
-}
-
-/*
- * Blowfish key schedule
- */
-int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx,
- const unsigned char *key,
- unsigned int keybits )
-{
- unsigned int i, j, k;
- uint32_t data, datal, datar;
- BLOWFISH_VALIDATE_RET( ctx != NULL );
- BLOWFISH_VALIDATE_RET( key != NULL );
-
- if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS ||
- keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS ||
- keybits % 8 != 0 )
- {
- return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
- }
-
- keybits >>= 3;
-
- for( i = 0; i < 4; i++ )
- {
- for( j = 0; j < 256; j++ )
- ctx->S[i][j] = S[i][j];
- }
-
- j = 0;
- for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; ++i )
- {
- data = 0x00000000;
- for( k = 0; k < 4; ++k )
- {
- data = ( data << 8 ) | key[j++];
- if( j >= keybits )
- j = 0;
- }
- ctx->P[i] = P[i] ^ data;
- }
-
- datal = 0x00000000;
- datar = 0x00000000;
-
- for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; i += 2 )
- {
- blowfish_enc( ctx, &datal, &datar );
- ctx->P[i] = datal;
- ctx->P[i + 1] = datar;
- }
-
- for( i = 0; i < 4; i++ )
- {
- for( j = 0; j < 256; j += 2 )
- {
- blowfish_enc( ctx, &datal, &datar );
- ctx->S[i][j] = datal;
- ctx->S[i][j + 1] = datar;
- }
- }
- return( 0 );
-}
-
-/*
- * Blowfish-ECB block encryption/decryption
- */
-int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
- int mode,
- const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
- unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] )
-{
- uint32_t X0, X1;
- BLOWFISH_VALIDATE_RET( ctx != NULL );
- BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
- mode == MBEDTLS_BLOWFISH_DECRYPT );
- BLOWFISH_VALIDATE_RET( input != NULL );
- BLOWFISH_VALIDATE_RET( output != NULL );
-
- GET_UINT32_BE( X0, input, 0 );
- GET_UINT32_BE( X1, input, 4 );
-
- if( mode == MBEDTLS_BLOWFISH_DECRYPT )
- {
- blowfish_dec( ctx, &X0, &X1 );
- }
- else /* MBEDTLS_BLOWFISH_ENCRYPT */
- {
- blowfish_enc( ctx, &X0, &X1 );
- }
-
- PUT_UINT32_BE( X0, output, 0 );
- PUT_UINT32_BE( X1, output, 4 );
-
- return( 0 );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/*
- * Blowfish-CBC buffer encryption/decryption
- */
-int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output )
-{
- int i;
- unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE];
- BLOWFISH_VALIDATE_RET( ctx != NULL );
- BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
- mode == MBEDTLS_BLOWFISH_DECRYPT );
- BLOWFISH_VALIDATE_RET( iv != NULL );
- BLOWFISH_VALIDATE_RET( length == 0 || input != NULL );
- BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
-
- if( length % MBEDTLS_BLOWFISH_BLOCKSIZE )
- return( MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH );
-
- if( mode == MBEDTLS_BLOWFISH_DECRYPT )
- {
- while( length > 0 )
- {
- memcpy( temp, input, MBEDTLS_BLOWFISH_BLOCKSIZE );
- mbedtls_blowfish_crypt_ecb( ctx, mode, input, output );
-
- for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE;i++ )
- output[i] = (unsigned char)( output[i] ^ iv[i] );
-
- memcpy( iv, temp, MBEDTLS_BLOWFISH_BLOCKSIZE );
-
- input += MBEDTLS_BLOWFISH_BLOCKSIZE;
- output += MBEDTLS_BLOWFISH_BLOCKSIZE;
- length -= MBEDTLS_BLOWFISH_BLOCKSIZE;
- }
- }
- else
- {
- while( length > 0 )
- {
- for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++ )
- output[i] = (unsigned char)( input[i] ^ iv[i] );
-
- mbedtls_blowfish_crypt_ecb( ctx, mode, output, output );
- memcpy( iv, output, MBEDTLS_BLOWFISH_BLOCKSIZE );
-
- input += MBEDTLS_BLOWFISH_BLOCKSIZE;
- output += MBEDTLS_BLOWFISH_BLOCKSIZE;
- length -= MBEDTLS_BLOWFISH_BLOCKSIZE;
- }
- }
-
- return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/*
- * Blowfish CFB buffer encryption/decryption
- */
-int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output )
-{
- int c;
- size_t n;
-
- BLOWFISH_VALIDATE_RET( ctx != NULL );
- BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
- mode == MBEDTLS_BLOWFISH_DECRYPT );
- BLOWFISH_VALIDATE_RET( iv != NULL );
- BLOWFISH_VALIDATE_RET( iv_off != NULL );
- BLOWFISH_VALIDATE_RET( length == 0 || input != NULL );
- BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
-
- n = *iv_off;
- if( n >= 8 )
- return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
-
- if( mode == MBEDTLS_BLOWFISH_DECRYPT )
- {
- while( length-- )
- {
- if( n == 0 )
- mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv );
-
- c = *input++;
- *output++ = (unsigned char)( c ^ iv[n] );
- iv[n] = (unsigned char) c;
-
- n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE;
- }
- }
- else
- {
- while( length-- )
- {
- if( n == 0 )
- mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv );
-
- iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
-
- n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE;
- }
- }
-
- *iv_off = n;
-
- return( 0 );
-}
-#endif /*MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/*
- * Blowfish CTR buffer encryption/decryption
- */
-int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
- unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output )
-{
- int c, i;
- size_t n;
- BLOWFISH_VALIDATE_RET( ctx != NULL );
- BLOWFISH_VALIDATE_RET( nonce_counter != NULL );
- BLOWFISH_VALIDATE_RET( stream_block != NULL );
- BLOWFISH_VALIDATE_RET( nc_off != NULL );
- BLOWFISH_VALIDATE_RET( length == 0 || input != NULL );
- BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
-
- n = *nc_off;
- if( n >= 8 )
- return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
-
- while( length-- )
- {
- if( n == 0 ) {
- mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, nonce_counter,
- stream_block );
-
- for( i = MBEDTLS_BLOWFISH_BLOCKSIZE; i > 0; i-- )
- if( ++nonce_counter[i - 1] != 0 )
- break;
- }
- c = *input++;
- *output++ = (unsigned char)( c ^ stream_block[n] );
-
- n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE;
- }
-
- *nc_off = n;
-
- return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-static const uint32_t S[4][256] = {
- { 0xD1310BA6L, 0x98DFB5ACL, 0x2FFD72DBL, 0xD01ADFB7L,
- 0xB8E1AFEDL, 0x6A267E96L, 0xBA7C9045L, 0xF12C7F99L,
- 0x24A19947L, 0xB3916CF7L, 0x0801F2E2L, 0x858EFC16L,
- 0x636920D8L, 0x71574E69L, 0xA458FEA3L, 0xF4933D7EL,
- 0x0D95748FL, 0x728EB658L, 0x718BCD58L, 0x82154AEEL,
- 0x7B54A41DL, 0xC25A59B5L, 0x9C30D539L, 0x2AF26013L,
- 0xC5D1B023L, 0x286085F0L, 0xCA417918L, 0xB8DB38EFL,
- 0x8E79DCB0L, 0x603A180EL, 0x6C9E0E8BL, 0xB01E8A3EL,
- 0xD71577C1L, 0xBD314B27L, 0x78AF2FDAL, 0x55605C60L,
- 0xE65525F3L, 0xAA55AB94L, 0x57489862L, 0x63E81440L,
- 0x55CA396AL, 0x2AAB10B6L, 0xB4CC5C34L, 0x1141E8CEL,
- 0xA15486AFL, 0x7C72E993L, 0xB3EE1411L, 0x636FBC2AL,
- 0x2BA9C55DL, 0x741831F6L, 0xCE5C3E16L, 0x9B87931EL,
- 0xAFD6BA33L, 0x6C24CF5CL, 0x7A325381L, 0x28958677L,
- 0x3B8F4898L, 0x6B4BB9AFL, 0xC4BFE81BL, 0x66282193L,
- 0x61D809CCL, 0xFB21A991L, 0x487CAC60L, 0x5DEC8032L,
- 0xEF845D5DL, 0xE98575B1L, 0xDC262302L, 0xEB651B88L,
- 0x23893E81L, 0xD396ACC5L, 0x0F6D6FF3L, 0x83F44239L,
- 0x2E0B4482L, 0xA4842004L, 0x69C8F04AL, 0x9E1F9B5EL,
- 0x21C66842L, 0xF6E96C9AL, 0x670C9C61L, 0xABD388F0L,
- 0x6A51A0D2L, 0xD8542F68L, 0x960FA728L, 0xAB5133A3L,
- 0x6EEF0B6CL, 0x137A3BE4L, 0xBA3BF050L, 0x7EFB2A98L,
- 0xA1F1651DL, 0x39AF0176L, 0x66CA593EL, 0x82430E88L,
- 0x8CEE8619L, 0x456F9FB4L, 0x7D84A5C3L, 0x3B8B5EBEL,
- 0xE06F75D8L, 0x85C12073L, 0x401A449FL, 0x56C16AA6L,
- 0x4ED3AA62L, 0x363F7706L, 0x1BFEDF72L, 0x429B023DL,
- 0x37D0D724L, 0xD00A1248L, 0xDB0FEAD3L, 0x49F1C09BL,
- 0x075372C9L, 0x80991B7BL, 0x25D479D8L, 0xF6E8DEF7L,
- 0xE3FE501AL, 0xB6794C3BL, 0x976CE0BDL, 0x04C006BAL,
- 0xC1A94FB6L, 0x409F60C4L, 0x5E5C9EC2L, 0x196A2463L,
- 0x68FB6FAFL, 0x3E6C53B5L, 0x1339B2EBL, 0x3B52EC6FL,
- 0x6DFC511FL, 0x9B30952CL, 0xCC814544L, 0xAF5EBD09L,
- 0xBEE3D004L, 0xDE334AFDL, 0x660F2807L, 0x192E4BB3L,
- 0xC0CBA857L, 0x45C8740FL, 0xD20B5F39L, 0xB9D3FBDBL,
- 0x5579C0BDL, 0x1A60320AL, 0xD6A100C6L, 0x402C7279L,
- 0x679F25FEL, 0xFB1FA3CCL, 0x8EA5E9F8L, 0xDB3222F8L,
- 0x3C7516DFL, 0xFD616B15L, 0x2F501EC8L, 0xAD0552ABL,
- 0x323DB5FAL, 0xFD238760L, 0x53317B48L, 0x3E00DF82L,
- 0x9E5C57BBL, 0xCA6F8CA0L, 0x1A87562EL, 0xDF1769DBL,
- 0xD542A8F6L, 0x287EFFC3L, 0xAC6732C6L, 0x8C4F5573L,
- 0x695B27B0L, 0xBBCA58C8L, 0xE1FFA35DL, 0xB8F011A0L,
- 0x10FA3D98L, 0xFD2183B8L, 0x4AFCB56CL, 0x2DD1D35BL,
- 0x9A53E479L, 0xB6F84565L, 0xD28E49BCL, 0x4BFB9790L,
- 0xE1DDF2DAL, 0xA4CB7E33L, 0x62FB1341L, 0xCEE4C6E8L,
- 0xEF20CADAL, 0x36774C01L, 0xD07E9EFEL, 0x2BF11FB4L,
- 0x95DBDA4DL, 0xAE909198L, 0xEAAD8E71L, 0x6B93D5A0L,
- 0xD08ED1D0L, 0xAFC725E0L, 0x8E3C5B2FL, 0x8E7594B7L,
- 0x8FF6E2FBL, 0xF2122B64L, 0x8888B812L, 0x900DF01CL,
- 0x4FAD5EA0L, 0x688FC31CL, 0xD1CFF191L, 0xB3A8C1ADL,
- 0x2F2F2218L, 0xBE0E1777L, 0xEA752DFEL, 0x8B021FA1L,
- 0xE5A0CC0FL, 0xB56F74E8L, 0x18ACF3D6L, 0xCE89E299L,
- 0xB4A84FE0L, 0xFD13E0B7L, 0x7CC43B81L, 0xD2ADA8D9L,
- 0x165FA266L, 0x80957705L, 0x93CC7314L, 0x211A1477L,
- 0xE6AD2065L, 0x77B5FA86L, 0xC75442F5L, 0xFB9D35CFL,
- 0xEBCDAF0CL, 0x7B3E89A0L, 0xD6411BD3L, 0xAE1E7E49L,
- 0x00250E2DL, 0x2071B35EL, 0x226800BBL, 0x57B8E0AFL,
- 0x2464369BL, 0xF009B91EL, 0x5563911DL, 0x59DFA6AAL,
- 0x78C14389L, 0xD95A537FL, 0x207D5BA2L, 0x02E5B9C5L,
- 0x83260376L, 0x6295CFA9L, 0x11C81968L, 0x4E734A41L,
- 0xB3472DCAL, 0x7B14A94AL, 0x1B510052L, 0x9A532915L,
- 0xD60F573FL, 0xBC9BC6E4L, 0x2B60A476L, 0x81E67400L,
- 0x08BA6FB5L, 0x571BE91FL, 0xF296EC6BL, 0x2A0DD915L,
- 0xB6636521L, 0xE7B9F9B6L, 0xFF34052EL, 0xC5855664L,
- 0x53B02D5DL, 0xA99F8FA1L, 0x08BA4799L, 0x6E85076AL },
- { 0x4B7A70E9L, 0xB5B32944L, 0xDB75092EL, 0xC4192623L,
- 0xAD6EA6B0L, 0x49A7DF7DL, 0x9CEE60B8L, 0x8FEDB266L,
- 0xECAA8C71L, 0x699A17FFL, 0x5664526CL, 0xC2B19EE1L,
- 0x193602A5L, 0x75094C29L, 0xA0591340L, 0xE4183A3EL,
- 0x3F54989AL, 0x5B429D65L, 0x6B8FE4D6L, 0x99F73FD6L,
- 0xA1D29C07L, 0xEFE830F5L, 0x4D2D38E6L, 0xF0255DC1L,
- 0x4CDD2086L, 0x8470EB26L, 0x6382E9C6L, 0x021ECC5EL,
- 0x09686B3FL, 0x3EBAEFC9L, 0x3C971814L, 0x6B6A70A1L,
- 0x687F3584L, 0x52A0E286L, 0xB79C5305L, 0xAA500737L,
- 0x3E07841CL, 0x7FDEAE5CL, 0x8E7D44ECL, 0x5716F2B8L,
- 0xB03ADA37L, 0xF0500C0DL, 0xF01C1F04L, 0x0200B3FFL,
- 0xAE0CF51AL, 0x3CB574B2L, 0x25837A58L, 0xDC0921BDL,
- 0xD19113F9L, 0x7CA92FF6L, 0x94324773L, 0x22F54701L,
- 0x3AE5E581L, 0x37C2DADCL, 0xC8B57634L, 0x9AF3DDA7L,
- 0xA9446146L, 0x0FD0030EL, 0xECC8C73EL, 0xA4751E41L,
- 0xE238CD99L, 0x3BEA0E2FL, 0x3280BBA1L, 0x183EB331L,
- 0x4E548B38L, 0x4F6DB908L, 0x6F420D03L, 0xF60A04BFL,
- 0x2CB81290L, 0x24977C79L, 0x5679B072L, 0xBCAF89AFL,
- 0xDE9A771FL, 0xD9930810L, 0xB38BAE12L, 0xDCCF3F2EL,
- 0x5512721FL, 0x2E6B7124L, 0x501ADDE6L, 0x9F84CD87L,
- 0x7A584718L, 0x7408DA17L, 0xBC9F9ABCL, 0xE94B7D8CL,
- 0xEC7AEC3AL, 0xDB851DFAL, 0x63094366L, 0xC464C3D2L,
- 0xEF1C1847L, 0x3215D908L, 0xDD433B37L, 0x24C2BA16L,
- 0x12A14D43L, 0x2A65C451L, 0x50940002L, 0x133AE4DDL,
- 0x71DFF89EL, 0x10314E55L, 0x81AC77D6L, 0x5F11199BL,
- 0x043556F1L, 0xD7A3C76BL, 0x3C11183BL, 0x5924A509L,
- 0xF28FE6EDL, 0x97F1FBFAL, 0x9EBABF2CL, 0x1E153C6EL,
- 0x86E34570L, 0xEAE96FB1L, 0x860E5E0AL, 0x5A3E2AB3L,
- 0x771FE71CL, 0x4E3D06FAL, 0x2965DCB9L, 0x99E71D0FL,
- 0x803E89D6L, 0x5266C825L, 0x2E4CC978L, 0x9C10B36AL,
- 0xC6150EBAL, 0x94E2EA78L, 0xA5FC3C53L, 0x1E0A2DF4L,
- 0xF2F74EA7L, 0x361D2B3DL, 0x1939260FL, 0x19C27960L,
- 0x5223A708L, 0xF71312B6L, 0xEBADFE6EL, 0xEAC31F66L,
- 0xE3BC4595L, 0xA67BC883L, 0xB17F37D1L, 0x018CFF28L,
- 0xC332DDEFL, 0xBE6C5AA5L, 0x65582185L, 0x68AB9802L,
- 0xEECEA50FL, 0xDB2F953BL, 0x2AEF7DADL, 0x5B6E2F84L,
- 0x1521B628L, 0x29076170L, 0xECDD4775L, 0x619F1510L,
- 0x13CCA830L, 0xEB61BD96L, 0x0334FE1EL, 0xAA0363CFL,
- 0xB5735C90L, 0x4C70A239L, 0xD59E9E0BL, 0xCBAADE14L,
- 0xEECC86BCL, 0x60622CA7L, 0x9CAB5CABL, 0xB2F3846EL,
- 0x648B1EAFL, 0x19BDF0CAL, 0xA02369B9L, 0x655ABB50L,
- 0x40685A32L, 0x3C2AB4B3L, 0x319EE9D5L, 0xC021B8F7L,
- 0x9B540B19L, 0x875FA099L, 0x95F7997EL, 0x623D7DA8L,
- 0xF837889AL, 0x97E32D77L, 0x11ED935FL, 0x16681281L,
- 0x0E358829L, 0xC7E61FD6L, 0x96DEDFA1L, 0x7858BA99L,
- 0x57F584A5L, 0x1B227263L, 0x9B83C3FFL, 0x1AC24696L,
- 0xCDB30AEBL, 0x532E3054L, 0x8FD948E4L, 0x6DBC3128L,
- 0x58EBF2EFL, 0x34C6FFEAL, 0xFE28ED61L, 0xEE7C3C73L,
- 0x5D4A14D9L, 0xE864B7E3L, 0x42105D14L, 0x203E13E0L,
- 0x45EEE2B6L, 0xA3AAABEAL, 0xDB6C4F15L, 0xFACB4FD0L,
- 0xC742F442L, 0xEF6ABBB5L, 0x654F3B1DL, 0x41CD2105L,
- 0xD81E799EL, 0x86854DC7L, 0xE44B476AL, 0x3D816250L,
- 0xCF62A1F2L, 0x5B8D2646L, 0xFC8883A0L, 0xC1C7B6A3L,
- 0x7F1524C3L, 0x69CB7492L, 0x47848A0BL, 0x5692B285L,
- 0x095BBF00L, 0xAD19489DL, 0x1462B174L, 0x23820E00L,
- 0x58428D2AL, 0x0C55F5EAL, 0x1DADF43EL, 0x233F7061L,
- 0x3372F092L, 0x8D937E41L, 0xD65FECF1L, 0x6C223BDBL,
- 0x7CDE3759L, 0xCBEE7460L, 0x4085F2A7L, 0xCE77326EL,
- 0xA6078084L, 0x19F8509EL, 0xE8EFD855L, 0x61D99735L,
- 0xA969A7AAL, 0xC50C06C2L, 0x5A04ABFCL, 0x800BCADCL,
- 0x9E447A2EL, 0xC3453484L, 0xFDD56705L, 0x0E1E9EC9L,
- 0xDB73DBD3L, 0x105588CDL, 0x675FDA79L, 0xE3674340L,
- 0xC5C43465L, 0x713E38D8L, 0x3D28F89EL, 0xF16DFF20L,
- 0x153E21E7L, 0x8FB03D4AL, 0xE6E39F2BL, 0xDB83ADF7L },
- { 0xE93D5A68L, 0x948140F7L, 0xF64C261CL, 0x94692934L,
- 0x411520F7L, 0x7602D4F7L, 0xBCF46B2EL, 0xD4A20068L,
- 0xD4082471L, 0x3320F46AL, 0x43B7D4B7L, 0x500061AFL,
- 0x1E39F62EL, 0x97244546L, 0x14214F74L, 0xBF8B8840L,
- 0x4D95FC1DL, 0x96B591AFL, 0x70F4DDD3L, 0x66A02F45L,
- 0xBFBC09ECL, 0x03BD9785L, 0x7FAC6DD0L, 0x31CB8504L,
- 0x96EB27B3L, 0x55FD3941L, 0xDA2547E6L, 0xABCA0A9AL,
- 0x28507825L, 0x530429F4L, 0x0A2C86DAL, 0xE9B66DFBL,
- 0x68DC1462L, 0xD7486900L, 0x680EC0A4L, 0x27A18DEEL,
- 0x4F3FFEA2L, 0xE887AD8CL, 0xB58CE006L, 0x7AF4D6B6L,
- 0xAACE1E7CL, 0xD3375FECL, 0xCE78A399L, 0x406B2A42L,
- 0x20FE9E35L, 0xD9F385B9L, 0xEE39D7ABL, 0x3B124E8BL,
- 0x1DC9FAF7L, 0x4B6D1856L, 0x26A36631L, 0xEAE397B2L,
- 0x3A6EFA74L, 0xDD5B4332L, 0x6841E7F7L, 0xCA7820FBL,
- 0xFB0AF54EL, 0xD8FEB397L, 0x454056ACL, 0xBA489527L,
- 0x55533A3AL, 0x20838D87L, 0xFE6BA9B7L, 0xD096954BL,
- 0x55A867BCL, 0xA1159A58L, 0xCCA92963L, 0x99E1DB33L,
- 0xA62A4A56L, 0x3F3125F9L, 0x5EF47E1CL, 0x9029317CL,
- 0xFDF8E802L, 0x04272F70L, 0x80BB155CL, 0x05282CE3L,
- 0x95C11548L, 0xE4C66D22L, 0x48C1133FL, 0xC70F86DCL,
- 0x07F9C9EEL, 0x41041F0FL, 0x404779A4L, 0x5D886E17L,
- 0x325F51EBL, 0xD59BC0D1L, 0xF2BCC18FL, 0x41113564L,
- 0x257B7834L, 0x602A9C60L, 0xDFF8E8A3L, 0x1F636C1BL,
- 0x0E12B4C2L, 0x02E1329EL, 0xAF664FD1L, 0xCAD18115L,
- 0x6B2395E0L, 0x333E92E1L, 0x3B240B62L, 0xEEBEB922L,
- 0x85B2A20EL, 0xE6BA0D99L, 0xDE720C8CL, 0x2DA2F728L,
- 0xD0127845L, 0x95B794FDL, 0x647D0862L, 0xE7CCF5F0L,
- 0x5449A36FL, 0x877D48FAL, 0xC39DFD27L, 0xF33E8D1EL,
- 0x0A476341L, 0x992EFF74L, 0x3A6F6EABL, 0xF4F8FD37L,
- 0xA812DC60L, 0xA1EBDDF8L, 0x991BE14CL, 0xDB6E6B0DL,
- 0xC67B5510L, 0x6D672C37L, 0x2765D43BL, 0xDCD0E804L,
- 0xF1290DC7L, 0xCC00FFA3L, 0xB5390F92L, 0x690FED0BL,
- 0x667B9FFBL, 0xCEDB7D9CL, 0xA091CF0BL, 0xD9155EA3L,
- 0xBB132F88L, 0x515BAD24L, 0x7B9479BFL, 0x763BD6EBL,
- 0x37392EB3L, 0xCC115979L, 0x8026E297L, 0xF42E312DL,
- 0x6842ADA7L, 0xC66A2B3BL, 0x12754CCCL, 0x782EF11CL,
- 0x6A124237L, 0xB79251E7L, 0x06A1BBE6L, 0x4BFB6350L,
- 0x1A6B1018L, 0x11CAEDFAL, 0x3D25BDD8L, 0xE2E1C3C9L,
- 0x44421659L, 0x0A121386L, 0xD90CEC6EL, 0xD5ABEA2AL,
- 0x64AF674EL, 0xDA86A85FL, 0xBEBFE988L, 0x64E4C3FEL,
- 0x9DBC8057L, 0xF0F7C086L, 0x60787BF8L, 0x6003604DL,
- 0xD1FD8346L, 0xF6381FB0L, 0x7745AE04L, 0xD736FCCCL,
- 0x83426B33L, 0xF01EAB71L, 0xB0804187L, 0x3C005E5FL,
- 0x77A057BEL, 0xBDE8AE24L, 0x55464299L, 0xBF582E61L,
- 0x4E58F48FL, 0xF2DDFDA2L, 0xF474EF38L, 0x8789BDC2L,
- 0x5366F9C3L, 0xC8B38E74L, 0xB475F255L, 0x46FCD9B9L,
- 0x7AEB2661L, 0x8B1DDF84L, 0x846A0E79L, 0x915F95E2L,
- 0x466E598EL, 0x20B45770L, 0x8CD55591L, 0xC902DE4CL,
- 0xB90BACE1L, 0xBB8205D0L, 0x11A86248L, 0x7574A99EL,
- 0xB77F19B6L, 0xE0A9DC09L, 0x662D09A1L, 0xC4324633L,
- 0xE85A1F02L, 0x09F0BE8CL, 0x4A99A025L, 0x1D6EFE10L,
- 0x1AB93D1DL, 0x0BA5A4DFL, 0xA186F20FL, 0x2868F169L,
- 0xDCB7DA83L, 0x573906FEL, 0xA1E2CE9BL, 0x4FCD7F52L,
- 0x50115E01L, 0xA70683FAL, 0xA002B5C4L, 0x0DE6D027L,
- 0x9AF88C27L, 0x773F8641L, 0xC3604C06L, 0x61A806B5L,
- 0xF0177A28L, 0xC0F586E0L, 0x006058AAL, 0x30DC7D62L,
- 0x11E69ED7L, 0x2338EA63L, 0x53C2DD94L, 0xC2C21634L,
- 0xBBCBEE56L, 0x90BCB6DEL, 0xEBFC7DA1L, 0xCE591D76L,
- 0x6F05E409L, 0x4B7C0188L, 0x39720A3DL, 0x7C927C24L,
- 0x86E3725FL, 0x724D9DB9L, 0x1AC15BB4L, 0xD39EB8FCL,
- 0xED545578L, 0x08FCA5B5L, 0xD83D7CD3L, 0x4DAD0FC4L,
- 0x1E50EF5EL, 0xB161E6F8L, 0xA28514D9L, 0x6C51133CL,
- 0x6FD5C7E7L, 0x56E14EC4L, 0x362ABFCEL, 0xDDC6C837L,
- 0xD79A3234L, 0x92638212L, 0x670EFA8EL, 0x406000E0L },
- { 0x3A39CE37L, 0xD3FAF5CFL, 0xABC27737L, 0x5AC52D1BL,
- 0x5CB0679EL, 0x4FA33742L, 0xD3822740L, 0x99BC9BBEL,
- 0xD5118E9DL, 0xBF0F7315L, 0xD62D1C7EL, 0xC700C47BL,
- 0xB78C1B6BL, 0x21A19045L, 0xB26EB1BEL, 0x6A366EB4L,
- 0x5748AB2FL, 0xBC946E79L, 0xC6A376D2L, 0x6549C2C8L,
- 0x530FF8EEL, 0x468DDE7DL, 0xD5730A1DL, 0x4CD04DC6L,
- 0x2939BBDBL, 0xA9BA4650L, 0xAC9526E8L, 0xBE5EE304L,
- 0xA1FAD5F0L, 0x6A2D519AL, 0x63EF8CE2L, 0x9A86EE22L,
- 0xC089C2B8L, 0x43242EF6L, 0xA51E03AAL, 0x9CF2D0A4L,
- 0x83C061BAL, 0x9BE96A4DL, 0x8FE51550L, 0xBA645BD6L,
- 0x2826A2F9L, 0xA73A3AE1L, 0x4BA99586L, 0xEF5562E9L,
- 0xC72FEFD3L, 0xF752F7DAL, 0x3F046F69L, 0x77FA0A59L,
- 0x80E4A915L, 0x87B08601L, 0x9B09E6ADL, 0x3B3EE593L,
- 0xE990FD5AL, 0x9E34D797L, 0x2CF0B7D9L, 0x022B8B51L,
- 0x96D5AC3AL, 0x017DA67DL, 0xD1CF3ED6L, 0x7C7D2D28L,
- 0x1F9F25CFL, 0xADF2B89BL, 0x5AD6B472L, 0x5A88F54CL,
- 0xE029AC71L, 0xE019A5E6L, 0x47B0ACFDL, 0xED93FA9BL,
- 0xE8D3C48DL, 0x283B57CCL, 0xF8D56629L, 0x79132E28L,
- 0x785F0191L, 0xED756055L, 0xF7960E44L, 0xE3D35E8CL,
- 0x15056DD4L, 0x88F46DBAL, 0x03A16125L, 0x0564F0BDL,
- 0xC3EB9E15L, 0x3C9057A2L, 0x97271AECL, 0xA93A072AL,
- 0x1B3F6D9BL, 0x1E6321F5L, 0xF59C66FBL, 0x26DCF319L,
- 0x7533D928L, 0xB155FDF5L, 0x03563482L, 0x8ABA3CBBL,
- 0x28517711L, 0xC20AD9F8L, 0xABCC5167L, 0xCCAD925FL,
- 0x4DE81751L, 0x3830DC8EL, 0x379D5862L, 0x9320F991L,
- 0xEA7A90C2L, 0xFB3E7BCEL, 0x5121CE64L, 0x774FBE32L,
- 0xA8B6E37EL, 0xC3293D46L, 0x48DE5369L, 0x6413E680L,
- 0xA2AE0810L, 0xDD6DB224L, 0x69852DFDL, 0x09072166L,
- 0xB39A460AL, 0x6445C0DDL, 0x586CDECFL, 0x1C20C8AEL,
- 0x5BBEF7DDL, 0x1B588D40L, 0xCCD2017FL, 0x6BB4E3BBL,
- 0xDDA26A7EL, 0x3A59FF45L, 0x3E350A44L, 0xBCB4CDD5L,
- 0x72EACEA8L, 0xFA6484BBL, 0x8D6612AEL, 0xBF3C6F47L,
- 0xD29BE463L, 0x542F5D9EL, 0xAEC2771BL, 0xF64E6370L,
- 0x740E0D8DL, 0xE75B1357L, 0xF8721671L, 0xAF537D5DL,
- 0x4040CB08L, 0x4EB4E2CCL, 0x34D2466AL, 0x0115AF84L,
- 0xE1B00428L, 0x95983A1DL, 0x06B89FB4L, 0xCE6EA048L,
- 0x6F3F3B82L, 0x3520AB82L, 0x011A1D4BL, 0x277227F8L,
- 0x611560B1L, 0xE7933FDCL, 0xBB3A792BL, 0x344525BDL,
- 0xA08839E1L, 0x51CE794BL, 0x2F32C9B7L, 0xA01FBAC9L,
- 0xE01CC87EL, 0xBCC7D1F6L, 0xCF0111C3L, 0xA1E8AAC7L,
- 0x1A908749L, 0xD44FBD9AL, 0xD0DADECBL, 0xD50ADA38L,
- 0x0339C32AL, 0xC6913667L, 0x8DF9317CL, 0xE0B12B4FL,
- 0xF79E59B7L, 0x43F5BB3AL, 0xF2D519FFL, 0x27D9459CL,
- 0xBF97222CL, 0x15E6FC2AL, 0x0F91FC71L, 0x9B941525L,
- 0xFAE59361L, 0xCEB69CEBL, 0xC2A86459L, 0x12BAA8D1L,
- 0xB6C1075EL, 0xE3056A0CL, 0x10D25065L, 0xCB03A442L,
- 0xE0EC6E0EL, 0x1698DB3BL, 0x4C98A0BEL, 0x3278E964L,
- 0x9F1F9532L, 0xE0D392DFL, 0xD3A0342BL, 0x8971F21EL,
- 0x1B0A7441L, 0x4BA3348CL, 0xC5BE7120L, 0xC37632D8L,
- 0xDF359F8DL, 0x9B992F2EL, 0xE60B6F47L, 0x0FE3F11DL,
- 0xE54CDA54L, 0x1EDAD891L, 0xCE6279CFL, 0xCD3E7E6FL,
- 0x1618B166L, 0xFD2C1D05L, 0x848FD2C5L, 0xF6FB2299L,
- 0xF523F357L, 0xA6327623L, 0x93A83531L, 0x56CCCD02L,
- 0xACF08162L, 0x5A75EBB5L, 0x6E163697L, 0x88D273CCL,
- 0xDE966292L, 0x81B949D0L, 0x4C50901BL, 0x71C65614L,
- 0xE6C6C7BDL, 0x327A140AL, 0x45E1D006L, 0xC3F27B9AL,
- 0xC9AA53FDL, 0x62A80F00L, 0xBB25BFE2L, 0x35BDD2F6L,
- 0x71126905L, 0xB2040222L, 0xB6CBCF7CL, 0xCD769C2BL,
- 0x53113EC0L, 0x1640E3D3L, 0x38ABBD60L, 0x2547ADF0L,
- 0xBA38209CL, 0xF746CE76L, 0x77AFA1C5L, 0x20756060L,
- 0x85CBFE4EL, 0x8AE88DD8L, 0x7AAAF9B0L, 0x4CF9AA7EL,
- 0x1948C25CL, 0x02FB8A8CL, 0x01C36AE4L, 0xD6EBE1F9L,
- 0x90D4F869L, 0xA65CDEA0L, 0x3F09252DL, 0xC208E69FL,
- 0xB74E6132L, 0xCE77E25BL, 0x578FDFE3L, 0x3AC372E6L }
-};
-
-#endif /* !MBEDTLS_BLOWFISH_ALT */
-#endif /* MBEDTLS_BLOWFISH_C */
diff --git a/library/cipher.c b/library/cipher.c
index 4f56b52..546cace 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -1109,9 +1109,14 @@
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
+ {
+ size_t output_length;
+ /* The code here doesn't yet support alternative implementations
+ * that can delay up to a block of output. */
return( mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx,
- NULL, 0,
+ NULL, 0, &output_length,
tag, tag_len ) );
+ }
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
@@ -1158,12 +1163,16 @@
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
{
+ size_t output_length;
+ /* The code here doesn't yet support alternative implementations
+ * that can delay up to a block of output. */
+
if( tag_len > sizeof( check_tag ) )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if( 0 != ( ret = mbedtls_gcm_finish(
(mbedtls_gcm_context *) ctx->cipher_ctx,
- NULL, 0,
+ NULL, 0, &output_length,
check_tag, tag_len ) ) )
{
return( ret );
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index 7f23387..5776d5e 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -36,10 +36,6 @@
#include "mbedtls/aes.h"
#endif
-#if defined(MBEDTLS_ARC4_C)
-#include "mbedtls/arc4.h"
-#endif
-
#if defined(MBEDTLS_CAMELLIA_C)
#include "mbedtls/camellia.h"
#endif
@@ -52,10 +48,6 @@
#include "mbedtls/des.h"
#endif
-#if defined(MBEDTLS_BLOWFISH_C)
-#include "mbedtls/blowfish.h"
-#endif
-
#if defined(MBEDTLS_CHACHA20_C)
#include "mbedtls/chacha20.h"
#endif
@@ -1674,225 +1666,6 @@
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* MBEDTLS_DES_C */
-#if defined(MBEDTLS_BLOWFISH_C)
-
-static int blowfish_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
- const unsigned char *input, unsigned char *output )
-{
- return mbedtls_blowfish_crypt_ecb( (mbedtls_blowfish_context *) ctx, operation, input,
- output );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int blowfish_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
- size_t length, unsigned char *iv, const unsigned char *input,
- unsigned char *output )
-{
- return mbedtls_blowfish_crypt_cbc( (mbedtls_blowfish_context *) ctx, operation, length, iv,
- input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static int blowfish_crypt_cfb64_wrap( void *ctx, mbedtls_operation_t operation,
- size_t length, size_t *iv_off, unsigned char *iv,
- const unsigned char *input, unsigned char *output )
-{
- return mbedtls_blowfish_crypt_cfb64( (mbedtls_blowfish_context *) ctx, operation, length,
- iv_off, iv, input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static int blowfish_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
- unsigned char *nonce_counter, unsigned char *stream_block,
- const unsigned char *input, unsigned char *output )
-{
- return mbedtls_blowfish_crypt_ctr( (mbedtls_blowfish_context *) ctx, length, nc_off,
- nonce_counter, stream_block, input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-static int blowfish_setkey_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
-{
- return mbedtls_blowfish_setkey( (mbedtls_blowfish_context *) ctx, key, key_bitlen );
-}
-
-static void * blowfish_ctx_alloc( void )
-{
- mbedtls_blowfish_context *ctx;
- ctx = mbedtls_calloc( 1, sizeof( mbedtls_blowfish_context ) );
-
- if( ctx == NULL )
- return( NULL );
-
- mbedtls_blowfish_init( ctx );
-
- return( ctx );
-}
-
-static void blowfish_ctx_free( void *ctx )
-{
- mbedtls_blowfish_free( (mbedtls_blowfish_context *) ctx );
- mbedtls_free( ctx );
-}
-
-static const mbedtls_cipher_base_t blowfish_info = {
- MBEDTLS_CIPHER_ID_BLOWFISH,
- blowfish_crypt_ecb_wrap,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
- blowfish_crypt_cbc_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
- blowfish_crypt_cfb64_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
- NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
- blowfish_crypt_ctr_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
- NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
- NULL,
-#endif
- blowfish_setkey_wrap,
- blowfish_setkey_wrap,
- blowfish_ctx_alloc,
- blowfish_ctx_free
-};
-
-static const mbedtls_cipher_info_t blowfish_ecb_info = {
- MBEDTLS_CIPHER_BLOWFISH_ECB,
- MBEDTLS_MODE_ECB,
- 128,
- "BLOWFISH-ECB",
- 0,
- MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
- 8,
- &blowfish_info
-};
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static const mbedtls_cipher_info_t blowfish_cbc_info = {
- MBEDTLS_CIPHER_BLOWFISH_CBC,
- MBEDTLS_MODE_CBC,
- 128,
- "BLOWFISH-CBC",
- 8,
- MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
- 8,
- &blowfish_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static const mbedtls_cipher_info_t blowfish_cfb64_info = {
- MBEDTLS_CIPHER_BLOWFISH_CFB64,
- MBEDTLS_MODE_CFB,
- 128,
- "BLOWFISH-CFB64",
- 8,
- MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
- 8,
- &blowfish_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static const mbedtls_cipher_info_t blowfish_ctr_info = {
- MBEDTLS_CIPHER_BLOWFISH_CTR,
- MBEDTLS_MODE_CTR,
- 128,
- "BLOWFISH-CTR",
- 8,
- MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
- 8,
- &blowfish_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-#endif /* MBEDTLS_BLOWFISH_C */
-
-#if defined(MBEDTLS_ARC4_C)
-static int arc4_crypt_stream_wrap( void *ctx, size_t length,
- const unsigned char *input,
- unsigned char *output )
-{
- return( mbedtls_arc4_crypt( (mbedtls_arc4_context *) ctx, length, input, output ) );
-}
-
-static int arc4_setkey_wrap( void *ctx, const unsigned char *key,
- unsigned int key_bitlen )
-{
- /* we get key_bitlen in bits, arc4 expects it in bytes */
- if( key_bitlen % 8 != 0 )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
- mbedtls_arc4_setup( (mbedtls_arc4_context *) ctx, key, key_bitlen / 8 );
- return( 0 );
-}
-
-static void * arc4_ctx_alloc( void )
-{
- mbedtls_arc4_context *ctx;
- ctx = mbedtls_calloc( 1, sizeof( mbedtls_arc4_context ) );
-
- if( ctx == NULL )
- return( NULL );
-
- mbedtls_arc4_init( ctx );
-
- return( ctx );
-}
-
-static void arc4_ctx_free( void *ctx )
-{
- mbedtls_arc4_free( (mbedtls_arc4_context *) ctx );
- mbedtls_free( ctx );
-}
-
-static const mbedtls_cipher_base_t arc4_base_info = {
- MBEDTLS_CIPHER_ID_ARC4,
- NULL,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
- NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
- NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
- NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
- NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
- NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
- arc4_crypt_stream_wrap,
-#endif
- arc4_setkey_wrap,
- arc4_setkey_wrap,
- arc4_ctx_alloc,
- arc4_ctx_free
-};
-
-static const mbedtls_cipher_info_t arc4_128_info = {
- MBEDTLS_CIPHER_ARC4_128,
- MBEDTLS_MODE_STREAM,
- 128,
- "ARC4-128",
- 0,
- 0,
- 1,
- &arc4_base_info
-};
-#endif /* MBEDTLS_ARC4_C */
-
#if defined(MBEDTLS_CHACHA20_C)
static int chacha20_setkey_wrap( void *ctx, const unsigned char *key,
@@ -2285,23 +2058,6 @@
#endif
#endif /* MBEDTLS_AES_C */
-#if defined(MBEDTLS_ARC4_C)
- { MBEDTLS_CIPHER_ARC4_128, &arc4_128_info },
-#endif
-
-#if defined(MBEDTLS_BLOWFISH_C)
- { MBEDTLS_CIPHER_BLOWFISH_ECB, &blowfish_ecb_info },
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
- { MBEDTLS_CIPHER_BLOWFISH_CBC, &blowfish_cbc_info },
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
- { MBEDTLS_CIPHER_BLOWFISH_CFB64, &blowfish_cfb64_info },
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
- { MBEDTLS_CIPHER_BLOWFISH_CTR, &blowfish_ctr_info },
-#endif
-#endif /* MBEDTLS_BLOWFISH_C */
-
#if defined(MBEDTLS_CAMELLIA_C)
{ MBEDTLS_CIPHER_CAMELLIA_128_ECB, &camellia_128_ecb_info },
{ MBEDTLS_CIPHER_CAMELLIA_192_ECB, &camellia_192_ecb_info },
diff --git a/library/common.h b/library/common.h
index 5845766..0f61f94 100644
--- a/library/common.h
+++ b/library/common.h
@@ -50,4 +50,11 @@
#define MBEDTLS_STATIC_TESTABLE static
#endif
+/** Allow library to access its structs' private members.
+ *
+ * Although structs defined in header files are publicly available,
+ * their members are private and should not be accessed by the user.
+ */
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#endif /* MBEDTLS_LIBRARY_COMMON_H */
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index 602ec69..b664fb0 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -304,7 +304,7 @@
}
/* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2)
- * mbedtls_ctr_drbg_update_ret(ctx, additional, add_len)
+ * mbedtls_ctr_drbg_update(ctx, additional, add_len)
* implements
* CTR_DRBG_Instantiate(entropy_input, nonce, personalization_string,
* security_strength) -> initial_working_state
@@ -315,7 +315,7 @@
* and with outputs
* ctx = initial_working_state
*/
-int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
+int mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional,
size_t add_len )
{
@@ -657,7 +657,7 @@
fclose( f );
f = NULL;
- ret = mbedtls_ctr_drbg_update_ret( ctx, buf, n );
+ ret = mbedtls_ctr_drbg_update( ctx, buf, n );
exit:
mbedtls_platform_zeroize( buf, sizeof( buf ) );
diff --git a/library/debug.c b/library/debug.c
index 4be2cba..fa60d13 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -220,8 +220,8 @@
const char *text, const mbedtls_mpi *X )
{
char str[DEBUG_BUF_SIZE];
- int j, k, zeros = 1;
- size_t i, n, idx = 0;
+ size_t bitlen;
+ size_t idx = 0;
if( NULL == ssl ||
NULL == ssl->conf ||
@@ -232,55 +232,43 @@
return;
}
- for( n = X->n - 1; n > 0; n-- )
- if( X->p[n] != 0 )
- break;
+ bitlen = mbedtls_mpi_bitlen( X );
- for( j = ( sizeof(mbedtls_mpi_uint) << 3 ) - 1; j >= 0; j-- )
- if( ( ( X->p[n] >> j ) & 1 ) != 0 )
- break;
-
- mbedtls_snprintf( str + idx, sizeof( str ) - idx, "value of '%s' (%d bits) is:\n",
- text, (int) ( ( n * ( sizeof(mbedtls_mpi_uint) << 3 ) ) + j + 1 ) );
-
+ mbedtls_snprintf( str, sizeof( str ), "value of '%s' (%u bits) is:\n",
+ text, (unsigned) bitlen );
debug_send_line( ssl, level, file, line, str );
- idx = 0;
- for( i = n + 1, j = 0; i > 0; i-- )
+ if( bitlen == 0 )
{
- if( zeros && X->p[i - 1] == 0 )
- continue;
-
- for( k = sizeof( mbedtls_mpi_uint ) - 1; k >= 0; k-- )
+ str[0] = ' '; str[1] = '0'; str[2] = '0';
+ idx = 3;
+ }
+ else
+ {
+ int n;
+ for( n = (int) ( ( bitlen - 1 ) / 8 ); n >= 0; n-- )
{
- if( zeros && ( ( X->p[i - 1] >> ( k << 3 ) ) & 0xFF ) == 0 )
- continue;
- else
- zeros = 0;
-
- if( j % 16 == 0 )
+ size_t limb_offset = n / sizeof( mbedtls_mpi_uint );
+ size_t offset_in_limb = n % sizeof( mbedtls_mpi_uint );
+ unsigned char octet =
+ ( X->p[limb_offset] >> ( offset_in_limb * 8 ) ) & 0xff;
+ mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x", octet );
+ idx += 3;
+ /* Wrap lines after 16 octets that each take 3 columns */
+ if( idx >= 3 * 16 )
{
- if( j > 0 )
- {
- mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
- debug_send_line( ssl, level, file, line, str );
- idx = 0;
- }
+ mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
+ debug_send_line( ssl, level, file, line, str );
+ idx = 0;
}
-
- idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x", (unsigned int)
- ( X->p[i - 1] >> ( k << 3 ) ) & 0xFF );
-
- j++;
}
-
}
- if( zeros == 1 )
- idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " 00" );
-
- mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
- debug_send_line( ssl, level, file, line, str );
+ if( idx != 0 )
+ {
+ mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
+ debug_send_line( ssl, level, file, line, str );
+ }
}
#endif /* MBEDTLS_BIGNUM_C */
diff --git a/library/dhm.c b/library/dhm.c
index accd5a8..29ce755 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -124,6 +124,47 @@
memset( ctx, 0, sizeof( mbedtls_dhm_context ) );
}
+size_t mbedtls_dhm_get_bitlen( const mbedtls_dhm_context *ctx )
+{
+ return( mbedtls_mpi_bitlen( &ctx->P ) );
+}
+
+size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx )
+{
+ return( mbedtls_mpi_size( &ctx->P ) );
+}
+
+int mbedtls_dhm_get_value( const mbedtls_dhm_context *ctx,
+ mbedtls_dhm_parameter param,
+ mbedtls_mpi *dest )
+{
+ const mbedtls_mpi *src = NULL;
+ switch( param )
+ {
+ case MBEDTLS_DHM_PARAM_P:
+ src = &ctx->P;
+ break;
+ case MBEDTLS_DHM_PARAM_G:
+ src = &ctx->G;
+ break;
+ case MBEDTLS_DHM_PARAM_X:
+ src = &ctx->X;
+ break;
+ case MBEDTLS_DHM_PARAM_GX:
+ src = &ctx->GX;
+ break;
+ case MBEDTLS_DHM_PARAM_GY:
+ src = &ctx->GY;
+ break;
+ case MBEDTLS_DHM_PARAM_K:
+ src = &ctx->K;
+ break;
+ default:
+ return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+ }
+ return( mbedtls_mpi_copy( dest, src ) );
+}
+
/*
* Parse the ServerKeyExchange parameters
*/
@@ -144,8 +185,6 @@
if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
return( ret );
- ctx->len = mbedtls_mpi_size( &ctx->P );
-
return( 0 );
}
@@ -247,8 +286,6 @@
*olen = p - output;
- ctx->len = n1;
-
cleanup:
if( ret != 0 && ret > -128 )
ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret );
@@ -273,7 +310,6 @@
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret ) );
}
- ctx->len = mbedtls_mpi_size( &ctx->P );
return( 0 );
}
@@ -287,7 +323,7 @@
DHM_VALIDATE_RET( ctx != NULL );
DHM_VALIDATE_RET( input != NULL );
- if( ilen < 1 || ilen > ctx->len )
+ if( ilen < 1 || ilen > mbedtls_dhm_get_len( ctx ) )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )
@@ -309,7 +345,7 @@
DHM_VALIDATE_RET( output != NULL );
DHM_VALIDATE_RET( f_rng != NULL );
- if( olen < 1 || olen > ctx->len )
+ if( olen < 1 || olen > mbedtls_dhm_get_len( ctx ) )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
ret = dhm_make_common( ctx, x_size, f_rng, p_rng );
@@ -408,7 +444,10 @@
DHM_VALIDATE_RET( output != NULL );
DHM_VALIDATE_RET( olen != NULL );
- if( output_size < ctx->len )
+ if( f_rng == NULL )
+ return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+
+ if( output_size < mbedtls_dhm_get_len( ctx ) )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
@@ -417,25 +456,17 @@
mbedtls_mpi_init( &GYb );
/* Blind peer's value */
- if( f_rng != NULL )
- {
- MBEDTLS_MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &GYb, &GYb, &ctx->P ) );
- }
- else
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &GYb, &ctx->GY ) );
+ MBEDTLS_MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &GYb, &GYb, &ctx->P ) );
/* Do modular exponentiation */
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->K, &GYb, &ctx->X,
&ctx->P, &ctx->RP ) );
/* Unblind secret value */
- if( f_rng != NULL )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );
- }
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );
/* Output the secret without any leading zero byte. This is mandatory
* for TLS per RFC 5246 §8.1.2. */
@@ -564,8 +595,6 @@
ret = 0;
- dhm->len = mbedtls_mpi_size( &dhm->P );
-
exit:
#if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_free( &pem );
diff --git a/library/ecjpake.c b/library/ecjpake.c
index 464ff51..d229311 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -128,6 +128,20 @@
return( ret );
}
+int mbedtls_ecjpake_set_point_format( mbedtls_ecjpake_context *ctx,
+ int point_format )
+{
+ switch( point_format )
+ {
+ case MBEDTLS_ECP_PF_UNCOMPRESSED:
+ case MBEDTLS_ECP_PF_COMPRESSED:
+ ctx->point_format = point_format;
+ return( 0 );
+ default:
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ }
+}
+
/*
* Check if context is ready for use
*/
@@ -948,6 +962,28 @@
0xb4, 0x38, 0xf7, 0x19, 0xd3, 0xc4, 0xf3, 0x51
};
+/*
+ * PRNG for test - !!!INSECURE NEVER USE IN PRODUCTION!!!
+ *
+ * This is the linear congruential generator from numerical recipes,
+ * except we only use the low byte as the output. See
+ * https://en.wikipedia.org/wiki/Linear_congruential_generator#Parameters_in_common_use
+ */
+static int self_test_rng( void *ctx, unsigned char *out, size_t len )
+{
+ static uint32_t state = 42;
+
+ (void) ctx;
+
+ for( size_t i = 0; i < len; i++ )
+ {
+ state = state * 1664525u + 1013904223u;
+ out[i] = (unsigned char) state;
+ }
+
+ return( 0 );
+}
+
/* Load my private keys and generate the corresponding public keys */
static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,
const unsigned char *xm1, size_t len1,
@@ -958,9 +994,9 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm1, xm1, len1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm2, xm2, len2 ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm1, &ctx->xm1,
- &ctx->grp.G, NULL, NULL ) );
+ &ctx->grp.G, self_test_rng, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm2, &ctx->xm2,
- &ctx->grp.G, NULL, NULL ) );
+ &ctx->grp.G, self_test_rng, NULL ) );
cleanup:
return( ret );
diff --git a/library/ecp.c b/library/ecp.c
index f450056..3dc1378 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -99,17 +99,7 @@
#define mbedtls_free free
#endif
-#include "ecp_alt.h"
-
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-#if defined(MBEDTLS_HMAC_DRBG_C)
-#include "mbedtls/hmac_drbg.h"
-#elif defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/ctr_drbg.h"
-#else
-#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid."
-#endif
-#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */
+#include "ecp_internal_alt.h"
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
@@ -124,144 +114,6 @@
static unsigned long add_count, dbl_count, mul_count;
#endif
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-/*
- * Currently ecp_mul() takes a RNG function as an argument, used for
- * side-channel protection, but it can be NULL. The initial reasoning was
- * that people will pass non-NULL RNG when they care about side-channels, but
- * unfortunately we have some APIs that call ecp_mul() with a NULL RNG, with
- * no opportunity for the user to do anything about it.
- *
- * The obvious strategies for addressing that include:
- * - change those APIs so that they take RNG arguments;
- * - require a global RNG to be available to all crypto modules.
- *
- * Unfortunately those would break compatibility. So what we do instead is
- * have our own internal DRBG instance, seeded from the secret scalar.
- *
- * The following is a light-weight abstraction layer for doing that with
- * HMAC_DRBG (first choice) or CTR_DRBG.
- */
-
-#if defined(MBEDTLS_HMAC_DRBG_C)
-
-/* DRBG context type */
-typedef mbedtls_hmac_drbg_context ecp_drbg_context;
-
-/* DRBG context init */
-static inline void ecp_drbg_init( ecp_drbg_context *ctx )
-{
- mbedtls_hmac_drbg_init( ctx );
-}
-
-/* DRBG context free */
-static inline void ecp_drbg_free( ecp_drbg_context *ctx )
-{
- mbedtls_hmac_drbg_free( ctx );
-}
-
-/* DRBG function */
-static inline int ecp_drbg_random( void *p_rng,
- unsigned char *output, size_t output_len )
-{
- return( mbedtls_hmac_drbg_random( p_rng, output, output_len ) );
-}
-
-/* DRBG context seeding */
-static int ecp_drbg_seed( ecp_drbg_context *ctx,
- const mbedtls_mpi *secret, size_t secret_len )
-{
- int ret;
- unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES];
- /* The list starts with strong hashes */
- const mbedtls_md_type_t md_type = mbedtls_md_list()[0];
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type );
-
- if( secret_len > MBEDTLS_ECP_MAX_BYTES )
- {
- ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
- goto cleanup;
- }
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret,
- secret_bytes, secret_len ) );
-
- ret = mbedtls_hmac_drbg_seed_buf( ctx, md_info, secret_bytes, secret_len );
-
-cleanup:
- mbedtls_platform_zeroize( secret_bytes, secret_len );
-
- return( ret );
-}
-
-#elif defined(MBEDTLS_CTR_DRBG_C)
-
-/* DRBG context type */
-typedef mbedtls_ctr_drbg_context ecp_drbg_context;
-
-/* DRBG context init */
-static inline void ecp_drbg_init( ecp_drbg_context *ctx )
-{
- mbedtls_ctr_drbg_init( ctx );
-}
-
-/* DRBG context free */
-static inline void ecp_drbg_free( ecp_drbg_context *ctx )
-{
- mbedtls_ctr_drbg_free( ctx );
-}
-
-/* DRBG function */
-static inline int ecp_drbg_random( void *p_rng,
- unsigned char *output, size_t output_len )
-{
- return( mbedtls_ctr_drbg_random( p_rng, output, output_len ) );
-}
-
-/*
- * Since CTR_DRBG doesn't have a seed_buf() function the way HMAC_DRBG does,
- * we need to pass an entropy function when seeding. So we use a dummy
- * function for that, and pass the actual entropy as customisation string.
- * (During seeding of CTR_DRBG the entropy input and customisation string are
- * concatenated before being used to update the secret state.)
- */
-static int ecp_ctr_drbg_null_entropy(void *ctx, unsigned char *out, size_t len)
-{
- (void) ctx;
- memset( out, 0, len );
- return( 0 );
-}
-
-/* DRBG context seeding */
-static int ecp_drbg_seed( ecp_drbg_context *ctx,
- const mbedtls_mpi *secret, size_t secret_len )
-{
- int ret;
- unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES];
-
- if( secret_len > MBEDTLS_ECP_MAX_BYTES )
- {
- ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
- goto cleanup;
- }
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret,
- secret_bytes, secret_len ) );
-
- ret = mbedtls_ctr_drbg_seed( ctx, ecp_ctr_drbg_null_entropy, NULL,
- secret_bytes, secret_len );
-
-cleanup:
- mbedtls_platform_zeroize( secret_bytes, secret_len );
-
- return( ret );
-}
-
-#else
-#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid."
-#endif /* DRBG modules */
-#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */
-
#if defined(MBEDTLS_ECP_RESTARTABLE)
/*
* Maximum number of "basic operations" to be done in a row.
@@ -309,10 +161,6 @@
ecp_rsm_comb_core, /* ecp_mul_comb_core() */
ecp_rsm_final_norm, /* do the final normalization */
} state;
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- ecp_drbg_context drbg_ctx;
- unsigned char drbg_seeded;
-#endif
};
/*
@@ -325,10 +173,6 @@
ctx->T = NULL;
ctx->T_size = 0;
ctx->state = ecp_rsm_init;
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- ecp_drbg_init( &ctx->drbg_ctx );
- ctx->drbg_seeded = 0;
-#endif
}
/*
@@ -350,10 +194,6 @@
mbedtls_free( ctx->T );
}
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- ecp_drbg_free( &ctx->drbg_ctx );
-#endif
-
ecp_restart_rsm_init( ctx );
}
@@ -509,9 +349,9 @@
* - readable name
*
* Curves are listed in order: largest curves first, and for a given size,
- * fastest curves first. This provides the default order for the SSL module.
+ * fastest curves first.
*
- * Reminder: update profiles in x509_crt.c when adding a new curves!
+ * Reminder: update profiles in x509_crt.c and ssl_tls.c when adding a new curve!
*/
static const mbedtls_ecp_curve_info ecp_supported_curves[] =
{
@@ -2068,9 +1908,7 @@
i = d;
MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) );
-#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng != 0 )
-#endif
MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) );
}
@@ -2204,9 +2042,7 @@
*
* Avoid the leak by randomizing coordinates before we normalize them.
*/
-#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng != 0 )
-#endif
MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) );
@@ -2286,42 +2122,9 @@
size_t d;
unsigned char T_size = 0, T_ok = 0;
mbedtls_ecp_point *T = NULL;
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- ecp_drbg_context drbg_ctx;
-
- ecp_drbg_init( &drbg_ctx );
-#endif
ECP_RS_ENTER( rsm );
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- if( f_rng == NULL )
- {
- /* Adjust pointers */
- f_rng = &ecp_drbg_random;
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->rsm != NULL )
- p_rng = &rs_ctx->rsm->drbg_ctx;
- else
-#endif
- p_rng = &drbg_ctx;
-
- /* Initialize internal DRBG if necessary */
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx == NULL || rs_ctx->rsm == NULL ||
- rs_ctx->rsm->drbg_seeded == 0 )
-#endif
- {
- const size_t m_len = ( grp->nbits + 7 ) / 8;
- MBEDTLS_MPI_CHK( ecp_drbg_seed( p_rng, m, m_len ) );
- }
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && rs_ctx->rsm != NULL )
- rs_ctx->rsm->drbg_seeded = 1;
-#endif
- }
-#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */
-
/* Is P the base point ? */
#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 &&
@@ -2393,10 +2196,6 @@
cleanup:
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- ecp_drbg_free( &drbg_ctx );
-#endif
-
/* does T belong to the group? */
if( T == grp->T )
T = NULL;
@@ -2583,22 +2382,10 @@
unsigned char b;
mbedtls_ecp_point RP;
mbedtls_mpi PX;
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- ecp_drbg_context drbg_ctx;
-
- ecp_drbg_init( &drbg_ctx );
-#endif
mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX );
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng == NULL )
- {
- const size_t m_len = ( grp->nbits + 7 ) / 8;
- MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m, m_len ) );
- f_rng = &ecp_drbg_random;
- p_rng = &drbg_ctx;
- }
-#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
/* Save PX and read from P before writing to R, in case P == R */
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) );
@@ -2613,10 +2400,7 @@
MOD_ADD( RP.X );
/* Randomize coordinates of the starting point */
-#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- if( f_rng != NULL )
-#endif
- MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) );
/* Loop invariant: R = result so far, RP = R + P */
i = mbedtls_mpi_bitlen( m ); /* one past the (zero-based) most significant bit */
@@ -2648,18 +2432,10 @@
*
* Avoid the leak by randomizing coordinates before we normalize them.
*/
-#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- if( f_rng != NULL )
-#endif
- MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) );
-
+ MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) );
cleanup:
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- ecp_drbg_free( &drbg_ctx );
-#endif
-
mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX );
return( ret );
@@ -2669,8 +2445,11 @@
/*
* Restartable multiplication R = m * P
+ *
+ * This internal function can be called without an RNG in case where we know
+ * the inputs are not sensitive.
*/
-int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+static int ecp_mul_restartable_internal( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_ecp_restart_ctx *rs_ctx )
@@ -2679,10 +2458,6 @@
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
char is_grp_capable = 0;
#endif
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( R != NULL );
- ECP_VALIDATE_RET( m != NULL );
- ECP_VALIDATE_RET( P != NULL );
#if defined(MBEDTLS_ECP_RESTARTABLE)
/* reset ops count for this call if top-level */
@@ -2736,6 +2511,25 @@
}
/*
+ * Restartable multiplication R = m * P
+ */
+int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ mbedtls_ecp_restart_ctx *rs_ctx )
+{
+ ECP_VALIDATE_RET( grp != NULL );
+ ECP_VALIDATE_RET( R != NULL );
+ ECP_VALIDATE_RET( m != NULL );
+ ECP_VALIDATE_RET( P != NULL );
+
+ if( f_rng == NULL )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+ return( ecp_mul_restartable_internal( grp, R, m, P, f_rng, p_rng, rs_ctx ) );
+}
+
+/*
* Multiplication R = m * P
*/
int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
@@ -2828,8 +2622,8 @@
}
else
{
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, R, m, P,
- NULL, NULL, rs_ctx ) );
+ MBEDTLS_MPI_CHK( ecp_mul_restartable_internal( grp, R, m, P,
+ NULL, NULL, rs_ctx ) );
}
cleanup:
@@ -3272,7 +3066,9 @@
/*
* Check a public-private key pair
*/
-int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv )
+int mbedtls_ecp_check_pub_priv(
+ const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point Q;
@@ -3296,7 +3092,7 @@
mbedtls_ecp_group_copy( &grp, &prv->grp );
/* Also checks d is valid */
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, NULL, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, f_rng, p_rng ) );
if( mbedtls_mpi_cmp_mpi( &Q.X, &prv->Q.X ) ||
mbedtls_mpi_cmp_mpi( &Q.Y, &prv->Q.Y ) ||
@@ -3315,6 +3111,28 @@
#if defined(MBEDTLS_SELF_TEST)
+/*
+ * PRNG for test - !!!INSECURE NEVER USE IN PRODUCTION!!!
+ *
+ * This is the linear congruential generator from numerical recipes,
+ * except we only use the low byte as the output. See
+ * https://en.wikipedia.org/wiki/Linear_congruential_generator#Parameters_in_common_use
+ */
+static int self_test_rng( void *ctx, unsigned char *out, size_t len )
+{
+ static uint32_t state = 42;
+
+ (void) ctx;
+
+ for( size_t i = 0; i < len; i++ )
+ {
+ state = state * 1664525u + 1013904223u;
+ out[i] = (unsigned char) state;
+ }
+
+ return( 0 );
+}
+
/* Adjust the exponent to be a valid private point for the specified curve.
* This is sometimes necessary because we use a single set of exponents
* for all curves but the validity of values depends on the curve. */
@@ -3370,7 +3188,7 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( m, 16, exponents[0] ) );
MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, self_test_rng, NULL ) );
for( i = 1; i < n_exponents; i++ )
{
@@ -3383,7 +3201,7 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( m, 16, exponents[i] ) );
MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, self_test_rng, NULL ) );
if( add_count != add_c_prev ||
dbl_count != dbl_c_prev ||
@@ -3461,7 +3279,7 @@
mbedtls_printf( " ECP SW test #1 (constant op_count, base point G): " );
/* Do a dummy multiplication first to trigger precomputation */
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &m, 2 ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &P, &m, &grp.G, NULL, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &P, &m, &grp.G, self_test_rng, NULL ) );
ret = self_test_point( verbose,
&grp, &R, &m, &grp.G,
sw_exponents,
diff --git a/library/ecp_alt.h b/library/ecp_internal_alt.h
similarity index 99%
rename from library/ecp_alt.h
rename to library/ecp_internal_alt.h
index 6b1b29f..9b157ea 100644
--- a/library/ecp_alt.h
+++ b/library/ecp_internal_alt.h
@@ -1,5 +1,5 @@
/**
- * \file ecp_alt.h
+ * \file ecp_internal_alt.h
*
* \brief Function declarations for alternative implementation of elliptic curve
* point arithmetic.
@@ -293,5 +293,5 @@
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
-#endif /* ecp_alt.h */
+#endif /* ecp_internal_alt.h */
diff --git a/library/entropy.c b/library/entropy.c
index cc68628..9e31f84 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -73,11 +73,6 @@
MBEDTLS_ENTROPY_MIN_PLATFORM,
MBEDTLS_ENTROPY_SOURCE_STRONG );
#endif
-#if defined(MBEDTLS_TIMING_C)
- mbedtls_entropy_add_source( ctx, mbedtls_hardclock_poll, NULL,
- MBEDTLS_ENTROPY_MIN_HARDCLOCK,
- MBEDTLS_ENTROPY_SOURCE_WEAK );
-#endif
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
mbedtls_entropy_add_source( ctx, mbedtls_hardware_poll, NULL,
MBEDTLS_ENTROPY_MIN_HARDWARE,
@@ -164,10 +159,10 @@
if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE )
{
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
- if( ( ret = mbedtls_sha512_ret( data, len, tmp, 0 ) ) != 0 )
+ if( ( ret = mbedtls_sha512( data, len, tmp, 0 ) ) != 0 )
goto cleanup;
#else
- if( ( ret = mbedtls_sha256_ret( data, len, tmp, 0 ) ) != 0 )
+ if( ( ret = mbedtls_sha256( data, len, tmp, 0 ) ) != 0 )
goto cleanup;
#endif
p = tmp;
@@ -184,22 +179,22 @@
*/
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
if( ctx->accumulator_started == 0 &&
- ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
+ ( ret = mbedtls_sha512_starts( &ctx->accumulator, 0 ) ) != 0 )
goto cleanup;
else
ctx->accumulator_started = 1;
- if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, header, 2 ) ) != 0 )
+ if( ( ret = mbedtls_sha512_update( &ctx->accumulator, header, 2 ) ) != 0 )
goto cleanup;
- ret = mbedtls_sha512_update_ret( &ctx->accumulator, p, use_len );
+ ret = mbedtls_sha512_update( &ctx->accumulator, p, use_len );
#else
if( ctx->accumulator_started == 0 &&
- ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
+ ( ret = mbedtls_sha256_starts( &ctx->accumulator, 0 ) ) != 0 )
goto cleanup;
else
ctx->accumulator_started = 1;
- if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, header, 2 ) ) != 0 )
+ if( ( ret = mbedtls_sha256_update( &ctx->accumulator, header, 2 ) ) != 0 )
goto cleanup;
- ret = mbedtls_sha256_update_ret( &ctx->accumulator, p, use_len );
+ ret = mbedtls_sha256_update( &ctx->accumulator, p, use_len );
#endif
cleanup:
@@ -361,7 +356,7 @@
* in a previous call to entropy_update(). If this is not guaranteed, the
* code below will fail.
*/
- if( ( ret = mbedtls_sha512_finish_ret( &ctx->accumulator, buf ) ) != 0 )
+ if( ( ret = mbedtls_sha512_finish( &ctx->accumulator, buf ) ) != 0 )
goto exit;
/*
@@ -369,20 +364,20 @@
*/
mbedtls_sha512_free( &ctx->accumulator );
mbedtls_sha512_init( &ctx->accumulator );
- if( ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
+ if( ( ret = mbedtls_sha512_starts( &ctx->accumulator, 0 ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, buf,
+ if( ( ret = mbedtls_sha512_update( &ctx->accumulator, buf,
MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
goto exit;
/*
* Perform second SHA-512 on entropy
*/
- if( ( ret = mbedtls_sha512_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
+ if( ( ret = mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
buf, 0 ) ) != 0 )
goto exit;
#else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
- if( ( ret = mbedtls_sha256_finish_ret( &ctx->accumulator, buf ) ) != 0 )
+ if( ( ret = mbedtls_sha256_finish( &ctx->accumulator, buf ) ) != 0 )
goto exit;
/*
@@ -390,16 +385,16 @@
*/
mbedtls_sha256_free( &ctx->accumulator );
mbedtls_sha256_init( &ctx->accumulator );
- if( ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
+ if( ( ret = mbedtls_sha256_starts( &ctx->accumulator, 0 ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, buf,
+ if( ( ret = mbedtls_sha256_update( &ctx->accumulator, buf,
MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
goto exit;
/*
* Perform second SHA-256 on entropy
*/
- if( ( ret = mbedtls_sha256_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
+ if( ( ret = mbedtls_sha256( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
buf, 0 ) ) != 0 )
goto exit;
#endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index e5d75c5..bccc034 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -211,24 +211,6 @@
#endif /* _WIN32 && !EFIX64 && !EFI32 */
#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
-#if defined(MBEDTLS_TIMING_C)
-int mbedtls_hardclock_poll( void *data,
- unsigned char *output, size_t len, size_t *olen )
-{
- unsigned long timer = mbedtls_timing_hardclock();
- ((void) data);
- *olen = 0;
-
- if( len < sizeof(unsigned long) )
- return( 0 );
-
- memcpy( output, &timer, sizeof(unsigned long) );
- *olen = sizeof(unsigned long);
-
- return( 0 );
-}
-#endif /* MBEDTLS_TIMING_C */
-
#if defined(MBEDTLS_ENTROPY_NV_SEED)
int mbedtls_nv_seed_poll( void *data,
unsigned char *output, size_t len, size_t *olen )
diff --git a/library/entropy_poll.h b/library/entropy_poll.h
index 9120fe5..bf26889 100644
--- a/library/entropy_poll.h
+++ b/library/entropy_poll.h
@@ -38,7 +38,6 @@
* Default thresholds for built-in sources, in bytes
*/
#define MBEDTLS_ENTROPY_MIN_PLATFORM 32 /**< Minimum for platform source */
-#define MBEDTLS_ENTROPY_MIN_HARDCLOCK 4 /**< Minimum for mbedtls_timing_hardclock() */
#if !defined(MBEDTLS_ENTROPY_MIN_HARDWARE)
#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Minimum for the hardware source */
#endif
@@ -51,14 +50,6 @@
unsigned char *output, size_t len, size_t *olen );
#endif
-#if defined(MBEDTLS_TIMING_C)
-/**
- * \brief mbedtls_timing_hardclock-based entropy poll callback
- */
-int mbedtls_hardclock_poll( void *data,
- unsigned char *output, size_t len, size_t *olen );
-#endif
-
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
/**
* \brief Entropy poll callback for a hardware source
diff --git a/library/gcm.c b/library/gcm.c
index 2bd9071..835b1b2 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -281,7 +281,7 @@
GCM_VALIDATE_RET( ctx != NULL );
GCM_VALIDATE_RET( iv != NULL );
- /* IV is are limited to 2^64 bits, so 2^61 bytes */
+ /* IV is limited to 2^64 bits, so 2^61 bytes */
/* IV is not allowed to be zero length */
if( iv_len == 0 || (uint64_t) iv_len >> 61 != 0 )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
@@ -332,36 +332,72 @@
return( 0 );
}
-
+/**
+ * mbedtls_gcm_context::buf contains the partial state of the computation of
+ * the authentication tag.
+ * mbedtls_gcm_context::add_len and mbedtls_gcm_context::len indicate
+ * different stages of the computation:
+ * * len == 0 && add_len == 0: initial state
+ * * len == 0 && add_len % 16 != 0: the first `add_len % 16` bytes have
+ * a partial block of AD that has been
+ * xored in but not yet multiplied in.
+ * * len == 0 && add_len % 16 == 0: the authentication tag is correct if
+ * the data ends now.
+ * * len % 16 != 0: the first `len % 16` bytes have
+ * a partial block of ciphertext that has
+ * been xored in but not yet multiplied in.
+ * * len > 0 && len % 16 == 0: the authentication tag is correct if
+ * the data ends now.
+ */
int mbedtls_gcm_update_ad( mbedtls_gcm_context *ctx,
const unsigned char *add, size_t add_len )
{
const unsigned char *p;
- size_t use_len, i;
+ size_t use_len, i, offset;
GCM_VALIDATE_RET( add_len == 0 || add != NULL );
- /* IV is are limited to 2^64 bits, so 2^61 bytes */
+ /* IV is limited to 2^64 bits, so 2^61 bytes */
if( (uint64_t) add_len >> 61 != 0 )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
- /* Calling update_ad multiple times is not yet supported */
- if( ctx->add_len != 0 )
- return( MBEDTLS_ERR_GCM_BAD_INPUT );
-
- ctx->add_len = add_len;
+ offset = ctx->add_len % 16;
p = add;
- while( add_len > 0 )
+
+ if( offset != 0 )
{
- use_len = ( add_len < 16 ) ? add_len : 16;
+ use_len = 16 - offset;
+ if( use_len > add_len )
+ use_len = add_len;
for( i = 0; i < use_len; i++ )
+ ctx->buf[i+offset] ^= p[i];
+
+ if( offset + use_len == 16 )
+ gcm_mult( ctx, ctx->buf, ctx->buf );
+
+ ctx->add_len += use_len;
+ add_len -= use_len;
+ p += use_len;
+ }
+
+ ctx->add_len += add_len;
+
+ while( add_len >= 16 )
+ {
+ for( i = 0; i < 16; i++ )
ctx->buf[i] ^= p[i];
gcm_mult( ctx, ctx->buf, ctx->buf );
- add_len -= use_len;
- p += use_len;
+ add_len -= 16;
+ p += 16;
+ }
+
+ if( add_len > 0 )
+ {
+ for( i = 0; i < add_len; i++ )
+ ctx->buf[i] ^= p[i];
}
return( 0 );
@@ -423,7 +459,9 @@
*output_length = input_length;
/* Exit early if input_length==0 so that we don't do any pointer arithmetic
- * on a potentially null pointer. */
+ * on a potentially null pointer.
+ * Returning early also means that the last partial block of AD remains
+ * untouched for mbedtls_gcm_finish */
if( input_length == 0 )
return( 0 );
@@ -442,6 +480,11 @@
return( MBEDTLS_ERR_GCM_BAD_INPUT );
}
+ if( ctx->len == 0 && ctx->add_len % 16 != 0 )
+ {
+ gcm_mult( ctx, ctx->buf, ctx->buf );
+ }
+
offset = ctx->len % 16;
if( offset != 0 )
{
@@ -489,6 +532,7 @@
int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
unsigned char *output, size_t output_size,
+ size_t *output_length,
unsigned char *tag, size_t tag_len )
{
unsigned char work_buf[16];
@@ -503,10 +547,16 @@
* for the sake of alternative implementations. */
(void) output;
(void) output_size;
+ *output_length = 0;
orig_len = ctx->len * 8;
orig_add_len = ctx->add_len * 8;
+ if( ctx->len == 0 && ctx->add_len % 16 != 0 )
+ {
+ gcm_mult( ctx, ctx->buf, ctx->buf );
+ }
+
if( tag_len > 16 || tag_len < 4 )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
@@ -568,7 +618,7 @@
output, length, &olen ) ) != 0 )
return( ret );
- if( ( ret = mbedtls_gcm_finish( ctx, NULL, 0, tag, tag_len ) ) != 0 )
+ if( ( ret = mbedtls_gcm_finish( ctx, NULL, 0, &olen, tag, tag_len ) ) != 0 )
return( ret );
return( 0 );
@@ -1020,7 +1070,7 @@
goto exit;
}
- ret = mbedtls_gcm_finish( &ctx, NULL, 0, tag_buf, 16 );
+ ret = mbedtls_gcm_finish( &ctx, NULL, 0, &olen, tag_buf, 16 );
if( ret != 0 )
goto exit;
@@ -1092,7 +1142,7 @@
goto exit;
}
- ret = mbedtls_gcm_finish( &ctx, NULL, 0, tag_buf, 16 );
+ ret = mbedtls_gcm_finish( &ctx, NULL, 0, &olen, tag_buf, 16 );
if( ret != 0 )
goto exit;
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index 7e1b4fb..ab353bf 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -59,7 +59,7 @@
/*
* HMAC_DRBG update, using optional additional data (10.1.2.2)
*/
-int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
+int mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
const unsigned char *additional,
size_t add_len )
{
@@ -130,7 +130,7 @@
return( ret );
memset( ctx->V, 0x01, mbedtls_md_get_size( md_info ) );
- if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, data, data_len ) ) != 0 )
+ if( ( ret = mbedtls_hmac_drbg_update( ctx, data, data_len ) ) != 0 )
return( ret );
return( 0 );
@@ -205,7 +205,7 @@
}
/* 2. Update state */
- if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, seed, seedlen ) ) != 0 )
+ if( ( ret = mbedtls_hmac_drbg_update( ctx, seed, seedlen ) ) != 0 )
goto exit;
/* 3. Reset reseed_counter */
@@ -348,7 +348,7 @@
/* 2. Use additional data if any */
if( additional != NULL && add_len != 0 )
{
- if( ( ret = mbedtls_hmac_drbg_update_ret( ctx,
+ if( ( ret = mbedtls_hmac_drbg_update( ctx,
additional, add_len ) ) != 0 )
goto exit;
}
@@ -372,7 +372,7 @@
}
/* 6. Update */
- if( ( ret = mbedtls_hmac_drbg_update_ret( ctx,
+ if( ( ret = mbedtls_hmac_drbg_update( ctx,
additional, add_len ) ) != 0 )
goto exit;
@@ -479,7 +479,7 @@
fclose( f );
f = NULL;
- ret = mbedtls_hmac_drbg_update_ret( ctx, buf, n );
+ ret = mbedtls_hmac_drbg_update( ctx, buf, n );
exit:
mbedtls_platform_zeroize( buf, sizeof( buf ) );
diff --git a/library/md.c b/library/md.c
index 28261ac..a228789 100644
--- a/library/md.c
+++ b/library/md.c
@@ -30,8 +30,6 @@
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
-#include "mbedtls/md2.h"
-#include "mbedtls/md4.h"
#include "mbedtls/md5.h"
#include "mbedtls/ripemd160.h"
#include "mbedtls/sha1.h"
@@ -52,24 +50,6 @@
#include <stdio.h>
#endif
-#if defined(MBEDTLS_MD2_C)
-const mbedtls_md_info_t mbedtls_md2_info = {
- "MD2",
- MBEDTLS_MD_MD2,
- 16,
- 16,
-};
-#endif
-
-#if defined(MBEDTLS_MD4_C)
-const mbedtls_md_info_t mbedtls_md4_info = {
- "MD4",
- MBEDTLS_MD_MD4,
- 16,
- 64,
-};
-#endif
-
#if defined(MBEDTLS_MD5_C)
const mbedtls_md_info_t mbedtls_md5_info = {
"MD5",
@@ -165,14 +145,6 @@
MBEDTLS_MD_MD5,
#endif
-#if defined(MBEDTLS_MD4_C)
- MBEDTLS_MD_MD4,
-#endif
-
-#if defined(MBEDTLS_MD2_C)
- MBEDTLS_MD_MD2,
-#endif
-
MBEDTLS_MD_NONE
};
@@ -187,14 +159,6 @@
return( NULL );
/* Get the appropriate digest information */
-#if defined(MBEDTLS_MD2_C)
- if( !strcmp( "MD2", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_MD2 );
-#endif
-#if defined(MBEDTLS_MD4_C)
- if( !strcmp( "MD4", md_name ) )
- return mbedtls_md_info_from_type( MBEDTLS_MD_MD4 );
-#endif
#if defined(MBEDTLS_MD5_C)
if( !strcmp( "MD5", md_name ) )
return mbedtls_md_info_from_type( MBEDTLS_MD_MD5 );
@@ -230,14 +194,6 @@
{
switch( md_type )
{
-#if defined(MBEDTLS_MD2_C)
- case MBEDTLS_MD_MD2:
- return( &mbedtls_md2_info );
-#endif
-#if defined(MBEDTLS_MD4_C)
- case MBEDTLS_MD_MD4:
- return( &mbedtls_md4_info );
-#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
return( &mbedtls_md5_info );
@@ -285,16 +241,6 @@
{
switch( ctx->md_info->type )
{
-#if defined(MBEDTLS_MD2_C)
- case MBEDTLS_MD_MD2:
- mbedtls_md2_free( ctx->md_ctx );
- break;
-#endif
-#if defined(MBEDTLS_MD4_C)
- case MBEDTLS_MD_MD4:
- mbedtls_md4_free( ctx->md_ctx );
- break;
-#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
mbedtls_md5_free( ctx->md_ctx );
@@ -359,16 +305,6 @@
switch( src->md_info->type )
{
-#if defined(MBEDTLS_MD2_C)
- case MBEDTLS_MD_MD2:
- mbedtls_md2_clone( dst->md_ctx, src->md_ctx );
- break;
-#endif
-#if defined(MBEDTLS_MD4_C)
- case MBEDTLS_MD_MD4:
- mbedtls_md4_clone( dst->md_ctx, src->md_ctx );
- break;
-#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
mbedtls_md5_clone( dst->md_ctx, src->md_ctx );
@@ -431,16 +367,6 @@
switch( md_info->type )
{
-#if defined(MBEDTLS_MD2_C)
- case MBEDTLS_MD_MD2:
- ALLOC( md2 );
- break;
-#endif
-#if defined(MBEDTLS_MD4_C)
- case MBEDTLS_MD_MD4:
- ALLOC( md4 );
- break;
-#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
ALLOC( md5 );
@@ -501,41 +427,33 @@
switch( ctx->md_info->type )
{
-#if defined(MBEDTLS_MD2_C)
- case MBEDTLS_MD_MD2:
- return( mbedtls_md2_starts_ret( ctx->md_ctx ) );
-#endif
-#if defined(MBEDTLS_MD4_C)
- case MBEDTLS_MD_MD4:
- return( mbedtls_md4_starts_ret( ctx->md_ctx ) );
-#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
- return( mbedtls_md5_starts_ret( ctx->md_ctx ) );
+ return( mbedtls_md5_starts( ctx->md_ctx ) );
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
- return( mbedtls_ripemd160_starts_ret( ctx->md_ctx ) );
+ return( mbedtls_ripemd160_starts( ctx->md_ctx ) );
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
- return( mbedtls_sha1_starts_ret( ctx->md_ctx ) );
+ return( mbedtls_sha1_starts( ctx->md_ctx ) );
#endif
#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
- return( mbedtls_sha256_starts_ret( ctx->md_ctx, 1 ) );
+ return( mbedtls_sha256_starts( ctx->md_ctx, 1 ) );
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
- return( mbedtls_sha256_starts_ret( ctx->md_ctx, 0 ) );
+ return( mbedtls_sha256_starts( ctx->md_ctx, 0 ) );
#endif
#if defined(MBEDTLS_SHA384_C)
case MBEDTLS_MD_SHA384:
- return( mbedtls_sha512_starts_ret( ctx->md_ctx, 1 ) );
+ return( mbedtls_sha512_starts( ctx->md_ctx, 1 ) );
#endif
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_MD_SHA512:
- return( mbedtls_sha512_starts_ret( ctx->md_ctx, 0 ) );
+ return( mbedtls_sha512_starts( ctx->md_ctx, 0 ) );
#endif
default:
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
@@ -549,41 +467,33 @@
switch( ctx->md_info->type )
{
-#if defined(MBEDTLS_MD2_C)
- case MBEDTLS_MD_MD2:
- return( mbedtls_md2_update_ret( ctx->md_ctx, input, ilen ) );
-#endif
-#if defined(MBEDTLS_MD4_C)
- case MBEDTLS_MD_MD4:
- return( mbedtls_md4_update_ret( ctx->md_ctx, input, ilen ) );
-#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
- return( mbedtls_md5_update_ret( ctx->md_ctx, input, ilen ) );
+ return( mbedtls_md5_update( ctx->md_ctx, input, ilen ) );
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
- return( mbedtls_ripemd160_update_ret( ctx->md_ctx, input, ilen ) );
+ return( mbedtls_ripemd160_update( ctx->md_ctx, input, ilen ) );
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
- return( mbedtls_sha1_update_ret( ctx->md_ctx, input, ilen ) );
+ return( mbedtls_sha1_update( ctx->md_ctx, input, ilen ) );
#endif
#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
- return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) );
+ return( mbedtls_sha256_update( ctx->md_ctx, input, ilen ) );
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
- return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) );
+ return( mbedtls_sha256_update( ctx->md_ctx, input, ilen ) );
#endif
#if defined(MBEDTLS_SHA384_C)
case MBEDTLS_MD_SHA384:
- return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) );
+ return( mbedtls_sha512_update( ctx->md_ctx, input, ilen ) );
#endif
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_MD_SHA512:
- return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) );
+ return( mbedtls_sha512_update( ctx->md_ctx, input, ilen ) );
#endif
default:
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
@@ -597,41 +507,33 @@
switch( ctx->md_info->type )
{
-#if defined(MBEDTLS_MD2_C)
- case MBEDTLS_MD_MD2:
- return( mbedtls_md2_finish_ret( ctx->md_ctx, output ) );
-#endif
-#if defined(MBEDTLS_MD4_C)
- case MBEDTLS_MD_MD4:
- return( mbedtls_md4_finish_ret( ctx->md_ctx, output ) );
-#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
- return( mbedtls_md5_finish_ret( ctx->md_ctx, output ) );
+ return( mbedtls_md5_finish( ctx->md_ctx, output ) );
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
- return( mbedtls_ripemd160_finish_ret( ctx->md_ctx, output ) );
+ return( mbedtls_ripemd160_finish( ctx->md_ctx, output ) );
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
- return( mbedtls_sha1_finish_ret( ctx->md_ctx, output ) );
+ return( mbedtls_sha1_finish( ctx->md_ctx, output ) );
#endif
#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
- return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) );
+ return( mbedtls_sha256_finish( ctx->md_ctx, output ) );
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
- return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) );
+ return( mbedtls_sha256_finish( ctx->md_ctx, output ) );
#endif
#if defined(MBEDTLS_SHA384_C)
case MBEDTLS_MD_SHA384:
- return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) );
+ return( mbedtls_sha512_finish( ctx->md_ctx, output ) );
#endif
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_MD_SHA512:
- return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) );
+ return( mbedtls_sha512_finish( ctx->md_ctx, output ) );
#endif
default:
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
@@ -646,41 +548,33 @@
switch( md_info->type )
{
-#if defined(MBEDTLS_MD2_C)
- case MBEDTLS_MD_MD2:
- return( mbedtls_md2_ret( input, ilen, output ) );
-#endif
-#if defined(MBEDTLS_MD4_C)
- case MBEDTLS_MD_MD4:
- return( mbedtls_md4_ret( input, ilen, output ) );
-#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
- return( mbedtls_md5_ret( input, ilen, output ) );
+ return( mbedtls_md5( input, ilen, output ) );
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
- return( mbedtls_ripemd160_ret( input, ilen, output ) );
+ return( mbedtls_ripemd160( input, ilen, output ) );
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
- return( mbedtls_sha1_ret( input, ilen, output ) );
+ return( mbedtls_sha1( input, ilen, output ) );
#endif
#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
- return( mbedtls_sha256_ret( input, ilen, output, 1 ) );
+ return( mbedtls_sha256( input, ilen, output, 1 ) );
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
- return( mbedtls_sha256_ret( input, ilen, output, 0 ) );
+ return( mbedtls_sha256( input, ilen, output, 0 ) );
#endif
#if defined(MBEDTLS_SHA384_C)
case MBEDTLS_MD_SHA384:
- return( mbedtls_sha512_ret( input, ilen, output, 1 ) );
+ return( mbedtls_sha512( input, ilen, output, 1 ) );
#endif
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_MD_SHA512:
- return( mbedtls_sha512_ret( input, ilen, output, 0 ) );
+ return( mbedtls_sha512( input, ilen, output, 0 ) );
#endif
default:
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
@@ -858,14 +752,6 @@
switch( ctx->md_info->type )
{
-#if defined(MBEDTLS_MD2_C)
- case MBEDTLS_MD_MD2:
- return( mbedtls_internal_md2_process( ctx->md_ctx ) );
-#endif
-#if defined(MBEDTLS_MD4_C)
- case MBEDTLS_MD_MD4:
- return( mbedtls_internal_md4_process( ctx->md_ctx, data ) );
-#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
return( mbedtls_internal_md5_process( ctx->md_ctx, data ) );
diff --git a/library/md2.c b/library/md2.c
deleted file mode 100644
index a11bc0f..0000000
--- a/library/md2.c
+++ /dev/null
@@ -1,321 +0,0 @@
-/*
- * RFC 1115/1319 compliant MD2 implementation
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * The MD2 algorithm was designed by Ron Rivest in 1989.
- *
- * http://www.ietf.org/rfc/rfc1115.txt
- * http://www.ietf.org/rfc/rfc1319.txt
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_MD2_C)
-
-#include "mbedtls/md2.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#if !defined(MBEDTLS_MD2_ALT)
-
-static const unsigned char PI_SUBST[256] =
-{
- 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36,
- 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, 0x62, 0xA7, 0x05, 0xF3,
- 0xC0, 0xC7, 0x73, 0x8C, 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C,
- 0x82, 0xCA, 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
- 0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, 0xBE, 0x4E,
- 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, 0xA0, 0xFB, 0xF5, 0x8E,
- 0xBB, 0x2F, 0xEE, 0x7A, 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2,
- 0x07, 0x3F, 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
- 0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, 0x35, 0x3E,
- 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, 0xFF, 0x19, 0x30, 0xB3,
- 0x48, 0xA5, 0xB5, 0xD1, 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56,
- 0xAA, 0xC6, 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
- 0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, 0x45, 0x9D,
- 0x70, 0x59, 0x64, 0x71, 0x87, 0x20, 0x86, 0x5B, 0xCF, 0x65,
- 0xE6, 0x2D, 0xA8, 0x02, 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0,
- 0xB9, 0xF6, 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
- 0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, 0xC3, 0x5C,
- 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, 0x2C, 0x53, 0x0D, 0x6E,
- 0x85, 0x28, 0x84, 0x09, 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81,
- 0x4D, 0x52, 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
- 0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, 0x78, 0x88,
- 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, 0xE9, 0xCB, 0xD5, 0xFE,
- 0x3B, 0x00, 0x1D, 0x39, 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58,
- 0xD0, 0xE4, 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
- 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, 0xDB, 0x99,
- 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14
-};
-
-void mbedtls_md2_init( mbedtls_md2_context *ctx )
-{
- memset( ctx, 0, sizeof( mbedtls_md2_context ) );
-}
-
-void mbedtls_md2_free( mbedtls_md2_context *ctx )
-{
- if( ctx == NULL )
- return;
-
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md2_context ) );
-}
-
-void mbedtls_md2_clone( mbedtls_md2_context *dst,
- const mbedtls_md2_context *src )
-{
- *dst = *src;
-}
-
-/*
- * MD2 context setup
- */
-int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx )
-{
- memset( ctx->cksum, 0, 16 );
- memset( ctx->state, 0, 46 );
- memset( ctx->buffer, 0, 16 );
- ctx->left = 0;
-
- return( 0 );
-}
-
-#if !defined(MBEDTLS_MD2_PROCESS_ALT)
-int mbedtls_internal_md2_process( mbedtls_md2_context *ctx )
-{
- int i, j;
- unsigned char t = 0;
-
- for( i = 0; i < 16; i++ )
- {
- ctx->state[i + 16] = ctx->buffer[i];
- ctx->state[i + 32] =
- (unsigned char)( ctx->buffer[i] ^ ctx->state[i]);
- }
-
- for( i = 0; i < 18; i++ )
- {
- for( j = 0; j < 48; j++ )
- {
- ctx->state[j] = (unsigned char)
- ( ctx->state[j] ^ PI_SUBST[t] );
- t = ctx->state[j];
- }
-
- t = (unsigned char)( t + i );
- }
-
- t = ctx->cksum[15];
-
- for( i = 0; i < 16; i++ )
- {
- ctx->cksum[i] = (unsigned char)
- ( ctx->cksum[i] ^ PI_SUBST[ctx->buffer[i] ^ t] );
- t = ctx->cksum[i];
- }
-
- /* Zeroise variables to clear sensitive data from memory. */
- mbedtls_platform_zeroize( &t, sizeof( t ) );
-
- return( 0 );
-}
-
-#endif /* !MBEDTLS_MD2_PROCESS_ALT */
-
-/*
- * MD2 process buffer
- */
-int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
- const unsigned char *input,
- size_t ilen )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t fill;
-
- while( ilen > 0 )
- {
- if( ilen > 16 - ctx->left )
- fill = 16 - ctx->left;
- else
- fill = ilen;
-
- memcpy( ctx->buffer + ctx->left, input, fill );
-
- ctx->left += fill;
- input += fill;
- ilen -= fill;
-
- if( ctx->left == 16 )
- {
- ctx->left = 0;
- if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 )
- return( ret );
- }
- }
-
- return( 0 );
-}
-
-/*
- * MD2 final digest
- */
-int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
- unsigned char output[16] )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t i;
- unsigned char x;
-
- x = (unsigned char)( 16 - ctx->left );
-
- for( i = ctx->left; i < 16; i++ )
- ctx->buffer[i] = x;
-
- if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 )
- return( ret );
-
- memcpy( ctx->buffer, ctx->cksum, 16 );
- if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 )
- return( ret );
-
- memcpy( output, ctx->state, 16 );
-
- return( 0 );
-}
-
-#endif /* !MBEDTLS_MD2_ALT */
-
-/*
- * output = MD2( input buffer )
- */
-int mbedtls_md2_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_md2_context ctx;
-
- mbedtls_md2_init( &ctx );
-
- if( ( ret = mbedtls_md2_starts_ret( &ctx ) ) != 0 )
- goto exit;
-
- if( ( ret = mbedtls_md2_update_ret( &ctx, input, ilen ) ) != 0 )
- goto exit;
-
- if( ( ret = mbedtls_md2_finish_ret( &ctx, output ) ) != 0 )
- goto exit;
-
-exit:
- mbedtls_md2_free( &ctx );
-
- return( ret );
-}
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/*
- * RFC 1319 test vectors
- */
-static const unsigned char md2_test_str[7][81] =
-{
- { "" },
- { "a" },
- { "abc" },
- { "message digest" },
- { "abcdefghijklmnopqrstuvwxyz" },
- { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
- { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" }
-};
-
-static const size_t md2_test_strlen[7] =
-{
- 0, 1, 3, 14, 26, 62, 80
-};
-
-static const unsigned char md2_test_sum[7][16] =
-{
- { 0x83, 0x50, 0xE5, 0xA3, 0xE2, 0x4C, 0x15, 0x3D,
- 0xF2, 0x27, 0x5C, 0x9F, 0x80, 0x69, 0x27, 0x73 },
- { 0x32, 0xEC, 0x01, 0xEC, 0x4A, 0x6D, 0xAC, 0x72,
- 0xC0, 0xAB, 0x96, 0xFB, 0x34, 0xC0, 0xB5, 0xD1 },
- { 0xDA, 0x85, 0x3B, 0x0D, 0x3F, 0x88, 0xD9, 0x9B,
- 0x30, 0x28, 0x3A, 0x69, 0xE6, 0xDE, 0xD6, 0xBB },
- { 0xAB, 0x4F, 0x49, 0x6B, 0xFB, 0x2A, 0x53, 0x0B,
- 0x21, 0x9F, 0xF3, 0x30, 0x31, 0xFE, 0x06, 0xB0 },
- { 0x4E, 0x8D, 0xDF, 0xF3, 0x65, 0x02, 0x92, 0xAB,
- 0x5A, 0x41, 0x08, 0xC3, 0xAA, 0x47, 0x94, 0x0B },
- { 0xDA, 0x33, 0xDE, 0xF2, 0xA4, 0x2D, 0xF1, 0x39,
- 0x75, 0x35, 0x28, 0x46, 0xC3, 0x03, 0x38, 0xCD },
- { 0xD5, 0x97, 0x6F, 0x79, 0xD8, 0x3D, 0x3A, 0x0D,
- 0xC9, 0x80, 0x6C, 0x3C, 0x66, 0xF3, 0xEF, 0xD8 }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_md2_self_test( int verbose )
-{
- int i, ret = 0;
- unsigned char md2sum[16];
-
- for( i = 0; i < 7; i++ )
- {
- if( verbose != 0 )
- mbedtls_printf( " MD2 test #%d: ", i + 1 );
-
- ret = mbedtls_md2_ret( md2_test_str[i], md2_test_strlen[i], md2sum );
- if( ret != 0 )
- goto fail;
-
- if( memcmp( md2sum, md2_test_sum[i], 16 ) != 0 )
- {
- ret = 1;
- goto fail;
- }
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
- }
-
- if( verbose != 0 )
- mbedtls_printf( "\n" );
-
- return( 0 );
-
-fail:
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_MD2_C */
diff --git a/library/md4.c b/library/md4.c
deleted file mode 100644
index c366c0d..0000000
--- a/library/md4.c
+++ /dev/null
@@ -1,444 +0,0 @@
-/*
- * RFC 1186/1320 compliant MD4 implementation
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * The MD4 algorithm was designed by Ron Rivest in 1990.
- *
- * http://www.ietf.org/rfc/rfc1186.txt
- * http://www.ietf.org/rfc/rfc1320.txt
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_MD4_C)
-
-#include "mbedtls/md4.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#if !defined(MBEDTLS_MD4_ALT)
-
-/*
- * 32-bit integer manipulation macros (little endian)
- */
-#ifndef GET_UINT32_LE
-#define GET_UINT32_LE(n,b,i) \
-{ \
- (n) = ( (uint32_t) (b)[(i) ] ) \
- | ( (uint32_t) (b)[(i) + 1] << 8 ) \
- | ( (uint32_t) (b)[(i) + 2] << 16 ) \
- | ( (uint32_t) (b)[(i) + 3] << 24 ); \
-}
-#endif
-
-#ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE(n,b,i) \
-{ \
- (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
- (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
- (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
- (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
-}
-#endif
-
-void mbedtls_md4_init( mbedtls_md4_context *ctx )
-{
- memset( ctx, 0, sizeof( mbedtls_md4_context ) );
-}
-
-void mbedtls_md4_free( mbedtls_md4_context *ctx )
-{
- if( ctx == NULL )
- return;
-
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md4_context ) );
-}
-
-void mbedtls_md4_clone( mbedtls_md4_context *dst,
- const mbedtls_md4_context *src )
-{
- *dst = *src;
-}
-
-/*
- * MD4 context setup
- */
-int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx )
-{
- ctx->total[0] = 0;
- ctx->total[1] = 0;
-
- ctx->state[0] = 0x67452301;
- ctx->state[1] = 0xEFCDAB89;
- ctx->state[2] = 0x98BADCFE;
- ctx->state[3] = 0x10325476;
-
- return( 0 );
-}
-
-#if !defined(MBEDTLS_MD4_PROCESS_ALT)
-int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
- const unsigned char data[64] )
-{
- struct
- {
- uint32_t X[16], A, B, C, D;
- } local;
-
- GET_UINT32_LE( local.X[ 0], data, 0 );
- GET_UINT32_LE( local.X[ 1], data, 4 );
- GET_UINT32_LE( local.X[ 2], data, 8 );
- GET_UINT32_LE( local.X[ 3], data, 12 );
- GET_UINT32_LE( local.X[ 4], data, 16 );
- GET_UINT32_LE( local.X[ 5], data, 20 );
- GET_UINT32_LE( local.X[ 6], data, 24 );
- GET_UINT32_LE( local.X[ 7], data, 28 );
- GET_UINT32_LE( local.X[ 8], data, 32 );
- GET_UINT32_LE( local.X[ 9], data, 36 );
- GET_UINT32_LE( local.X[10], data, 40 );
- GET_UINT32_LE( local.X[11], data, 44 );
- GET_UINT32_LE( local.X[12], data, 48 );
- GET_UINT32_LE( local.X[13], data, 52 );
- GET_UINT32_LE( local.X[14], data, 56 );
- GET_UINT32_LE( local.X[15], data, 60 );
-
-#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
-
- local.A = ctx->state[0];
- local.B = ctx->state[1];
- local.C = ctx->state[2];
- local.D = ctx->state[3];
-
-#define F(x, y, z) (((x) & (y)) | ((~(x)) & (z)))
-#define P(a,b,c,d,x,s) \
- do \
- { \
- (a) += F((b),(c),(d)) + (x); \
- (a) = S((a),(s)); \
- } while( 0 )
-
-
- P( local.A, local.B, local.C, local.D, local.X[ 0], 3 );
- P( local.D, local.A, local.B, local.C, local.X[ 1], 7 );
- P( local.C, local.D, local.A, local.B, local.X[ 2], 11 );
- P( local.B, local.C, local.D, local.A, local.X[ 3], 19 );
- P( local.A, local.B, local.C, local.D, local.X[ 4], 3 );
- P( local.D, local.A, local.B, local.C, local.X[ 5], 7 );
- P( local.C, local.D, local.A, local.B, local.X[ 6], 11 );
- P( local.B, local.C, local.D, local.A, local.X[ 7], 19 );
- P( local.A, local.B, local.C, local.D, local.X[ 8], 3 );
- P( local.D, local.A, local.B, local.C, local.X[ 9], 7 );
- P( local.C, local.D, local.A, local.B, local.X[10], 11 );
- P( local.B, local.C, local.D, local.A, local.X[11], 19 );
- P( local.A, local.B, local.C, local.D, local.X[12], 3 );
- P( local.D, local.A, local.B, local.C, local.X[13], 7 );
- P( local.C, local.D, local.A, local.B, local.X[14], 11 );
- P( local.B, local.C, local.D, local.A, local.X[15], 19 );
-
-#undef P
-#undef F
-
-#define F(x,y,z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
-#define P(a,b,c,d,x,s) \
- do \
- { \
- (a) += F((b),(c),(d)) + (x) + 0x5A827999; \
- (a) = S((a),(s)); \
- } while( 0 )
-
- P( local.A, local.B, local.C, local.D, local.X[ 0], 3 );
- P( local.D, local.A, local.B, local.C, local.X[ 4], 5 );
- P( local.C, local.D, local.A, local.B, local.X[ 8], 9 );
- P( local.B, local.C, local.D, local.A, local.X[12], 13 );
- P( local.A, local.B, local.C, local.D, local.X[ 1], 3 );
- P( local.D, local.A, local.B, local.C, local.X[ 5], 5 );
- P( local.C, local.D, local.A, local.B, local.X[ 9], 9 );
- P( local.B, local.C, local.D, local.A, local.X[13], 13 );
- P( local.A, local.B, local.C, local.D, local.X[ 2], 3 );
- P( local.D, local.A, local.B, local.C, local.X[ 6], 5 );
- P( local.C, local.D, local.A, local.B, local.X[10], 9 );
- P( local.B, local.C, local.D, local.A, local.X[14], 13 );
- P( local.A, local.B, local.C, local.D, local.X[ 3], 3 );
- P( local.D, local.A, local.B, local.C, local.X[ 7], 5 );
- P( local.C, local.D, local.A, local.B, local.X[11], 9 );
- P( local.B, local.C, local.D, local.A, local.X[15], 13 );
-
-#undef P
-#undef F
-
-#define F(x,y,z) ((x) ^ (y) ^ (z))
-#define P(a,b,c,d,x,s) \
- do \
- { \
- (a) += F((b),(c),(d)) + (x) + 0x6ED9EBA1; \
- (a) = S((a),(s)); \
- } while( 0 )
-
- P( local.A, local.B, local.C, local.D, local.X[ 0], 3 );
- P( local.D, local.A, local.B, local.C, local.X[ 8], 9 );
- P( local.C, local.D, local.A, local.B, local.X[ 4], 11 );
- P( local.B, local.C, local.D, local.A, local.X[12], 15 );
- P( local.A, local.B, local.C, local.D, local.X[ 2], 3 );
- P( local.D, local.A, local.B, local.C, local.X[10], 9 );
- P( local.C, local.D, local.A, local.B, local.X[ 6], 11 );
- P( local.B, local.C, local.D, local.A, local.X[14], 15 );
- P( local.A, local.B, local.C, local.D, local.X[ 1], 3 );
- P( local.D, local.A, local.B, local.C, local.X[ 9], 9 );
- P( local.C, local.D, local.A, local.B, local.X[ 5], 11 );
- P( local.B, local.C, local.D, local.A, local.X[13], 15 );
- P( local.A, local.B, local.C, local.D, local.X[ 3], 3 );
- P( local.D, local.A, local.B, local.C, local.X[11], 9 );
- P( local.C, local.D, local.A, local.B, local.X[ 7], 11 );
- P( local.B, local.C, local.D, local.A, local.X[15], 15 );
-
-#undef F
-#undef P
-
- ctx->state[0] += local.A;
- ctx->state[1] += local.B;
- ctx->state[2] += local.C;
- ctx->state[3] += local.D;
-
- /* Zeroise variables to clear sensitive data from memory. */
- mbedtls_platform_zeroize( &local, sizeof( local ) );
-
- return( 0 );
-}
-
-#endif /* !MBEDTLS_MD4_PROCESS_ALT */
-
-/*
- * MD4 process buffer
- */
-int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
- const unsigned char *input,
- size_t ilen )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t fill;
- uint32_t left;
-
- if( ilen == 0 )
- return( 0 );
-
- left = ctx->total[0] & 0x3F;
- fill = 64 - left;
-
- ctx->total[0] += (uint32_t) ilen;
- ctx->total[0] &= 0xFFFFFFFF;
-
- if( ctx->total[0] < (uint32_t) ilen )
- ctx->total[1]++;
-
- if( left && ilen >= fill )
- {
- memcpy( (void *) (ctx->buffer + left),
- (void *) input, fill );
-
- if( ( ret = mbedtls_internal_md4_process( ctx, ctx->buffer ) ) != 0 )
- return( ret );
-
- input += fill;
- ilen -= fill;
- left = 0;
- }
-
- while( ilen >= 64 )
- {
- if( ( ret = mbedtls_internal_md4_process( ctx, input ) ) != 0 )
- return( ret );
-
- input += 64;
- ilen -= 64;
- }
-
- if( ilen > 0 )
- {
- memcpy( (void *) (ctx->buffer + left),
- (void *) input, ilen );
- }
-
- return( 0 );
-}
-
-static const unsigned char md4_padding[64] =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-/*
- * MD4 final digest
- */
-int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
- unsigned char output[16] )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- uint32_t last, padn;
- uint32_t high, low;
- unsigned char msglen[8];
-
- high = ( ctx->total[0] >> 29 )
- | ( ctx->total[1] << 3 );
- low = ( ctx->total[0] << 3 );
-
- PUT_UINT32_LE( low, msglen, 0 );
- PUT_UINT32_LE( high, msglen, 4 );
-
- last = ctx->total[0] & 0x3F;
- padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
-
- ret = mbedtls_md4_update_ret( ctx, (unsigned char *)md4_padding, padn );
- if( ret != 0 )
- return( ret );
-
- if( ( ret = mbedtls_md4_update_ret( ctx, msglen, 8 ) ) != 0 )
- return( ret );
-
-
- PUT_UINT32_LE( ctx->state[0], output, 0 );
- PUT_UINT32_LE( ctx->state[1], output, 4 );
- PUT_UINT32_LE( ctx->state[2], output, 8 );
- PUT_UINT32_LE( ctx->state[3], output, 12 );
-
- return( 0 );
-}
-
-#endif /* !MBEDTLS_MD4_ALT */
-
-/*
- * output = MD4( input buffer )
- */
-int mbedtls_md4_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_md4_context ctx;
-
- mbedtls_md4_init( &ctx );
-
- if( ( ret = mbedtls_md4_starts_ret( &ctx ) ) != 0 )
- goto exit;
-
- if( ( ret = mbedtls_md4_update_ret( &ctx, input, ilen ) ) != 0 )
- goto exit;
-
- if( ( ret = mbedtls_md4_finish_ret( &ctx, output ) ) != 0 )
- goto exit;
-
-exit:
- mbedtls_md4_free( &ctx );
-
- return( ret );
-}
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/*
- * RFC 1320 test vectors
- */
-static const unsigned char md4_test_str[7][81] =
-{
- { "" },
- { "a" },
- { "abc" },
- { "message digest" },
- { "abcdefghijklmnopqrstuvwxyz" },
- { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
- { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" }
-};
-
-static const size_t md4_test_strlen[7] =
-{
- 0, 1, 3, 14, 26, 62, 80
-};
-
-static const unsigned char md4_test_sum[7][16] =
-{
- { 0x31, 0xD6, 0xCF, 0xE0, 0xD1, 0x6A, 0xE9, 0x31,
- 0xB7, 0x3C, 0x59, 0xD7, 0xE0, 0xC0, 0x89, 0xC0 },
- { 0xBD, 0xE5, 0x2C, 0xB3, 0x1D, 0xE3, 0x3E, 0x46,
- 0x24, 0x5E, 0x05, 0xFB, 0xDB, 0xD6, 0xFB, 0x24 },
- { 0xA4, 0x48, 0x01, 0x7A, 0xAF, 0x21, 0xD8, 0x52,
- 0x5F, 0xC1, 0x0A, 0xE8, 0x7A, 0xA6, 0x72, 0x9D },
- { 0xD9, 0x13, 0x0A, 0x81, 0x64, 0x54, 0x9F, 0xE8,
- 0x18, 0x87, 0x48, 0x06, 0xE1, 0xC7, 0x01, 0x4B },
- { 0xD7, 0x9E, 0x1C, 0x30, 0x8A, 0xA5, 0xBB, 0xCD,
- 0xEE, 0xA8, 0xED, 0x63, 0xDF, 0x41, 0x2D, 0xA9 },
- { 0x04, 0x3F, 0x85, 0x82, 0xF2, 0x41, 0xDB, 0x35,
- 0x1C, 0xE6, 0x27, 0xE1, 0x53, 0xE7, 0xF0, 0xE4 },
- { 0xE3, 0x3B, 0x4D, 0xDC, 0x9C, 0x38, 0xF2, 0x19,
- 0x9C, 0x3E, 0x7B, 0x16, 0x4F, 0xCC, 0x05, 0x36 }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_md4_self_test( int verbose )
-{
- int i, ret = 0;
- unsigned char md4sum[16];
-
- for( i = 0; i < 7; i++ )
- {
- if( verbose != 0 )
- mbedtls_printf( " MD4 test #%d: ", i + 1 );
-
- ret = mbedtls_md4_ret( md4_test_str[i], md4_test_strlen[i], md4sum );
- if( ret != 0 )
- goto fail;
-
- if( memcmp( md4sum, md4_test_sum[i], 16 ) != 0 )
- {
- ret = 1;
- goto fail;
- }
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
- }
-
- if( verbose != 0 )
- mbedtls_printf( "\n" );
-
- return( 0 );
-
-fail:
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_MD4_C */
diff --git a/library/md5.c b/library/md5.c
index 019b7f4..d7f8cee 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -88,7 +88,7 @@
/*
* MD5 context setup
*/
-int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx )
+int mbedtls_md5_starts( mbedtls_md5_context *ctx )
{
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -242,7 +242,7 @@
/*
* MD5 process buffer
*/
-int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
+int mbedtls_md5_update( mbedtls_md5_context *ctx,
const unsigned char *input,
size_t ilen )
{
@@ -293,7 +293,7 @@
/*
* MD5 final digest
*/
-int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
+int mbedtls_md5_finish( mbedtls_md5_context *ctx,
unsigned char output[16] )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -352,7 +352,7 @@
/*
* output = MD5( input buffer )
*/
-int mbedtls_md5_ret( const unsigned char *input,
+int mbedtls_md5( const unsigned char *input,
size_t ilen,
unsigned char output[16] )
{
@@ -361,13 +361,13 @@
mbedtls_md5_init( &ctx );
- if( ( ret = mbedtls_md5_starts_ret( &ctx ) ) != 0 )
+ if( ( ret = mbedtls_md5_starts( &ctx ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md5_update_ret( &ctx, input, ilen ) ) != 0 )
+ if( ( ret = mbedtls_md5_update( &ctx, input, ilen ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md5_finish_ret( &ctx, output ) ) != 0 )
+ if( ( ret = mbedtls_md5_finish( &ctx, output ) ) != 0 )
goto exit;
exit:
@@ -427,7 +427,7 @@
if( verbose != 0 )
mbedtls_printf( " MD5 test #%d: ", i + 1 );
- ret = mbedtls_md5_ret( md5_test_buf[i], md5_test_buflen[i], md5sum );
+ ret = mbedtls_md5( md5_test_buf[i], md5_test_buflen[i], md5sum );
if( ret != 0 )
goto fail;
diff --git a/library/md_wrap.h b/library/md_wrap.h
index 51655f9..cfd418a 100644
--- a/library/md_wrap.h
+++ b/library/md_wrap.h
@@ -57,12 +57,6 @@
unsigned char block_size;
};
-#if defined(MBEDTLS_MD2_C)
-extern const mbedtls_md_info_t mbedtls_md2_info;
-#endif
-#if defined(MBEDTLS_MD4_C)
-extern const mbedtls_md_info_t mbedtls_md4_info;
-#endif
#if defined(MBEDTLS_MD5_C)
extern const mbedtls_md_info_t mbedtls_md5_info;
#endif
diff --git a/library/net_sockets.c b/library/net_sockets.c
index 8f79b74..5fbe1f7 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -136,6 +136,31 @@
}
/*
+ * Return 0 if the file descriptor is valid, an error otherwise.
+ * If for_select != 0, check whether the file descriptor is within the range
+ * allowed for fd_set used for the FD_xxx macros and the select() function.
+ */
+static int check_fd( int fd, int for_select )
+{
+ if( fd < 0 )
+ return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
+ !defined(EFI32)
+ (void) for_select;
+#else
+ /* A limitation of select() is that it only works with file descriptors
+ * that are strictly less than FD_SETSIZE. This is a limitation of the
+ * fd_set type. Error out early, because attempting to call FD_SET on a
+ * large file descriptor is a buffer overflow on typical platforms. */
+ if( for_select && fd >= FD_SETSIZE )
+ return( MBEDTLS_ERR_NET_POLL_FAILED );
+#endif
+
+ return( 0 );
+}
+
+/*
* Initialize a context
*/
void mbedtls_net_init( mbedtls_net_context *ctx )
@@ -466,15 +491,9 @@
int fd = ctx->fd;
- if( fd < 0 )
- return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
-
- /* A limitation of select() is that it only works with file descriptors
- * that are strictly less than FD_SETSIZE. This is a limitation of the
- * fd_set type. Error out early, because attempting to call FD_SET on a
- * large file descriptor is a buffer overflow on typical platforms. */
- if( fd >= FD_SETSIZE )
- return( MBEDTLS_ERR_NET_POLL_FAILED );
+ ret = check_fd( fd, 1 );
+ if( ret != 0 )
+ return( ret );
#if defined(__has_feature)
#if __has_feature(memory_sanitizer)
@@ -553,8 +572,9 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int fd = ((mbedtls_net_context *) ctx)->fd;
- if( fd < 0 )
- return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+ ret = check_fd( fd, 0 );
+ if( ret != 0 )
+ return( ret );
ret = (int) read( fd, buf, len );
@@ -592,15 +612,9 @@
fd_set read_fds;
int fd = ((mbedtls_net_context *) ctx)->fd;
- if( fd < 0 )
- return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
-
- /* A limitation of select() is that it only works with file descriptors
- * that are strictly less than FD_SETSIZE. This is a limitation of the
- * fd_set type. Error out early, because attempting to call FD_SET on a
- * large file descriptor is a buffer overflow on typical platforms. */
- if( fd >= FD_SETSIZE )
- return( MBEDTLS_ERR_NET_POLL_FAILED );
+ ret = check_fd( fd, 1 );
+ if( ret != 0 )
+ return( ret );
FD_ZERO( &read_fds );
FD_SET( fd, &read_fds );
@@ -640,8 +654,9 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int fd = ((mbedtls_net_context *) ctx)->fd;
- if( fd < 0 )
- return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+ ret = check_fd( fd, 0 );
+ if( ret != 0 )
+ return( ret );
ret = (int) write( fd, buf, len );
diff --git a/library/oid.c b/library/oid.c
index c4a4df9..f70ceea 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -340,18 +340,6 @@
static const oid_sig_alg_t oid_sig_alg[] =
{
#if defined(MBEDTLS_RSA_C)
-#if defined(MBEDTLS_MD2_C)
- {
- OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_MD2, "md2WithRSAEncryption", "RSA with MD2" ),
- MBEDTLS_MD_MD2, MBEDTLS_PK_RSA,
- },
-#endif /* MBEDTLS_MD2_C */
-#if defined(MBEDTLS_MD4_C)
- {
- OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_MD4, "md4WithRSAEncryption", "RSA with MD4" ),
- MBEDTLS_MD_MD4, MBEDTLS_PK_RSA,
- },
-#endif /* MBEDTLS_MD4_C */
#if defined(MBEDTLS_MD5_C)
{
OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5" ),
@@ -609,18 +597,6 @@
static const oid_md_alg_t oid_md_alg[] =
{
-#if defined(MBEDTLS_MD2_C)
- {
- OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_MD2, "id-md2", "MD2" ),
- MBEDTLS_MD_MD2,
- },
-#endif /* MBEDTLS_MD2_C */
-#if defined(MBEDTLS_MD4_C)
- {
- OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_MD4, "id-md4", "MD4" ),
- MBEDTLS_MD_MD4,
- },
-#endif /* MBEDTLS_MD4_C */
#if defined(MBEDTLS_MD5_C)
{
OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_MD5, "id-md5", "MD5" ),
diff --git a/library/pem.c b/library/pem.c
index fcfde94..1b40e5e 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -87,13 +87,13 @@
/*
* key[ 0..15] = MD5(pwd || IV)
*/
- if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 )
+ if( ( ret = mbedtls_md5_starts( &md5_ctx ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 )
+ if( ( ret = mbedtls_md5_update( &md5_ctx, pwd, pwdlen ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 )
+ if( ( ret = mbedtls_md5_update( &md5_ctx, iv, 8 ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 )
+ if( ( ret = mbedtls_md5_finish( &md5_ctx, md5sum ) ) != 0 )
goto exit;
if( keylen <= 16 )
@@ -107,15 +107,15 @@
/*
* key[16..23] = MD5(key[ 0..15] || pwd || IV])
*/
- if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 )
+ if( ( ret = mbedtls_md5_starts( &md5_ctx ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md5_update_ret( &md5_ctx, md5sum, 16 ) ) != 0 )
+ if( ( ret = mbedtls_md5_update( &md5_ctx, md5sum, 16 ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 )
+ if( ( ret = mbedtls_md5_update( &md5_ctx, pwd, pwdlen ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 )
+ if( ( ret = mbedtls_md5_update( &md5_ctx, iv, 8 ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 )
+ if( ( ret = mbedtls_md5_finish( &md5_ctx, md5sum ) ) != 0 )
goto exit;
use_len = 16;
diff --git a/library/pk.c b/library/pk.c
index 06021e2..275d34b 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -500,7 +500,10 @@
/*
* Check public-private key pair
*/
-int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv )
+int mbedtls_pk_check_pair( const mbedtls_pk_context *pub,
+ const mbedtls_pk_context *prv,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
PK_VALIDATE_RET( pub != NULL );
PK_VALIDATE_RET( prv != NULL );
@@ -511,6 +514,9 @@
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
}
+ if( f_rng == NULL )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
if( prv->pk_info->check_pair_func == NULL )
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
@@ -525,7 +531,7 @@
return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
}
- return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) );
+ return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx, f_rng, p_rng ) );
}
/*
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index c351113..864e495 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -154,8 +154,12 @@
ilen, input, output ) );
}
-static int rsa_check_pair_wrap( const void *pub, const void *prv )
+static int rsa_check_pair_wrap( const void *pub, const void *prv,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
+ (void) f_rng;
+ (void) p_rng;
return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
(const mbedtls_rsa_context *) prv ) );
}
@@ -165,7 +169,7 @@
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
if( ctx != NULL )
- mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 );
+ mbedtls_rsa_init( (mbedtls_rsa_context *) ctx );
return( ctx );
}
@@ -178,6 +182,11 @@
static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
{
+#if defined(MBEDTLS_RSA_ALT)
+ /* Not supported */
+ (void) ctx;
+ (void) items;
+#else
items->type = MBEDTLS_PK_DEBUG_MPI;
items->name = "rsa.N";
items->value = &( ((mbedtls_rsa_context *) ctx)->N );
@@ -187,6 +196,7 @@
items->type = MBEDTLS_PK_DEBUG_MPI;
items->name = "rsa.E";
items->value = &( ((mbedtls_rsa_context *) ctx)->E );
+#endif
}
const mbedtls_pk_info_t mbedtls_rsa_info = {
@@ -382,10 +392,13 @@
#endif /* MBEDTLS_ECP_RESTARTABLE */
#endif /* MBEDTLS_ECDSA_C */
-static int eckey_check_pair( const void *pub, const void *prv )
+static int eckey_check_pair( const void *pub, const void *prv,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
- (const mbedtls_ecp_keypair *) prv ) );
+ (const mbedtls_ecp_keypair *) prv,
+ f_rng, p_rng ) );
}
static void *eckey_alloc_wrap( void )
@@ -793,7 +806,9 @@
}
#if defined(MBEDTLS_RSA_C)
-static int rsa_alt_check_pair( const void *pub, const void *prv )
+static int rsa_alt_check_pair( const void *pub, const void *prv,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
unsigned char hash[32];
@@ -807,7 +822,7 @@
if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
hash, sizeof( hash ),
- sig, &sig_len, NULL, NULL ) ) != 0 )
+ sig, &sig_len, f_rng, p_rng ) ) != 0 )
{
return( ret );
}
diff --git a/library/pk_wrap.h b/library/pk_wrap.h
index f7f938a..b2db637 100644
--- a/library/pk_wrap.h
+++ b/library/pk_wrap.h
@@ -85,7 +85,9 @@
void *p_rng );
/** Check public-private key pair */
- int (*check_pair_func)( const void *pub, const void *prv );
+ int (*check_pair_func)( const void *pub, const void *prv,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
/** Allocate a new context */
void * (*ctx_alloc_func)( void );
diff --git a/library/pkcs12.c b/library/pkcs12.c
index 9823d96..04b1a6d 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -35,10 +35,6 @@
#include <string.h>
-#if defined(MBEDTLS_ARC4_C)
-#include "mbedtls/arc4.h"
-#endif
-
#if defined(MBEDTLS_DES_C)
#include "mbedtls/des.h"
#endif
@@ -125,47 +121,6 @@
#undef PKCS12_MAX_PWDLEN
-int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *data, size_t len,
- unsigned char *output )
-{
-#if !defined(MBEDTLS_ARC4_C)
- ((void) pbe_params);
- ((void) mode);
- ((void) pwd);
- ((void) pwdlen);
- ((void) data);
- ((void) len);
- ((void) output);
- return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
-#else
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char key[16];
- mbedtls_arc4_context ctx;
- ((void) mode);
-
- mbedtls_arc4_init( &ctx );
-
- if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, MBEDTLS_MD_SHA1,
- pwd, pwdlen,
- key, 16, NULL, 0 ) ) != 0 )
- {
- return( ret );
- }
-
- mbedtls_arc4_setup( &ctx, key, 16 );
- if( ( ret = mbedtls_arc4_crypt( &ctx, len, data, output ) ) != 0 )
- goto exit;
-
-exit:
- mbedtls_platform_zeroize( key, sizeof( key ) );
- mbedtls_arc4_free( &ctx );
-
- return( ret );
-#endif /* MBEDTLS_ARC4_C */
-}
-
int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
const unsigned char *pwd, size_t pwdlen,
diff --git a/library/pkparse.c b/library/pkparse.c
index 3222ca2..fe6aaca 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -123,7 +123,8 @@
* Load and parse a private key
*/
int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
- const char *path, const char *pwd )
+ const char *path, const char *pwd,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
@@ -136,10 +137,10 @@
return( ret );
if( pwd == NULL )
- ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 );
+ ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0, f_rng, p_rng );
else
ret = mbedtls_pk_parse_key( ctx, buf, n,
- (const unsigned char *) pwd, strlen( pwd ) );
+ (const unsigned char *) pwd, strlen( pwd ), f_rng, p_rng );
mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf );
@@ -859,8 +860,8 @@
* Parse a SEC1 encoded private EC key
*/
static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
- const unsigned char *key,
- size_t keylen )
+ const unsigned char *key, size_t keylen,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int version, pubkey_done;
@@ -967,7 +968,7 @@
if( ! pubkey_done &&
( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
- NULL, NULL ) ) != 0 )
+ f_rng, p_rng ) ) != 0 )
{
mbedtls_ecp_keypair_free( eck );
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
@@ -997,9 +998,9 @@
*
*/
static int pk_parse_key_pkcs8_unencrypted_der(
- mbedtls_pk_context *pk,
- const unsigned char* key,
- size_t keylen )
+ mbedtls_pk_context *pk,
+ const unsigned char* key, size_t keylen,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret, version;
size_t len;
@@ -1009,6 +1010,11 @@
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
const mbedtls_pk_info_t *pk_info;
+#if !defined(MBEDTLS_ECP_C)
+ (void) f_rng;
+ (void) p_rng;
+#endif
+
/*
* This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208)
*
@@ -1071,7 +1077,7 @@
if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
{
if( ( ret = pk_use_ecparams( ¶ms, &mbedtls_pk_ec( *pk )->grp ) ) != 0 ||
- ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 )
+ ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len, f_rng, p_rng ) ) != 0 )
{
mbedtls_pk_free( pk );
return( ret );
@@ -1094,9 +1100,10 @@
*/
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
static int pk_parse_key_pkcs8_encrypted_der(
- mbedtls_pk_context *pk,
- unsigned char *key, size_t keylen,
- const unsigned char *pwd, size_t pwdlen )
+ mbedtls_pk_context *pk,
+ unsigned char *key, size_t keylen,
+ const unsigned char *pwd, size_t pwdlen,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret, decrypted = 0;
size_t len;
@@ -1163,24 +1170,6 @@
decrypted = 1;
}
- else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 )
- {
- if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params,
- MBEDTLS_PKCS12_PBE_DECRYPT,
- pwd, pwdlen,
- p, len, buf ) ) != 0 )
- {
- return( ret );
- }
-
- // Best guess for password mismatch when using RC4. If first tag is
- // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE
- //
- if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
- return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
-
- decrypted = 1;
- }
else
#endif /* MBEDTLS_PKCS12_C */
#if defined(MBEDTLS_PKCS5_C)
@@ -1206,7 +1195,7 @@
if( decrypted == 0 )
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
- return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
+ return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len, f_rng, p_rng ) );
}
#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
@@ -1215,7 +1204,8 @@
*/
int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
const unsigned char *key, size_t keylen,
- const unsigned char *pwd, size_t pwdlen )
+ const unsigned char *pwd, size_t pwdlen,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_pk_info_t *pk_info;
@@ -1278,7 +1268,8 @@
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
- pem.buf, pem.buflen ) ) != 0 )
+ pem.buf, pem.buflen,
+ f_rng, p_rng ) ) != 0 )
{
mbedtls_pk_free( pk );
}
@@ -1305,7 +1296,7 @@
if( ret == 0 )
{
if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
- pem.buf, pem.buflen ) ) != 0 )
+ pem.buf, pem.buflen, f_rng, p_rng ) ) != 0 )
{
mbedtls_pk_free( pk );
}
@@ -1327,9 +1318,8 @@
key, NULL, 0, &len );
if( ret == 0 )
{
- if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
- pem.buf, pem.buflen,
- pwd, pwdlen ) ) != 0 )
+ if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, pem.buf, pem.buflen,
+ pwd, pwdlen, f_rng, p_rng ) ) != 0 )
{
mbedtls_pk_free( pk );
}
@@ -1362,7 +1352,7 @@
memcpy( key_copy, key, keylen );
ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
- pwd, pwdlen );
+ pwd, pwdlen, f_rng, p_rng );
mbedtls_platform_zeroize( key_copy, keylen );
mbedtls_free( key_copy );
@@ -1380,8 +1370,11 @@
}
#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
- if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
+ if( ( ret = pk_parse_key_pkcs8_unencrypted_der(
+ pk, key, keylen, f_rng, p_rng ) ) == 0 )
+ {
return( 0 );
+ }
mbedtls_pk_free( pk );
mbedtls_pk_init( pk );
@@ -1403,7 +1396,7 @@
pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
- key, keylen ) == 0 )
+ key, keylen, f_rng, p_rng ) == 0 )
{
return( 0 );
}
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index d0e5921..8b102bb 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -57,11 +57,9 @@
#endif
#include "mbedtls/aes.h"
-#include "mbedtls/arc4.h"
#include "mbedtls/asn1.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/bignum.h"
-#include "mbedtls/blowfish.h"
#include "mbedtls/camellia.h"
#include "mbedtls/chacha20.h"
#include "mbedtls/chachapoly.h"
@@ -74,8 +72,6 @@
#include "mbedtls/entropy.h"
#include "mbedtls/error.h"
#include "mbedtls/gcm.h"
-#include "mbedtls/md2.h"
-#include "mbedtls/md4.h"
#include "mbedtls/md5.h"
#include "mbedtls/md.h"
#include "md_wrap.h"
@@ -88,7 +84,6 @@
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
-#include "mbedtls/xtea.h"
#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
@@ -149,12 +144,6 @@
case MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:
return( PSA_ERROR_BUFFER_TOO_SMALL );
-#if defined(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA)
- case MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA:
-#endif
- case MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH:
- return( PSA_ERROR_NOT_SUPPORTED );
-
#if defined(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA)
case MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA:
#endif
@@ -301,9 +290,6 @@
case MBEDTLS_ERR_RSA_RNG_FAILED:
return( PSA_ERROR_INSUFFICIENT_ENTROPY );
- case MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH:
- return( PSA_ERROR_INVALID_ARGUMENT );
-
case MBEDTLS_ERR_ECP_BAD_INPUT_DATA:
case MBEDTLS_ERR_ECP_INVALID_KEY:
return( PSA_ERROR_INVALID_ARGUMENT );
@@ -477,12 +463,6 @@
return( PSA_ERROR_INVALID_ARGUMENT );
break;
#endif
-#if defined(PSA_WANT_KEY_TYPE_ARC4)
- case PSA_KEY_TYPE_ARC4:
- if( bits < 8 || bits > 2048 )
- return( PSA_ERROR_INVALID_ARGUMENT );
- break;
-#endif
#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
case PSA_KEY_TYPE_CHACHA20:
if( bits != 256 )
@@ -1018,18 +998,8 @@
{
psa_status_t status = psa_remove_key_data_from_memory( slot );
- /*
- * As the return error code may not be handled in case of multiple errors,
- * do our best to report an unexpected lock counter: if available
- * call MBEDTLS_PARAM_FAILED that may terminate execution (if called as
- * part of the execution of a test suite this will stop the test suite
- * execution).
- */
if( slot->lock_count != 1 )
{
-#ifdef MBEDTLS_CHECK_PARAMS
- MBEDTLS_PARAM_FAILED( slot->lock_count == 1 );
-#endif
status = PSA_ERROR_CORRUPTION_DETECTED;
}
@@ -1081,6 +1051,17 @@
return( PSA_ERROR_GENERIC_ERROR );
}
+ if( PSA_KEY_LIFETIME_IS_READ_ONLY( slot->attr.lifetime ) )
+ {
+ /* Refuse the destruction of a read-only key (which may or may not work
+ * if we attempt it, depending on whether the key is merely read-only
+ * by policy or actually physically read-only).
+ * Just do the best we can, which is to wipe the copy in memory
+ * (done in this function's cleanup code). */
+ overall_status = PSA_ERROR_NOT_PERMITTED;
+ goto exit;
+ }
+
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
driver = psa_get_se_driver_entry( slot->attr.lifetime );
if( driver != NULL )
@@ -1142,12 +1123,10 @@
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
exit:
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
status = psa_wipe_key_slot( slot );
/* Prioritize CORRUPTION_DETECTED from wiping over a storage error */
- if( overall_status == PSA_SUCCESS )
+ if( status != PSA_SUCCESS )
overall_status = status;
return( overall_status );
}
@@ -2249,6 +2228,46 @@
return( status );
}
+static psa_status_t psa_mac_finalize_alg_and_key_validation(
+ psa_algorithm_t alg,
+ const psa_key_attributes_t *attributes,
+ uint8_t *mac_size )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_type_t key_type = psa_get_key_type( attributes );
+ size_t key_bits = psa_get_key_bits( attributes );
+
+ if( ! PSA_ALG_IS_MAC( alg ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ /* Validate the combination of key type and algorithm */
+ status = psa_mac_key_can_do( alg, key_type );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ /* Get the output length for the algorithm and key combination */
+ *mac_size = PSA_MAC_LENGTH( key_type, key_bits, alg );
+
+ if( *mac_size < 4 )
+ {
+ /* A very short MAC is too short for security since it can be
+ * brute-forced. Ancient protocols with 32-bit MACs do exist,
+ * so we make this our minimum, even though 32 bits is still
+ * too small for security. */
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ if( *mac_size > PSA_MAC_LENGTH( key_type, key_bits,
+ PSA_ALG_FULL_LENGTH_MAC( alg ) ) )
+ {
+ /* It's impossible to "truncate" to a larger length than the full length
+ * of the algorithm. */
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+ return( PSA_SUCCESS );
+}
+
static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
@@ -2262,9 +2281,6 @@
if( operation->id != 0 )
return( PSA_ERROR_BAD_STATE );
- if( ! PSA_ALG_IS_MAC( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
-
status = psa_get_and_lock_key_slot_with_policy(
key,
&slot,
@@ -2277,39 +2293,12 @@
.core = slot->attr
};
- /* Validate the combination of key type and algorithm */
- status = psa_mac_key_can_do( alg, psa_get_key_type( &attributes ) );
+ status = psa_mac_finalize_alg_and_key_validation( alg, &attributes,
+ &operation->mac_size );
if( status != PSA_SUCCESS )
goto exit;
operation->is_sign = is_sign;
-
- /* Get the output length for the algorithm and key combination */
- operation->mac_size = PSA_MAC_LENGTH(
- psa_get_key_type( &attributes ),
- psa_get_key_bits( &attributes ),
- alg );
-
- if( operation->mac_size < 4 )
- {
- /* A very short MAC is too short for security since it can be
- * brute-forced. Ancient protocols with 32-bit MACs do exist,
- * so we make this our minimum, even though 32 bits is still
- * too small for security. */
- status = PSA_ERROR_NOT_SUPPORTED;
- goto exit;
- }
-
- if( operation->mac_size > PSA_MAC_LENGTH( psa_get_key_type( &attributes ),
- psa_get_key_bits( &attributes ),
- PSA_ALG_FULL_LENGTH_MAC( alg ) ) )
- {
- /* It's impossible to "truncate" to a larger length than the full length
- * of the algorithm. */
- status = PSA_ERROR_INVALID_ARGUMENT;
- goto exit;
- }
-
/* Dispatch the MAC setup call with validated input */
if( is_sign )
{
@@ -2402,24 +2391,22 @@
mac, operation->mac_size,
mac_length );
- if( status == PSA_SUCCESS )
+ /* In case of success, set the potential excess room in the output buffer
+ * to an invalid value, to avoid potentially leaking a longer MAC.
+ * In case of error, set the output length and content to a safe default,
+ * such that in case the caller misses an error check, the output would be
+ * an unachievable MAC.
+ */
+ if( status != PSA_SUCCESS )
{
- /* Set the excess room in the output buffer to an invalid value, to
- * avoid potentially leaking a longer MAC. */
- if( mac_size > operation->mac_size )
- memset( &mac[operation->mac_size],
- '!',
- mac_size - operation->mac_size );
- }
- else
- {
- /* Set the output length and content to a safe default, such that in
- * case the caller misses an error check, the output would be an
- * unachievable MAC. */
*mac_length = mac_size;
- memset( mac, '!', mac_size );
+ operation->mac_size = 0;
}
+ if( mac_size > operation->mac_size )
+ memset( &mac[operation->mac_size], '!',
+ mac_size - operation->mac_size );
+
abort_status = psa_mac_abort( operation );
return( status == PSA_SUCCESS ? abort_status : status );
@@ -2453,7 +2440,116 @@
return( status == PSA_SUCCESS ? abort_status : status );
}
+static psa_status_t psa_mac_compute_internal( mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length,
+ int is_sign )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_slot_t *slot;
+ uint8_t operation_mac_size = 0;
+ status = psa_get_and_lock_key_slot_with_policy(
+ key, &slot,
+ is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH,
+ alg );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
+
+ status = psa_mac_finalize_alg_and_key_validation( alg, &attributes,
+ &operation_mac_size );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ if( mac_size < operation_mac_size )
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto exit;
+ }
+
+ status = psa_driver_wrapper_mac_compute(
+ &attributes,
+ slot->key.data, slot->key.bytes,
+ alg,
+ input, input_length,
+ mac, operation_mac_size, mac_length );
+
+exit:
+ /* In case of success, set the potential excess room in the output buffer
+ * to an invalid value, to avoid potentially leaking a longer MAC.
+ * In case of error, set the output length and content to a safe default,
+ * such that in case the caller misses an error check, the output would be
+ * an unachievable MAC.
+ */
+ if( status != PSA_SUCCESS )
+ {
+ *mac_length = mac_size;
+ operation_mac_size = 0;
+ }
+ if( mac_size > operation_mac_size )
+ memset( &mac[operation_mac_size], '!', mac_size - operation_mac_size );
+
+ unlock_status = psa_unlock_key_slot( slot );
+
+ return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+}
+
+psa_status_t psa_mac_compute( mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length)
+{
+ return( psa_mac_compute_internal( key, alg,
+ input, input_length,
+ mac, mac_size, mac_length, 1 ) );
+}
+
+psa_status_t psa_mac_verify( mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *mac,
+ size_t mac_length)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ uint8_t actual_mac[PSA_MAC_MAX_SIZE];
+ size_t actual_mac_length;
+
+ status = psa_mac_compute_internal( key, alg,
+ input, input_length,
+ actual_mac, sizeof( actual_mac ),
+ &actual_mac_length, 0 );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ if( mac_length != actual_mac_length )
+ {
+ status = PSA_ERROR_INVALID_SIGNATURE;
+ goto exit;
+ }
+ if( mbedtls_psa_safer_memcmp( mac, actual_mac, actual_mac_length ) != 0 )
+ {
+ status = PSA_ERROR_INVALID_SIGNATURE;
+ goto exit;
+ }
+
+exit:
+ mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
+
+ return ( status );
+}
/****************************************************************/
/* Asymmetric cryptography */
@@ -2847,13 +2943,14 @@
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
-static void psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg,
- mbedtls_rsa_context *rsa )
+static int psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg,
+ mbedtls_rsa_context *rsa )
{
psa_algorithm_t hash_alg = PSA_ALG_RSA_OAEP_GET_HASH( alg );
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
+
+ return( mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ) );
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
@@ -2926,7 +3023,11 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
if( PSA_ALG_IS_RSA_OAEP( alg ) )
{
- psa_rsa_oaep_set_padding_mode( alg, rsa );
+ status = mbedtls_to_psa_error(
+ psa_rsa_oaep_set_padding_mode( alg, rsa ) );
+ if( status != PSA_SUCCESS )
+ goto rsa_exit;
+
status = mbedtls_to_psa_error(
mbedtls_rsa_rsaes_oaep_encrypt( rsa,
mbedtls_psa_get_random,
@@ -3032,7 +3133,11 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
if( PSA_ALG_IS_RSA_OAEP( alg ) )
{
- psa_rsa_oaep_set_padding_mode( alg, rsa );
+ status = mbedtls_to_psa_error(
+ psa_rsa_oaep_set_padding_mode( alg, rsa ) );
+ if( status != PSA_SUCCESS )
+ goto rsa_exit;
+
status = mbedtls_to_psa_error(
mbedtls_rsa_rsaes_oaep_decrypt( rsa,
mbedtls_psa_get_random,
@@ -3730,6 +3835,17 @@
psa_status_t status;
uint8_t offset, length;
+ switch( tls12_prf->state )
+ {
+ case PSA_TLS12_PRF_STATE_LABEL_SET:
+ tls12_prf->state = PSA_TLS12_PRF_STATE_OUTPUT;
+ break;
+ case PSA_TLS12_PRF_STATE_OUTPUT:
+ break;
+ default:
+ return( PSA_ERROR_BAD_STATE );
+ }
+
while( output_length != 0 )
{
/* Check if we have fully processed the current block. */
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index 4992a6e..a65e884 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -131,9 +131,6 @@
case PSA_KEY_TYPE_CAMELLIA:
cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA;
break;
- case PSA_KEY_TYPE_ARC4:
- cipher_id_tmp = MBEDTLS_CIPHER_ID_ARC4;
- break;
case PSA_KEY_TYPE_CHACHA20:
cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20;
break;
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index f61e5eb..19260c4 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -19,6 +19,7 @@
* limitations under the License.
*/
+#include "common.h"
#include "psa_crypto_aead.h"
#include "psa_crypto_cipher.h"
#include "psa_crypto_core.h"
diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c
index d0f986e..92dcbba 100644
--- a/library/psa_crypto_hash.c
+++ b/library/psa_crypto_hash.c
@@ -31,14 +31,6 @@
/* Use builtin defines specific to this compilation unit, since the test driver
* relies on the software driver. */
-#if( defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) || \
- ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_MD2) ) )
-#define BUILTIN_ALG_MD2 1
-#endif
-#if( defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) || \
- ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_MD4) ) )
-#define BUILTIN_ALG_MD4 1
-#endif
#if( defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_MD5) ) )
#define BUILTIN_ALG_MD5 1
@@ -76,14 +68,6 @@
{
switch( alg )
{
-#if defined(MBEDTLS_MD2_C)
- case PSA_ALG_MD2:
- return( &mbedtls_md2_info );
-#endif
-#if defined(MBEDTLS_MD4_C)
- case PSA_ALG_MD4:
- return( &mbedtls_md4_info );
-#endif
#if defined(MBEDTLS_MD5_C)
case PSA_ALG_MD5:
return( &mbedtls_md5_info );
@@ -134,16 +118,6 @@
* in use. It's ok to call abort on such an object, and there's
* nothing to do. */
break;
-#if defined(BUILTIN_ALG_MD2)
- case PSA_ALG_MD2:
- mbedtls_md2_free( &operation->ctx.md2 );
- break;
-#endif
-#if defined(BUILTIN_ALG_MD4)
- case PSA_ALG_MD4:
- mbedtls_md4_free( &operation->ctx.md4 );
- break;
-#endif
#if defined(BUILTIN_ALG_MD5)
case PSA_ALG_MD5:
mbedtls_md5_free( &operation->ctx.md5 );
@@ -200,58 +174,46 @@
switch( alg )
{
-#if defined(BUILTIN_ALG_MD2)
- case PSA_ALG_MD2:
- mbedtls_md2_init( &operation->ctx.md2 );
- ret = mbedtls_md2_starts_ret( &operation->ctx.md2 );
- break;
-#endif
-#if defined(BUILTIN_ALG_MD4)
- case PSA_ALG_MD4:
- mbedtls_md4_init( &operation->ctx.md4 );
- ret = mbedtls_md4_starts_ret( &operation->ctx.md4 );
- break;
-#endif
#if defined(BUILTIN_ALG_MD5)
case PSA_ALG_MD5:
mbedtls_md5_init( &operation->ctx.md5 );
- ret = mbedtls_md5_starts_ret( &operation->ctx.md5 );
+ ret = mbedtls_md5_starts( &operation->ctx.md5 );
break;
#endif
#if defined(BUILTIN_ALG_RIPEMD160)
case PSA_ALG_RIPEMD160:
mbedtls_ripemd160_init( &operation->ctx.ripemd160 );
- ret = mbedtls_ripemd160_starts_ret( &operation->ctx.ripemd160 );
+ ret = mbedtls_ripemd160_starts( &operation->ctx.ripemd160 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_1)
case PSA_ALG_SHA_1:
mbedtls_sha1_init( &operation->ctx.sha1 );
- ret = mbedtls_sha1_starts_ret( &operation->ctx.sha1 );
+ ret = mbedtls_sha1_starts( &operation->ctx.sha1 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_224)
case PSA_ALG_SHA_224:
mbedtls_sha256_init( &operation->ctx.sha256 );
- ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 1 );
+ ret = mbedtls_sha256_starts( &operation->ctx.sha256, 1 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_256)
case PSA_ALG_SHA_256:
mbedtls_sha256_init( &operation->ctx.sha256 );
- ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 0 );
+ ret = mbedtls_sha256_starts( &operation->ctx.sha256, 0 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_384)
case PSA_ALG_SHA_384:
mbedtls_sha512_init( &operation->ctx.sha512 );
- ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 1 );
+ ret = mbedtls_sha512_starts( &operation->ctx.sha512, 1 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_512)
case PSA_ALG_SHA_512:
mbedtls_sha512_init( &operation->ctx.sha512 );
- ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 0 );
+ ret = mbedtls_sha512_starts( &operation->ctx.sha512, 0 );
break;
#endif
default:
@@ -274,18 +236,6 @@
{
case 0:
return( PSA_ERROR_BAD_STATE );
-#if defined(BUILTIN_ALG_MD2)
- case PSA_ALG_MD2:
- mbedtls_md2_clone( &target_operation->ctx.md2,
- &source_operation->ctx.md2 );
- break;
-#endif
-#if defined(BUILTIN_ALG_MD4)
- case PSA_ALG_MD4:
- mbedtls_md4_clone( &target_operation->ctx.md4,
- &source_operation->ctx.md4 );
- break;
-#endif
#if defined(BUILTIN_ALG_MD5)
case PSA_ALG_MD5:
mbedtls_md5_clone( &target_operation->ctx.md5,
@@ -347,57 +297,45 @@
switch( operation->alg )
{
-#if defined(BUILTIN_ALG_MD2)
- case PSA_ALG_MD2:
- ret = mbedtls_md2_update_ret( &operation->ctx.md2,
- input, input_length );
- break;
-#endif
-#if defined(BUILTIN_ALG_MD4)
- case PSA_ALG_MD4:
- ret = mbedtls_md4_update_ret( &operation->ctx.md4,
- input, input_length );
- break;
-#endif
#if defined(BUILTIN_ALG_MD5)
case PSA_ALG_MD5:
- ret = mbedtls_md5_update_ret( &operation->ctx.md5,
+ ret = mbedtls_md5_update( &operation->ctx.md5,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_RIPEMD160)
case PSA_ALG_RIPEMD160:
- ret = mbedtls_ripemd160_update_ret( &operation->ctx.ripemd160,
+ ret = mbedtls_ripemd160_update( &operation->ctx.ripemd160,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_SHA_1)
case PSA_ALG_SHA_1:
- ret = mbedtls_sha1_update_ret( &operation->ctx.sha1,
+ ret = mbedtls_sha1_update( &operation->ctx.sha1,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_SHA_224)
case PSA_ALG_SHA_224:
- ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
+ ret = mbedtls_sha256_update( &operation->ctx.sha256,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_SHA_256)
case PSA_ALG_SHA_256:
- ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
+ ret = mbedtls_sha256_update( &operation->ctx.sha256,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_SHA_384)
case PSA_ALG_SHA_384:
- ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
+ ret = mbedtls_sha512_update( &operation->ctx.sha512,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_SHA_512)
case PSA_ALG_SHA_512:
- ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
+ ret = mbedtls_sha512_update( &operation->ctx.sha512,
input, input_length );
break;
#endif
@@ -437,49 +375,39 @@
switch( operation->alg )
{
-#if defined(BUILTIN_ALG_MD2)
- case PSA_ALG_MD2:
- ret = mbedtls_md2_finish_ret( &operation->ctx.md2, hash );
- break;
-#endif
-#if defined(BUILTIN_ALG_MD4)
- case PSA_ALG_MD4:
- ret = mbedtls_md4_finish_ret( &operation->ctx.md4, hash );
- break;
-#endif
#if defined(BUILTIN_ALG_MD5)
case PSA_ALG_MD5:
- ret = mbedtls_md5_finish_ret( &operation->ctx.md5, hash );
+ ret = mbedtls_md5_finish( &operation->ctx.md5, hash );
break;
#endif
#if defined(BUILTIN_ALG_RIPEMD160)
case PSA_ALG_RIPEMD160:
- ret = mbedtls_ripemd160_finish_ret( &operation->ctx.ripemd160, hash );
+ ret = mbedtls_ripemd160_finish( &operation->ctx.ripemd160, hash );
break;
#endif
#if defined(BUILTIN_ALG_SHA_1)
case PSA_ALG_SHA_1:
- ret = mbedtls_sha1_finish_ret( &operation->ctx.sha1, hash );
+ ret = mbedtls_sha1_finish( &operation->ctx.sha1, hash );
break;
#endif
#if defined(BUILTIN_ALG_SHA_224)
case PSA_ALG_SHA_224:
- ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
+ ret = mbedtls_sha256_finish( &operation->ctx.sha256, hash );
break;
#endif
#if defined(BUILTIN_ALG_SHA_256)
case PSA_ALG_SHA_256:
- ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
+ ret = mbedtls_sha256_finish( &operation->ctx.sha256, hash );
break;
#endif
#if defined(BUILTIN_ALG_SHA_384)
case PSA_ALG_SHA_384:
- ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
+ ret = mbedtls_sha512_finish( &operation->ctx.sha512, hash );
break;
#endif
#if defined(BUILTIN_ALG_SHA_512)
case PSA_ALG_SHA_512:
- ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
+ ret = mbedtls_sha512_finish( &operation->ctx.sha512, hash );
break;
#endif
default:
@@ -587,14 +515,6 @@
{
switch( alg )
{
-#if defined(MBEDTLS_PSA_ACCEL_ALG_MD2)
- case PSA_ALG_MD2:
- return( 1 );
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_ALG_MD4)
- case PSA_ALG_MD4:
- return( 1 );
-#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
case PSA_ALG_MD5:
return( 1 );
diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c
index 20c56a0..2c079d4 100644
--- a/library/psa_crypto_mac.c
+++ b/library/psa_crypto_mac.c
@@ -46,10 +46,6 @@
{
switch( alg )
{
- case PSA_ALG_MD2:
- return( 16 );
- case PSA_ALG_MD4:
- return( 64 );
case PSA_ALG_MD5:
return( 64 );
case PSA_ALG_RIPEMD160:
@@ -359,30 +355,6 @@
return( status );
}
-static psa_status_t mac_compute(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length )
-{
- /* One-shot MAC has not been implemented in this PSA implementation yet. */
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- (void) input;
- (void) input_length;
- (void) mac;
- (void) mac_size;
- (void) mac_length;
- return( PSA_ERROR_NOT_SUPPORTED );
-}
-
static psa_status_t mac_update(
mbedtls_psa_mac_operation_t *operation,
const uint8_t *input,
@@ -497,6 +469,44 @@
return( status );
}
+
+static psa_status_t mac_compute(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_psa_mac_operation_t operation = MBEDTLS_PSA_MAC_OPERATION_INIT;
+
+ status = mac_setup( &operation,
+ attributes, key_buffer, key_buffer_size,
+ alg );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ if( input_length > 0 )
+ {
+ status = mac_update( &operation, input, input_length );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ }
+
+ status = mac_finish_internal( &operation, mac, mac_size );
+ if( status == PSA_SUCCESS )
+ *mac_length = mac_size;
+
+exit:
+ mac_abort( &operation );
+
+ return( status );
+}
+
#endif /* BUILTIN_ALG_HMAC || BUILTIN_ALG_CMAC */
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index b5aec20..d85b86c 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -108,7 +108,8 @@
/* Parse the data. */
if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
status = mbedtls_to_psa_error(
- mbedtls_pk_parse_key( &ctx, data, data_length, NULL, 0 ) );
+ mbedtls_pk_parse_key( &ctx, data, data_length, NULL, 0,
+ mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) );
else
status = mbedtls_to_psa_error(
mbedtls_pk_parse_public_key( &ctx, data, data_length ) );
@@ -317,7 +318,7 @@
if( status != PSA_SUCCESS )
return( status );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
+ mbedtls_rsa_init( &rsa );
ret = mbedtls_rsa_gen_key( &rsa,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE,
@@ -360,27 +361,14 @@
return( PSA_ERROR_INVALID_ARGUMENT );
#endif
-#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
- /* For PKCS#1 v1.5 signature, if using a hash, the hash length
- * must be correct. */
- if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) &&
- alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
+ /* For signatures using a hash, the hash length must be correct. */
+ if( alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
{
if( md_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
if( mbedtls_md_get_size( md_info ) != hash_length )
return( PSA_ERROR_INVALID_ARGUMENT );
}
-#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
-
-#if defined(BUILTIN_ALG_RSA_PSS)
- /* PSS requires a hash internally. */
- if( PSA_ALG_IS_RSA_PSS( alg ) )
- {
- if( md_info == NULL )
- return( PSA_ERROR_NOT_SUPPORTED );
- }
-#endif /* BUILTIN_ALG_RSA_PSS */
return( PSA_SUCCESS );
}
@@ -416,29 +404,36 @@
#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
{
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
- MBEDTLS_MD_NONE );
- ret = mbedtls_rsa_pkcs1_sign( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- md_alg,
- (unsigned int) hash_length,
- hash,
- signature );
+ ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
+ MBEDTLS_MD_NONE );
+ if( ret == 0 )
+ {
+ ret = mbedtls_rsa_pkcs1_sign( rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ md_alg,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
}
else
#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
#if defined(BUILTIN_ALG_RSA_PSS)
if( PSA_ALG_IS_RSA_PSS( alg ) )
{
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
- ret = mbedtls_rsa_rsassa_pss_sign( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_MD_NONE,
- (unsigned int) hash_length,
- hash,
- signature );
+ ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
+
+ if( ret == 0 )
+ {
+ ret = mbedtls_rsa_rsassa_pss_sign( rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ MBEDTLS_MD_NONE,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
}
else
#endif /* BUILTIN_ALG_RSA_PSS */
@@ -489,25 +484,31 @@
#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
{
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
- MBEDTLS_MD_NONE );
- ret = mbedtls_rsa_pkcs1_verify( rsa,
- md_alg,
- (unsigned int) hash_length,
- hash,
- signature );
+ ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
+ MBEDTLS_MD_NONE );
+ if( ret == 0 )
+ {
+ ret = mbedtls_rsa_pkcs1_verify( rsa,
+ md_alg,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
}
else
#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
#if defined(BUILTIN_ALG_RSA_PSS)
if( PSA_ALG_IS_RSA_PSS( alg ) )
{
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
- ret = mbedtls_rsa_rsassa_pss_verify( rsa,
- MBEDTLS_MD_NONE,
- (unsigned int) hash_length,
- hash,
- signature );
+ ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
+ if( ret == 0 )
+ {
+ ret = mbedtls_rsa_rsassa_pss_verify( rsa,
+ md_alg,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
}
else
#endif /* BUILTIN_ALG_RSA_PSS */
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 6723885..925d684 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -408,17 +408,6 @@
return( PSA_SUCCESS );
}
- /*
- * As the return error code may not be handled in case of multiple errors,
- * do our best to report if the lock counter is equal to zero: if
- * available call MBEDTLS_PARAM_FAILED that may terminate execution (if
- * called as part of the execution of a unit test suite this will stop the
- * test suite execution).
- */
-#ifdef MBEDTLS_CHECK_PARAMS
- MBEDTLS_PARAM_FAILED( slot->lock_count > 0 );
-#endif
-
return( PSA_ERROR_CORRUPTION_DETECTED );
}
@@ -465,7 +454,10 @@
{
/* Persistent keys require storage support */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- return( PSA_SUCCESS );
+ if( PSA_KEY_LIFETIME_IS_READ_ONLY( lifetime ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ else
+ return( PSA_SUCCESS );
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
@@ -555,16 +547,17 @@
++stats->empty_slots;
continue;
}
- if( slot->attr.lifetime == PSA_KEY_LIFETIME_VOLATILE )
+ if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
++stats->volatile_slots;
- else if( slot->attr.lifetime == PSA_KEY_LIFETIME_PERSISTENT )
+ else
{
psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
++stats->persistent_slots;
if( id > stats->max_open_internal_key_id )
stats->max_open_internal_key_id = id;
}
- else
+ if( PSA_KEY_LIFETIME_GET_LOCATION( slot->attr.lifetime ) !=
+ PSA_KEY_LOCATION_LOCAL_STORAGE )
{
psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
++stats->external_slots;
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 2ebfc26..09cbab4 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -18,11 +18,7 @@
* limitations under the License.
*/
-#if defined(MBEDTLS_CONFIG_FILE)
-#include MBEDTLS_CONFIG_FILE
-#else
-#include "mbedtls/config.h"
-#endif
+#include "common.h"
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
diff --git a/library/psa_its_file.c b/library/psa_its_file.c
index 7798da6..492be1c 100644
--- a/library/psa_its_file.c
+++ b/library/psa_its_file.c
@@ -18,11 +18,7 @@
* limitations under the License.
*/
-#if defined(MBEDTLS_CONFIG_FILE)
-#include MBEDTLS_CONFIG_FILE
-#else
-#include "mbedtls/config.h"
-#endif
+#include "common.h"
#if defined(MBEDTLS_PSA_ITS_FILE_C)
diff --git a/library/ripemd160.c b/library/ripemd160.c
index 0e1df8f..d2ccbbe 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -89,7 +89,7 @@
/*
* RIPEMD-160 context setup
*/
-int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx )
+int mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx )
{
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -305,7 +305,7 @@
/*
* RIPEMD-160 process buffer
*/
-int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx,
+int mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
const unsigned char *input,
size_t ilen )
{
@@ -365,7 +365,7 @@
/*
* RIPEMD-160 final digest
*/
-int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx,
+int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
unsigned char output[20] )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -383,11 +383,11 @@
last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
- ret = mbedtls_ripemd160_update_ret( ctx, ripemd160_padding, padn );
+ ret = mbedtls_ripemd160_update( ctx, ripemd160_padding, padn );
if( ret != 0 )
return( ret );
- ret = mbedtls_ripemd160_update_ret( ctx, msglen, 8 );
+ ret = mbedtls_ripemd160_update( ctx, msglen, 8 );
if( ret != 0 )
return( ret );
@@ -405,7 +405,7 @@
/*
* output = RIPEMD-160( input buffer )
*/
-int mbedtls_ripemd160_ret( const unsigned char *input,
+int mbedtls_ripemd160( const unsigned char *input,
size_t ilen,
unsigned char output[20] )
{
@@ -414,13 +414,13 @@
mbedtls_ripemd160_init( &ctx );
- if( ( ret = mbedtls_ripemd160_starts_ret( &ctx ) ) != 0 )
+ if( ( ret = mbedtls_ripemd160_starts( &ctx ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_ripemd160_update_ret( &ctx, input, ilen ) ) != 0 )
+ if( ( ret = mbedtls_ripemd160_update( &ctx, input, ilen ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_ripemd160_finish_ret( &ctx, output ) ) != 0 )
+ if( ( ret = mbedtls_ripemd160_finish( &ctx, output ) ) != 0 )
goto exit;
exit:
@@ -487,7 +487,7 @@
if( verbose != 0 )
mbedtls_printf( " RIPEMD-160 test #%d: ", i + 1 );
- ret = mbedtls_ripemd160_ret( ripemd160_test_str[i],
+ ret = mbedtls_ripemd160( ripemd160_test_str[i],
ripemd160_test_strlen[i], output );
if( ret != 0 )
goto fail;
diff --git a/library/rsa.c b/library/rsa.c
index 36424bd..ed1632a 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -477,17 +477,14 @@
/*
* Initialize an RSA context
*/
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
- int padding,
- int hash_id )
+void mbedtls_rsa_init( mbedtls_rsa_context *ctx )
{
RSA_VALIDATE( ctx != NULL );
- RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
- padding == MBEDTLS_RSA_PKCS_V21 );
memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
- mbedtls_rsa_set_padding( ctx, padding, hash_id );
+ ctx->padding = MBEDTLS_RSA_PKCS_V15;
+ ctx->hash_id = MBEDTLS_MD_NONE;
#if defined(MBEDTLS_THREADING_C)
/* Set ctx->ver to nonzero to indicate that the mutex has been
@@ -500,15 +497,38 @@
/*
* Set padding for an existing RSA context
*/
-void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
- int hash_id )
+int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
+ mbedtls_md_type_t hash_id )
{
- RSA_VALIDATE( ctx != NULL );
- RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
- padding == MBEDTLS_RSA_PKCS_V21 );
+ switch( padding )
+ {
+#if defined(MBEDTLS_PKCS1_V15)
+ case MBEDTLS_RSA_PKCS_V15:
+ break;
+#endif
+
+#if defined(MBEDTLS_PKCS1_V21)
+ case MBEDTLS_RSA_PKCS_V21:
+ break;
+#endif
+ default:
+ return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+ }
+
+ if( ( padding == MBEDTLS_RSA_PKCS_V21 ) &&
+ ( hash_id != MBEDTLS_MD_NONE ) )
+ {
+ const mbedtls_md_info_t *md_info;
+
+ md_info = mbedtls_md_info_from_type( hash_id );
+ if( md_info == NULL )
+ return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+ }
ctx->padding = padding;
ctx->hash_id = hash_id;
+
+ return( 0 );
}
/*
@@ -909,8 +929,11 @@
RSA_VALIDATE_RET( input != NULL );
RSA_VALIDATE_RET( output != NULL );
- if( rsa_check_context( ctx, 1 /* private key checks */,
- f_rng != NULL /* blinding y/n */ ) != 0 )
+ if( f_rng == NULL )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ if( rsa_check_context( ctx, 1 /* private key checks */,
+ 1 /* blinding on */ ) != 0 )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
@@ -927,15 +950,12 @@
mbedtls_mpi_init( &Q1 );
mbedtls_mpi_init( &R );
- if( f_rng != NULL )
- {
#if defined(MBEDTLS_RSA_NO_CRT)
- mbedtls_mpi_init( &D_blind );
+ mbedtls_mpi_init( &D_blind );
#else
- mbedtls_mpi_init( &DP_blind );
- mbedtls_mpi_init( &DQ_blind );
+ mbedtls_mpi_init( &DP_blind );
+ mbedtls_mpi_init( &DQ_blind );
#endif
- }
#if !defined(MBEDTLS_RSA_NO_CRT)
mbedtls_mpi_init( &TP ); mbedtls_mpi_init( &TQ );
@@ -955,57 +975,54 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) );
- if( f_rng != NULL )
- {
- /*
- * Blinding
- * T = T * Vi mod N
- */
- MBEDTLS_MPI_CHK( rsa_prepare_blinding( ctx, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
+ /*
+ * Blinding
+ * T = T * Vi mod N
+ */
+ MBEDTLS_MPI_CHK( rsa_prepare_blinding( ctx, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vi ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
- /*
- * Exponent blinding
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
+ /*
+ * Exponent blinding
+ */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
#if defined(MBEDTLS_RSA_NO_CRT)
- /*
- * D_blind = ( P - 1 ) * ( Q - 1 ) * R + D
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
- f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &P1, &Q1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &D_blind, &R ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &D_blind, &D_blind, &ctx->D ) );
+ /*
+ * D_blind = ( P - 1 ) * ( Q - 1 ) * R + D
+ */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
+ f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &P1, &Q1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &D_blind, &R ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &D_blind, &D_blind, &ctx->D ) );
- D = &D_blind;
+ D = &D_blind;
#else
- /*
- * DP_blind = ( P - 1 ) * R + DP
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
- f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DP_blind, &P1, &R ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DP_blind, &DP_blind,
- &ctx->DP ) );
+ /*
+ * DP_blind = ( P - 1 ) * R + DP
+ */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
+ f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DP_blind, &P1, &R ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DP_blind, &DP_blind,
+ &ctx->DP ) );
- DP = &DP_blind;
+ DP = &DP_blind;
- /*
- * DQ_blind = ( Q - 1 ) * R + DQ
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
- f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DQ_blind, &Q1, &R ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DQ_blind, &DQ_blind,
- &ctx->DQ ) );
+ /*
+ * DQ_blind = ( Q - 1 ) * R + DQ
+ */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
+ f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DQ_blind, &Q1, &R ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DQ_blind, &DQ_blind,
+ &ctx->DQ ) );
- DQ = &DQ_blind;
+ DQ = &DQ_blind;
#endif /* MBEDTLS_RSA_NO_CRT */
- }
#if defined(MBEDTLS_RSA_NO_CRT)
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, D, &ctx->N, &ctx->RN ) );
@@ -1034,15 +1051,12 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &TQ, &TP ) );
#endif /* MBEDTLS_RSA_NO_CRT */
- if( f_rng != NULL )
- {
- /*
- * Unblind
- * T = T * Vf mod N
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vf ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
- }
+ /*
+ * Unblind
+ * T = T * Vf mod N
+ */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vf ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
/* Verify the result to prevent glitching attacks. */
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E,
@@ -1066,15 +1080,12 @@
mbedtls_mpi_free( &Q1 );
mbedtls_mpi_free( &R );
- if( f_rng != NULL )
- {
#if defined(MBEDTLS_RSA_NO_CRT)
- mbedtls_mpi_free( &D_blind );
+ mbedtls_mpi_free( &D_blind );
#else
- mbedtls_mpi_free( &DP_blind );
- mbedtls_mpi_free( &DQ_blind );
+ mbedtls_mpi_free( &DP_blind );
+ mbedtls_mpi_free( &DQ_blind );
#endif
- }
mbedtls_mpi_free( &T );
@@ -1779,7 +1790,8 @@
if( md_info == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- hashlen = mbedtls_md_get_size( md_info );
+ if( hashlen != mbedtls_md_get_size( md_info ) )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
@@ -1914,14 +1926,13 @@
* Parameters:
* - md_alg: Identifies the hash algorithm used to generate the given hash;
* MBEDTLS_MD_NONE if raw data is signed.
- * - hashlen: Length of hash in case hashlen is MBEDTLS_MD_NONE.
+ * - hashlen: Length of hash. Must match md_alg if that's not NONE.
* - hash: Buffer containing the hashed message or the raw data.
* - dst_len: Length of the encoded message.
* - dst: Buffer to hold the encoded message.
*
* Assumptions:
- * - hash has size hashlen if md_alg == MBEDTLS_MD_NONE.
- * - hash has size corresponding to md_alg if md_alg != MBEDTLS_MD_NONE.
+ * - hash has size hashlen.
* - dst points to a buffer of size at least dst_len.
*
*/
@@ -1946,7 +1957,8 @@
if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- hashlen = mbedtls_md_get_size( md_info );
+ if( hashlen != mbedtls_md_get_size( md_info ) )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
/* Double-check that 8 + hashlen + oid_size can be used as a
* 1-byte ASN.1 length encoding and that there's no overflow. */
@@ -2011,6 +2023,8 @@
* TAG-NULL + LEN [ NULL ] ]
* TAG-OCTET + LEN [ HASH ] ]
*/
+ if( 0x08 + oid_size + hashlen >= 0x80 )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
*p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
*p++ = (unsigned char)( 0x08 + oid_size + hashlen );
*p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
@@ -2192,7 +2206,8 @@
if( md_info == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- hashlen = mbedtls_md_get_size( md_info );
+ if( hashlen != mbedtls_md_get_size( md_info ) )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
md_info = mbedtls_md_info_from_type( mgf1_hash_id );
@@ -2580,7 +2595,7 @@
mbedtls_mpi K;
mbedtls_mpi_init( &K );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_N ) );
MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, &K, NULL, NULL, NULL, NULL ) );
@@ -2654,7 +2669,7 @@
if( verbose != 0 )
mbedtls_printf( " PKCS#1 data sign : " );
- if( mbedtls_sha1_ret( rsa_plaintext, PT_LEN, sha1sum ) != 0 )
+ if( mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum ) != 0 )
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
@@ -2663,7 +2678,7 @@
}
if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL,
- MBEDTLS_MD_SHA1, 0,
+ MBEDTLS_MD_SHA1, 20,
sha1sum, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
@@ -2676,7 +2691,7 @@
if( verbose != 0 )
mbedtls_printf( "passed\n PKCS#1 sig. verify: " );
- if( mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA1, 0,
+ if( mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA1, 20,
sha1sum, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
diff --git a/library/sha1.c b/library/sha1.c
index c6087ac..545d093 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -98,7 +98,7 @@
/*
* SHA-1 context setup
*/
-int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
+int mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
{
SHA1_VALIDATE_RET( ctx != NULL );
@@ -292,7 +292,7 @@
/*
* SHA-1 process buffer
*/
-int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
+int mbedtls_sha1_update( mbedtls_sha1_context *ctx,
const unsigned char *input,
size_t ilen )
{
@@ -345,7 +345,7 @@
/*
* SHA-1 final digest
*/
-int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
+int mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
unsigned char output[20] )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -408,7 +408,7 @@
/*
* output = SHA-1( input buffer )
*/
-int mbedtls_sha1_ret( const unsigned char *input,
+int mbedtls_sha1( const unsigned char *input,
size_t ilen,
unsigned char output[20] )
{
@@ -420,13 +420,13 @@
mbedtls_sha1_init( &ctx );
- if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 )
+ if( ( ret = mbedtls_sha1_starts( &ctx ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_sha1_update_ret( &ctx, input, ilen ) ) != 0 )
+ if( ( ret = mbedtls_sha1_update( &ctx, input, ilen ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_sha1_finish_ret( &ctx, output ) ) != 0 )
+ if( ( ret = mbedtls_sha1_finish( &ctx, output ) ) != 0 )
goto exit;
exit:
@@ -481,7 +481,7 @@
if( verbose != 0 )
mbedtls_printf( " SHA-1 test #%d: ", i + 1 );
- if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 )
+ if( ( ret = mbedtls_sha1_starts( &ctx ) ) != 0 )
goto fail;
if( i == 2 )
@@ -490,20 +490,20 @@
for( j = 0; j < 1000; j++ )
{
- ret = mbedtls_sha1_update_ret( &ctx, buf, buflen );
+ ret = mbedtls_sha1_update( &ctx, buf, buflen );
if( ret != 0 )
goto fail;
}
}
else
{
- ret = mbedtls_sha1_update_ret( &ctx, sha1_test_buf[i],
+ ret = mbedtls_sha1_update( &ctx, sha1_test_buf[i],
sha1_test_buflen[i] );
if( ret != 0 )
goto fail;
}
- if( ( ret = mbedtls_sha1_finish_ret( &ctx, sha1sum ) ) != 0 )
+ if( ( ret = mbedtls_sha1_finish( &ctx, sha1sum ) ) != 0 )
goto fail;
if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
diff --git a/library/sha256.c b/library/sha256.c
index 3cb2122..6ec6da2 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -100,7 +100,7 @@
/*
* SHA-256 context setup
*/
-int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
+int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
{
SHA256_VALIDATE_RET( ctx != NULL );
@@ -285,7 +285,7 @@
/*
* SHA-256 process buffer
*/
-int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
+int mbedtls_sha256_update( mbedtls_sha256_context *ctx,
const unsigned char *input,
size_t ilen )
{
@@ -338,7 +338,7 @@
/*
* SHA-256 final digest
*/
-int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
+int mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
unsigned char *output )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -408,7 +408,7 @@
/*
* output = SHA-256( input buffer )
*/
-int mbedtls_sha256_ret( const unsigned char *input,
+int mbedtls_sha256( const unsigned char *input,
size_t ilen,
unsigned char *output,
int is224 )
@@ -427,13 +427,13 @@
mbedtls_sha256_init( &ctx );
- if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )
+ if( ( ret = mbedtls_sha256_starts( &ctx, is224 ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 )
+ if( ( ret = mbedtls_sha256_update( &ctx, input, ilen ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 )
+ if( ( ret = mbedtls_sha256_finish( &ctx, output ) ) != 0 )
goto exit;
exit:
@@ -522,7 +522,7 @@
if( verbose != 0 )
mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
- if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 )
+ if( ( ret = mbedtls_sha256_starts( &ctx, k ) ) != 0 )
goto fail;
if( j == 2 )
@@ -531,7 +531,7 @@
for( j = 0; j < 1000; j++ )
{
- ret = mbedtls_sha256_update_ret( &ctx, buf, buflen );
+ ret = mbedtls_sha256_update( &ctx, buf, buflen );
if( ret != 0 )
goto fail;
}
@@ -539,13 +539,13 @@
}
else
{
- ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j],
+ ret = mbedtls_sha256_update( &ctx, sha256_test_buf[j],
sha256_test_buflen[j] );
if( ret != 0 )
goto fail;
}
- if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 )
+ if( ( ret = mbedtls_sha256_finish( &ctx, sha256sum ) ) != 0 )
goto fail;
diff --git a/library/sha512.c b/library/sha512.c
index 315e516..6511c6e 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -123,7 +123,7 @@
/*
* SHA-512 context setup
*/
-int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
+int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
{
SHA512_VALIDATE_RET( ctx != NULL );
#if defined(MBEDTLS_SHA384_C)
@@ -327,7 +327,7 @@
/*
* SHA-512 process buffer
*/
-int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
+int mbedtls_sha512_update( mbedtls_sha512_context *ctx,
const unsigned char *input,
size_t ilen )
{
@@ -379,7 +379,7 @@
/*
* SHA-512 final digest
*/
-int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
+int mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
unsigned char *output )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -451,7 +451,7 @@
/*
* output = SHA-512( input buffer )
*/
-int mbedtls_sha512_ret( const unsigned char *input,
+int mbedtls_sha512( const unsigned char *input,
size_t ilen,
unsigned char *output,
int is384 )
@@ -469,13 +469,13 @@
mbedtls_sha512_init( &ctx );
- if( ( ret = mbedtls_sha512_starts_ret( &ctx, is384 ) ) != 0 )
+ if( ( ret = mbedtls_sha512_starts( &ctx, is384 ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_sha512_update_ret( &ctx, input, ilen ) ) != 0 )
+ if( ( ret = mbedtls_sha512_update( &ctx, input, ilen ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_sha512_finish_ret( &ctx, output ) ) != 0 )
+ if( ( ret = mbedtls_sha512_finish( &ctx, output ) ) != 0 )
goto exit;
exit:
@@ -591,7 +591,7 @@
if( verbose != 0 )
mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 );
- if( ( ret = mbedtls_sha512_starts_ret( &ctx, k ) ) != 0 )
+ if( ( ret = mbedtls_sha512_starts( &ctx, k ) ) != 0 )
goto fail;
if( j == 2 )
@@ -600,20 +600,20 @@
for( j = 0; j < 1000; j++ )
{
- ret = mbedtls_sha512_update_ret( &ctx, buf, buflen );
+ ret = mbedtls_sha512_update( &ctx, buf, buflen );
if( ret != 0 )
goto fail;
}
}
else
{
- ret = mbedtls_sha512_update_ret( &ctx, sha512_test_buf[j],
+ ret = mbedtls_sha512_update( &ctx, sha512_test_buf[j],
sha512_test_buflen[j] );
if( ret != 0 )
goto fail;
}
- if( ( ret = mbedtls_sha512_finish_ret( &ctx, sha512sum ) ) != 0 )
+ if( ( ret = mbedtls_sha512_finish( &ctx, sha512sum ) ) != 0 )
goto fail;
if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 )
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 1bda9c0..be0acb7 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -38,7 +38,7 @@
/*
* Ordered from most preferred to least preferred in terms of security.
*
- * Current rule (except RC4 and 3DES, weak and null which come last):
+ * Current rule (except weak and null which come last):
* 1. By key exchange:
* Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
* 2. By key length and cipher:
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 12ed0fb..30e64c4 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -559,36 +559,6 @@
}
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-static int ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
-{
- unsigned char *p = buf;
-
- *olen = 0;
-
- if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
- return( 0 );
-
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, adding truncated_hmac extension" ) );
-
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
-
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF );
-
- *p++ = 0x00;
- *p++ = 0x00;
-
- *olen = 4;
-
- return( 0 );
-}
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
@@ -1304,16 +1274,6 @@
ext_len += olen;
#endif
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- if( ( ret = ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_truncated_hmac_ext", ret );
- return( ret );
- }
- ext_len += olen;
-#endif
-
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( ( ret = ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len,
end, &olen ) ) != 0 )
@@ -1479,31 +1439,6 @@
}
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
-{
- if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ||
- len != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "non-matching truncated HMAC extension" ) );
- mbedtls_ssl_send_alert_message(
- ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
- }
-
- ((void) buf);
-
- ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
-
- return( 0 );
-}
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
@@ -1663,7 +1598,8 @@
ssl->handshake->ecdh_ctx.point_format = p[0];
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- ssl->handshake->ecjpake_ctx.point_format = p[0];
+ mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx,
+ p[0] );
#endif
MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) );
return( 0 );
@@ -2345,19 +2281,6 @@
break;
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated_hmac extension" ) );
-
- if( ( ret = ssl_parse_truncated_hmac_ext( ssl,
- ext + 4, ext_size ) ) != 0 )
- {
- return( ret );
- }
-
- break;
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
case MBEDTLS_TLS_EXT_CID:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) );
@@ -2553,7 +2476,7 @@
return( ret );
}
- dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P );
+ dhm_actual_bitlen = mbedtls_dhm_get_bitlen( &ssl->handshake->dhm_ctx );
if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u",
@@ -3588,14 +3511,14 @@
/*
* DHM key exchange -- send G^X mod P
*/
- content_len = ssl->handshake->dhm_ctx.len;
+ content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx );
ssl->out_msg[4] = (unsigned char)( content_len >> 8 );
ssl->out_msg[5] = (unsigned char)( content_len );
header_len = 6;
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
- (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+ (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
&ssl->out_msg[header_len], content_len,
ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
@@ -3848,7 +3771,7 @@
/*
* ClientDiffieHellmanPublic public (DHM send G^X mod P)
*/
- content_len = ssl->handshake->dhm_ctx.len;
+ content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx );
if( header_len + 2 + content_len >
MBEDTLS_SSL_OUT_CONTENT_LEN )
@@ -3862,7 +3785,7 @@
ssl->out_msg[header_len++] = (unsigned char)( content_len );
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
- (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+ (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
&ssl->out_msg[header_len], content_len,
ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index e5ec131..d25bc55 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -255,6 +255,39 @@
+ ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
#endif
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+/**
+ * \brief Return the maximum fragment length (payload, in bytes) for
+ * the output buffer. For the client, this is the configured
+ * value. For the server, it is the minimum of two - the
+ * configured value and the negotiated one.
+ *
+ * \sa mbedtls_ssl_conf_max_frag_len()
+ * \sa mbedtls_ssl_get_max_out_record_payload()
+ *
+ * \param ssl SSL context
+ *
+ * \return Current maximum fragment length for the output buffer.
+ */
+size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl );
+
+/**
+ * \brief Return the maximum fragment length (payload, in bytes) for
+ * the input buffer. This is the negotiated maximum fragment
+ * length, or, if there is none, MBEDTLS_SSL_IN_CONTENT_LEN.
+ * If it is not defined either, the value is 2^14. This function
+ * works as its predecessor, \c mbedtls_ssl_get_max_frag_len().
+ *
+ * \sa mbedtls_ssl_conf_max_frag_len()
+ * \sa mbedtls_ssl_get_max_in_record_payload()
+ *
+ * \param ssl SSL context
+ *
+ * \return Current maximum fragment length for the output buffer.
+ */
+size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
static inline size_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx )
{
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index c1648bc..0fa206b 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -1148,6 +1148,9 @@
MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) );
}
+ /* The context needs to finish() before it starts() again */
+ MD_CHK( mbedtls_md_finish( ctx, aux_out ) );
+
/* Now compute HASH(okey + inner_hash) */
MD_CHK( mbedtls_md_starts( ctx ) );
MD_CHK( mbedtls_md_update( ctx, okey, block_size ) );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 4fe6b02..4715129 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -407,7 +407,8 @@
ssl->handshake->ecdh_ctx.point_format = p[0];
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- ssl->handshake->ecjpake_ctx.point_format = p[0];
+ mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx,
+ p[0] );
#endif
MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) );
return( 0 );
@@ -542,28 +543,6 @@
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
-{
- if( len != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
-
- ((void) buf);
-
- if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
- ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
-
- return( 0 );
-}
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
@@ -1702,16 +1681,6 @@
break;
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) );
-
- ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
- break;
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
case MBEDTLS_TLS_EXT_CID:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) );
@@ -1720,7 +1689,7 @@
if( ret != 0 )
return( ret );
break;
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
@@ -1872,27 +1841,43 @@
got_common_suite = 0;
ciphersuites = ssl->conf->ciphersuite_list;
ciphersuite_info = NULL;
-#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
- for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
- for( i = 0; ciphersuites[i] != 0; i++ )
-#else
- for( i = 0; ciphersuites[i] != 0; i++ )
+
+ if (ssl->conf->respect_cli_pref == MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)
+ {
for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
-#endif
- {
- if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) ||
- p[1] != ( ( ciphersuites[i] ) & 0xFF ) )
- continue;
+ for( i = 0; ciphersuites[i] != 0; i++ )
+ {
+ if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) ||
+ p[1] != ( ( ciphersuites[i] ) & 0xFF ) )
+ continue;
- got_common_suite = 1;
+ got_common_suite = 1;
- if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
- &ciphersuite_info ) ) != 0 )
- return( ret );
+ if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
+ &ciphersuite_info ) ) != 0 )
+ return( ret );
- if( ciphersuite_info != NULL )
- goto have_ciphersuite;
- }
+ if( ciphersuite_info != NULL )
+ goto have_ciphersuite;
+ }
+ } else {
+ for( i = 0; ciphersuites[i] != 0; i++ )
+ for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
+ {
+ if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) ||
+ p[1] != ( ( ciphersuites[i] ) & 0xFF ) )
+ continue;
+
+ got_common_suite = 1;
+
+ if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
+ &ciphersuite_info ) ) != 0 )
+ return( ret );
+
+ if( ciphersuite_info != NULL )
+ goto have_ciphersuite;
+ }
+ }
if( got_common_suite )
{
@@ -1950,31 +1935,6 @@
return( 0 );
}
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
-{
- unsigned char *p = buf;
-
- if( ssl->session_negotiate->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
- {
- *olen = 0;
- return;
- }
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding truncated hmac extension" ) );
-
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF );
-
- *p++ = 0x00;
- *p++ = 0x00;
-
- *olen = 4;
-}
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
@@ -2637,11 +2597,6 @@
ext_len += olen;
#endif
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
- ext_len += olen;
-#endif
-
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
@@ -3049,7 +3004,7 @@
if( ( ret = mbedtls_dhm_make_params(
&ssl->handshake->dhm_ctx,
- (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+ (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
ssl->out_msg + ssl->out_msglen, &len,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
@@ -4416,4 +4371,10 @@
return( ret );
}
+
+void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order )
+{
+ conf->respect_cli_pref = order;
+}
+
#endif /* MBEDTLS_SSL_SRV_C */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 9b8c05f..1396400 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -672,9 +672,6 @@
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
int encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- int trunc_hmac,
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl_tls_prf_t tls_prf,
const unsigned char randbytes[64],
@@ -845,18 +842,6 @@
mac_key_len = mbedtls_md_get_size( md_info );
transform->maclen = mac_key_len;
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- /*
- * If HMAC is to be truncated, we shall keep the leftmost bytes,
- * (rfc 6066 page 13 or rfc 2104 section 4),
- * so we only need to adjust the length here.
- */
- if( trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
- {
- transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN;
- }
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
/* IV length */
transform->ivlen = cipher_info->iv_size;
@@ -986,23 +971,14 @@
((void) mac_enc);
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
- if( ssl->conf->f_export_keys != NULL )
+ if( ssl->f_export_keys != NULL )
{
- ssl->conf->f_export_keys( ssl->conf->p_export_keys,
- master, keyblk,
- mac_key_len, keylen,
- iv_copy_len );
- }
-
- if( ssl->conf->f_export_keys_ext != NULL )
- {
- ssl->conf->f_export_keys_ext( ssl->conf->p_export_keys,
- master, keyblk,
- mac_key_len, keylen,
- iv_copy_len,
- randbytes + 32,
- randbytes,
- tls_prf_get_type( tls_prf ) );
+ ssl->f_export_keys( ssl->p_export_keys,
+ MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET,
+ master, 48,
+ randbytes + 32,
+ randbytes,
+ tls_prf_get_type( tls_prf ) );
}
#endif
@@ -1368,9 +1344,6 @@
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
ssl->session_negotiate->encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- ssl->session_negotiate->trunc_hmac,
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl->handshake->tls_prf,
ssl->handshake->randbytes,
@@ -1429,7 +1402,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) );
mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
- mbedtls_sha256_finish_ret( &sha256, hash );
+ mbedtls_sha256_finish( &sha256, hash );
*hlen = 32;
@@ -1478,7 +1451,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) );
mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
- mbedtls_sha512_finish_ret( &sha512, hash );
+ mbedtls_sha512_finish( &sha512, hash );
*hlen = 48;
@@ -2490,7 +2463,7 @@
psa_hash_abort( &ssl->handshake->fin_sha256_psa );
psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
#else
- mbedtls_sha256_starts_ret( &ssl->handshake->fin_sha256, 0 );
+ mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 );
#endif
#endif
#if defined(MBEDTLS_SHA384_C)
@@ -2498,7 +2471,7 @@
psa_hash_abort( &ssl->handshake->fin_sha384_psa );
psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
#else
- mbedtls_sha512_starts_ret( &ssl->handshake->fin_sha512, 1 );
+ mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 );
#endif
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -2512,14 +2485,14 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
#else
- mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
+ mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
#endif
#endif
#if defined(MBEDTLS_SHA384_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
#else
- mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len );
+ mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
#endif
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -2533,7 +2506,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
#else
- mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
+ mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
#endif
}
#endif
@@ -2545,7 +2518,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
#else
- mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len );
+ mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
#endif
}
#endif
@@ -2613,7 +2586,7 @@
sha256.state, sizeof( sha256.state ) );
#endif
- mbedtls_sha256_finish_ret( &sha256, padbuf );
+ mbedtls_sha256_finish( &sha256, padbuf );
mbedtls_sha256_free( &sha256 );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -2688,7 +2661,7 @@
MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *)
sha512.state, sizeof( sha512.state ) );
#endif
- mbedtls_sha512_finish_ret( &sha512, padbuf );
+ mbedtls_sha512_finish( &sha512, padbuf );
mbedtls_sha512_free( &sha512 );
#endif
@@ -2988,7 +2961,7 @@
psa_hash_setup( &handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
#else
mbedtls_sha256_init( &handshake->fin_sha256 );
- mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 );
+ mbedtls_sha256_starts( &handshake->fin_sha256, 0 );
#endif
#endif
#if defined(MBEDTLS_SHA384_C)
@@ -2997,7 +2970,7 @@
psa_hash_setup( &handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
#else
mbedtls_sha512_init( &handshake->fin_sha512 );
- mbedtls_sha512_starts_ret( &handshake->fin_sha512, 1 );
+ mbedtls_sha512_starts( &handshake->fin_sha512, 1 );
#endif
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -3504,6 +3477,9 @@
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
+ if( ssl->handshake->resume == 1 )
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+
if( ( ret = mbedtls_ssl_session_copy( ssl->session_negotiate,
session ) ) != 0 )
return( ret );
@@ -3871,8 +3847,10 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 ||
- ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 )
+ if( ( ret = mbedtls_dhm_get_value( dhm_ctx, MBEDTLS_DHM_PARAM_P,
+ &conf->dhm_P ) ) != 0 ||
+ ( ret = mbedtls_dhm_get_value( dhm_ctx, MBEDTLS_DHM_PARAM_G,
+ &conf->dhm_G ) ) != 0 )
{
mbedtls_mpi_free( &conf->dhm_P );
mbedtls_mpi_free( &conf->dhm_G );
@@ -4136,13 +4114,6 @@
}
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate )
-{
- conf->trunc_hmac = truncate;
-}
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy )
{
conf->allow_legacy_renegotiation = allow_legacy;
@@ -4188,20 +4159,12 @@
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
-void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
- mbedtls_ssl_export_keys_t *f_export_keys,
- void *p_export_keys )
+void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl,
+ mbedtls_ssl_export_keys_t *f_export_keys,
+ void *p_export_keys )
{
- conf->f_export_keys = f_export_keys;
- conf->p_export_keys = p_export_keys;
-}
-
-void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf,
- mbedtls_ssl_export_keys_ext_t *f_export_keys_ext,
- void *p_export_keys )
-{
- conf->f_export_keys_ext = f_export_keys_ext;
- conf->p_export_keys = p_export_keys;
+ ssl->f_export_keys = f_export_keys;
+ ssl->p_export_keys = p_export_keys;
}
#endif
@@ -4427,6 +4390,24 @@
return( (int) max_len );
}
+int mbedtls_ssl_get_max_in_record_payload( const mbedtls_ssl_context *ssl )
+{
+ size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN;
+
+#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ (void) ssl;
+#endif
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ const size_t mfl = mbedtls_ssl_get_input_max_frag_len( ssl );
+
+ if( max_len > mfl )
+ max_len = mfl;
+#endif
+
+ return( (int) max_len );
+}
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl )
{
@@ -4445,6 +4426,8 @@
int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl,
mbedtls_ssl_session *dst )
{
+ int ret;
+
if( ssl == NULL ||
dst == NULL ||
ssl->session == NULL ||
@@ -4453,18 +4436,30 @@
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
- return( mbedtls_ssl_session_copy( dst, ssl->session ) );
+ /* Since Mbed TLS 3.0, mbedtls_ssl_get_session() is no longer
+ * idempotent: Each session can only be exported once.
+ *
+ * (This is in preparation for TLS 1.3 support where we will
+ * need the ability to export multiple sessions (aka tickets),
+ * which will be achieved by calling mbedtls_ssl_get_session()
+ * multiple times until it fails.)
+ *
+ * Check whether we have already exported the current session,
+ * and fail if so.
+ */
+ if( ssl->session->exported == 1 )
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+
+ ret = mbedtls_ssl_session_copy( dst, ssl->session );
+ if( ret != 0 )
+ return( ret );
+
+ /* Remember that we've exported the session. */
+ ssl->session->exported = 1;
+ return( 0 );
}
#endif /* MBEDTLS_SSL_CLI_C */
-const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_context *ssl )
-{
- if( ssl == NULL )
- return( NULL );
-
- return( ssl->session );
-}
-
/*
* Define ticket header determining Mbed TLS version
* and structure of the ticket.
@@ -4499,11 +4494,7 @@
#define SSL_SERIALIZED_SESSION_CONFIG_MFL 0
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-#define SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC 1
-#else
#define SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC 0
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
#define SSL_SERIALIZED_SESSION_CONFIG_ETM 1
@@ -4746,13 +4737,6 @@
*p++ = session->mfl_code;
#endif
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- used += 1;
-
- if( used <= buf_len )
- *p++ = (unsigned char)( ( session->trunc_hmac ) & 0xFF );
-#endif
-
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
used += 1;
@@ -4988,13 +4972,6 @@
session->mfl_code = *p++;
#endif
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- if( 1 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- session->trunc_hmac = *p++;
-#endif
-
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( 1 > (size_t)( end - p ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -5811,9 +5788,6 @@
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
ssl->session->encrypt_then_mac,
#endif
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- ssl->session->trunc_hmac,
-#endif
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl_tls12prf_from_cs( ssl->session->ciphersuite ),
p, /* currently pointing to randbytes */
@@ -6078,6 +6052,11 @@
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+/* The selection should be the same as mbedtls_x509_crt_profile_default in
+ * x509_crt.c. Here, the order matters. Currently we favor stronger hashes,
+ * for no fundamental reason.
+ * See the documentation of mbedtls_ssl_conf_curves() for what we promise
+ * about this list. */
static int ssl_preset_default_hashes[] = {
#if defined(MBEDTLS_SHA512_C)
MBEDTLS_MD_SHA512,
@@ -6088,16 +6067,46 @@
#if defined(MBEDTLS_SHA256_C)
MBEDTLS_MD_SHA256,
#endif
-#if defined(MBEDTLS_SHA224_C)
- MBEDTLS_MD_SHA224,
-#endif
-#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
- MBEDTLS_MD_SHA1,
-#endif
MBEDTLS_MD_NONE
};
#endif
+#if defined(MBEDTLS_ECP_C)
+/* The selection should be the same as mbedtls_x509_crt_profile_default in
+ * x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters:
+ * curves with a lower resource usage come first.
+ * See the documentation of mbedtls_ssl_conf_curves() for what we promise
+ * about this list.
+ */
+static mbedtls_ecp_group_id ssl_preset_default_curves[] = {
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+ MBEDTLS_ECP_DP_CURVE25519,
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+ MBEDTLS_ECP_DP_SECP256R1,
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+ MBEDTLS_ECP_DP_SECP384R1,
+#endif
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+ MBEDTLS_ECP_DP_CURVE448,
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+ MBEDTLS_ECP_DP_SECP521R1,
+#endif
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+ MBEDTLS_ECP_DP_BP256R1,
+#endif
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+ MBEDTLS_ECP_DP_BP384R1,
+#endif
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+ MBEDTLS_ECP_DP_BP512R1,
+#endif
+ MBEDTLS_ECP_DP_NONE
+};
+#endif
+
static int ssl_preset_suiteb_ciphersuites[] = {
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
@@ -6171,6 +6180,7 @@
#if defined(MBEDTLS_SSL_SRV_C)
conf->cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED;
+ conf->respect_cli_pref = MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER;
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -6260,7 +6270,7 @@
#endif
#if defined(MBEDTLS_ECP_C)
- conf->curve_list = mbedtls_ecp_grp_id_list();
+ conf->curve_list = ssl_preset_default_curves;
#endif
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
@@ -6526,22 +6536,10 @@
uint32_t *flags )
{
int ret = 0;
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
int usage = 0;
-#endif
-#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
const char *ext_oid;
size_t ext_len;
-#endif
-#if !defined(MBEDTLS_X509_CHECK_KEY_USAGE) && \
- !defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
- ((void) cert);
- ((void) cert_endpoint);
- ((void) flags);
-#endif
-
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
{
/* Server part of the key exchange */
@@ -6583,11 +6581,7 @@
*flags |= MBEDTLS_X509_BADCERT_KEY_USAGE;
ret = -1;
}
-#else
- ((void) ciphersuite);
-#endif /* MBEDTLS_X509_CHECK_KEY_USAGE */
-#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
{
ext_oid = MBEDTLS_OID_SERVER_AUTH;
@@ -6604,7 +6598,6 @@
*flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
ret = -1;
}
-#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
return( ret );
}
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 4e8fb43..f1c8a12 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -24,6 +24,7 @@
#include "mbedtls/hkdf.h"
#include "ssl_misc.h"
#include "ssl_tls13_keys.h"
+#include "mbedtls/debug.h"
#include <stdint.h>
#include <string.h>
@@ -346,4 +347,356 @@
return( ret );
}
+int mbedtls_ssl_tls1_3_derive_early_secrets(
+ mbedtls_md_type_t md_type,
+ unsigned char const *early_secret,
+ unsigned char const *transcript, size_t transcript_len,
+ mbedtls_ssl_tls1_3_early_secrets *derived )
+{
+ int ret;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+
+ /* We should never call this function with an unknown hash,
+ * but add an assertion anyway. */
+ if( md_info == 0 )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ /*
+ * 0
+ * |
+ * v
+ * PSK -> HKDF-Extract = Early Secret
+ * |
+ * +-----> Derive-Secret(., "c e traffic", ClientHello)
+ * | = client_early_traffic_secret
+ * |
+ * +-----> Derive-Secret(., "e exp master", ClientHello)
+ * | = early_exporter_master_secret
+ * v
+ */
+
+ /* Create client_early_traffic_secret */
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ early_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_e_traffic ),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->client_early_traffic_secret,
+ md_size );
+ if( ret != 0 )
+ return( ret );
+
+ /* Create early exporter */
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ early_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( e_exp_master ),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->early_exporter_master_secret,
+ md_size );
+ if( ret != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+int mbedtls_ssl_tls1_3_derive_handshake_secrets(
+ mbedtls_md_type_t md_type,
+ unsigned char const *handshake_secret,
+ unsigned char const *transcript, size_t transcript_len,
+ mbedtls_ssl_tls1_3_handshake_secrets *derived )
+{
+ int ret;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+
+ /* We should never call this function with an unknown hash,
+ * but add an assertion anyway. */
+ if( md_info == 0 )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ /*
+ *
+ * Handshake Secret
+ * |
+ * +-----> Derive-Secret( ., "c hs traffic",
+ * | ClientHello...ServerHello )
+ * | = client_handshake_traffic_secret
+ * |
+ * +-----> Derive-Secret( ., "s hs traffic",
+ * | ClientHello...ServerHello )
+ * | = server_handshake_traffic_secret
+ *
+ */
+
+ /*
+ * Compute client_handshake_traffic_secret with
+ * Derive-Secret( ., "c hs traffic", ClientHello...ServerHello )
+ */
+
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ handshake_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_hs_traffic ),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->client_handshake_traffic_secret,
+ md_size );
+ if( ret != 0 )
+ return( ret );
+
+ /*
+ * Compute server_handshake_traffic_secret with
+ * Derive-Secret( ., "s hs traffic", ClientHello...ServerHello )
+ */
+
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ handshake_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( s_hs_traffic ),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->server_handshake_traffic_secret,
+ md_size );
+ if( ret != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+int mbedtls_ssl_tls1_3_derive_application_secrets(
+ mbedtls_md_type_t md_type,
+ unsigned char const *application_secret,
+ unsigned char const *transcript, size_t transcript_len,
+ mbedtls_ssl_tls1_3_application_secrets *derived )
+{
+ int ret;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+
+ /* We should never call this function with an unknown hash,
+ * but add an assertion anyway. */
+ if( md_info == 0 )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ /* Generate {client,server}_application_traffic_secret_0
+ *
+ * Master Secret
+ * |
+ * +-----> Derive-Secret( ., "c ap traffic",
+ * | ClientHello...server Finished )
+ * | = client_application_traffic_secret_0
+ * |
+ * +-----> Derive-Secret( ., "s ap traffic",
+ * | ClientHello...Server Finished )
+ * | = server_application_traffic_secret_0
+ * |
+ * +-----> Derive-Secret( ., "exp master",
+ * | ClientHello...server Finished)
+ * | = exporter_master_secret
+ *
+ */
+
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ application_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_ap_traffic ),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->client_application_traffic_secret_N,
+ md_size );
+ if( ret != 0 )
+ return( ret );
+
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ application_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( s_ap_traffic ),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->server_application_traffic_secret_N,
+ md_size );
+ if( ret != 0 )
+ return( ret );
+
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ application_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( exp_master ),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->exporter_master_secret,
+ md_size );
+ if( ret != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+/* Generate resumption_master_secret for use with the ticket exchange.
+ *
+ * This is not integrated with mbedtls_ssl_tls1_3_derive_application_secrets()
+ * because it uses the transcript hash up to and including ClientFinished. */
+int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
+ mbedtls_md_type_t md_type,
+ unsigned char const *application_secret,
+ unsigned char const *transcript, size_t transcript_len,
+ mbedtls_ssl_tls1_3_application_secrets *derived )
+{
+ int ret;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+
+ /* We should never call this function with an unknown hash,
+ * but add an assertion anyway. */
+ if( md_info == 0 )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ application_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( res_master ),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->resumption_master_secret,
+ md_size );
+
+ if( ret != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+static int ssl_tls1_3_calc_finished_core( mbedtls_md_type_t md_type,
+ unsigned char const *base_key,
+ unsigned char const *transcript,
+ unsigned char *dst )
+{
+ const mbedtls_md_info_t* const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+ unsigned char finished_key[MBEDTLS_MD_MAX_SIZE];
+ int ret;
+
+ /* We should never call this function with an unknown hash,
+ * but add an assertion anyway. */
+ if( md_info == 0 )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ /* TLS 1.3 Finished message
+ *
+ * struct {
+ * opaque verify_data[Hash.length];
+ * } Finished;
+ *
+ * verify_data =
+ * HMAC( finished_key,
+ * Hash( Handshake Context +
+ * Certificate* +
+ * CertificateVerify* )
+ * )
+ *
+ * finished_key =
+ * HKDF-Expand-Label( BaseKey, "finished", "", Hash.length )
+ */
+
+ ret = mbedtls_ssl_tls1_3_hkdf_expand_label(
+ md_type, base_key, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( finished ),
+ NULL, 0,
+ finished_key, md_size );
+ if( ret != 0 )
+ goto exit;
+
+ ret = mbedtls_md_hmac( md_info, finished_key, md_size, transcript, md_size, dst );
+ if( ret != 0 )
+ goto exit;
+
+exit:
+
+ mbedtls_platform_zeroize( finished_key, sizeof( finished_key ) );
+ return( ret );
+}
+
+int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl,
+ const mbedtls_md_type_t md_type,
+ unsigned char const *psk, size_t psk_len,
+ int psk_type,
+ unsigned char const *transcript,
+ unsigned char *result )
+{
+ int ret = 0;
+ unsigned char binder_key[MBEDTLS_MD_MAX_SIZE];
+ unsigned char early_secret[MBEDTLS_MD_MAX_SIZE];
+ mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+
+#if !defined(MBEDTLS_DEBUG_C)
+ ssl = NULL; /* make sure we don't use it except for debug */
+ ((void) ssl);
+#endif
+
+ /* We should never call this function with an unknown hash,
+ * but add an assertion anyway. */
+ if( md_info == 0 )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ /*
+ * 0
+ * |
+ * v
+ * PSK -> HKDF-Extract = Early Secret
+ * |
+ * +-----> Derive-Secret(., "ext binder" | "res binder", "")
+ * | = binder_key
+ * v
+ */
+
+ ret = mbedtls_ssl_tls1_3_evolve_secret( md_type,
+ NULL, /* Old secret */
+ psk, psk_len, /* Input */
+ early_secret );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
+ goto exit;
+ }
+
+ if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION )
+ {
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ early_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( res_binder ),
+ NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
+ binder_key, md_size );
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "Derive Early Secret with 'res binder'" ) );
+ }
+ else
+ {
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ early_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( ext_binder ),
+ NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
+ binder_key, md_size );
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "Derive Early Secret with 'ext binder'" ) );
+ }
+
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_secret", ret );
+ goto exit;
+ }
+
+ /*
+ * The binding_value is computed in the same way as the Finished message
+ * but with the BaseKey being the binder_key.
+ */
+
+ ret = ssl_tls1_3_calc_finished_core( md_type, binder_key, transcript, result );
+ if( ret != 0 )
+ goto exit;
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "psk binder", result, md_size );
+
+exit:
+
+ mbedtls_platform_zeroize( early_secret, sizeof( early_secret ) );
+ mbedtls_platform_zeroize( binder_key, sizeof( binder_key ) );
+ return( ret );
+}
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 7089049..3b96998 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -70,6 +70,27 @@
#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN \
MBEDTLS_MD_MAX_SIZE
+typedef struct
+{
+ unsigned char binder_key [ MBEDTLS_MD_MAX_SIZE ];
+ unsigned char client_early_traffic_secret [ MBEDTLS_MD_MAX_SIZE ];
+ unsigned char early_exporter_master_secret[ MBEDTLS_MD_MAX_SIZE ];
+} mbedtls_ssl_tls1_3_early_secrets;
+
+typedef struct
+{
+ unsigned char client_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
+ unsigned char server_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
+} mbedtls_ssl_tls1_3_handshake_secrets;
+
+typedef struct
+{
+ unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
+ unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
+ unsigned char exporter_master_secret [ MBEDTLS_MD_MAX_SIZE ];
+ unsigned char resumption_master_secret [ MBEDTLS_MD_MAX_SIZE ];
+} mbedtls_ssl_tls1_3_application_secrets;
+
/* Maximum desired length for expanded key material generated
* by HKDF-Expand-Label.
*
@@ -199,6 +220,179 @@
unsigned char *dstbuf, size_t buflen );
/**
+ * \brief Derive TLS 1.3 early data key material from early secret.
+ *
+ * This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret()
+ * with the appropriate labels.
+ *
+ * <tt>
+ * Early Secret
+ * |
+ * +-----> Derive-Secret(., "c e traffic", ClientHello)
+ * | = client_early_traffic_secret
+ * |
+ * +-----> Derive-Secret(., "e exp master", ClientHello)
+ * . = early_exporter_master_secret
+ * .
+ * .
+ * </tt>
+ *
+ * \note To obtain the actual key and IV for the early data traffic,
+ * the client secret derived by this function need to be
+ * further processed by mbedtls_ssl_tls1_3_make_traffic_keys().
+ *
+ * \note The binder key, which is also generated from the early secret,
+ * is omitted here. Its calculation is part of the separate routine
+ * mbedtls_ssl_tls1_3_create_psk_binder().
+ *
+ * \param md_type The hash algorithm associated with the PSK for which
+ * early data key material is being derived.
+ * \param early_secret The early secret from which the early data key material
+ * should be derived. This must be a readable buffer whose
+ * length is the digest size of the hash algorithm
+ * represented by \p md_size.
+ * \param transcript The transcript of the handshake so far, calculated with
+ * respect to \p md_type. This must be a readable buffer
+ * whose length is the digest size of the hash algorithm
+ * represented by \p md_size.
+ * \param derived The address of the structure in which to store
+ * the early data key material.
+ *
+ * \returns \c 0 on success.
+ * \returns A negative error code on failure.
+ */
+int mbedtls_ssl_tls1_3_derive_early_secrets(
+ mbedtls_md_type_t md_type,
+ unsigned char const *early_secret,
+ unsigned char const *transcript, size_t transcript_len,
+ mbedtls_ssl_tls1_3_early_secrets *derived );
+
+/**
+ * \brief Derive TLS 1.3 handshake key material from the handshake secret.
+ *
+ * This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret()
+ * with the appropriate labels from the standard.
+ *
+ * <tt>
+ * Handshake Secret
+ * |
+ * +-----> Derive-Secret( ., "c hs traffic",
+ * | ClientHello...ServerHello )
+ * | = client_handshake_traffic_secret
+ * |
+ * +-----> Derive-Secret( ., "s hs traffic",
+ * . ClientHello...ServerHello )
+ * . = server_handshake_traffic_secret
+ * .
+ * </tt>
+ *
+ * \note To obtain the actual key and IV for the encrypted handshake traffic,
+ * the client and server secret derived by this function need to be
+ * further processed by mbedtls_ssl_tls1_3_make_traffic_keys().
+ *
+ * \param md_type The hash algorithm associated with the ciphersuite
+ * that's being used for the connection.
+ * \param handshake_secret The handshake secret from which the handshake key
+ * material should be derived. This must be a readable
+ * buffer whose length is the digest size of the hash
+ * algorithm represented by \p md_size.
+ * \param transcript The transcript of the handshake so far, calculated
+ * with respect to \p md_type. This must be a readable
+ * buffer whose length is the digest size of the hash
+ * algorithm represented by \p md_size.
+ * \param derived The address of the structure in which to
+ * store the handshake key material.
+ *
+ * \returns \c 0 on success.
+ * \returns A negative error code on failure.
+ */
+int mbedtls_ssl_tls1_3_derive_handshake_secrets(
+ mbedtls_md_type_t md_type,
+ unsigned char const *handshake_secret,
+ unsigned char const *transcript, size_t transcript_len,
+ mbedtls_ssl_tls1_3_handshake_secrets *derived );
+
+/**
+ * \brief Derive TLS 1.3 application key material from the master secret.
+ *
+ * This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret()
+ * with the appropriate labels from the standard.
+ *
+ * <tt>
+ * Master Secret
+ * |
+ * +-----> Derive-Secret( ., "c ap traffic",
+ * | ClientHello...server Finished )
+ * | = client_application_traffic_secret_0
+ * |
+ * +-----> Derive-Secret( ., "s ap traffic",
+ * | ClientHello...Server Finished )
+ * | = server_application_traffic_secret_0
+ * |
+ * +-----> Derive-Secret( ., "exp master",
+ * . ClientHello...server Finished)
+ * . = exporter_master_secret
+ * .
+ * </tt>
+ *
+ * \note To obtain the actual key and IV for the (0-th) application traffic,
+ * the client and server secret derived by this function need to be
+ * further processed by mbedtls_ssl_tls1_3_make_traffic_keys().
+ *
+ * \param md_type The hash algorithm associated with the ciphersuite
+ * that's being used for the connection.
+ * \param master_secret The master secret from which the application key
+ * material should be derived. This must be a readable
+ * buffer whose length is the digest size of the hash
+ * algorithm represented by \p md_size.
+ * \param transcript The transcript of the handshake up to and including
+ * the ServerFinished message, calculated with respect
+ * to \p md_type. This must be a readable buffer whose
+ * length is the digest size of the hash algorithm
+ * represented by \p md_type.
+ * \param derived The address of the structure in which to
+ * store the application key material.
+ *
+ * \returns \c 0 on success.
+ * \returns A negative error code on failure.
+ */
+int mbedtls_ssl_tls1_3_derive_application_secrets(
+ mbedtls_md_type_t md_type,
+ unsigned char const *master_secret,
+ unsigned char const *transcript, size_t transcript_len,
+ mbedtls_ssl_tls1_3_application_secrets *derived );
+
+/**
+ * \brief Derive TLS 1.3 resumption master secret from the master secret.
+ *
+ * This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret()
+ * with the appropriate labels from the standard.
+ *
+ * \param md_type The hash algorithm used in the application for which
+ * key material is being derived.
+ * \param application_secret The application secret from which the resumption master
+ * secret should be derived. This must be a readable
+ * buffer whose length is the digest size of the hash
+ * algorithm represented by \p md_size.
+ * \param transcript The transcript of the handshake up to and including
+ * the ClientFinished message, calculated with respect
+ * to \p md_type. This must be a readable buffer whose
+ * length is the digest size of the hash algorithm
+ * represented by \p md_type.
+ * \param transcript_len The length of \p transcript in Bytes.
+ * \param derived The address of the structure in which to
+ * store the resumption master secret.
+ *
+ * \returns \c 0 on success.
+ * \returns A negative error code on failure.
+ */
+int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
+ mbedtls_md_type_t md_type,
+ unsigned char const *application_secret,
+ unsigned char const *transcript, size_t transcript_len,
+ mbedtls_ssl_tls1_3_application_secrets *derived );
+
+/**
* \brief Compute the next secret in the TLS 1.3 key schedule
*
* The TLS 1.3 key schedule proceeds as follows to compute
@@ -271,4 +465,37 @@
const unsigned char *input, size_t input_len,
unsigned char *secret_new );
+#define MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL 0
+#define MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION 1
+
+/**
+ * \brief Calculate a TLS 1.3 PSK binder.
+ *
+ * \param ssl The SSL context. This is used for debugging only and may
+ * be \c NULL if MBEDTLS_DEBUG_C is disabled.
+ * \param md_type The hash algorithm associated to the PSK \p psk.
+ * \param psk The buffer holding the PSK for which to create a binder.
+ * \param psk_len The size of \p psk in bytes.
+ * \param psk_type This indicates whether the PSK \p psk is externally
+ * provisioned (#MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL) or a
+ * resumption PSK (#MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION).
+ * \param transcript The handshake transcript up to the point where the
+ * PSK binder calculation happens. This must be readable,
+ * and its size must be equal to the digest size of
+ * the hash algorithm represented by \p md_type.
+ * \param result The address at which to store the PSK binder on success.
+ * This must be writable, and its size must be equal to the
+ * digest size of the hash algorithm represented by
+ * \p md_type.
+ *
+ * \returns \c 0 on success.
+ * \returns A negative error code on failure.
+ */
+int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl,
+ const mbedtls_md_type_t md_type,
+ unsigned char const *psk, size_t psk_len,
+ int psk_type,
+ unsigned char const *transcript,
+ unsigned char *result );
+
#endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */
diff --git a/library/timing.c b/library/timing.c
index eb41461..a85ce67 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -19,13 +19,6 @@
#include "common.h"
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif
-
#if defined(MBEDTLS_TIMING_C)
#include "mbedtls/timing.h"
@@ -38,10 +31,6 @@
#error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in config.h"
#endif
-#ifndef asm
-#define asm __asm
-#endif
-
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
#include <windows.h>
@@ -67,174 +56,25 @@
#endif /* _WIN32 && !EFIX64 && !EFI32 */
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- ( defined(_MSC_VER) && defined(_M_IX86) ) || defined(__WATCOMC__)
-
-#define HAVE_HARDCLOCK
-
-unsigned long mbedtls_timing_hardclock( void )
-{
- unsigned long tsc;
- __asm rdtsc
- __asm mov [tsc], eax
- return( tsc );
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
- ( _MSC_VER && _M_IX86 ) || __WATCOMC__ */
-
-/* some versions of mingw-64 have 32-bit longs even on x84_64 */
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && ( defined(__i386__) || ( \
- ( defined(__amd64__) || defined( __x86_64__) ) && __SIZEOF_LONG__ == 4 ) )
-
-#define HAVE_HARDCLOCK
-
-unsigned long mbedtls_timing_hardclock( void )
-{
- unsigned long lo, hi;
- asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) );
- return( lo );
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
- __GNUC__ && __i386__ */
-
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && ( defined(__amd64__) || defined(__x86_64__) )
-
-#define HAVE_HARDCLOCK
-
-unsigned long mbedtls_timing_hardclock( void )
-{
- unsigned long lo, hi;
- asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) );
- return( lo | ( hi << 32 ) );
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
- __GNUC__ && ( __amd64__ || __x86_64__ ) */
-
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && ( defined(__powerpc__) || defined(__ppc__) )
-
-#define HAVE_HARDCLOCK
-
-unsigned long mbedtls_timing_hardclock( void )
-{
- unsigned long tbl, tbu0, tbu1;
-
- do
- {
- asm volatile( "mftbu %0" : "=r" (tbu0) );
- asm volatile( "mftb %0" : "=r" (tbl ) );
- asm volatile( "mftbu %0" : "=r" (tbu1) );
- }
- while( tbu0 != tbu1 );
-
- return( tbl );
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
- __GNUC__ && ( __powerpc__ || __ppc__ ) */
-
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && defined(__sparc64__)
-
-#if defined(__OpenBSD__)
-#warning OpenBSD does not allow access to tick register using software version instead
-#else
-#define HAVE_HARDCLOCK
-
-unsigned long mbedtls_timing_hardclock( void )
-{
- unsigned long tick;
- asm volatile( "rdpr %%tick, %0;" : "=&r" (tick) );
- return( tick );
-}
-#endif /* __OpenBSD__ */
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
- __GNUC__ && __sparc64__ */
-
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && defined(__sparc__) && !defined(__sparc64__)
-
-#define HAVE_HARDCLOCK
-
-unsigned long mbedtls_timing_hardclock( void )
-{
- unsigned long tick;
- asm volatile( ".byte 0x83, 0x41, 0x00, 0x00" );
- asm volatile( "mov %%g1, %0" : "=r" (tick) );
- return( tick );
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
- __GNUC__ && __sparc__ && !__sparc64__ */
-
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && defined(__alpha__)
-
-#define HAVE_HARDCLOCK
-
-unsigned long mbedtls_timing_hardclock( void )
-{
- unsigned long cc;
- asm volatile( "rpcc %0" : "=r" (cc) );
- return( cc & 0xFFFFFFFF );
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
- __GNUC__ && __alpha__ */
-
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && defined(__ia64__)
-
-#define HAVE_HARDCLOCK
-
-unsigned long mbedtls_timing_hardclock( void )
-{
- unsigned long itc;
- asm volatile( "mov %0 = ar.itc" : "=r" (itc) );
- return( itc );
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
- __GNUC__ && __ia64__ */
-
-#if !defined(HAVE_HARDCLOCK) && defined(_MSC_VER) && \
- !defined(EFIX64) && !defined(EFI32)
-
-#define HAVE_HARDCLOCK
-
-unsigned long mbedtls_timing_hardclock( void )
-{
- LARGE_INTEGER offset;
-
- QueryPerformanceCounter( &offset );
-
- return( (unsigned long)( offset.QuadPart ) );
-}
-#endif /* !HAVE_HARDCLOCK && _MSC_VER && !EFIX64 && !EFI32 */
-
-#if !defined(HAVE_HARDCLOCK)
-
-#define HAVE_HARDCLOCK
-
-static int hardclock_init = 0;
-static struct timeval tv_init;
-
-unsigned long mbedtls_timing_hardclock( void )
-{
- struct timeval tv_cur;
-
- if( hardclock_init == 0 )
- {
- gettimeofday( &tv_init, NULL );
- hardclock_init = 1;
- }
-
- gettimeofday( &tv_cur, NULL );
- return( ( tv_cur.tv_sec - tv_init.tv_sec ) * 1000000
- + ( tv_cur.tv_usec - tv_init.tv_usec ) );
-}
-#endif /* !HAVE_HARDCLOCK */
-
-volatile int mbedtls_timing_alarmed = 0;
-
+/**
+ * \brief Return the elapsed time in milliseconds
+ *
+ * \warning May change without notice
+ *
+ * \param val points to a timer structure
+ * \param reset If 0, query the elapsed time. Otherwise (re)start the timer.
+ *
+ * \return Elapsed time since the previous reset in ms. When
+ * restarting, this is always 0.
+ *
+ * \note To initialize a timer, call this function with reset=1.
+ *
+ * Determining the elapsed time and resetting the timer is not
+ * atomic on all platforms, so after the sequence
+ * `{ get_timer(1); ...; time1 = get_timer(1); ...; time2 =
+ * get_timer(0) }` the value time1+time2 is only approximately
+ * the delay since the first reset.
+ */
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset )
@@ -258,33 +98,6 @@
}
}
-/* It's OK to use a global because alarm() is supposed to be global anyway */
-static DWORD alarmMs;
-
-static void TimerProc( void *TimerContext )
-{
- (void) TimerContext;
- Sleep( alarmMs );
- mbedtls_timing_alarmed = 1;
- /* _endthread will be called implicitly on return
- * That ensures execution of thread funcition's epilogue */
-}
-
-void mbedtls_set_alarm( int seconds )
-{
- if( seconds == 0 )
- {
- /* No need to create a thread for this simple case.
- * Also, this shorcut is more reliable at least on MinGW32 */
- mbedtls_timing_alarmed = 1;
- return;
- }
-
- mbedtls_timing_alarmed = 0;
- alarmMs = seconds * 1000;
- (void) _beginthread( TimerProc, 0, NULL );
-}
-
#else /* _WIN32 && !EFIX64 && !EFI32 */
unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset )
@@ -307,25 +120,6 @@
}
}
-static void sighandler( int signum )
-{
- mbedtls_timing_alarmed = 1;
- signal( signum, sighandler );
-}
-
-void mbedtls_set_alarm( int seconds )
-{
- mbedtls_timing_alarmed = 0;
- signal( SIGALRM, sighandler );
- alarm( seconds );
- if( seconds == 0 )
- {
- /* alarm(0) cancelled any previous pending alarm, but the
- handler won't fire, so raise the flag straight away. */
- mbedtls_timing_alarmed = 1;
- }
-}
-
#endif /* _WIN32 && !EFIX64 && !EFI32 */
/*
@@ -365,166 +159,4 @@
}
#endif /* !MBEDTLS_TIMING_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/*
- * Busy-waits for the given number of milliseconds.
- * Used for testing mbedtls_timing_hardclock.
- */
-static void busy_msleep( unsigned long msec )
-{
- struct mbedtls_timing_hr_time hires;
- unsigned long i = 0; /* for busy-waiting */
- volatile unsigned long j; /* to prevent optimisation */
-
- (void) mbedtls_timing_get_timer( &hires, 1 );
-
- while( mbedtls_timing_get_timer( &hires, 0 ) < msec )
- i++;
-
- j = i;
- (void) j;
-}
-
-#define FAIL do \
- { \
- if( verbose != 0 ) \
- { \
- mbedtls_printf( "failed at line %d\n", __LINE__ ); \
- mbedtls_printf( " cycles=%lu ratio=%lu millisecs=%lu secs=%lu hardfail=%d a=%lu b=%lu\n", \
- cycles, ratio, millisecs, secs, hardfail, \
- (unsigned long) a, (unsigned long) b ); \
- mbedtls_printf( " elapsed(hires)=%lu elapsed(ctx)=%lu status(ctx)=%d\n", \
- mbedtls_timing_get_timer( &hires, 0 ), \
- mbedtls_timing_get_timer( &ctx.timer, 0 ), \
- mbedtls_timing_get_delay( &ctx ) ); \
- } \
- return( 1 ); \
- } while( 0 )
-
-/*
- * Checkup routine
- *
- * Warning: this is work in progress, some tests may not be reliable enough
- * yet! False positives may happen.
- */
-int mbedtls_timing_self_test( int verbose )
-{
- unsigned long cycles = 0, ratio = 0;
- unsigned long millisecs = 0, secs = 0;
- int hardfail = 0;
- struct mbedtls_timing_hr_time hires;
- uint32_t a = 0, b = 0;
- mbedtls_timing_delay_context ctx;
-
- if( verbose != 0 )
- mbedtls_printf( " TIMING tests note: will take some time!\n" );
-
- if( verbose != 0 )
- mbedtls_printf( " TIMING test #1 (set_alarm / get_timer): " );
-
- {
- secs = 1;
-
- (void) mbedtls_timing_get_timer( &hires, 1 );
-
- mbedtls_set_alarm( (int) secs );
- while( !mbedtls_timing_alarmed )
- ;
-
- millisecs = mbedtls_timing_get_timer( &hires, 0 );
-
- /* For some reason on Windows it looks like alarm has an extra delay
- * (maybe related to creating a new thread). Allow some room here. */
- if( millisecs < 800 * secs || millisecs > 1200 * secs + 300 )
- FAIL;
- }
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
-
- if( verbose != 0 )
- mbedtls_printf( " TIMING test #2 (set/get_delay ): " );
-
- {
- a = 800;
- b = 400;
- mbedtls_timing_set_delay( &ctx, a, a + b ); /* T = 0 */
-
- busy_msleep( a - a / 4 ); /* T = a - a/4 */
- if( mbedtls_timing_get_delay( &ctx ) != 0 )
- FAIL;
-
- busy_msleep( a / 4 + b / 4 ); /* T = a + b/4 */
- if( mbedtls_timing_get_delay( &ctx ) != 1 )
- FAIL;
-
- busy_msleep( b ); /* T = a + b + b/4 */
- if( mbedtls_timing_get_delay( &ctx ) != 2 )
- FAIL;
- }
-
- mbedtls_timing_set_delay( &ctx, 0, 0 );
- busy_msleep( 200 );
- if( mbedtls_timing_get_delay( &ctx ) != -1 )
- FAIL;
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
-
- if( verbose != 0 )
- mbedtls_printf( " TIMING test #3 (hardclock / get_timer): " );
-
- /*
- * Allow one failure for possible counter wrapping.
- * On a 4Ghz 32-bit machine the cycle counter wraps about once per second;
- * since the whole test is about 10ms, it shouldn't happen twice in a row.
- */
-
-hard_test:
- if( hardfail > 1 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed (ignored)\n" );
-
- goto hard_test_done;
- }
-
- /* Get a reference ratio cycles/ms */
- millisecs = 1;
- cycles = mbedtls_timing_hardclock();
- busy_msleep( millisecs );
- cycles = mbedtls_timing_hardclock() - cycles;
- ratio = cycles / millisecs;
-
- /* Check that the ratio is mostly constant */
- for( millisecs = 2; millisecs <= 4; millisecs++ )
- {
- cycles = mbedtls_timing_hardclock();
- busy_msleep( millisecs );
- cycles = mbedtls_timing_hardclock() - cycles;
-
- /* Allow variation up to 20% */
- if( cycles / millisecs < ratio - ratio / 5 ||
- cycles / millisecs > ratio + ratio / 5 )
- {
- hardfail++;
- goto hard_test;
- }
- }
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
-
-hard_test_done:
-
- if( verbose != 0 )
- mbedtls_printf( "\n" );
-
- return( 0 );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
#endif /* MBEDTLS_TIMING_C */
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 8387de6..c865444 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -95,33 +95,43 @@
*/
#define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
-/*
- * Default profile
- */
+/* Default profile. Do not remove items unless there are serious security
+ * concerns. */
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
{
- /* Only SHA-2 hashes */
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
- 0xFFFFFFF, /* Any PK alg */
- 0xFFFFFFF, /* Any curve */
- 2048,
-};
-
-/*
- * Next-default profile
- */
-const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next =
-{
- /* Hashes from SHA-256 and above */
+ /* Hashes from SHA-256 and above. Note that this selection
+ * should be aligned with ssl_preset_default_hashes in ssl_tls.c. */
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
0xFFFFFFF, /* Any PK alg */
#if defined(MBEDTLS_ECP_C)
- /* Curves at or above 128-bit security level */
+ /* Curves at or above 128-bit security level. Note that this selection
+ * should be aligned with ssl_preset_default_curves in ssl_tls.c. */
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) |
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1 ) |
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1 ) |
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1 ) |
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1 ) |
+ 0,
+#else
+ 0,
+#endif
+ 2048,
+};
+
+/* Next-generation profile. Currently identical to the default, but may
+ * be tightened at any time. */
+const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next =
+{
+ /* Hashes from SHA-256 and above. */
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
+ 0xFFFFFFF, /* Any PK alg */
+#if defined(MBEDTLS_ECP_C)
+ /* Curves at or above 128-bit security level. */
MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1 ) |
@@ -157,6 +167,17 @@
};
/*
+ * Empty / all-forbidden profile
+ */
+const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none =
+{
+ 0,
+ 0,
+ 0,
+ (uint32_t) -1,
+};
+
+/*
* Check md_alg against profile
* Return 0 if md_alg is acceptable for this profile, -1 otherwise
*/
@@ -818,8 +839,7 @@
{
/*
* Set the parsing return code but continue parsing, in case this
- * extension is critical and MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
- * is configured.
+ * extension is critical.
*/
parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
}
@@ -961,14 +981,12 @@
/* No parser found, skip extension */
*p = end_ext_octet;
-#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
if( is_critical )
{
/* Data is marked as critical: fail */
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
}
-#endif
continue;
}
@@ -1027,11 +1045,9 @@
start_ext_octet, end_ext_octet ) == 0 )
break;
-#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
if( is_critical )
return( ret );
else
-#endif
/*
* If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we
* cannot interpret or enforce the policy. However, it is up to
@@ -1049,11 +1065,9 @@
* supports, but there isn't an x509 parser for it,
* skip the extension.
*/
-#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
if( is_critical )
return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
else
-#endif
*p = end_ext_octet;
}
}
@@ -2238,7 +2252,6 @@
}
#endif /* MBEDTLS_X509_REMOVE_INFO */
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
unsigned int usage )
{
@@ -2261,9 +2274,7 @@
return( 0 );
}
-#endif
-#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
const char *usage_oid,
size_t usage_len )
@@ -2293,7 +2304,6 @@
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
}
-#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
#if defined(MBEDTLS_X509_CRL_PARSE_C)
/*
@@ -2344,14 +2354,12 @@
/*
* Check if the CA is configured to sign CRLs
*/
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
if( mbedtls_x509_crt_check_key_usage( ca,
MBEDTLS_X509_KU_CRL_SIGN ) != 0 )
{
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
break;
}
-#endif
/*
* Check if CRL is correctly signed by the trusted CA
@@ -2488,13 +2496,11 @@
if( need_ca_bit && ! parent->ca_istrue )
return( -1 );
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
if( need_ca_bit &&
mbedtls_x509_crt_check_key_usage( parent, MBEDTLS_X509_KU_KEY_CERT_SIGN ) != 0 )
{
return( -1 );
}
-#endif
return( 0 );
}
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 8f4a4f5..c90f8bc 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -178,7 +178,7 @@
MBEDTLS_ASN1_CHK_ADD( len,
mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) );
- ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len,
+ ret = mbedtls_sha1( buf + sizeof( buf ) - len, len,
buf + sizeof( buf ) - 20 );
if( ret != 0 )
return( ret );
@@ -206,7 +206,7 @@
MBEDTLS_ASN1_CHK_ADD( len,
mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) );
- ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len,
+ ret = mbedtls_sha1( buf + sizeof( buf ) - len, len,
buf + sizeof( buf ) - 20 );
if( ret != 0 )
return( ret );
diff --git a/library/xtea.c b/library/xtea.c
deleted file mode 100644
index 4b8c9c0..0000000
--- a/library/xtea.c
+++ /dev/null
@@ -1,271 +0,0 @@
-/*
- * An 32-bit implementation of the XTEA algorithm
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_XTEA_C)
-
-#include "mbedtls/xtea.h"
-#include "mbedtls/platform_util.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#if !defined(MBEDTLS_XTEA_ALT)
-
-/*
- * 32-bit integer manipulation macros (big endian)
- */
-#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i) \
-{ \
- (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
- | ( (uint32_t) (b)[(i) + 1] << 16 ) \
- | ( (uint32_t) (b)[(i) + 2] << 8 ) \
- | ( (uint32_t) (b)[(i) + 3] ); \
-}
-#endif
-
-#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i) \
-{ \
- (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
- (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
- (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
- (b)[(i) + 3] = (unsigned char) ( (n) ); \
-}
-#endif
-
-void mbedtls_xtea_init( mbedtls_xtea_context *ctx )
-{
- memset( ctx, 0, sizeof( mbedtls_xtea_context ) );
-}
-
-void mbedtls_xtea_free( mbedtls_xtea_context *ctx )
-{
- if( ctx == NULL )
- return;
-
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_xtea_context ) );
-}
-
-/*
- * XTEA key schedule
- */
-void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] )
-{
- int i;
-
- memset( ctx, 0, sizeof(mbedtls_xtea_context) );
-
- for( i = 0; i < 4; i++ )
- {
- GET_UINT32_BE( ctx->k[i], key, i << 2 );
- }
-}
-
-/*
- * XTEA encrypt function
- */
-int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx, int mode,
- const unsigned char input[8], unsigned char output[8])
-{
- uint32_t *k, v0, v1, i;
-
- k = ctx->k;
-
- GET_UINT32_BE( v0, input, 0 );
- GET_UINT32_BE( v1, input, 4 );
-
- if( mode == MBEDTLS_XTEA_ENCRYPT )
- {
- uint32_t sum = 0, delta = 0x9E3779B9;
-
- for( i = 0; i < 32; i++ )
- {
- v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
- sum += delta;
- v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
- }
- }
- else /* MBEDTLS_XTEA_DECRYPT */
- {
- uint32_t delta = 0x9E3779B9, sum = delta * 32;
-
- for( i = 0; i < 32; i++ )
- {
- v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
- sum -= delta;
- v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
- }
- }
-
- PUT_UINT32_BE( v0, output, 0 );
- PUT_UINT32_BE( v1, output, 4 );
-
- return( 0 );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/*
- * XTEA-CBC buffer encryption/decryption
- */
-int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, int mode, size_t length,
- unsigned char iv[8], const unsigned char *input,
- unsigned char *output)
-{
- int i;
- unsigned char temp[8];
-
- if( length % 8 )
- return( MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH );
-
- if( mode == MBEDTLS_XTEA_DECRYPT )
- {
- while( length > 0 )
- {
- memcpy( temp, input, 8 );
- mbedtls_xtea_crypt_ecb( ctx, mode, input, output );
-
- for( i = 0; i < 8; i++ )
- output[i] = (unsigned char)( output[i] ^ iv[i] );
-
- memcpy( iv, temp, 8 );
-
- input += 8;
- output += 8;
- length -= 8;
- }
- }
- else
- {
- while( length > 0 )
- {
- for( i = 0; i < 8; i++ )
- output[i] = (unsigned char)( input[i] ^ iv[i] );
-
- mbedtls_xtea_crypt_ecb( ctx, mode, output, output );
- memcpy( iv, output, 8 );
-
- input += 8;
- output += 8;
- length -= 8;
- }
- }
-
- return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* !MBEDTLS_XTEA_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/*
- * XTEA tests vectors (non-official)
- */
-
-static const unsigned char xtea_test_key[6][16] =
-{
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
- 0x0c, 0x0d, 0x0e, 0x0f },
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
- 0x0c, 0x0d, 0x0e, 0x0f },
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
- 0x0c, 0x0d, 0x0e, 0x0f },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00 },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00 },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00 }
-};
-
-static const unsigned char xtea_test_pt[6][8] =
-{
- { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
- { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
- { 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f },
- { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
- { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
- { 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 }
-};
-
-static const unsigned char xtea_test_ct[6][8] =
-{
- { 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 },
- { 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 },
- { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
- { 0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5 },
- { 0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d },
- { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_xtea_self_test( int verbose )
-{
- int i, ret = 0;
- unsigned char buf[8];
- mbedtls_xtea_context ctx;
-
- mbedtls_xtea_init( &ctx );
- for( i = 0; i < 6; i++ )
- {
- if( verbose != 0 )
- mbedtls_printf( " XTEA test #%d: ", i + 1 );
-
- memcpy( buf, xtea_test_pt[i], 8 );
-
- mbedtls_xtea_setup( &ctx, xtea_test_key[i] );
- mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, buf, buf );
-
- if( memcmp( buf, xtea_test_ct[i], 8 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n" );
- }
-
- if( verbose != 0 )
- mbedtls_printf( "\n" );
-
-exit:
- mbedtls_xtea_free( &ctx );
-
- return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_XTEA_C */
diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt
index 62a54c7..85bcd5f 100644
--- a/programs/aes/CMakeLists.txt
+++ b/programs/aes/CMakeLists.txt
@@ -5,6 +5,7 @@
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedcrypto_target})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
install(TARGETS ${executables}
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index 63a1248..0f97867 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -128,7 +128,7 @@
while( *list )
{
cipher_info = mbedtls_cipher_info_from_type( *list );
- mbedtls_printf( " %s\n", cipher_info->name );
+ mbedtls_printf( " %s\n", cipher_info->MBEDTLS_PRIVATE(name) );
list++;
}
@@ -313,7 +313,7 @@
}
- if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
+ if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->MBEDTLS_PRIVATE(key_bitlen),
MBEDTLS_ENCRYPT ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n");
@@ -412,7 +412,7 @@
/*
* Check the file size.
*/
- if( cipher_info->mode != MBEDTLS_MODE_GCM &&
+ if( cipher_info->MBEDTLS_PRIVATE(mode) != MBEDTLS_MODE_GCM &&
( ( filesize - mbedtls_md_get_size( md_info ) ) %
mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 )
{
@@ -452,7 +452,7 @@
mbedtls_md_finish( &md_ctx, digest );
}
- if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
+ if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->MBEDTLS_PRIVATE(key_bitlen),
MBEDTLS_DECRYPT ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n" );
diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt
index 4f35d76..c7fcd35 100644
--- a/programs/fuzz/CMakeLists.txt
+++ b/programs/fuzz/CMakeLists.txt
@@ -8,7 +8,6 @@
endif()
set(executables_no_common_c
- fuzz_privkey
fuzz_pubkey
fuzz_x509crl
fuzz_x509crt
@@ -16,6 +15,7 @@
)
set(executables_with_common_c
+ fuzz_privkey
fuzz_client
fuzz_dtlsclient
fuzz_dtlsserver
diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c
index a637173..ab2d134 100644
--- a/programs/fuzz/fuzz_client.c
+++ b/programs/fuzz/fuzz_client.c
@@ -1,3 +1,5 @@
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
@@ -100,9 +102,6 @@
{
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
}
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- mbedtls_ssl_conf_truncated_hmac( &conf, (options & 8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED);
-#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
#endif
diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c
index 29c8672..16f6014 100644
--- a/programs/fuzz/fuzz_dtlsclient.c
+++ b/programs/fuzz/fuzz_dtlsclient.c
@@ -1,3 +1,5 @@
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index b6dc52e..9a6e894 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -1,3 +1,5 @@
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
@@ -53,7 +55,8 @@
mbedtls_test_cas_pem_len ) != 0)
return 1;
if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0 ) != 0)
+ mbedtls_test_srv_key_len, NULL, 0,
+ dummy_random, NULL ) != 0)
return 1;
#endif
dummy_init();
diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c
index 6c968fd..b9a160e 100644
--- a/programs/fuzz/fuzz_privkey.c
+++ b/programs/fuzz/fuzz_privkey.c
@@ -1,6 +1,9 @@
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include <stdint.h>
#include <stdlib.h>
#include "mbedtls/pk.h"
+#include "common.h"
//4 Kb should be enough for every bug ;-)
#define MAX_LEN 0x1000
@@ -17,7 +20,8 @@
}
mbedtls_pk_init( &pk );
- ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0 );
+ ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0,
+ dummy_random, NULL );
if (ret == 0) {
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c
index 9e80350..655d5d6 100644
--- a/programs/fuzz/fuzz_pubkey.c
+++ b/programs/fuzz/fuzz_pubkey.c
@@ -1,3 +1,5 @@
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include <stdint.h>
#include <stdlib.h>
#include "mbedtls/pk.h"
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 16b800c..e6eb5a7 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -1,3 +1,5 @@
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
@@ -54,6 +56,13 @@
options = Data[Size - 1];
if (initialized == 0) {
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_entropy_init( &entropy );
+
+ if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
+ (const unsigned char *) pers, strlen( pers ) ) != 0 )
+ return 1;
+
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_x509_crt_init( &srvcert );
mbedtls_pk_init( &pkey );
@@ -64,7 +73,8 @@
mbedtls_test_cas_pem_len ) != 0)
return 1;
if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0 ) != 0)
+ mbedtls_test_srv_key_len, NULL, 0,
+ dummy_random, &ctr_drbg ) != 0)
return 1;
#endif
@@ -78,17 +88,10 @@
}
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_entropy_init( &entropy );
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_ticket_init( &ticket_ctx );
#endif
- if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
- (const unsigned char *) pers, strlen( pers ) ) != 0 )
- goto exit;
-
-
if( mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM,
@@ -125,9 +128,6 @@
&ticket_ctx );
}
#endif
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- mbedtls_ssl_conf_truncated_hmac( &conf, (options & 0x8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED);
-#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
#endif
diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c
index 15affb5..65fc37f 100644
--- a/programs/fuzz/fuzz_x509crl.c
+++ b/programs/fuzz/fuzz_x509crl.c
@@ -1,3 +1,5 @@
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include <stdint.h>
#include "mbedtls/x509_crl.h"
diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c
index dbc153c..bd8bdff 100644
--- a/programs/fuzz/fuzz_x509crt.c
+++ b/programs/fuzz/fuzz_x509crt.c
@@ -1,3 +1,5 @@
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include <stdint.h>
#include "mbedtls/x509_crt.h"
diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c
index a270742..a9205be 100644
--- a/programs/fuzz/fuzz_x509csr.c
+++ b/programs/fuzz/fuzz_x509csr.c
@@ -1,3 +1,5 @@
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include <stdint.h>
#include "mbedtls/x509_csr.h"
diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt
index b2f2a1f..729474c 100644
--- a/programs/hash/CMakeLists.txt
+++ b/programs/hash/CMakeLists.txt
@@ -6,6 +6,7 @@
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedcrypto_target})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
install(TARGETS ${executables}
diff --git a/programs/hash/hello.c b/programs/hash/hello.c
index 70bea42..18beb69 100644
--- a/programs/hash/hello.c
+++ b/programs/hash/hello.c
@@ -55,7 +55,7 @@
mbedtls_printf( "\n MD5('%s') = ", str );
- if( ( ret = mbedtls_md5_ret( (unsigned char *) str, 13, digest ) ) != 0 )
+ if( ( ret = mbedtls_md5( (unsigned char *) str, 13, digest ) ) != 0 )
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
for( i = 0; i < 16; i++ )
diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt
index 9c6fe7d..3ad5643 100644
--- a/programs/pkey/CMakeLists.txt
+++ b/programs/pkey/CMakeLists.txt
@@ -6,6 +6,7 @@
foreach(exe IN LISTS executables_mbedtls)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedtls_target})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
set(executables_mbedcrypto
@@ -32,6 +33,7 @@
foreach(exe IN LISTS executables_mbedcrypto)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedcrypto_target})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
install(TARGETS ${executables_mbedtls} ${executables_mbedcrypto}
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index c6b3132..28bfb89 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -92,7 +92,6 @@
mbedtls_aes_context aes;
mbedtls_net_init( &server_fd );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 );
mbedtls_dhm_init( &dhm );
mbedtls_aes_init( &aes );
mbedtls_ctr_drbg_init( &ctr_drbg );
@@ -125,17 +124,17 @@
goto exit;
}
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
- if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
+ if( ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(N), 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(E), 16, f ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
fclose( f );
goto exit;
}
- rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3;
+ rsa.MBEDTLS_PRIVATE(len) = ( mbedtls_mpi_bitlen( &rsa.MBEDTLS_PRIVATE(N) ) + 7 ) >> 3;
fclose( f );
@@ -193,7 +192,8 @@
goto exit;
}
- if( dhm.len < 64 || dhm.len > 512 )
+ n = mbedtls_dhm_get_len( &dhm );
+ if( n < 64 || n > 512 )
{
mbedtls_printf( " failed\n ! Invalid DHM modulus size\n\n" );
goto exit;
@@ -208,20 +208,20 @@
p += 2;
- if( ( n = (size_t) ( end - p ) ) != rsa.len )
+ if( ( n = (size_t) ( end - p ) ) != rsa.MBEDTLS_PRIVATE(len) )
{
mbedtls_printf( " failed\n ! Invalid RSA signature size\n\n" );
goto exit;
}
- if( ( ret = mbedtls_sha1_ret( buf, (int)( p - 2 - buf ), hash ) ) != 0 )
+ if( ( ret = mbedtls_sha1( buf, (int)( p - 2 - buf ), hash ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_sha1_ret returned %d\n\n", ret );
+ mbedtls_printf( " failed\n ! mbedtls_sha1 returned %d\n\n", ret );
goto exit;
}
if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256,
- 0, hash, p ) ) != 0 )
+ 32, hash, p ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret );
goto exit;
@@ -233,8 +233,8 @@
mbedtls_printf( "\n . Sending own public value to server" );
fflush( stdout );
- n = dhm.len;
- if( ( ret = mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, n,
+ n = mbedtls_dhm_get_len( &dhm );
+ if( ( ret = mbedtls_dhm_make_public( &dhm, (int) n, buf, n,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret );
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 63df77e..79c313c 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -95,7 +95,6 @@
mbedtls_net_init( &listen_fd );
mbedtls_net_init( &client_fd );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 );
mbedtls_dhm_init( &dhm );
mbedtls_aes_init( &aes );
mbedtls_ctr_drbg_init( &ctr_drbg );
@@ -131,7 +130,7 @@
goto exit;
}
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 ||
@@ -173,8 +172,8 @@
goto exit;
}
- if( mbedtls_mpi_read_file( &dhm.P, 16, f ) != 0 ||
- mbedtls_mpi_read_file( &dhm.G, 16, f ) != 0 )
+ if( mbedtls_mpi_read_file( &dhm.MBEDTLS_PRIVATE(P), 16, f ) != 0 ||
+ mbedtls_mpi_read_file( &dhm.MBEDTLS_PRIVATE(G), 16, f ) != 0 )
{
mbedtls_printf( " failed\n ! Invalid DH parameter file\n\n" );
fclose( f );
@@ -210,7 +209,7 @@
memset( buf, 0, sizeof( buf ) );
- if( ( ret = mbedtls_dhm_make_params( &dhm, (int) mbedtls_mpi_size( &dhm.P ), buf, &n,
+ if( ( ret = mbedtls_dhm_make_params( &dhm, (int) mbedtls_mpi_size( &dhm.MBEDTLS_PRIVATE(P) ), buf, &n,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret );
@@ -220,23 +219,23 @@
/*
* 5. Sign the parameters and send them
*/
- if( ( ret = mbedtls_sha1_ret( buf, n, hash ) ) != 0 )
+ if( ( ret = mbedtls_sha1( buf, n, hash ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_sha1_ret returned %d\n\n", ret );
+ mbedtls_printf( " failed\n ! mbedtls_sha1 returned %d\n\n", ret );
goto exit;
}
- buf[n ] = (unsigned char)( rsa.len >> 8 );
- buf[n + 1] = (unsigned char)( rsa.len );
+ buf[n ] = (unsigned char)( rsa.MBEDTLS_PRIVATE(len) >> 8 );
+ buf[n + 1] = (unsigned char)( rsa.MBEDTLS_PRIVATE(len) );
if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256,
- 0, hash, buf + n + 2 ) ) != 0 )
+ 32, hash, buf + n + 2 ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret );
goto exit;
}
- buflen = n + 2 + rsa.len;
+ buflen = n + 2 + rsa.MBEDTLS_PRIVATE(len);
buf2[0] = (unsigned char)( buflen >> 8 );
buf2[1] = (unsigned char)( buflen );
@@ -255,14 +254,14 @@
memset( buf, 0, sizeof( buf ) );
- n = dhm.len;
+ n = mbedtls_dhm_get_len( &dhm );
if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n )
{
mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
goto exit;
}
- if( ( ret = mbedtls_dhm_read_public( &dhm, buf, dhm.len ) ) != 0 )
+ if( ( ret = mbedtls_dhm_read_public( &dhm, buf, n ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret );
goto exit;
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index 67f1363..1f4b8bc 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -91,14 +91,14 @@
mbedtls_printf( " . Setting up client context..." );
fflush( stdout );
- ret = mbedtls_ecp_group_load( &ctx_cli.grp, MBEDTLS_ECP_DP_CURVE25519 );
+ ret = mbedtls_ecp_group_load( &ctx_cli.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_CURVE25519 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecp_group_load returned %d\n", ret );
goto exit;
}
- ret = mbedtls_ecdh_gen_public( &ctx_cli.grp, &ctx_cli.d, &ctx_cli.Q,
+ ret = mbedtls_ecdh_gen_public( &ctx_cli.MBEDTLS_PRIVATE(grp), &ctx_cli.MBEDTLS_PRIVATE(d), &ctx_cli.MBEDTLS_PRIVATE(Q),
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
@@ -106,7 +106,7 @@
goto exit;
}
- ret = mbedtls_mpi_write_binary( &ctx_cli.Q.X, cli_to_srv, 32 );
+ ret = mbedtls_mpi_write_binary( &ctx_cli.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), cli_to_srv, 32 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_write_binary returned %d\n", ret );
@@ -121,14 +121,14 @@
mbedtls_printf( " . Setting up server context..." );
fflush( stdout );
- ret = mbedtls_ecp_group_load( &ctx_srv.grp, MBEDTLS_ECP_DP_CURVE25519 );
+ ret = mbedtls_ecp_group_load( &ctx_srv.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_CURVE25519 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecp_group_load returned %d\n", ret );
goto exit;
}
- ret = mbedtls_ecdh_gen_public( &ctx_srv.grp, &ctx_srv.d, &ctx_srv.Q,
+ ret = mbedtls_ecdh_gen_public( &ctx_srv.MBEDTLS_PRIVATE(grp), &ctx_srv.MBEDTLS_PRIVATE(d), &ctx_srv.MBEDTLS_PRIVATE(Q),
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
@@ -136,7 +136,7 @@
goto exit;
}
- ret = mbedtls_mpi_write_binary( &ctx_srv.Q.X, srv_to_cli, 32 );
+ ret = mbedtls_mpi_write_binary( &ctx_srv.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), srv_to_cli, 32 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_write_binary returned %d\n", ret );
@@ -151,22 +151,22 @@
mbedtls_printf( " . Server reading client key and computing secret..." );
fflush( stdout );
- ret = mbedtls_mpi_lset( &ctx_srv.Qp.Z, 1 );
+ ret = mbedtls_mpi_lset( &ctx_srv.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(Z), 1 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_lset returned %d\n", ret );
goto exit;
}
- ret = mbedtls_mpi_read_binary( &ctx_srv.Qp.X, cli_to_srv, 32 );
+ ret = mbedtls_mpi_read_binary( &ctx_srv.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(X), cli_to_srv, 32 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_binary returned %d\n", ret );
goto exit;
}
- ret = mbedtls_ecdh_compute_shared( &ctx_srv.grp, &ctx_srv.z,
- &ctx_srv.Qp, &ctx_srv.d,
+ ret = mbedtls_ecdh_compute_shared( &ctx_srv.MBEDTLS_PRIVATE(grp), &ctx_srv.MBEDTLS_PRIVATE(z),
+ &ctx_srv.MBEDTLS_PRIVATE(Qp), &ctx_srv.MBEDTLS_PRIVATE(d),
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
@@ -182,22 +182,22 @@
mbedtls_printf( " . Client reading server key and computing secret..." );
fflush( stdout );
- ret = mbedtls_mpi_lset( &ctx_cli.Qp.Z, 1 );
+ ret = mbedtls_mpi_lset( &ctx_cli.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(Z), 1 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_lset returned %d\n", ret );
goto exit;
}
- ret = mbedtls_mpi_read_binary( &ctx_cli.Qp.X, srv_to_cli, 32 );
+ ret = mbedtls_mpi_read_binary( &ctx_cli.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(X), srv_to_cli, 32 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_binary returned %d\n", ret );
goto exit;
}
- ret = mbedtls_ecdh_compute_shared( &ctx_cli.grp, &ctx_cli.z,
- &ctx_cli.Qp, &ctx_cli.d,
+ ret = mbedtls_ecdh_compute_shared( &ctx_cli.MBEDTLS_PRIVATE(grp), &ctx_cli.MBEDTLS_PRIVATE(z),
+ &ctx_cli.MBEDTLS_PRIVATE(Qp), &ctx_cli.MBEDTLS_PRIVATE(d),
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
@@ -213,7 +213,7 @@
mbedtls_printf( " . Checking if both computed secrets are equal..." );
fflush( stdout );
- ret = mbedtls_mpi_cmp_mpi( &ctx_cli.z, &ctx_srv.z );
+ ret = mbedtls_mpi_cmp_mpi( &ctx_cli.MBEDTLS_PRIVATE(z), &ctx_srv.MBEDTLS_PRIVATE(z) );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecdh_compute_shared returned %d\n", ret );
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index 1bbf826..31b4584 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -55,7 +55,7 @@
#define ECPARAMS MBEDTLS_ECP_DP_SECP192R1
#if !defined(ECPARAMS)
-#define ECPARAMS mbedtls_ecp_curve_list()->grp_id
+#define ECPARAMS mbedtls_ecp_curve_list()->MBEDTLS_PRIVATE(grp_id)
#endif
#if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \
@@ -84,7 +84,7 @@
unsigned char buf[300];
size_t len;
- if( mbedtls_ecp_point_write_binary( &key->grp, &key->Q,
+ if( mbedtls_ecp_point_write_binary( &key->MBEDTLS_PRIVATE(grp), &key->MBEDTLS_PRIVATE(Q),
MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf ) != 0 )
{
mbedtls_printf("internal error\n");
@@ -156,7 +156,7 @@
goto exit;
}
- mbedtls_printf( " ok (key size: %d bits)\n", (int) ctx_sign.grp.pbits );
+ mbedtls_printf( " ok (key size: %d bits)\n", (int) ctx_sign.MBEDTLS_PRIVATE(grp).pbits );
dump_pubkey( " + Public key: ", &ctx_sign );
@@ -166,9 +166,9 @@
mbedtls_printf( " . Computing message hash..." );
fflush( stdout );
- if( ( ret = mbedtls_sha256_ret( message, sizeof( message ), hash, 0 ) ) != 0 )
+ if( ( ret = mbedtls_sha256( message, sizeof( message ), hash, 0 ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_sha256_ret returned %d\n", ret );
+ mbedtls_printf( " failed\n ! mbedtls_sha256 returned %d\n", ret );
goto exit;
}
@@ -204,13 +204,13 @@
mbedtls_printf( " . Preparing verification context..." );
fflush( stdout );
- if( ( ret = mbedtls_ecp_group_copy( &ctx_verify.grp, &ctx_sign.grp ) ) != 0 )
+ if( ( ret = mbedtls_ecp_group_copy( &ctx_verify.MBEDTLS_PRIVATE(grp), &ctx_sign.MBEDTLS_PRIVATE(grp) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecp_group_copy returned %d\n", ret );
goto exit;
}
- if( ( ret = mbedtls_ecp_copy( &ctx_verify.Q, &ctx_sign.Q ) ) != 0 )
+ if( ( ret = mbedtls_ecp_copy( &ctx_verify.MBEDTLS_PRIVATE(Q), &ctx_sign.MBEDTLS_PRIVATE(Q) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecp_copy returned %d\n", ret );
goto exit;
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 63cc11e..9415530 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -90,7 +90,7 @@
#endif
#if defined(MBEDTLS_ECP_C)
-#define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id
+#define DFL_EC_CURVE mbedtls_ecp_curve_list()->MBEDTLS_PRIVATE(grp_id)
#else
#define DFL_EC_CURVE 0
#endif
@@ -223,9 +223,9 @@
#if defined(MBEDTLS_ECP_C)
mbedtls_printf( " available ec_curve values:\n" );
curve_info = mbedtls_ecp_curve_list();
- mbedtls_printf( " %s (default)\n", curve_info->name );
- while( ( ++curve_info )->name != NULL )
- mbedtls_printf( " %s\n", curve_info->name );
+ mbedtls_printf( " %s (default)\n", curve_info->MBEDTLS_PRIVATE(name) );
+ while( ( ++curve_info )->MBEDTLS_PRIVATE(name) != NULL )
+ mbedtls_printf( " %s\n", curve_info->MBEDTLS_PRIVATE(name) );
#endif /* MBEDTLS_ECP_C */
goto exit;
}
@@ -274,7 +274,7 @@
{
if( ( curve_info = mbedtls_ecp_curve_info_from_name( q ) ) == NULL )
goto usage;
- opt.ec_curve = curve_info->grp_id;
+ opt.ec_curve = curve_info->MBEDTLS_PRIVATE(grp_id);
}
#endif
else if( strcmp( p, "filename" ) == 0 )
@@ -395,10 +395,10 @@
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
mbedtls_printf( "curve: %s\n",
- mbedtls_ecp_curve_info_from_grp_id( ecp->grp.id )->name );
- mbedtls_mpi_write_file( "X_Q: ", &ecp->Q.X, 16, NULL );
- mbedtls_mpi_write_file( "Y_Q: ", &ecp->Q.Y, 16, NULL );
- mbedtls_mpi_write_file( "D: ", &ecp->d , 16, NULL );
+ mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).id )->MBEDTLS_PRIVATE(name) );
+ mbedtls_mpi_write_file( "X_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL );
+ mbedtls_mpi_write_file( "Y_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL );
+ mbedtls_mpi_write_file( "D: ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL );
}
else
#endif
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 7f39e5c..2145e07 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -35,10 +35,13 @@
#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_BIGNUM_C) && \
- defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO)
+ defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) && \
+ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/error.h"
#include "mbedtls/rsa.h"
#include "mbedtls/pk.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
#include <string.h>
#endif
@@ -63,11 +66,13 @@
"\n"
#if !defined(MBEDTLS_BIGNUM_C) || \
- !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO)
+ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
int main( void )
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or "
- "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
+ "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit( 0 );
}
#else
@@ -92,12 +97,19 @@
int i;
char *p, *q;
+ const char *pers = "pkey/key_app";
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+
mbedtls_pk_context pk;
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
/*
* Set to sane values
*/
+ mbedtls_entropy_init( &entropy );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+
mbedtls_pk_init( &pk );
memset( buf, 0, sizeof(buf) );
@@ -181,7 +193,16 @@
mbedtls_printf( "\n . Loading the private key ..." );
fflush( stdout );
- ret = mbedtls_pk_parse_keyfile( &pk, opt.filename, opt.password );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret );
+ goto cleanup;
+ }
+
+ ret = mbedtls_pk_parse_keyfile( &pk, opt.filename, opt.password,
+ mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
@@ -222,10 +243,10 @@
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D : ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL ) );
}
else
#endif
@@ -273,9 +294,9 @@
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL ) );
}
else
#endif
@@ -299,6 +320,9 @@
}
#endif
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
mbedtls_pk_free( &pk );
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
@@ -311,4 +335,5 @@
mbedtls_exit( exit_code );
}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 6a4d0e4..89c67ed 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -34,11 +34,16 @@
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
-#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO)
+#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) && \
+ defined(MBEDTLS_FS_IO) && \
+ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/error.h"
#include "mbedtls/pk.h"
#include "mbedtls/error.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
#include <stdio.h>
#include <string.h>
#endif
@@ -88,10 +93,14 @@
#if !defined(MBEDTLS_PK_PARSE_C) || \
!defined(MBEDTLS_PK_WRITE_C) || \
- !defined(MBEDTLS_FS_IO)
+ !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
int main( void )
{
- mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" );
+ mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_FS_IO not defined.\n" );
mbedtls_exit( 0 );
}
#else
@@ -201,12 +210,19 @@
int i;
char *p, *q;
+ const char *pers = "pkey/key_app";
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+
mbedtls_pk_context key;
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
/*
* Set to sane values
*/
+ mbedtls_entropy_init( &entropy );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+
mbedtls_pk_init( &key );
memset( buf, 0, sizeof( buf ) );
@@ -292,8 +308,16 @@
mbedtls_printf( "\n . Loading the private key ..." );
fflush( stdout );
- ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret );
+ goto exit;
+ }
+ ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL,
+ mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
@@ -335,10 +359,10 @@
if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
- mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
- mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
- mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
- mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL );
+ mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL );
+ mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL );
+ mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL );
+ mbedtls_mpi_write_file( "D : ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL );
}
else
#endif
@@ -389,9 +413,9 @@
if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
- mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
- mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
- mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
+ mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL );
+ mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL );
+ mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL );
}
else
#endif
@@ -429,6 +453,9 @@
mbedtls_pk_free( &key );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
#if defined(_WIN32)
mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
@@ -436,4 +463,5 @@
mbedtls_exit( exit_code );
}
-#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
+#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index 810d6fb..e01f5d5 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -106,7 +106,8 @@
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
- if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
+ if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "",
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret );
goto exit;
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 451e3de..422fa25 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -101,7 +101,8 @@
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
- if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
+ if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "",
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! Could not parse '%s'\n", argv[1] );
goto exit;
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index 1ba8c73..bb3649f 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -90,7 +90,7 @@
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
@@ -164,7 +164,7 @@
fclose( f );
- if( i != rsa.len )
+ if( i != rsa.MBEDTLS_PRIVATE(len) )
{
mbedtls_printf( "\n ! Invalid RSA signature format\n\n" );
goto exit;
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index 6c654ad..a000505 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -87,7 +87,7 @@
fflush( stdout );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
@@ -160,7 +160,7 @@
goto exit;
}
- for( i = 0; i < rsa.len; i++ )
+ for( i = 0; i < rsa.MBEDTLS_PRIVATE(len); i++ )
mbedtls_fprintf( f, "%02X%s", buf[i],
( i + 1 ) % 16 == 0 ? "\r\n" : " " );
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index 26a8925..1dcfc52 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -75,7 +75,7 @@
const char *pers = "rsa_genkey";
mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index 1cfa0a8..ebc88e4 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -67,7 +67,7 @@
char filename[512];
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
@@ -147,7 +147,7 @@
}
if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256,
- 20, hash, buf ) ) != 0 )
+ 32, hash, buf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", (unsigned int) -ret );
goto exit;
@@ -164,7 +164,7 @@
goto exit;
}
- for( i = 0; i < rsa.len; i++ )
+ for( i = 0; i < rsa.MBEDTLS_PRIVATE(len); i++ )
mbedtls_fprintf( f, "%02X%s", buf[i],
( i + 1 ) % 16 == 0 ? "\r\n" : " " );
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 9d5053a..bbbe0a9 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -102,7 +102,8 @@
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
- if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
+ if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "",
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret );
@@ -115,7 +116,13 @@
goto exit;
}
- mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 );
+ if( ( ret = mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ),
+ MBEDTLS_RSA_PKCS_V21,
+ MBEDTLS_MD_SHA256 ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! Padding not supported\n" );
+ goto exit;
+ }
/*
* Compute the SHA-256 hash of the input file,
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 6aca171..5a68246 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -66,7 +66,7 @@
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
if( argc != 2 )
{
@@ -89,15 +89,15 @@
goto exit;
}
- if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
+ if( ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(N), 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(E), 16, f ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
fclose( f );
goto exit;
}
- rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3;
+ rsa.MBEDTLS_PRIVATE(len) = ( mbedtls_mpi_bitlen( &rsa.MBEDTLS_PRIVATE(N) ) + 7 ) >> 3;
fclose( f );
@@ -119,7 +119,7 @@
fclose( f );
- if( i != rsa.len )
+ if( i != rsa.MBEDTLS_PRIVATE(len) )
{
mbedtls_printf( "\n ! Invalid RSA signature format\n\n" );
goto exit;
@@ -141,7 +141,7 @@
}
if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256,
- 20, hash, buf ) ) != 0 )
+ 32, hash, buf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret );
goto exit;
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 81b0fd6..527d799 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -98,7 +98,13 @@
goto exit;
}
- mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 );
+ if( ( ret = mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ),
+ MBEDTLS_RSA_PKCS_V21,
+ MBEDTLS_MD_SHA256 ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! Invalid padding\n" );
+ goto exit;
+ }
/*
* Extract the RSA signature from the file
diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt
index f32dc31..e5edf7b 100644
--- a/programs/random/CMakeLists.txt
+++ b/programs/random/CMakeLists.txt
@@ -6,6 +6,7 @@
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedcrypto_target})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
install(TARGETS ${executables}
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index bd2dc12..d2cc450 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -79,6 +79,7 @@
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
#include "mbedtls/timing.h"
+
#include "test/certs.h"
#if defined(MBEDTLS_SSL_CACHE_C)
@@ -138,7 +139,23 @@
#endif
/*
- * 1. Load the certificates and private RSA key
+ * 1. Seed the RNG
+ */
+ printf( " . Seeding the random number generator..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ goto exit;
+ }
+
+ printf( " ok\n" );
+
+ /*
+ * 2. Load the certificates and private RSA key
*/
printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
@@ -165,7 +182,7 @@
}
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0 );
+ mbedtls_test_srv_key_len, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
@@ -175,7 +192,7 @@
printf( " ok\n" );
/*
- * 2. Setup the "listening" UDP socket
+ * 3. Setup the "listening" UDP socket
*/
printf( " . Bind on udp/*/4433 ..." );
fflush( stdout );
@@ -189,22 +206,6 @@
printf( " ok\n" );
/*
- * 3. Seed the RNG
- */
- printf( " . Seeding the random number generator..." );
- fflush( stdout );
-
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
- goto exit;
- }
-
- printf( " ok\n" );
-
- /*
* 4. Setup stuff
*/
printf( " . Setting up the DTLS data..." );
@@ -229,7 +230,7 @@
mbedtls_ssl_cache_set );
#endif
- mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
+ mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{
printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 0a9cc28..42dbeac 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -250,13 +250,13 @@
addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE;
ret = 0;
- if( ( server_fd.fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
+ if( ( server_fd.MBEDTLS_PRIVATE(fd) = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
{
ret = socket_failed;
goto exit;
}
- if( connect( server_fd.fd,
+ if( connect( server_fd.MBEDTLS_PRIVATE(fd),
(const struct sockaddr *) &addr, sizeof( addr ) ) < 0 )
{
ret = connect_failed;
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 12b4bdf..25fe21b 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -17,6 +17,8 @@
* limitations under the License.
*/
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include "ssl_test_lib.h"
#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
@@ -233,13 +235,6 @@
#define USAGE_SRTP ""
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-#define USAGE_TRUNC_HMAC \
- " trunc_hmac=%%d default: library default\n"
-#else
-#define USAGE_TRUNC_HMAC ""
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
#define USAGE_MAX_FRAG_LEN \
" max_frag_len=%%d default: 16384 (tls default)\n" \
@@ -392,7 +387,6 @@
USAGE_TICKETS \
USAGE_EAP_TLS \
USAGE_MAX_FRAG_LEN \
- USAGE_TRUNC_HMAC \
USAGE_CONTEXT_CRT_CB \
USAGE_ALPN \
USAGE_EMS \
@@ -1546,12 +1540,12 @@
else
#if defined(MBEDTLS_FS_IO)
if( strlen( opt.key_file ) )
- ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd );
+ ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd, rng_get, &rng );
else
#endif
ret = mbedtls_pk_parse_key( &pkey,
(const unsigned char *) mbedtls_test_cli_key,
- mbedtls_test_cli_key_len, NULL, 0 );
+ mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
@@ -1719,11 +1713,6 @@
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- if( opt.trunc_hmac != DFL_TRUNC_HMAC )
- mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
-#endif
-
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
if( opt.extended_ms != DFL_EXTENDED_MS )
mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
@@ -1734,27 +1723,6 @@
mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
#endif
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
- if( opt.eap_tls != 0 )
- {
- mbedtls_ssl_conf_export_keys_ext_cb( &conf, eap_tls_key_derivation,
- &eap_tls_keying );
- }
- else if( opt.nss_keylog != 0 )
- {
- mbedtls_ssl_conf_export_keys_ext_cb( &conf,
- nss_keylog_export,
- NULL );
- }
-#if defined( MBEDTLS_SSL_DTLS_SRTP )
- else if( opt.use_srtp != 0 )
- {
- mbedtls_ssl_conf_export_keys_ext_cb( &conf, dtls_srtp_key_derivation,
- &dtls_srtp_keying );
- }
-#endif /* MBEDTLS_SSL_DTLS_SRTP */
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
-
#if defined(MBEDTLS_DHM_C)
if( opt.dhmlen != DFL_DHMLEN )
mbedtls_ssl_conf_dhm_min_bitlen( &conf, opt.dhmlen );
@@ -1884,6 +1852,27 @@
goto exit;
}
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+ if( opt.eap_tls != 0 )
+ {
+ mbedtls_ssl_set_export_keys_cb( &ssl, eap_tls_key_derivation,
+ &eap_tls_keying );
+ }
+ else if( opt.nss_keylog != 0 )
+ {
+ mbedtls_ssl_set_export_keys_cb( &ssl,
+ nss_keylog_export,
+ NULL );
+ }
+#if defined( MBEDTLS_SSL_DTLS_SRTP )
+ else if( opt.use_srtp != 0 )
+ {
+ mbedtls_ssl_set_export_keys_cb( &ssl, dtls_srtp_key_derivation,
+ &dtls_srtp_keying );
+ }
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
+#endif /* MBEDTLS_SSL_EXPORT_KEYS */
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
{
@@ -2021,10 +2010,10 @@
mbedtls_printf( " [ Record expansion is unknown ]\n" );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- mbedtls_printf( " [ Maximum input fragment length is %u ]\n",
- (unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) );
- mbedtls_printf( " [ Maximum output fragment length is %u ]\n",
- (unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) );
+ mbedtls_printf( " [ Maximum incoming record payload length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_max_in_record_payload( &ssl ) );
+ mbedtls_printf( " [ Maximum outgoing record payload length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_max_out_record_payload( &ssl ) );
#endif
#if defined(MBEDTLS_SSL_ALPN)
@@ -2161,6 +2150,8 @@
if( opt.reco_mode == 1 )
{
+ mbedtls_ssl_session exported_session;
+
/* free any previously saved data */
if( session_data != NULL )
{
@@ -2169,27 +2160,40 @@
session_data = NULL;
}
+ mbedtls_ssl_session_init( &exported_session );
+ ret = mbedtls_ssl_get_session( &ssl, &exported_session );
+ if( ret != 0 )
+ {
+ mbedtls_printf(
+ "failed\n ! mbedtls_ssl_get_session() returned -%#02x\n",
+ (unsigned) -ret );
+ goto exit;
+ }
+
/* get size of the buffer needed */
- mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ),
- NULL, 0, &session_data_len );
+ mbedtls_ssl_session_save( &exported_session, NULL, 0, &session_data_len );
session_data = mbedtls_calloc( 1, session_data_len );
if( session_data == NULL )
{
mbedtls_printf( " failed\n ! alloc %u bytes for session data\n",
(unsigned) session_data_len );
+ mbedtls_ssl_session_free( &exported_session );
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto exit;
}
/* actually save session data */
- if( ( ret = mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ),
+ if( ( ret = mbedtls_ssl_session_save( &exported_session,
session_data, session_data_len,
&session_data_len ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
(unsigned int) -ret );
+ mbedtls_ssl_session_free( &exported_session );
goto exit;
}
+
+ mbedtls_ssl_session_free( &exported_session );
}
else
{
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index 855102d..b04d4b5 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -17,6 +17,8 @@
* limitations under the License.
*/
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
@@ -698,12 +700,6 @@
case MBEDTLS_MD_NONE:
printf( "none\n" );
break;
- case MBEDTLS_MD_MD2:
- printf( "MD2\n" );
- break;
- case MBEDTLS_MD_MD4:
- printf( "MD4\n" );
- break;
case MBEDTLS_MD_MD5:
printf( "MD5\n" );
break;
@@ -866,7 +862,6 @@
print_if_bit( "MBEDTLS_HAVE_TIME", SESSION_CONFIG_TIME_BIT, session_cfg_flag );
print_if_bit( "MBEDTLS_X509_CRT_PARSE_C", SESSION_CONFIG_CRT_BIT, session_cfg_flag );
print_if_bit( "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH", SESSION_CONFIG_MFL_BIT, session_cfg_flag );
- print_if_bit( "MBEDTLS_SSL_TRUNCATED_HMAC", SESSION_CONFIG_TRUNC_HMAC_BIT, session_cfg_flag );
print_if_bit( "MBEDTLS_SSL_ENCRYPT_THEN_MAC", SESSION_CONFIG_ETM_BIT, session_cfg_flag );
print_if_bit( "MBEDTLS_SSL_SESSION_TICKETS", SESSION_CONFIG_TICKET_BIT, session_cfg_flag );
print_if_bit( "MBEDTLS_SSL_SESSION_TICKETS and client", SESSION_CONFIG_CLIENT_TICKET_BIT, session_cfg_flag );
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index d181c01..7419010 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -166,7 +166,8 @@
}
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0 );
+ mbedtls_test_srv_key_len, NULL, 0,
+ mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed! mbedtls_pk_parse_key returned %d\n\n", ret );
@@ -193,7 +194,7 @@
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
- mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
+ mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{
mbedtls_printf( " failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 428c643..f223977 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -20,6 +20,7 @@
/* Enable definition of gethostname() even when compiling with -std=c99. Must
* be set before config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */
+
#define _POSIX_C_SOURCE 200112L
#define _XOPEN_SOURCE 600
@@ -555,12 +556,17 @@
#if defined(MBEDTLS_FS_IO)
if( strlen( opt.key_file ) )
- ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
+ {
+ ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "",
+ mbedtls_ctr_drbg_random, &ctr_drbg );
+ }
else
#endif
#if defined(MBEDTLS_PEM_PARSE_C)
+ {
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key,
- mbedtls_test_cli_key_len, NULL, 0 );
+ mbedtls_test_cli_key_len, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg );
+ }
#else
{
mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined.");
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 93eab46..a083e4b 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -360,7 +360,23 @@
mbedtls_entropy_init( &entropy );
/*
- * 1. Load the certificates and private RSA key
+ * 1a. Seed the random number generator
+ */
+ mbedtls_printf( " . Seeding the random number generator..." );
+
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
+ ( unsigned int ) -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 1b. Load the certificates and private RSA key
*/
mbedtls_printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
@@ -388,7 +404,8 @@
mbedtls_pk_init( &pkey );
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0 );
+ mbedtls_test_srv_key_len, NULL, 0,
+ mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
@@ -398,22 +415,6 @@
mbedtls_printf( " ok\n" );
/*
- * 1b. Seed the random number generator
- */
- mbedtls_printf( " . Seeding the random number generator..." );
-
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
- ( unsigned int ) -ret );
- goto exit;
- }
-
- mbedtls_printf( " ok\n" );
-
- /*
* 1c. Prepare SSL configuration
*/
mbedtls_printf( " . Setting up the SSL data...." );
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 11147b0..aaccb58 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -125,7 +125,23 @@
#endif
/*
- * 1. Load the certificates and private RSA key
+ * 1. Seed the RNG
+ */
+ mbedtls_printf( " . Seeding the random number generator..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 2. Load the certificates and private RSA key
*/
mbedtls_printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
@@ -152,7 +168,8 @@
}
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0 );
+ mbedtls_test_srv_key_len, NULL, 0,
+ mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
@@ -162,7 +179,7 @@
mbedtls_printf( " ok\n" );
/*
- * 2. Setup the listening TCP socket
+ * 3. Setup the listening TCP socket
*/
mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
fflush( stdout );
@@ -176,22 +193,6 @@
mbedtls_printf( " ok\n" );
/*
- * 3. Seed the RNG
- */
- mbedtls_printf( " . Seeding the random number generator..." );
- fflush( stdout );
-
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
- goto exit;
- }
-
- mbedtls_printf( " ok\n" );
-
- /*
* 4. Setup stuff
*/
mbedtls_printf( " . Setting up the SSL data...." );
@@ -215,7 +216,7 @@
mbedtls_ssl_cache_set );
#endif
- mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
+ mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 151c811..cf608b9 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -17,6 +17,8 @@
* limitations under the License.
*/
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include "ssl_test_lib.h"
#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
@@ -332,13 +334,6 @@
#define USAGE_MAX_FRAG_LEN ""
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-#define USAGE_TRUNC_HMAC \
- " trunc_hmac=%%d default: library default\n"
-#else
-#define USAGE_TRUNC_HMAC ""
-#endif
-
#if defined(MBEDTLS_SSL_ALPN)
#define USAGE_ALPN \
" alpn=%%s default: \"\" (disabled)\n" \
@@ -485,7 +480,6 @@
USAGE_NSS_KEYLOG_FILE \
USAGE_CACHE \
USAGE_MAX_FRAG_LEN \
- USAGE_TRUNC_HMAC \
USAGE_ALPN \
USAGE_EMS \
USAGE_ETM \
@@ -523,6 +517,8 @@
(out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \
}
+/* This is global so it can be easily accessed by callback functions */
+rng_context_t rng;
/*
* global options
@@ -725,7 +721,7 @@
mbedtls_pk_init( new->key );
if( mbedtls_x509_crt_parse_file( new->cert, crt_file ) != 0 ||
- mbedtls_pk_parse_keyfile( new->key, key_file, "" ) != 0 )
+ mbedtls_pk_parse_keyfile( new->key, key_file, "", rng_get, &rng ) != 0 )
goto error;
if( strcmp( ca_file, "-" ) != 0 )
@@ -1043,7 +1039,8 @@
for( slot = 0; slot < config_data->slots_used; slot++ )
{
if( mbedtls_pk_check_pair( &cert->pk,
- config_data->slots[slot].pk ) == 0 )
+ config_data->slots[slot].pk,
+ rng_get, &rng ) == 0 )
break;
}
if( slot == config_data->slots_used )
@@ -1269,7 +1266,6 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
#endif
- rng_context_t rng;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
#if defined(MBEDTLS_TIMING_C)
@@ -2255,7 +2251,7 @@
{
key_cert_init++;
if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file,
- opt.key_pwd ) ) != 0 )
+ opt.key_pwd, rng_get, &rng ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", (unsigned int) -ret );
goto exit;
@@ -2281,7 +2277,7 @@
{
key_cert_init2++;
if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2,
- opt.key_pwd2 ) ) != 0 )
+ opt.key_pwd2, rng_get, &rng ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
(unsigned int) -ret );
@@ -2312,7 +2308,8 @@
}
if( ( ret = mbedtls_pk_parse_key( &pkey,
(const unsigned char *) mbedtls_test_srv_key_rsa,
- mbedtls_test_srv_key_rsa_len, NULL, 0 ) ) != 0 )
+ mbedtls_test_srv_key_rsa_len, NULL, 0,
+ rng_get, &rng ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
(unsigned int) -ret );
@@ -2331,7 +2328,8 @@
}
if( ( ret = mbedtls_pk_parse_key( &pkey2,
(const unsigned char *) mbedtls_test_srv_key_ec,
- mbedtls_test_srv_key_ec_len, NULL, 0 ) ) != 0 )
+ mbedtls_test_srv_key_ec_len, NULL, 0,
+ rng_get, &rng ) ) != 0 )
{
mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n",
(unsigned int) -ret );
@@ -2504,11 +2502,6 @@
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- if( opt.trunc_hmac != DFL_TRUNC_HMAC )
- mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
-#endif
-
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
if( opt.extended_ms != DFL_EXTENDED_MS )
mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
@@ -2519,27 +2512,6 @@
mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
#endif
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
- if( opt.eap_tls != 0 )
- {
- mbedtls_ssl_conf_export_keys_ext_cb( &conf, eap_tls_key_derivation,
- &eap_tls_keying );
- }
- else if( opt.nss_keylog != 0 )
- {
- mbedtls_ssl_conf_export_keys_ext_cb( &conf,
- nss_keylog_export,
- NULL );
- }
-#if defined( MBEDTLS_SSL_DTLS_SRTP )
- else if( opt.use_srtp != 0 )
- {
- mbedtls_ssl_conf_export_keys_ext_cb( &conf, dtls_srtp_key_derivation,
- &dtls_srtp_keying );
- }
-#endif /* MBEDTLS_SSL_DTLS_SRTP */
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
-
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
@@ -2866,6 +2838,27 @@
goto exit;
}
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+ if( opt.eap_tls != 0 )
+ {
+ mbedtls_ssl_set_export_keys_cb( &ssl, eap_tls_key_derivation,
+ &eap_tls_keying );
+ }
+ else if( opt.nss_keylog != 0 )
+ {
+ mbedtls_ssl_set_export_keys_cb( &ssl,
+ nss_keylog_export,
+ NULL );
+ }
+#if defined( MBEDTLS_SSL_DTLS_SRTP )
+ else if( opt.use_srtp != 0 )
+ {
+ mbedtls_ssl_set_export_keys_cb( &ssl, dtls_srtp_key_derivation,
+ &dtls_srtp_keying );
+ }
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
+#endif /* MBEDTLS_SSL_EXPORT_KEYS */
+
io_ctx.ssl = &ssl;
io_ctx.net = &client_fd;
mbedtls_ssl_set_bio( &ssl, &io_ctx, send_cb, recv_cb,
@@ -3066,10 +3059,10 @@
mbedtls_printf( " [ Record expansion is unknown ]\n" );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- mbedtls_printf( " [ Maximum input fragment length is %u ]\n",
- (unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) );
- mbedtls_printf( " [ Maximum output fragment length is %u ]\n",
- (unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) );
+ mbedtls_printf( " [ Maximum incoming record payload length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_max_in_record_payload( &ssl ) );
+ mbedtls_printf( " [ Maximum outgoing record payload length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_max_out_record_payload( &ssl ) );
#endif
#if defined(MBEDTLS_SSL_ALPN)
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index fa2c606..d30c36e 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@@ -25,55 +25,46 @@
*/
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
-int eap_tls_key_derivation( void *p_expkey,
- const unsigned char *ms,
- const unsigned char *kb,
- size_t maclen,
- size_t keylen,
- size_t ivlen,
- const unsigned char client_random[32],
- const unsigned char server_random[32],
- mbedtls_tls_prf_types tls_prf_type )
+void eap_tls_key_derivation( void *p_expkey,
+ mbedtls_ssl_key_export_type secret_type,
+ const unsigned char *secret,
+ size_t secret_len,
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
+ mbedtls_tls_prf_types tls_prf_type )
{
eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
- ( ( void ) kb );
- memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) );
+ /* We're only interested in the TLS 1.2 master secret */
+ if( secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET )
+ return;
+ if( secret_len != sizeof( keys->master_secret ) )
+ return;
+
+ memcpy( keys->master_secret, secret, sizeof( keys->master_secret ) );
memcpy( keys->randbytes, client_random, 32 );
memcpy( keys->randbytes + 32, server_random, 32 );
keys->tls_prf_type = tls_prf_type;
-
- if( opt.debug_level > 2 )
- {
- mbedtls_printf("exported maclen is %u\n", (unsigned)maclen);
- mbedtls_printf("exported keylen is %u\n", (unsigned)keylen);
- mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen);
- }
- return( 0 );
}
-int nss_keylog_export( void *p_expkey,
- const unsigned char *ms,
- const unsigned char *kb,
- size_t maclen,
- size_t keylen,
- size_t ivlen,
- const unsigned char client_random[32],
- const unsigned char server_random[32],
- mbedtls_tls_prf_types tls_prf_type )
+void nss_keylog_export( void *p_expkey,
+ mbedtls_ssl_key_export_type secret_type,
+ const unsigned char *secret,
+ size_t secret_len,
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
+ mbedtls_tls_prf_types tls_prf_type )
{
char nss_keylog_line[ 200 ];
size_t const client_random_len = 32;
- size_t const master_secret_len = 48;
size_t len = 0;
size_t j;
- int ret = 0;
+
+ /* We're only interested in the TLS 1.2 master secret */
+ if( secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET )
+ return;
((void) p_expkey);
- ((void) kb);
- ((void) maclen);
- ((void) keylen);
- ((void) ivlen);
((void) server_random);
((void) tls_prf_type);
@@ -88,10 +79,10 @@
len += sprintf( nss_keylog_line + len, " " );
- for( j = 0; j < master_secret_len; j++ )
+ for( j = 0; j < secret_len; j++ )
{
len += sprintf( nss_keylog_line + len,
- "%02x", ms[j] );
+ "%02x", secret[j] );
}
len += sprintf( nss_keylog_line + len, "\n" );
@@ -108,13 +99,11 @@
if( ( f = fopen( opt.nss_keylog_file, "a" ) ) == NULL )
{
- ret = -1;
goto exit;
}
if( fwrite( nss_keylog_line, 1, len, f ) != len )
{
- ret = -1;
fclose( f );
goto exit;
}
@@ -125,35 +114,29 @@
exit:
mbedtls_platform_zeroize( nss_keylog_line,
sizeof( nss_keylog_line ) );
- return( ret );
}
#if defined( MBEDTLS_SSL_DTLS_SRTP )
-int dtls_srtp_key_derivation( void *p_expkey,
- const unsigned char *ms,
- const unsigned char *kb,
- size_t maclen,
- size_t keylen,
- size_t ivlen,
- const unsigned char client_random[32],
- const unsigned char server_random[32],
- mbedtls_tls_prf_types tls_prf_type )
+void dtls_srtp_key_derivation( void *p_expkey,
+ mbedtls_ssl_key_export_type secret_type,
+ const unsigned char *secret,
+ size_t secret_len,
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
+ mbedtls_tls_prf_types tls_prf_type )
{
dtls_srtp_keys *keys = (dtls_srtp_keys *)p_expkey;
- ( ( void ) kb );
- memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) );
+ /* We're only interested in the TLS 1.2 master secret */
+ if( secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET )
+ return;
+ if( secret_len != sizeof( keys->master_secret ) )
+ return;
+
+ memcpy( keys->master_secret, secret, sizeof( keys->master_secret ) );
memcpy( keys->randbytes, client_random, 32 );
memcpy( keys->randbytes + 32, server_random, 32 );
keys->tls_prf_type = tls_prf_type;
-
- if( opt.debug_level > 2 )
- {
- mbedtls_printf( "exported maclen is %u\n", (unsigned) maclen );
- mbedtls_printf( "exported keylen is %u\n", (unsigned) keylen );
- mbedtls_printf( "exported ivlen is %u\n", (unsigned) ivlen );
- }
- return( 0 );
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c
index 1bb9d61..04e127a 100644
--- a/programs/ssl/ssl_test_lib.c
+++ b/programs/ssl/ssl_test_lib.c
@@ -20,6 +20,8 @@
* limitations under the License.
*/
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include "ssl_test_lib.h"
#if defined(MBEDTLS_TEST_HOOKS)
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index e123453..6a53647 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -17,6 +17,8 @@
* limitations under the License.
*/
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
@@ -45,18 +47,15 @@
#include "mbedtls/timing.h"
-#include "mbedtls/md4.h"
#include "mbedtls/md5.h"
#include "mbedtls/ripemd160.h"
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
-#include "mbedtls/arc4.h"
#include "mbedtls/des.h"
#include "mbedtls/aes.h"
#include "mbedtls/aria.h"
-#include "mbedtls/blowfish.h"
#include "mbedtls/camellia.h"
#include "mbedtls/chacha20.h"
#include "mbedtls/gcm.h"
@@ -75,10 +74,41 @@
#include "mbedtls/error.h"
+#ifndef asm
+#define asm __asm
+#endif
+
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+
+#include <windows.h>
+#include <process.h>
+
+struct _hr_time
+{
+ LARGE_INTEGER start;
+};
+
+#else
+
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <signal.h>
+#include <time.h>
+
+struct _hr_time
+{
+ struct timeval start;
+};
+
+#endif /* _WIN32 && !EFIX64 && !EFI32 */
+
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
#include "mbedtls/memory_buffer_alloc.h"
#endif
+static void mbedtls_set_alarm( int seconds );
+
/*
* For heap usage estimates, we need an estimate of the overhead per allocated
* block. ptmalloc2/3 (used in gnu libc for instance) uses 2 size_t per block,
@@ -96,8 +126,8 @@
#define TITLE_LEN 25
#define OPTIONS \
- "md4, md5, ripemd160, sha1, sha256, sha512,\n" \
- "arc4, des3, des, camellia, blowfish, chacha20,\n" \
+ "md5, ripemd160, sha1, sha256, sha512,\n" \
+ "des3, des, camellia, chacha20,\n" \
"aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly,\n" \
"aes_cmac, des3_cmac, poly1305\n" \
"ctr_drbg, hmac_drbg\n" \
@@ -210,6 +240,226 @@
} \
} while( 0 )
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
+ ( defined(_MSC_VER) && defined(_M_IX86) ) || defined(__WATCOMC__)
+
+#define HAVE_HARDCLOCK
+
+static unsigned long mbedtls_timing_hardclock( void )
+{
+ unsigned long tsc;
+ __asm rdtsc
+ __asm mov [tsc], eax
+ return( tsc );
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+ ( _MSC_VER && _M_IX86 ) || __WATCOMC__ */
+
+/* some versions of mingw-64 have 32-bit longs even on x84_64 */
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
+ defined(__GNUC__) && ( defined(__i386__) || ( \
+ ( defined(__amd64__) || defined( __x86_64__) ) && __SIZEOF_LONG__ == 4 ) )
+
+#define HAVE_HARDCLOCK
+
+static unsigned long mbedtls_timing_hardclock( void )
+{
+ unsigned long lo, hi;
+ asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) );
+ return( lo );
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+ __GNUC__ && __i386__ */
+
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
+ defined(__GNUC__) && ( defined(__amd64__) || defined(__x86_64__) )
+
+#define HAVE_HARDCLOCK
+
+static unsigned long mbedtls_timing_hardclock( void )
+{
+ unsigned long lo, hi;
+ asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) );
+ return( lo | ( hi << 32 ) );
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+ __GNUC__ && ( __amd64__ || __x86_64__ ) */
+
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
+ defined(__GNUC__) && ( defined(__powerpc__) || defined(__ppc__) )
+
+#define HAVE_HARDCLOCK
+
+static unsigned long mbedtls_timing_hardclock( void )
+{
+ unsigned long tbl, tbu0, tbu1;
+
+ do
+ {
+ asm volatile( "mftbu %0" : "=r" (tbu0) );
+ asm volatile( "mftb %0" : "=r" (tbl ) );
+ asm volatile( "mftbu %0" : "=r" (tbu1) );
+ }
+ while( tbu0 != tbu1 );
+
+ return( tbl );
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+ __GNUC__ && ( __powerpc__ || __ppc__ ) */
+
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
+ defined(__GNUC__) && defined(__sparc64__)
+
+#if defined(__OpenBSD__)
+#warning OpenBSD does not allow access to tick register using software version instead
+#else
+#define HAVE_HARDCLOCK
+
+static unsigned long mbedtls_timing_hardclock( void )
+{
+ unsigned long tick;
+ asm volatile( "rdpr %%tick, %0;" : "=&r" (tick) );
+ return( tick );
+}
+#endif /* __OpenBSD__ */
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+ __GNUC__ && __sparc64__ */
+
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
+ defined(__GNUC__) && defined(__sparc__) && !defined(__sparc64__)
+
+#define HAVE_HARDCLOCK
+
+static unsigned long mbedtls_timing_hardclock( void )
+{
+ unsigned long tick;
+ asm volatile( ".byte 0x83, 0x41, 0x00, 0x00" );
+ asm volatile( "mov %%g1, %0" : "=r" (tick) );
+ return( tick );
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+ __GNUC__ && __sparc__ && !__sparc64__ */
+
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
+ defined(__GNUC__) && defined(__alpha__)
+
+#define HAVE_HARDCLOCK
+
+static unsigned long mbedtls_timing_hardclock( void )
+{
+ unsigned long cc;
+ asm volatile( "rpcc %0" : "=r" (cc) );
+ return( cc & 0xFFFFFFFF );
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+ __GNUC__ && __alpha__ */
+
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
+ defined(__GNUC__) && defined(__ia64__)
+
+#define HAVE_HARDCLOCK
+
+static unsigned long mbedtls_timing_hardclock( void )
+{
+ unsigned long itc;
+ asm volatile( "mov %0 = ar.itc" : "=r" (itc) );
+ return( itc );
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+ __GNUC__ && __ia64__ */
+
+#if !defined(HAVE_HARDCLOCK) && defined(_MSC_VER) && \
+ !defined(EFIX64) && !defined(EFI32)
+
+#define HAVE_HARDCLOCK
+
+static unsigned long mbedtls_timing_hardclock( void )
+{
+ LARGE_INTEGER offset;
+
+ QueryPerformanceCounter( &offset );
+
+ return( (unsigned long)( offset.QuadPart ) );
+}
+#endif /* !HAVE_HARDCLOCK && _MSC_VER && !EFIX64 && !EFI32 */
+
+#if !defined(HAVE_HARDCLOCK)
+
+#define HAVE_HARDCLOCK
+
+static int hardclock_init = 0;
+static struct timeval tv_init;
+
+static unsigned long mbedtls_timing_hardclock( void )
+{
+ struct timeval tv_cur;
+
+ if( hardclock_init == 0 )
+ {
+ gettimeofday( &tv_init, NULL );
+ hardclock_init = 1;
+ }
+
+ gettimeofday( &tv_cur, NULL );
+ return( ( tv_cur.tv_sec - tv_init.tv_sec ) * 1000000
+ + ( tv_cur.tv_usec - tv_init.tv_usec ) );
+}
+#endif /* !HAVE_HARDCLOCK */
+
+volatile int mbedtls_timing_alarmed = 0;
+
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+
+/* It's OK to use a global because alarm() is supposed to be global anyway */
+static DWORD alarmMs;
+
+static void TimerProc( void *TimerContext )
+{
+ (void) TimerContext;
+ Sleep( alarmMs );
+ mbedtls_timing_alarmed = 1;
+ /* _endthread will be called implicitly on return
+ * That ensures execution of thread funcition's epilogue */
+}
+
+static void mbedtls_set_alarm( int seconds )
+{
+ if( seconds == 0 )
+ {
+ /* No need to create a thread for this simple case.
+ * Also, this shorcut is more reliable at least on MinGW32 */
+ mbedtls_timing_alarmed = 1;
+ return;
+ }
+
+ mbedtls_timing_alarmed = 0;
+ alarmMs = seconds * 1000;
+ (void) _beginthread( TimerProc, 0, NULL );
+}
+
+#else /* _WIN32 && !EFIX64 && !EFI32 */
+
+static void sighandler( int signum )
+{
+ mbedtls_timing_alarmed = 1;
+ signal( signum, sighandler );
+}
+
+static void mbedtls_set_alarm( int seconds )
+{
+ mbedtls_timing_alarmed = 0;
+ signal( SIGALRM, sighandler );
+ alarm( seconds );
+ if( seconds == 0 )
+ {
+ /* alarm(0) cancelled any previous pending alarm, but the
+ handler won't fire, so raise the flag straight away. */
+ mbedtls_timing_alarmed = 1;
+ }
+}
+
+#endif /* _WIN32 && !EFIX64 && !EFI32 */
+
static int myrand( void *rng_state, unsigned char *output, size_t len )
{
size_t use_len;
@@ -287,11 +537,11 @@
unsigned char buf[BUFSIZE];
typedef struct {
- char md4, md5, ripemd160, sha1, sha256, sha512,
- arc4, des3, des,
+ char md5, ripemd160, sha1, sha256, sha512,
+ des3, des,
aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly,
aes_cmac, des3_cmac,
- aria, camellia, blowfish, chacha20,
+ aria, camellia, chacha20,
poly1305,
ctr_drbg, hmac_drbg,
rsa, dhm, ecdsa, ecdh;
@@ -329,9 +579,7 @@
for( i = 1; i < argc; i++ )
{
- if( strcmp( argv[i], "md4" ) == 0 )
- todo.md4 = 1;
- else if( strcmp( argv[i], "md5" ) == 0 )
+ if( strcmp( argv[i], "md5" ) == 0 )
todo.md5 = 1;
else if( strcmp( argv[i], "ripemd160" ) == 0 )
todo.ripemd160 = 1;
@@ -341,8 +589,6 @@
todo.sha256 = 1;
else if( strcmp( argv[i], "sha512" ) == 0 )
todo.sha512 = 1;
- else if( strcmp( argv[i], "arc4" ) == 0 )
- todo.arc4 = 1;
else if( strcmp( argv[i], "des3" ) == 0 )
todo.des3 = 1;
else if( strcmp( argv[i], "des" ) == 0 )
@@ -365,8 +611,6 @@
todo.aria = 1;
else if( strcmp( argv[i], "camellia" ) == 0 )
todo.camellia = 1;
- else if( strcmp( argv[i], "blowfish" ) == 0 )
- todo.blowfish = 1;
else if( strcmp( argv[i], "chacha20" ) == 0 )
todo.chacha20 = 1;
else if( strcmp( argv[i], "poly1305" ) == 0 )
@@ -403,45 +647,29 @@
memset( buf, 0xAA, sizeof( buf ) );
memset( tmp, 0xBB, sizeof( tmp ) );
-#if defined(MBEDTLS_MD4_C)
- if( todo.md4 )
- TIME_AND_TSC( "MD4", mbedtls_md4_ret( buf, BUFSIZE, tmp ) );
-#endif
-
#if defined(MBEDTLS_MD5_C)
if( todo.md5 )
- TIME_AND_TSC( "MD5", mbedtls_md5_ret( buf, BUFSIZE, tmp ) );
+ TIME_AND_TSC( "MD5", mbedtls_md5( buf, BUFSIZE, tmp ) );
#endif
#if defined(MBEDTLS_RIPEMD160_C)
if( todo.ripemd160 )
- TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160_ret( buf, BUFSIZE, tmp ) );
+ TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160( buf, BUFSIZE, tmp ) );
#endif
#if defined(MBEDTLS_SHA1_C)
if( todo.sha1 )
- TIME_AND_TSC( "SHA-1", mbedtls_sha1_ret( buf, BUFSIZE, tmp ) );
+ TIME_AND_TSC( "SHA-1", mbedtls_sha1( buf, BUFSIZE, tmp ) );
#endif
#if defined(MBEDTLS_SHA256_C)
if( todo.sha256 )
- TIME_AND_TSC( "SHA-256", mbedtls_sha256_ret( buf, BUFSIZE, tmp, 0 ) );
+ TIME_AND_TSC( "SHA-256", mbedtls_sha256( buf, BUFSIZE, tmp, 0 ) );
#endif
#if defined(MBEDTLS_SHA512_C)
if( todo.sha512 )
- TIME_AND_TSC( "SHA-512", mbedtls_sha512_ret( buf, BUFSIZE, tmp, 0 ) );
-#endif
-
-#if defined(MBEDTLS_ARC4_C)
- if( todo.arc4 )
- {
- mbedtls_arc4_context arc4;
- mbedtls_arc4_init( &arc4 );
- mbedtls_arc4_setup( &arc4, tmp, 32 );
- TIME_AND_TSC( "ARC4", mbedtls_arc4_crypt( &arc4, BUFSIZE, buf, buf ) );
- mbedtls_arc4_free( &arc4 );
- }
+ TIME_AND_TSC( "SHA-512", mbedtls_sha512( buf, BUFSIZE, tmp, 0 ) );
#endif
#if defined(MBEDTLS_DES_C)
@@ -686,30 +914,6 @@
}
#endif
-#if defined(MBEDTLS_BLOWFISH_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
- if( todo.blowfish )
- {
- int keysize;
- mbedtls_blowfish_context blowfish;
- mbedtls_blowfish_init( &blowfish );
-
- for( keysize = 128; keysize <= 256; keysize += 64 )
- {
- mbedtls_snprintf( title, sizeof( title ), "BLOWFISH-CBC-%d", keysize );
-
- memset( buf, 0, sizeof( buf ) );
- memset( tmp, 0, sizeof( tmp ) );
- mbedtls_blowfish_setkey( &blowfish, tmp, keysize );
-
- TIME_AND_TSC( title,
- mbedtls_blowfish_crypt_cbc( &blowfish, MBEDTLS_BLOWFISH_ENCRYPT, BUFSIZE,
- tmp, buf, buf ) );
- }
-
- mbedtls_blowfish_free( &blowfish );
- }
-#endif
-
#if defined(MBEDTLS_CTR_DRBG_C)
if( todo.ctr_drbg )
{
@@ -786,7 +990,7 @@
{
mbedtls_snprintf( title, sizeof( title ), "RSA-%d", keysize );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
mbedtls_rsa_gen_key( &rsa, myrand, NULL, keysize, 65537 );
TIME_PUBLIC( title, " public",
@@ -825,6 +1029,7 @@
mbedtls_dhm_context dhm;
size_t olen;
+ size_t n;
for( i = 0; (size_t) i < sizeof( dhm_sizes ) / sizeof( dhm_sizes[0] ); i++ )
{
mbedtls_dhm_init( &dhm );
@@ -837,14 +1042,14 @@
mbedtls_exit( 1 );
}
- dhm.len = mbedtls_mpi_size( &dhm.P );
- mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len, myrand, NULL );
+ n = mbedtls_mpi_size( &dhm.P );
+ mbedtls_dhm_make_public( &dhm, (int) n, buf, n, myrand, NULL );
if( mbedtls_mpi_copy( &dhm.GY, &dhm.GX ) != 0 )
mbedtls_exit( 1 );
mbedtls_snprintf( title, sizeof( title ), "DHE-%d", dhm_sizes[i] );
TIME_PUBLIC( title, "handshake",
- ret |= mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len,
+ ret |= mbedtls_dhm_make_public( &dhm, (int) n, buf, n,
myrand, NULL );
ret |= mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &olen, myrand, NULL ) );
diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp
index ea345a3..61a7e89 100644
--- a/programs/test/cpp_dummy_build.cpp
+++ b/programs/test/cpp_dummy_build.cpp
@@ -25,13 +25,11 @@
#endif
#include "mbedtls/aes.h"
-#include "mbedtls/arc4.h"
#include "mbedtls/aria.h"
#include "mbedtls/asn1.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/base64.h"
#include "mbedtls/bignum.h"
-#include "mbedtls/blowfish.h"
#include "mbedtls/camellia.h"
#include "mbedtls/ccm.h"
#include "mbedtls/chacha20.h"
@@ -54,8 +52,6 @@
#include "mbedtls/hkdf.h"
#include "mbedtls/hmac_drbg.h"
#include "mbedtls/md.h"
-#include "mbedtls/md2.h"
-#include "mbedtls/md4.h"
#include "mbedtls/md5.h"
#include "mbedtls/net_sockets.h"
#include "mbedtls/nist_kw.h"
@@ -85,7 +81,6 @@
#include "mbedtls/x509_crl.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_csr.h"
-#include "mbedtls/xtea.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index e160feb..87d8a13 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -17,6 +17,8 @@
* limitations under the License.
*/
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
@@ -30,14 +32,11 @@
#include "mbedtls/gcm.h"
#include "mbedtls/ccm.h"
#include "mbedtls/cmac.h"
-#include "mbedtls/md2.h"
-#include "mbedtls/md4.h"
#include "mbedtls/md5.h"
#include "mbedtls/ripemd160.h"
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
-#include "mbedtls/arc4.h"
#include "mbedtls/des.h"
#include "mbedtls/aes.h"
#include "mbedtls/camellia.h"
@@ -49,7 +48,6 @@
#include "mbedtls/bignum.h"
#include "mbedtls/rsa.h"
#include "mbedtls/x509.h"
-#include "mbedtls/xtea.h"
#include "mbedtls/pkcs5.h"
#include "mbedtls/ecp.h"
#include "mbedtls/ecjpake.h"
@@ -254,12 +252,6 @@
const selftest_t selftests[] =
{
{"calloc", calloc_self_test},
-#if defined(MBEDTLS_MD2_C)
- {"md2", mbedtls_md2_self_test},
-#endif
-#if defined(MBEDTLS_MD4_C)
- {"md4", mbedtls_md4_self_test},
-#endif
#if defined(MBEDTLS_MD5_C)
{"md5", mbedtls_md5_self_test},
#endif
@@ -275,9 +267,6 @@
#if defined(MBEDTLS_SHA512_C)
{"sha512", mbedtls_sha512_self_test},
#endif
-#if defined(MBEDTLS_ARC4_C)
- {"arc4", mbedtls_arc4_self_test},
-#endif
#if defined(MBEDTLS_DES_C)
{"des", mbedtls_des_self_test},
#endif
@@ -314,9 +303,6 @@
#if defined(MBEDTLS_RSA_C)
{"rsa", mbedtls_rsa_self_test},
#endif
-#if defined(MBEDTLS_XTEA_C)
- {"xtea", mbedtls_xtea_self_test},
-#endif
#if defined(MBEDTLS_CAMELLIA_C)
{"camellia", mbedtls_camellia_self_test},
#endif
@@ -344,10 +330,6 @@
#if defined(MBEDTLS_PKCS5_C)
{"pkcs5", mbedtls_pkcs5_self_test},
#endif
-/* Slower test after the faster ones */
-#if defined(MBEDTLS_TIMING_C)
- {"timing", mbedtls_timing_self_test},
-#endif
/* Heap test comes last */
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
{"memory_buffer_alloc", mbedtls_memory_buffer_alloc_free_and_self_test},
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index afe0118..91c231f 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -23,6 +23,8 @@
* example of good general usage.
*/
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt
index 2a11212..7fc58cb 100644
--- a/programs/util/CMakeLists.txt
+++ b/programs/util/CMakeLists.txt
@@ -10,6 +10,7 @@
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${libs})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
install(TARGETS ${executables}
diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt
index cf57ca4..a04fa8b 100644
--- a/programs/x509/CMakeLists.txt
+++ b/programs/x509/CMakeLists.txt
@@ -13,6 +13,7 @@
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${libs})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
target_link_libraries(cert_app ${mbedtls_target})
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index fb24843..2adef39 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -335,7 +335,7 @@
mbedtls_printf( "%s\n", buf );
- cur = cur->next;
+ cur = cur->MBEDTLS_PRIVATE(next);
}
/*
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index e8241a3..0ea2607 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -100,7 +100,7 @@
" Add NsCertType even if it is empty\n" \
" md=%%s default: SHA256\n" \
" possible values:\n" \
- " MD2, MD4, MD5, RIPEMD160, SHA1,\n" \
+ " MD5, RIPEMD160, SHA1,\n" \
" SHA224, SHA256, SHA384, SHA512\n" \
"\n"
@@ -346,7 +346,8 @@
mbedtls_printf( " . Loading the private key ..." );
fflush( stdout );
- ret = mbedtls_pk_parse_keyfile( &key, opt.filename, opt.password );
+ ret = mbedtls_pk_parse_keyfile( &key, opt.filename, opt.password,
+ mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 18174d8..f1e5c6b 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -119,7 +119,7 @@
" max_pathlen=%%d default: -1 (none)\n" \
" md=%%s default: SHA256\n" \
" Supported values (if enabled):\n" \
- " MD2, MD4, MD5, RIPEMD160, SHA1,\n" \
+ " MD5, RIPEMD160, SHA1,\n" \
" SHA224, SHA256, SHA384, SHA512\n" \
" version=%%d default: 3\n" \
" Possible values: 1, 2, 3\n"\
@@ -518,7 +518,7 @@
}
ret = mbedtls_x509_dn_gets( issuer_name, sizeof(issuer_name),
- &issuer_crt.subject );
+ &issuer_crt.MBEDTLS_PRIVATE(subject) );
if( ret < 0 )
{
mbedtls_strerror( ret, buf, 1024 );
@@ -552,7 +552,7 @@
}
ret = mbedtls_x509_dn_gets( subject_name, sizeof(subject_name),
- &csr.subject );
+ &csr.MBEDTLS_PRIVATE(subject) );
if( ret < 0 )
{
mbedtls_strerror( ret, buf, 1024 );
@@ -562,7 +562,7 @@
}
opt.subject_name = subject_name;
- subject_key = &csr.pk;
+ subject_key = &csr.MBEDTLS_PRIVATE(pk);
mbedtls_printf( " ok\n" );
}
@@ -577,7 +577,7 @@
fflush( stdout );
ret = mbedtls_pk_parse_keyfile( &loaded_subject_key, opt.subject_key,
- opt.subject_pwd );
+ opt.subject_pwd, mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_strerror( ret, buf, 1024 );
@@ -593,7 +593,7 @@
fflush( stdout );
ret = mbedtls_pk_parse_keyfile( &loaded_issuer_key, opt.issuer_key,
- opt.issuer_pwd );
+ opt.issuer_pwd, mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_strerror( ret, buf, 1024 );
@@ -606,7 +606,8 @@
//
if( strlen( opt.issuer_crt ) )
{
- if( mbedtls_pk_check_pair( &issuer_crt.pk, issuer_key ) != 0 )
+ if( mbedtls_pk_check_pair( &issuer_crt.MBEDTLS_PRIVATE(pk), issuer_key,
+ mbedtls_ctr_drbg_random, &ctr_drbg ) != 0 )
{
mbedtls_printf( " failed\n ! issuer_key does not match "
"issuer certificate\n\n" );
diff --git a/scripts/config.py b/scripts/config.py
index 94fbdef..cbce1eb 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -147,6 +147,15 @@
setting.active = adapter(setting.name, setting.active,
setting.section)
+ def change_matching(self, regexs, enable):
+ """Change all symbols matching one of the regexs to the desired state."""
+ if not regexs:
+ return
+ regex = re.compile('|'.join(regexs))
+ for setting in self.settings.values():
+ if regex.search(setting.name):
+ setting.active = enable
+
def is_full_section(section):
"""Is this section affected by "config.py full" and friends?"""
return section.endswith('support') or section.endswith('modules')
@@ -172,7 +181,6 @@
'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options
'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS
'MBEDTLS_ECP_NO_FALLBACK', # removes internal ECP implementation
- 'MBEDTLS_ECP_NO_INTERNAL_RNG', # removes a feature
'MBEDTLS_ECP_RESTARTABLE', # incompatible with USE_PSA_CRYPTO
'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY
'MBEDTLS_HAVE_SSE2', # hardware dependency
@@ -192,7 +200,6 @@
'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS
'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan)
'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers)
- 'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION', # influences the use of X.509 in TLS
'MBEDTLS_X509_REMOVE_INFO', # removes a feature
])
@@ -455,11 +462,21 @@
parser_set.add_argument('symbol', metavar='SYMBOL')
parser_set.add_argument('value', metavar='VALUE', nargs='?',
default='')
+ parser_set_all = subparsers.add_parser('set-all',
+ help="""Uncomment all #define
+ whose name contains a match for
+ REGEX.""")
+ parser_set_all.add_argument('regexs', metavar='REGEX', nargs='*')
parser_unset = subparsers.add_parser('unset',
help="""Comment out the #define
for SYMBOL. Do nothing if none
is present.""")
parser_unset.add_argument('symbol', metavar='SYMBOL')
+ parser_unset_all = subparsers.add_parser('unset-all',
+ help="""Comment out all #define
+ whose name contains a match for
+ REGEX.""")
+ parser_unset_all.add_argument('regexs', metavar='REGEX', nargs='*')
def add_adapter(name, function, description):
subparser = subparsers.add_parser(name, help=description)
@@ -506,8 +523,12 @@
.format(args.symbol, config.filename))
return 1
config.set(args.symbol, value=args.value)
+ elif args.command == 'set-all':
+ config.change_matching(args.regexs, True)
elif args.command == 'unset':
config.unset(args.symbol)
+ elif args.command == 'unset-all':
+ config.change_matching(args.regexs, False)
else:
config.adapt(args.adapter)
config.write(args.write)
diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt
index 6199c62..c707e4c 100644
--- a/scripts/data_files/query_config.fmt
+++ b/scripts/data_files/query_config.fmt
@@ -37,13 +37,11 @@
* default value when that configuration is not set in the config.h.
*/
#include "mbedtls/aes.h"
-#include "mbedtls/arc4.h"
#include "mbedtls/aria.h"
#include "mbedtls/asn1.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/base64.h"
#include "mbedtls/bignum.h"
-#include "mbedtls/blowfish.h"
#include "mbedtls/camellia.h"
#include "mbedtls/ccm.h"
#include "mbedtls/chacha20.h"
@@ -64,8 +62,6 @@
#include "mbedtls/hkdf.h"
#include "mbedtls/hmac_drbg.h"
#include "mbedtls/md.h"
-#include "mbedtls/md2.h"
-#include "mbedtls/md4.h"
#include "mbedtls/md5.h"
#include "mbedtls/memory_buffer_alloc.h"
#include "mbedtls/net_sockets.h"
@@ -95,7 +91,6 @@
#include "mbedtls/x509_crl.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_csr.h"
-#include "mbedtls/xtea.h"
#include <string.h>
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index 606714f..7822384 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -44,11 +44,11 @@
my $error_format_file = $data_dir.'/error.fmt';
-my @low_level_modules = qw( AES ARC4 ARIA ASN1 BASE64 BIGNUM BLOWFISH
+my @low_level_modules = qw( AES ARIA ASN1 BASE64 BIGNUM
CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES
- ENTROPY ERROR GCM HKDF HMAC_DRBG MD2 MD4 MD5
+ ENTROPY ERROR GCM HKDF HMAC_DRBG MD5
NET OID PADLOCK PBKDF2 PLATFORM POLY1305 RIPEMD160
- SHA1 SHA256 SHA512 THREADING XTEA );
+ SHA1 SHA256 SHA512 THREADING );
my @high_level_modules = qw( CIPHER DHM ECP MD
PEM PK PKCS12 PKCS5
RSA SSL X509 );
diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl
index 8c8c188..7276049 100755
--- a/scripts/generate_query_config.pl
+++ b/scripts/generate_query_config.pl
@@ -50,7 +50,6 @@
# throw errors.
my @excluded = qw(
MBEDTLS_SSL_CIPHERSUITES
-MBEDTLS_PARAM_FAILED
);
my $excluded_re = join '|', @excluded;
diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py
index 94a97e7..4b4e2df 100644
--- a/scripts/mbedtls_dev/crypto_knowledge.py
+++ b/scripts/mbedtls_dev/crypto_knowledge.py
@@ -82,7 +82,6 @@
}
KEY_TYPE_SIZES = {
'PSA_KEY_TYPE_AES': (128, 192, 256), # exhaustive
- 'PSA_KEY_TYPE_ARC4': (8, 128, 2048), # extremes + sensible
'PSA_KEY_TYPE_ARIA': (128, 192, 256), # exhaustive
'PSA_KEY_TYPE_CAMELLIA': (128, 192, 256), # exhaustive
'PSA_KEY_TYPE_CHACHA20': (256,), # exhaustive
diff --git a/scripts/mbedtls_dev/macro_collector.py b/scripts/mbedtls_dev/macro_collector.py
index 0e76435..6eb0d00 100644
--- a/scripts/mbedtls_dev/macro_collector.py
+++ b/scripts/mbedtls_dev/macro_collector.py
@@ -81,11 +81,15 @@
`self.arguments_for` for arguments that are not of a kind that is
enumerated here.
"""
+ #pylint: disable=too-many-instance-attributes
def __init__(self) -> None:
"""Set up an empty set of known constructor macros.
"""
self.statuses = set() #type: Set[str]
+ self.lifetimes = set() #type: Set[str]
+ self.locations = set() #type: Set[str]
+ self.persistence_levels = set() #type: Set[str]
self.algorithms = set() #type: Set[str]
self.ecc_curves = set() #type: Set[str]
self.dh_groups = set() #type: Set[str]
@@ -95,6 +99,7 @@
self.mac_algorithms = set() #type: Set[str]
self.ka_algorithms = set() #type: Set[str]
self.kdf_algorithms = set() #type: Set[str]
+ self.pake_algorithms = set() #type: Set[str]
self.aead_algorithms = set() #type: Set[str]
# macro name -> list of argument names
self.argspecs = {} #type: Dict[str, List[str]]
@@ -132,6 +137,9 @@
self.arguments_for['aead_alg'] = sorted(self.aead_algorithms)
self.arguments_for['curve'] = sorted(self.ecc_curves)
self.arguments_for['group'] = sorted(self.dh_groups)
+ self.arguments_for['persistence'] = sorted(self.persistence_levels)
+ self.arguments_for['location'] = sorted(self.locations)
+ self.arguments_for['lifetime'] = sorted(self.lifetimes)
@staticmethod
def _format_arguments(name: str, arguments: Iterable[str]) -> str:
@@ -340,6 +348,9 @@
'ALG': self.algorithms,
'ECC_CURVE': self.ecc_curves,
'DH_GROUP': self.dh_groups,
+ 'KEY_LIFETIME': self.lifetimes,
+ 'KEY_LOCATION': self.locations,
+ 'KEY_PERSISTENCE': self.persistence_levels,
'KEY_TYPE': self.key_types,
'KEY_USAGE': self.key_usage_flags,
} #type: Dict[str, Set[str]]
@@ -364,7 +375,9 @@
'asymmetric_signature_algorithm': [],
'asymmetric_signature_wildcard': [self.algorithms],
'asymmetric_encryption_algorithm': [],
+ 'pake_algorithm': [self.pake_algorithms],
'other_algorithm': [],
+ 'lifetime': [self.lifetimes],
} #type: Dict[str, List[Set[str]]]
self.arguments_for['mac_length'] += ['1', '63']
self.arguments_for['min_mac_length'] += ['1', '63']
@@ -389,6 +402,7 @@
self.mac_algorithms.add('0x03007fff')
self.ka_algorithms.add('0x09fc0000')
self.kdf_algorithms.add('0x080000ff')
+ self.pake_algorithms.add('0x0a0000ff')
# For AEAD algorithms, the only variability is over the tag length,
# and this only applies to known algorithms, so don't test an
# unknown algorithm.
diff --git a/scripts/mbedtls_dev/psa_storage.py b/scripts/mbedtls_dev/psa_storage.py
index 3a74007..45f0380 100644
--- a/scripts/mbedtls_dev/psa_storage.py
+++ b/scripts/mbedtls_dev/psa_storage.py
@@ -164,6 +164,10 @@
"""
return self.bytes().hex()
+ def location_value(self) -> int:
+ """The numerical value of the location encoded in the key's lifetime."""
+ return self.lifetime.value() >> 8
+
class TestKey(unittest.TestCase):
# pylint: disable=line-too-long
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 7898004..fbd746e 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -75,19 +75,15 @@
add_test_suite(aes aes.ofb)
add_test_suite(aes aes.rest)
add_test_suite(aes aes.xts)
-add_test_suite(arc4)
add_test_suite(aria)
add_test_suite(asn1parse)
add_test_suite(asn1write)
add_test_suite(base64)
-add_test_suite(blowfish)
add_test_suite(camellia)
add_test_suite(ccm)
add_test_suite(chacha20)
add_test_suite(chachapoly)
add_test_suite(cipher cipher.aes)
-add_test_suite(cipher cipher.arc4)
-add_test_suite(cipher cipher.blowfish)
add_test_suite(cipher cipher.camellia)
add_test_suite(cipher cipher.ccm)
add_test_suite(cipher cipher.chacha20)
@@ -162,7 +158,6 @@
add_test_suite(version)
add_test_suite(x509parse)
add_test_suite(x509write)
-add_test_suite(xtea)
# Make scripts and data files needed for testing available in an
# out-of-source build.
diff --git a/tests/context-info.sh b/tests/context-info.sh
index e02d330..88dfcaa 100755
--- a/tests/context-info.sh
+++ b/tests/context-info.sh
@@ -210,7 +210,6 @@
-u "MBEDTLS_HAVE_TIME$" \
-u "MBEDTLS_X509_CRT_PARSE_C$" \
-u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
- -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \
-u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-u "MBEDTLS_SSL_SESSION_TICKETS$" \
-u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
@@ -233,7 +232,6 @@
-u "MBEDTLS_HAVE_TIME$" \
-u "MBEDTLS_X509_CRT_PARSE_C$" \
-u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
- -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \
-u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-u "MBEDTLS_SSL_SESSION_TICKETS$" \
-u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
@@ -339,7 +337,6 @@
"srv_min_cfg.txt" \
-n "ERROR" \
-n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
- -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \
-n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-n "MBEDTLS_SSL_SESSION_TICKETS$" \
-n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
@@ -350,7 +347,6 @@
"cli_min_cfg.txt" \
-n "ERROR" \
-n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
- -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \
-n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-n "MBEDTLS_SSL_SESSION_TICKETS$" \
-n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index f3cba5a..e86706c 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -416,15 +416,7 @@
all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem
keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der
-rsa_pkcs8_pbe_sha1_1024_rc4_128.der: rsa_pkcs1_1024_clear.pem
- $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
-all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.der
-rsa_pkcs8_pbe_sha1_1024_rc4_128.pem: rsa_pkcs1_1024_clear.pem
- $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
-all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.pem
-keys_rsa_enc_pkcs8_v1_1024_rc4_128: rsa_pkcs8_pbe_sha1_1024_rc4_128.pem rsa_pkcs8_pbe_sha1_1024_rc4_128.der
-
-keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128
+keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des
### 2048-bit
rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem
@@ -443,15 +435,7 @@
all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem
keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der
-rsa_pkcs8_pbe_sha1_2048_rc4_128.der: rsa_pkcs1_2048_clear.pem
- $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
-all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.der
-rsa_pkcs8_pbe_sha1_2048_rc4_128.pem: rsa_pkcs1_2048_clear.pem
- $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
-all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.pem
-keys_rsa_enc_pkcs8_v1_2048_rc4_128: rsa_pkcs8_pbe_sha1_2048_rc4_128.pem rsa_pkcs8_pbe_sha1_2048_rc4_128.der
-
-keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des keys_rsa_enc_pkcs8_v1_2048_rc4_128
+keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des
### 4096-bit
rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem
@@ -470,15 +454,7 @@
all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem
keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der
-rsa_pkcs8_pbe_sha1_4096_rc4_128.der: rsa_pkcs1_4096_clear.pem
- $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
-all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.der
-rsa_pkcs8_pbe_sha1_4096_rc4_128.pem: rsa_pkcs1_4096_clear.pem
- $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
-all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.pem
-keys_rsa_enc_pkcs8_v1_4096_rc4_128: rsa_pkcs8_pbe_sha1_4096_rc4_128.pem rsa_pkcs8_pbe_sha1_4096_rc4_128.der
-
-keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128
+keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des
###
### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1)
@@ -893,10 +869,6 @@
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
all_final += server1.req.sha1
-server1.req.md4: server1.key
- $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD4
-all_final += server1.req.md4
-
server1.req.md5: server1.key
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5
all_final += server1.req.md5
@@ -1103,26 +1075,10 @@
$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
all_final += server2-sha256.crt
-# MD2, MD4, MD5 test certificates
+# MD5 test certificate
cert_md_test_key = $(cli_crt_key_file_rsa)
-cert_md2.csr: $(cert_md_test_key)
- $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD2" md=MD2
-all_intermediate += cert_md2.csr
-
-cert_md2.crt: cert_md2.csr
- $(MBEDTLS_CERT_WRITE) request_file=$< serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD2 version=3 output_file=$@
-all_final += cert_md2.crt
-
-cert_md4.csr: $(cert_md_test_key)
- $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD4" md=MD4
-all_intermediate += cert_md4.csr
-
-cert_md4.crt: cert_md4.csr
- $(MBEDTLS_CERT_WRITE) request_file=$< serial=5 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD4 version=3 output_file=$@
-all_final += cert_md4.crt
-
cert_md5.csr: $(cert_md_test_key)
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD5" md=MD5
all_intermediate += cert_md5.csr
diff --git a/tests/data_files/cert_md2.crt b/tests/data_files/cert_md2.crt
deleted file mode 100644
index 94b89af..0000000
--- a/tests/data_files/cert_md2.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDPzCCAiegAwIBAgIBCTANBgkqhkiG9w0BAQIFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MDAwMTAxMTIxMjEyWhcNMzAwMTAxMTIxMjEyWjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENlcnQgTUQyMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f
-M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu
-1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw
-MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v
-4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/
-/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB
-o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf
-BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQIFAAOC
-AQEAXLWqy34iaZ2YV+5eE1QMV/9m9nQI2X/yumRH1MT1R3oYde/YDV7+HSOM6qLs
-qSgH1DSyXv1YnJww2OyTtAVhPalICLjVjUQCyeUCiFpAIO6Xz1VE6v4GMFLqhlV1
-Nox9dDtR5Go2zwPaH64Ze9GxuDZfW+VnPRNgYOrqqCBnuhnp2uPRfOewus2AAo50
-dx1XTooCEqElQlB9EIPWbvPdJZjRjruCUtDbz+oxG4J4Ml4KCYm+/MyXNPqxV9+H
-5A9oQltuHMWasMWSfXeimQI5PPpdjndmJOhfT4RGmvTw/uNC/Xuy1kPxXQKoocz6
-93U8RQvyJxdIPtQuARNMRZ7G+Q==
------END CERTIFICATE-----
diff --git a/tests/data_files/cert_md2.csr b/tests/data_files/cert_md2.csr
deleted file mode 100644
index a8c39bd..0000000
--- a/tests/data_files/cert_md2.csr
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
-GAYDVQQDDBFQb2xhclNTTCBDZXJ0IE1EMjCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAMh0xMy5+bV56UXZFGCwfbuT8msenzOtDY+KPFZl5dxE2cxmhQfV
-+CewSjXQY54Kbhu32vB+q+4MEJOGSRg086gq0lf1LtQvdymEYU2CUI+nlUhw9W5N
-stUTw9Ia7eZD6kIU63TqwO0f1FdOqfOo7dLgwTBxMDIw1dP2CNBWT0aO8l/5PWeR
-iDAuQrLfffvlDHf/7DHAeI+/wn/KrWwh1o3Zi2qOb+Cb+BBWzLOOExXmNARmx+75
-Ng5qlfYJmgZn9GVx+MqksSXg/jyLNQRnuuBPdoX8f/w2a7XpzS0DYk6zPQDPr3ag
-aVaDatKo1OdQcea1NgV3BW17yOTE/UzVIV8CAwEAAaAAMA0GCSqGSIb3DQEBAgUA
-A4IBAQBPUqodRcH2ZUa8A3fQX/nxrIwWiLmQ9BaOI6G7vzEWVE1sxmkrHP+pXgi9
-1eFceN9xUBKEd+LmUPmHpObZ4nwRSprFj3DeIXpn9aSBr+jGY8RaaC9cMkaSq5Mb
-q65THEJ1xemIfZvbhjvNi/ycXXu/v1Gpj62dpIFGbm+o4AXQF2ocYGEM+X1u2eVn
-mnuuvPAHTllGjB0daTSYoQtMy3luPUEj0Yct3iVR1pUeTrHchOs9p5ACDZcf6D3x
-sm9atH2ZIaXo1c9SqHzdk/uLt/CwxQrn1WU1inwOkzjim2Yq9vWgpQypfGZdScXV
-oHOmuGG901WMMemzZXjoLi+8ZpVL
------END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/cert_md4.crt b/tests/data_files/cert_md4.crt
deleted file mode 100644
index 7d0f7cb..0000000
--- a/tests/data_files/cert_md4.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDPzCCAiegAwIBAgIBBTANBgkqhkiG9w0BAQMFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MDAwMTAxMTIxMjEyWhcNMzAwMTAxMTIxMjEyWjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENlcnQgTUQ0MIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f
-M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu
-1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw
-MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v
-4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/
-/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB
-o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf
-BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQMFAAOC
-AQEArXIW7Dy1hBXMKY8/TAfACqkFZzbGDJdD5ohQknENk6FzUHVw9SVibhi5J+nh
-/mhUhoczFg78T8ZopDcsPHKQTuy0LNcLWhZDD4S4CJCibmsf+8BWmPcSp1tsS9Zj
-etO5qNuUarL74W+rRa3qQcCXcglYTubv/PcCV+LGVqZ4XDlO5EBFJJREAREzG+iK
-Epm2y0mi1WTwjy7m7rxYHs5i5ybDHDDwU55H5wh50Vs4/vDx2kZab2K9gx6V2ggY
-CCYmRWKQHdI4XZBkpYFbbREZxMY4Y5c2PUMlr8GUq6s6eu9/GvmnIx/+EySSfxgv
-9GpN+gnyx03hjYNGO7iX8nPnXA==
------END CERTIFICATE-----
diff --git a/tests/data_files/cert_md4.csr b/tests/data_files/cert_md4.csr
deleted file mode 100644
index d8a3dbf..0000000
--- a/tests/data_files/cert_md4.csr
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
-GAYDVQQDDBFQb2xhclNTTCBDZXJ0IE1ENDCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAMh0xMy5+bV56UXZFGCwfbuT8msenzOtDY+KPFZl5dxE2cxmhQfV
-+CewSjXQY54Kbhu32vB+q+4MEJOGSRg086gq0lf1LtQvdymEYU2CUI+nlUhw9W5N
-stUTw9Ia7eZD6kIU63TqwO0f1FdOqfOo7dLgwTBxMDIw1dP2CNBWT0aO8l/5PWeR
-iDAuQrLfffvlDHf/7DHAeI+/wn/KrWwh1o3Zi2qOb+Cb+BBWzLOOExXmNARmx+75
-Ng5qlfYJmgZn9GVx+MqksSXg/jyLNQRnuuBPdoX8f/w2a7XpzS0DYk6zPQDPr3ag
-aVaDatKo1OdQcea1NgV3BW17yOTE/UzVIV8CAwEAAaAAMA0GCSqGSIb3DQEBAwUA
-A4IBAQAztRb+vAecvhelhszzCctzmhGs4TGmr9h4zddZoQ8dTdy1OCsnmU+yz3oh
-oiQjy7UPLt8DS2ZKhGhvwPvtwFh5icMWQVnv2kE4Evz8xJT12VRw+U6L5rfKmf/L
-mVNxsuk17MDyBcMlwuNk+CHrYVdrXhSWUH3UCQQUH1iqqBMKmNiPa1UGU0budZ9X
-HZjn9uqyyOGy8l3hffqjDxsDjZyBDf5aqKIdnvukdrUiacPdUYVF0fwK8d1/1PA9
-dA4JjTvz+tTK6mL9Ic9Pv+64v1vwMU4Qu8IJHk5x3I0e7KuK2A/lK6az2Vb6FAh6
-MkGpWB68T8FRBoVrWLOh+a9yNwyp
------END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/crl_md2.pem b/tests/data_files/crl_md2.pem
deleted file mode 100644
index e273795..0000000
--- a/tests/data_files/crl_md2.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN X509 CRL-----
-MIIBqzCBlDANBgkqhkiG9w0BAQIFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTA5MDcxOTE5NTYz
-N1oXDTA5MDkxNzE5NTYzN1owKDASAgEBFw0wOTAyMDkyMTEyMzZaMBICAQMXDTA5
-MDIwOTIxMTIzNlowDQYJKoZIhvcNAQECBQADggEBAF8F5y82zgtxcwQ4aFvrkanT
-ygyd5+RW/Y//vpck44V+CYx1d1r+QkauaXel9qUKBPsg2dUwQ+jwV/m+Sp2MHaX5
-NfW7XUb7Ji4yhwgh9/9vFPqqnKBf9esLJuJoQ4mLhcGB5J1yCcavLrynvB4PJEnG
-graTbbyizelXBmk3ApvNYxczJZxt7EzpVbrFaev7myGmOffdDkIMc2WDpDkyLTlU
-kITjB7fMJhD/dgNskKZ4fgkKKKPCMJrJPO67Wzwqx/6vsrZcACB9X+143WZr4GVO
-Fw2SaMnqfVLlUEndoOpbLCU4ugcc82kQQF3TsovXJYW7XqoWl2u/ENCwShl9rl4=
------END X509 CRL-----
diff --git a/tests/data_files/crl_md4.pem b/tests/data_files/crl_md4.pem
deleted file mode 100644
index 1f77dab..0000000
--- a/tests/data_files/crl_md4.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN X509 CRL-----
-MIIBqzCBlDANBgkqhkiG9w0BAQMFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIxMjE0NDQw
-N1oXDTExMDQxMzE0NDQwN1owKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
-MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEDBQADggEBAIJtYXy3uwIpmSGfi9muS8xv
-36FT6g3s1V/xicdPa54juJgBI6sxHKzQtbSNIbqadEWwUtvQ8k1EMRo9UGObhRV8
-i+UWm5qi0GFV7nMi4E2p2Ji/sFKtgdxkzhCfn+p3MoGgx/nC7YtwpnNdF+kuCV1M
-JTPqfm+taZkYADOafP/hRaPx3TI+HNE3ux4Cb7hNpWdfWzt48ZPMuhCMzItLd/UK
-xxjJam9XAGUTKi7+eWtma9XzmYOIElQv2KFPVMcx5nvg039rrWK6tObGL67kCfTH
-v+nIx7rAOW6UNU8aj1kfJHYjEKMBH1I9wjMSHUpkxBLQOKlPNRksiEVsIhmEVss=
------END X509 CRL-----
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der
deleted file mode 100644
index e7e32b0..0000000
--- a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der
+++ /dev/null
Binary files differ
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem
deleted file mode 100644
index 089945b..0000000
--- a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIICnjAcBgoqhkiG9w0BDAEBMA4ECHgR0/cyo14UAgIIAASCAnzDfJIvSkRQKqrV
-lAzAMnhd42XlhqWAJLh6aB76LIWVmepDkNnXRNX0W1R+XE27/uzgs4lcovW5hU40
-2HZlv3R0u9MEvMhadjL4ZWS94143p9y7P4vnYembOcc2WnlhFaGSMLFSwMI5vgnL
-8xz2P9+d8IuxGpFSgw8S8zchg4Ewzk+0nSdG0px4T5K21uhsFzjvZRLrG7XXuIee
-tKluUauy4diqA5jrJ1ShmrFmNTvtzAPfMX+QohuY8nhRUeH6bx9dEWpbIq/1K/25
-1uIdInZff850YKRQpK1IkinW0YfFxoA+sUGvxs+aDecbq8w3noaRIjJN7r7ipFEK
-dhdehOxD21Mq7iqsujV9RJxAbqkuoTfECHJP6N/Dmp9CY0wpnE1lnHOTZwCWqDPh
-aumtaFsMxJdNPZ3M5xmGInPWnT3JpW2hwtoOF0Vb0pP9VSfo+3yCm9b5ipFvcs8C
-+c2MdK87zSqFvKc19cuv9tggguCzNjAcECHN7pgY4VId7cWMK/y3k4mk2C8hPQDw
-S7gm/n76BSxjZFjs9ZQn9n5meO/47ohgV1ua2WICPMuPmzz+IPJpT6mQrcPTbzm+
-nNGrBVRooPYwnHPYKGlPJWkfFzsWnQ6dRgEOcM3DJMfU29QLHmNHu0ucz2k2f2C2
-AHB1EFEIC5Rw2BxH1x/gqYlZAB7TCHZ86XWIzbYdJlyNjb+poXNczLvghpvoIBC6
-dxEEsxVVzRYCRbmLtNTdXa7XfQfEaRs5GR3qrKoNNDzms11btQWo8eiZUNIMA6sA
-i3Qhs73feJ5P3hup8Kl2P9N29MuAjYsS2oeZApjdiXAzf5IeFaqTQRHR6Vumvn65
-TLE=
------END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der
deleted file mode 100644
index 7ebca11..0000000
--- a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der
+++ /dev/null
Binary files differ
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem
deleted file mode 100644
index ad926ad..0000000
--- a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIE5DAcBgoqhkiG9w0BDAEBMA4ECLSMnow3PFQjAgIIAASCBMKuiZ+kNidmdRCN
-EYHL8FVAAPRY3RFrjZfqNK8XHSxaZzLWjaCQj5Yv14ALjs2k34Ru/xvqRfamN4NY
-M1MrPt7sUSS2jnDwm/IQ80vYYgmH9zKexVTMsZQ2CoLEM3ZMLm6wCkEHuuFZkQX4
-Z0EbnXiWs8PpfrYxed8BMT5o8cW+yiixxMesyj1x8Bgp7r82ZpVZshhDXlnzpbnc
-IiSaqe0obzGZnNu5I+/bXTbyXiAccLj2BuNqX67Om9LBqh/igwNpHQpNIaxmvxqL
-MlqdPDjRYN0qe4d6JqqnFx1YzdTiRLlAnHDnK4G5mZwb50Nixy5mrgI6IhCrsTHQ
-09/yfo1jHR9ido41Sbu7PcVxn6/gzpNVXgwDOw8ia6Bxq0dDnLH8/1IawB69DiSD
-wuNSdQcBtJy8hCZN7wa6uNCzTclvXLwOtTJ6D//UmpFRv46ZYsK6uySwFwDOeDrW
-AyuSoKd9C9cedG30XAyVHFMffkZYCxT8RnQuLrouUwMdEd+7qeApQMBw3InyII+9
-ykhoO1qiH5wyehNFmxEjQUTIdOs8hcOic71FggJ/+bMTnji4ukdPPKHBSdwPjbnc
-qe/ch/KDfIUNyy/51uNMjSdOweJqG9SIIlfDG6Pd2bMFkao1Y7VsG4AM89mGYIWo
-AJDuBrl7AEsm0WSVENyDa+7qjKsS06pcFG0JsmeZb62SSds5+/Nq1Kn5//2ShpHd
-SA1NabnMn1fpCI02tc66igk5isjqp49o3MKguXwiIjo8nGM5dSy/qYSkVhLxVTzz
-ovYhOjMoHRFYqfK1wxT9CExLz9+CI8sWawh1/hDKha2tPlhm2S1OabPTIk3Qn36W
-aCbhGXYWchILReK0d9W6SJZ2v4uNuDjbye6qrSmCHBurCw17l84kBx0vFTDDW80q
-VB3PFUOL2+XYgk17qagMVJHJa5s8ER//MZ3QDO09RJktusaKClR4kE9xkZFUQHF/
-+U4L7DyCtGr1ajdvudNXXYtlD3QoZukrsI1v9XGXPWloVRCU0+x8VCcIKLbwLmGD
-NCkeaQbOypRiPc0WRdJnwsjBlDC2Icd9zWLH8qnVBA0b2TGh3amalsUkEy9NSuGT
-yDIt05uQP0rX1T1rohMNOWHkColtcc6ZxlJuBReHWhF+9RJXPBtA3TmVgC6x0GVF
-FND8DKWHGG+7h/0DKD9r5lRNqhagmQnqwoUVtn56KtazUtrscAt6O3RsTU09Ys5A
-jsuzR+O7uTT0SHr/24YtrqNnXumJZZHayF6T0xpn8xIhWULoAjm1e4EQh/THcMYJ
-PwriuoXZVWZKLeSlomlaV6BD285eTjmjfT5SKv+Aqji3XA5PJXhUtEA7x4kue45G
-4sFWW9eCMpxXecJhO4Dwhk8/dP/3iOFTY5tHtT4OO0c3klI53O2U98D7781QIEkn
-dE3qsTXurM4arvsu7EYMM9ihrqeQbb1pEySfkdT15I4bCTFRykYI9ZIZ8iUgFtAg
-TUP66e7bkv8sxZLHKGpfOSUR+jbQLyahtWz7+EonSUYc9AbErXnnXmZH6mgQw4qd
-Dgi9i5PGWr8I2xz8l7+H9G2TbueSqLLH9ecMRfey70W0D/nX5k3B+SmpTSqQ3zvk
-k+pM9bWevlc=
------END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der
deleted file mode 100644
index f3bda63..0000000
--- a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der
+++ /dev/null
Binary files differ
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem
deleted file mode 100644
index 53867ac..0000000
--- a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem
+++ /dev/null
@@ -1,53 +0,0 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIJaDAcBgoqhkiG9w0BDAEBMA4ECOJxEWpN/HEEAgIIAASCCUYouEt15A4DUZoG
-aJvr19vCKfGPErYDkh1fI9u04hDEKCdb+Z7oxaqXQ34rr0H1t8/SPdhpvqms9Bsz
-3nMIlgzEPnppyiRLCa4Ycev0jtA66xkxgGGXnA5uxZQcTOFsGDR4gpTn2hi7//BO
-gHhKVDbCd6nShZkNgNUe++tclNg65Fmazm2pwpnCPfY9TGnou8bynMrJrau0CPB+
-v+pI3NR39yxDcq6MNII542Ma8bZWE++WmqmSXjsnXyEV850Dw4j7khbevXlKIh3C
-fsf1mb1/lUc+8HtsjFLgBS3Iag2D/AfAbCDCY3wWG5KcMJk2CtNayOAmMetL7P1t
-S+i/zTmqAeNVaUF/6ciwY8JNA9YHnjV/0LH04I1Dn1emQVltcqKJahDSoxwGeLD0
-lv0EMQ9CBRHqdKKVaDjBJSqLkwQzLuiqye6ZREnoeIL2cYXDqWoxZzjtxr5t261F
-jl+gGBvAX5RRKz3+Vj7hb8y4n7npYJYXk+CanrsTblsBhOMaFhgup+Vd+UhHGQku
-FqHR28bHlJzxgUvlhYV/WdMUtHlGHvpax1Zo57ToC0JxlX/o+lPHiZvvpGZegYOe
-Mta5f4xI8PcfVrVbfpHaEnt+ffZPtDVZUfhfZwlMniUKX/kJgKGdtpnrgm0wefUR
-ymKmn4af2tY/nT828+pOBcRY8WV5G5EPthkA/EemXTor04bb9mglX9ZJ78vrv0n9
-XaOXkMGYuj698Rqkx5BtaVX8EjWKnknHn/GOLSINu38UelRDV+xf5GQyDQREHsuu
-Mkj6AcygD5eP0p4AZZaHw9H6nytoZ9SX/vhUmRTk2vbrgnAPwRBFnZy6S4mipfFc
-m82EyC4RHklbIriMRRY7EHamBrUTg+8axCqBWY1jtSvTXwm40ybpigsiphtbcaCN
-9hT13VfVkglyQIbmxvxeoo9McgKv2BoP+0i5xIdmstu63bcHxO/DaMXw9WPOGgdm
-kyFU4MwJZhvk57H4HwleIPXXJd93OJ0NNunDgBWxh3mnKqnM9hpit6ljjl8y41RC
-QvJTO5cR3cKuzPpzTqfpC8eYeXiYChuFDgXKXubGE/PSSzSmU7cnKUrHAOyrXlD0
-EdCZkQBFF0gnLksVSjaF/owORlc1KualcD9ahOgWoaup4MqlyW7A+BHJ+f3Iz22z
-oezU/B/FGPTcRc+kEpPyIHG+98nNeh2N5nmY1+piXkJCsq0WdcjB13t8MHLLGqQ8
-shUpiKtkwtO45DIP3xVykntZsPb2gHuj2JoHjXYnxmZ7MRVbTe+s1F3xpITNa+G2
-2Yorp0zqVrhNfvtsLG1i0XdOwockHo5k+dAFkNngJvQVTwsBUw/gqcDwgkoG0yKZ
-NZTZDRJDv3yfopbIvGxmXBj723/OcR0prKLHUc5qaCvK5y0rvM7G+Dg2/W1rzRGx
-9IjCOyZzkUVwE9vKZO+mdsa1zeVja1DtU1sjh3k3+Lw6P2+LcVZKWI7IjJ7vcNxt
-XRI6+jlaR3/ht++3+ADgBpZUVAzBwiKeaneanFoiu0kbXv+G74bVDXvKLTXXbynv
-0mabkp8cszm2wMehp9WuqnBKtAot5Q6sPg4i6E0si3LrdDzKgENgMAF8+ShG5r4w
-ULHQBwMpvNS6LnrY69TqAQp7MNS5JoCCHnQqXSgUQN53Zmcnmaz9qysHvbJLK/On
-Rp0akU5A+WHFNPvGqkF8ou5OZRrN9XQMk75RRgi1YYY+UddiaBAsxqFQBKq5ooxN
-0sE65WM76WU2/v10va4iCNPTFjB0MhGLrq08sgSNfHhePpBK+WANuzjWDUWS+ekC
-VCTNBAARzlPoxuF0YsUUhwYxqFw/VC4PW9WeT0kx8pvaIwhf7Xk++4TKbdayQehK
-ImH5vmvpeWxNa1O7nVyvaJfNvSoj49X1zNg4PKDAOm+kEAjGvWeWKEOiHTLIXbzu
-HztTw/pjNJ5NaCNVWeThYYduFuRZaqap5khpqP4s07zvDvkTyKiJj3MSFel/K7UV
-uy1e0HPymTFToeinLW0x3YaJnLcOKDmF0DSJB1gVwl55B3rEYb8tODF6BLjz149J
-BT91EXgj/Futj3YpPTcIjJXsBDElP/KaBtB6uZGkmXgnz8OvRgg7wJR3n1uHU6r+
-S+19ugY5I5hAFFMLAIg+zO2IqSXW1B+CiE94tr5z96VTyIckO2Ov6p5fcGpI1VkB
-KtcuXGUVuF9pqFRKkFChu90OiqxdcdKYqgjHy1z1jovuYm2pfCB4kvPLn57XVsmB
-T0ZcdHFBf+SwxuKdr8KsK2k4er5c4jTTIflWWktrD9JLcWLc1WUecL18lFByOOWh
-5fF7zX+NNsbMBES3F6TG+06NfgC6z24/h29zfnps75usEExBc7YHJsmWl3Aef6bF
-vcoS2ug8ZXaiefhlFkyx/frGpRnD57ZOvLCi/TUVf2G0cynEKvfsb21LN50eMKD2
-HiIBGoNj9f3vJdIhLTDFurf42ocY5EQzLGleIQ0Zpv6285LqwqKKl5v28o+A4qnp
-Xhkt/3pqZ6aJeSCNQd9Zg5tOd1tXpcTdzl/BmFIvmE+SIsYydLxrX1UEWfJfEL41
-J6qXTzebh7N16bGfxU09OT7puztuK+/vAHEvCGINddDaOJFayVdEaMVUux9nDkoz
-b1U/5UxzpzFdNUZBHg1JjkUWK8oTGmkJTlI1aKJKKA1RfmnzwOd4PeHI1hIuT8YQ
-8qwKY72mCCb4Sr+Xiw43CqJ9NgWCxYr0ua+hqm2xv43QMhSCNd7v1Dg0bi3ZgOi8
-1eSns5VZFww2JkYo7rrKz21EiFXjhZ4u8MF45M5/cbDqbaPVb6FMx7MqaKmnkpQ8
-xT4BC2M4xCiXnYrrjhugw2/FMkMchIN9jG47IQiACQ8pNqoTd2tLFCFpTZeeRCaP
-Dgd8rvaMXjY/Uu9zB+LgRlQ/c01hGL+/d8cNEFzTU9jajOLobi3pKQqLdvlo40Dl
-qH6eLTnYusrZnZySBuZD5c57BBW4GMuetvtqr2l8iV4BJnMvLZ9tB69eA1PhKXwq
-tHY7a0YkhLUUqKFyPvYcnHjU9Bvg9PnciXnoDFMP1Obkou27vpI6NVmIFKMX1OxQ
-A2IJ5YWaN6h8nJOV/THzKjMDmPbXLmtQDuaDPpDaNE+oDwto/UlSQPV8KtW/MR+s
-k3rLyN3KXoVl95gT
------END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/server1.req.md4 b/tests/data_files/server1.req.md4
deleted file mode 100644
index 1558549..0000000
--- a/tests/data_files/server1.req.md4
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
-GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
-ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
-HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
-W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
-FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
-DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBAwUA
-A4IBAQAu8SbWDi5udXrs/lljV+jdHky2BFuVFNxZgj5QvLslffdx2/Tj4MVCsqkY
-tAcy5g/urW1WwHcnJ20PRgt60m3BSUJffdKF/kgRyTN1oBFpApHGAJEHPahR/3Mz
-hMBk4D/r6lga60iUhIfky8o8KU+ovHXROHzGfYaVySatpyJW6tkJOz/1ZKLI4s4K
-HGLFxKBd6bvyuMSCpV31J7ZHPQfSH38VEEaTLJ2QOltWDX5k4DlL/F3I5K4VFWOm
-DMndMXkb7LhL9jcaJJRzEmbX3aMdt2aXhQt2LDFMnMCeSHI014URnQd6IzRQYZPp
-qGZf2UmuJdLeIMzSNX2rZ+SVDX9o
------END CERTIFICATE REQUEST-----
diff --git a/tests/include/alt-dummy/aes_alt.h b/tests/include/alt-dummy/aes_alt.h
new file mode 100644
index 0000000..f226188
--- /dev/null
+++ b/tests/include/alt-dummy/aes_alt.h
@@ -0,0 +1,37 @@
+/* aes_alt.h with dummy types for MBEDTLS_AES_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef AES_ALT_H
+#define AES_ALT_H
+
+typedef struct mbedtls_aes_context
+{
+ int dummy;
+}
+mbedtls_aes_context;
+
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+
+typedef struct mbedtls_aes_xts_context
+{
+ int dummy;
+} mbedtls_aes_xts_context;
+#endif
+
+
+#endif /* aes_alt.h */
diff --git a/tests/include/alt-dummy/aria_alt.h b/tests/include/alt-dummy/aria_alt.h
new file mode 100644
index 0000000..5f2335b
--- /dev/null
+++ b/tests/include/alt-dummy/aria_alt.h
@@ -0,0 +1,29 @@
+/* aria_alt.h with dummy types for MBEDTLS_ARIA_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ARIA_ALT_H
+#define ARIA_ALT_H
+
+typedef struct mbedtls_aria_context
+{
+ int dummy;
+}
+mbedtls_aria_context;
+
+
+#endif /* aria_alt.h */
diff --git a/tests/include/alt-dummy/camellia_alt.h b/tests/include/alt-dummy/camellia_alt.h
new file mode 100644
index 0000000..c23d1b4
--- /dev/null
+++ b/tests/include/alt-dummy/camellia_alt.h
@@ -0,0 +1,29 @@
+/* camellia_alt.h with dummy types for MBEDTLS_CAMELLIA_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CAMELLIA_ALT_H
+#define CAMELLIA_ALT_H
+
+typedef struct mbedtls_camellia_context
+{
+ int dummy;
+}
+mbedtls_camellia_context;
+
+
+#endif /* camellia_alt.h */
diff --git a/tests/include/alt-dummy/ccm_alt.h b/tests/include/alt-dummy/ccm_alt.h
new file mode 100644
index 0000000..dcb834e
--- /dev/null
+++ b/tests/include/alt-dummy/ccm_alt.h
@@ -0,0 +1,29 @@
+/* ccm_alt.h with dummy types for MBEDTLS_CCM_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CCM_ALT_H
+#define CCM_ALT_H
+
+typedef struct mbedtls_ccm_context
+{
+ int dummy;
+}
+mbedtls_ccm_context;
+
+
+#endif /* ccm_alt.h */
diff --git a/tests/include/alt-dummy/chacha20_alt.h b/tests/include/alt-dummy/chacha20_alt.h
new file mode 100644
index 0000000..7a5a25c
--- /dev/null
+++ b/tests/include/alt-dummy/chacha20_alt.h
@@ -0,0 +1,29 @@
+/* chacha20_alt.h with dummy types for MBEDTLS_CHACHA20_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CHACHA20_ALT_H
+#define CHACHA20_ALT_H
+
+typedef struct mbedtls_chacha20_context
+{
+ int dummy;
+}
+mbedtls_chacha20_context;
+
+
+#endif /* chacha20_alt.h */
diff --git a/tests/include/alt-dummy/chachapoly_alt.h b/tests/include/alt-dummy/chachapoly_alt.h
new file mode 100644
index 0000000..448517d
--- /dev/null
+++ b/tests/include/alt-dummy/chachapoly_alt.h
@@ -0,0 +1,31 @@
+/* chachapoly_alt.h with dummy types for MBEDTLS_CHACHAPOLY_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CHACHAPOLY_ALT_H
+#define CHACHAPOLY_ALT_H
+
+#include "mbedtls/chacha20.h"
+
+typedef struct mbedtls_chachapoly_context
+{
+ int dummy;
+}
+mbedtls_chachapoly_context;
+
+
+#endif /* chachapoly_alt.h */
diff --git a/tests/include/alt-dummy/cmac_alt.h b/tests/include/alt-dummy/cmac_alt.h
new file mode 100644
index 0000000..4c9feee
--- /dev/null
+++ b/tests/include/alt-dummy/cmac_alt.h
@@ -0,0 +1,28 @@
+/* cmac_alt.h with dummy types for MBEDTLS_CMAC_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CMAC_ALT_H
+#define CMAC_ALT_H
+
+struct mbedtls_cmac_context_t
+{
+ int dummy;
+};
+
+
+#endif /* cmac_alt.h */
diff --git a/tests/include/alt-dummy/des_alt.h b/tests/include/alt-dummy/des_alt.h
new file mode 100644
index 0000000..e5a0bd3
--- /dev/null
+++ b/tests/include/alt-dummy/des_alt.h
@@ -0,0 +1,36 @@
+/* des_alt.h with dummy types for MBEDTLS_DES_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#ifndef DES_ALT_H
+#define DES_ALT_H
+
+typedef struct mbedtls_des_context
+{
+ int dummy;
+}
+mbedtls_des_context;
+
+typedef struct mbedtls_des3_context
+{
+ int dummy;
+}
+mbedtls_des3_context;
+
+
+#endif /* des_alt.h */
diff --git a/tests/include/alt-dummy/dhm_alt.h b/tests/include/alt-dummy/dhm_alt.h
new file mode 100644
index 0000000..6289a41
--- /dev/null
+++ b/tests/include/alt-dummy/dhm_alt.h
@@ -0,0 +1,29 @@
+/* dhm_alt.h with dummy types for MBEDTLS_DHM_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef DHM_ALT_H
+#define DHM_ALT_H
+
+typedef struct mbedtls_dhm_context
+{
+ int dummy;
+}
+mbedtls_dhm_context;
+
+
+#endif /* dhm_alt.h */
diff --git a/tests/include/alt-dummy/ecjpake_alt.h b/tests/include/alt-dummy/ecjpake_alt.h
new file mode 100644
index 0000000..8de0fcf
--- /dev/null
+++ b/tests/include/alt-dummy/ecjpake_alt.h
@@ -0,0 +1,28 @@
+/* ecjpake_alt.h with dummy types for MBEDTLS_ECJPAKE_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ECJPAKE_ALT_H
+#define ECJPAKE_ALT_H
+
+typedef struct mbedtls_ecjpake_context
+{
+ int dummy;
+} mbedtls_ecjpake_context;
+
+
+#endif /* ecjpake_alt.h */
diff --git a/tests/include/alt-dummy/ecp_alt.h b/tests/include/alt-dummy/ecp_alt.h
new file mode 100644
index 0000000..d263871
--- /dev/null
+++ b/tests/include/alt-dummy/ecp_alt.h
@@ -0,0 +1,35 @@
+/* ecp_alt.h with dummy types for MBEDTLS_ECP_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ECP_ALT_H
+#define ECP_ALT_H
+
+typedef struct mbedtls_ecp_group
+{
+ const mbedtls_ecp_group_id id;
+ const mbedtls_mpi P;
+ const mbedtls_mpi A;
+ const mbedtls_mpi B;
+ const mbedtls_ecp_point G;
+ const mbedtls_mpi N;
+ const size_t pbits;
+ const size_t nbits;
+}
+mbedtls_ecp_group;
+
+#endif /* ecp_alt.h */
diff --git a/tests/include/alt-dummy/gcm_alt.h b/tests/include/alt-dummy/gcm_alt.h
new file mode 100644
index 0000000..94986ff
--- /dev/null
+++ b/tests/include/alt-dummy/gcm_alt.h
@@ -0,0 +1,29 @@
+/* gcm_alt.h with dummy types for MBEDTLS_GCM_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef GCM_ALT_H
+#define GCM_ALT_H
+
+typedef struct mbedtls_gcm_context
+{
+ int dummy;
+}
+mbedtls_gcm_context;
+
+
+#endif /* gcm_alt.h */
diff --git a/tests/include/alt-dummy/md5_alt.h b/tests/include/alt-dummy/md5_alt.h
new file mode 100644
index 0000000..c119147
--- /dev/null
+++ b/tests/include/alt-dummy/md5_alt.h
@@ -0,0 +1,29 @@
+/* md5_alt.h with dummy types for MBEDTLS_MD5_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MD5_ALT_H
+#define MD5_ALT_H
+
+typedef struct mbedtls_md5_context
+{
+ int dummy;
+}
+mbedtls_md5_context;
+
+
+#endif /* md5_alt.h */
diff --git a/tests/include/alt-dummy/nist_kw_alt.h b/tests/include/alt-dummy/nist_kw_alt.h
new file mode 100644
index 0000000..8fec116
--- /dev/null
+++ b/tests/include/alt-dummy/nist_kw_alt.h
@@ -0,0 +1,27 @@
+/* nist_kw_alt.h with dummy types for MBEDTLS_NIST_KW_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef NIST_KW_ALT_H
+#define NIST_KW_ALT_H
+
+typedef struct {
+ int dummy;
+} mbedtls_nist_kw_context;
+
+
+#endif /* nist_kw_alt.h */
diff --git a/tests/include/alt-dummy/platform_alt.h b/tests/include/alt-dummy/platform_alt.h
new file mode 100644
index 0000000..2bf712d
--- /dev/null
+++ b/tests/include/alt-dummy/platform_alt.h
@@ -0,0 +1,29 @@
+/* platform_alt.h with dummy types for MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PLATFORM_ALT_H
+#define PLATFORM_ALT_H
+
+typedef struct mbedtls_platform_context
+{
+ int dummy;
+}
+mbedtls_platform_context;
+
+
+#endif /* platform_alt.h */
diff --git a/tests/include/alt-dummy/poly1305_alt.h b/tests/include/alt-dummy/poly1305_alt.h
new file mode 100644
index 0000000..b8c1210
--- /dev/null
+++ b/tests/include/alt-dummy/poly1305_alt.h
@@ -0,0 +1,29 @@
+/* poly1305_alt.h with dummy types for MBEDTLS_POLY1305_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef POLY1305_ALT_H
+#define POLY1305_ALT_H
+
+typedef struct mbedtls_poly1305_context
+{
+ int dummy;
+}
+mbedtls_poly1305_context;
+
+
+#endif /* poly1305_alt.h */
diff --git a/tests/include/alt-dummy/ripemd160_alt.h b/tests/include/alt-dummy/ripemd160_alt.h
new file mode 100644
index 0000000..722aeeb
--- /dev/null
+++ b/tests/include/alt-dummy/ripemd160_alt.h
@@ -0,0 +1,29 @@
+/* ripemd160_alt.h with dummy types for MBEDTLS_RIPEMD160_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef RIPEMD160_ALT_H
+#define RIPEMD160_ALT_H
+
+typedef struct mbedtls_ripemd160_context
+{
+ int dummy;
+}
+mbedtls_ripemd160_context;
+
+
+#endif /* ripemd160_alt.h */
diff --git a/tests/include/alt-dummy/rsa_alt.h b/tests/include/alt-dummy/rsa_alt.h
new file mode 100644
index 0000000..ae80dba
--- /dev/null
+++ b/tests/include/alt-dummy/rsa_alt.h
@@ -0,0 +1,29 @@
+/* rsa_alt.h with dummy types for MBEDTLS_RSA_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef RSA_ALT_H
+#define RSA_ALT_H
+
+typedef struct mbedtls_rsa_context
+{
+ int dummy;
+}
+mbedtls_rsa_context;
+
+
+#endif /* rsa_alt.h */
diff --git a/tests/include/alt-dummy/sha1_alt.h b/tests/include/alt-dummy/sha1_alt.h
new file mode 100644
index 0000000..df2990b
--- /dev/null
+++ b/tests/include/alt-dummy/sha1_alt.h
@@ -0,0 +1,29 @@
+/* sha1_alt.h with dummy types for MBEDTLS_SHA1_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SHA1_ALT_H
+#define SHA1_ALT_H
+
+typedef struct mbedtls_sha1_context
+{
+ int dummy;
+}
+mbedtls_sha1_context;
+
+
+#endif /* sha1_alt.h */
diff --git a/tests/include/alt-dummy/sha256_alt.h b/tests/include/alt-dummy/sha256_alt.h
new file mode 100644
index 0000000..7e501ed
--- /dev/null
+++ b/tests/include/alt-dummy/sha256_alt.h
@@ -0,0 +1,29 @@
+/* sha256_alt.h with dummy types for MBEDTLS_SHA256_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SHA256_ALT_H
+#define SHA256_ALT_H
+
+typedef struct mbedtls_sha256_context
+{
+ int dummy;
+}
+mbedtls_sha256_context;
+
+
+#endif /* sha256_alt.h */
diff --git a/tests/include/alt-dummy/sha512_alt.h b/tests/include/alt-dummy/sha512_alt.h
new file mode 100644
index 0000000..45c9599
--- /dev/null
+++ b/tests/include/alt-dummy/sha512_alt.h
@@ -0,0 +1,29 @@
+/* sha512_alt.h with dummy types for MBEDTLS_SHA512_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SHA512_ALT_H
+#define SHA512_ALT_H
+
+typedef struct mbedtls_sha512_context
+{
+ int dummy;
+}
+mbedtls_sha512_context;
+
+
+#endif /* sha512_alt.h */
diff --git a/tests/include/alt-dummy/threading_alt.h b/tests/include/alt-dummy/threading_alt.h
new file mode 100644
index 0000000..ff2fed5
--- /dev/null
+++ b/tests/include/alt-dummy/threading_alt.h
@@ -0,0 +1,27 @@
+/* threading_alt.h with dummy types for MBEDTLS_THREADING_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef THREADING_ALT_H
+#define THREADING_ALT_H
+
+typedef struct mbedtls_threading_mutex_t
+{
+ int dummy;
+} mbedtls_threading_mutex_t;
+
+#endif /* threading_alt.h */
diff --git a/tests/include/alt-dummy/timing_alt.h b/tests/include/alt-dummy/timing_alt.h
new file mode 100644
index 0000000..f2da154
--- /dev/null
+++ b/tests/include/alt-dummy/timing_alt.h
@@ -0,0 +1,33 @@
+/* timing_alt.h with dummy types for MBEDTLS_TIMING_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TIMING_ALT_H
+#define TIMING_ALT_H
+
+struct mbedtls_timing_hr_time
+{
+ int dummy;
+};
+
+typedef struct mbedtls_timing_delay_context
+{
+ int dummy;
+} mbedtls_timing_delay_context;
+
+
+#endif /* timing_alt.h */
diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
index 9bfe085..c0d2c00 100644
--- a/tests/include/test/helpers.h
+++ b/tests/include/test/helpers.h
@@ -25,6 +25,11 @@
#ifndef TEST_HELPERS_H
#define TEST_HELPERS_H
+/* Most fields of publicly available structs are private and are wrapped with
+ * MBEDTLS_PRIVATE macro. This define allows tests to access the private fields
+ * directly (without using the MBEDTLS_PRIVATE wrapper). */
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
@@ -54,6 +59,10 @@
#include <stddef.h>
#include <stdint.h>
+#if defined(MBEDTLS_BIGNUM_C)
+#include "mbedtls/bignum.h"
+#endif
+
typedef enum
{
MBEDTLS_TEST_RESULT_SUCCESS = 0,
@@ -175,95 +184,6 @@
int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b,
uint32_t a_len, uint32_t b_len );
-#if defined(MBEDTLS_CHECK_PARAMS)
-
-typedef struct
-{
- const char *failure_condition;
- const char *file;
- int line;
-}
-mbedtls_test_param_failed_location_record_t;
-
-/**
- * \brief Get the location record of the last call to
- * mbedtls_test_param_failed().
- *
- * \note The call expectation is set up and active until the next call to
- * mbedtls_test_param_failed_check_expected_call() or
- * mbedtls_param_failed() that cancels it.
- */
-void mbedtls_test_param_failed_get_location_record(
- mbedtls_test_param_failed_location_record_t *location_record );
-
-/**
- * \brief State that a call to mbedtls_param_failed() is expected.
- *
- * \note The call expectation is set up and active until the next call to
- * mbedtls_test_param_failed_check_expected_call() or
- * mbedtls_param_failed that cancel it.
- */
-void mbedtls_test_param_failed_expect_call( void );
-
-/**
- * \brief Check whether mbedtls_param_failed() has been called as expected.
- *
- * \note Check whether mbedtls_param_failed() has been called between the
- * last call to mbedtls_test_param_failed_expect_call() and the call
- * to this function.
- *
- * \return \c 0 Since the last call to mbedtls_param_failed_expect_call(),
- * mbedtls_param_failed() has been called.
- * \c -1 Otherwise.
- */
-int mbedtls_test_param_failed_check_expected_call( void );
-
-/**
- * \brief Get the address of the object of type jmp_buf holding the execution
- * state information used by mbedtls_param_failed() to do a long jump.
- *
- * \note If a call to mbedtls_param_failed() is not expected in the sense
- * that there is no call to mbedtls_test_param_failed_expect_call()
- * preceding it, then mbedtls_param_failed() will try to restore the
- * execution to the state stored in the jmp_buf object whose address
- * is returned by the present function.
- *
- * \note This function is intended to provide the parameter of the
- * setjmp() function to set-up where mbedtls_param_failed() should
- * long-jump if it has to. It is foreseen to be used as:
- *
- * setjmp( mbedtls_test_param_failed_get_state_buf() ).
- *
- * \note The type of the returned value is not jmp_buf as jmp_buf is an
- * an array type (C specification) and a function cannot return an
- * array type.
- *
- * \note The type of the returned value is not jmp_buf* as then the return
- * value couldn't be used by setjmp(), as its parameter's type is
- * jmp_buf.
- *
- * \return Address of the object of type jmp_buf holding the execution state
- * information used by mbedtls_param_failed() to do a long jump.
- */
-void* mbedtls_test_param_failed_get_state_buf( void );
-
-/**
- * \brief Reset the execution state used by mbedtls_param_failed() to do a
- * long jump.
- *
- * \note If a call to mbedtls_param_failed() is not expected in the sense
- * that there is no call to mbedtls_test_param_failed_expect_call()
- * preceding it, then mbedtls_param_failed() will try to restore the
- * execution state that this function reset.
- *
- * \note It is recommended to reset the execution state when the state
- * is not relevant anymore. That way an unexpected call to
- * mbedtls_param_failed() will not trigger a long jump with
- * undefined behavior but rather a long jump that will rather fault.
- */
-void mbedtls_test_param_failed_reset_state( void );
-#endif /* MBEDTLS_CHECK_PARAMS */
-
#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
#include "test/fake_external_rng_for_test.h"
#endif
@@ -294,4 +214,25 @@
const char *file, int line);
#endif
+#if defined(MBEDTLS_BIGNUM_C)
+/** Read an MPI from a string.
+ *
+ * Like mbedtls_mpi_read_string(), but size the resulting bignum based
+ * on the number of digits in the string. In particular, construct a
+ * bignum with 0 limbs for an empty string, and a bignum with leading 0
+ * limbs if the string has sufficiently many leading 0 digits.
+ *
+ * This is important so that the "0 (null)" and "0 (1 limb)" and
+ * "leading zeros" test cases do what they claim.
+ *
+ * \param[out] X The MPI object to populate. It must be initialized.
+ * \param radix The radix (2 to 16).
+ * \param[in] s The null-terminated string to read from.
+ *
+ * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
+ */
+/* Since the library has exactly the desired behavior, this is trivial. */
+int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s );
+#endif /* MBEDTLS_BIGNUM_C */
+
#endif /* TEST_HELPERS_H */
diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h
index b7b6e8f..87e86d3 100644
--- a/tests/include/test/macros.h
+++ b/tests/include/test/macros.h
@@ -58,13 +58,6 @@
* It allows a library function to return a value and return an error
* code that can be tested.
*
- * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
- * callback, MBEDTLS_PARAM_FAILED(), will be assumed to be a test
- * failure.
- *
- * This macro is not suitable for negative parameter validation tests,
- * as it assumes the test step will not create an error.
- *
* Failing the test means:
* - Mark this test case as failed.
* - Print a message identifying the failure.
@@ -181,107 +174,6 @@
} \
} while( 0 )
-#if defined(MBEDTLS_CHECK_PARAMS) && !defined(MBEDTLS_PARAM_FAILED_ALT)
-/**
- * \brief This macro tests the statement passed to it as a test step or
- * individual test in a test case. The macro assumes the test will fail
- * and will generate an error.
- *
- * It allows a library function to return a value and tests the return
- * code on return to confirm the given error code was returned.
- *
- * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
- * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the
- * expected failure, and the test will pass.
- *
- * This macro is intended for negative parameter validation tests,
- * where the failing function may return an error value or call
- * MBEDTLS_PARAM_FAILED() to indicate the error.
- *
- * \param PARAM_ERROR_VALUE The expected error code.
- *
- * \param TEST The test expression to be tested.
- */
-#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \
- do { \
- mbedtls_test_param_failed_expect_call( ); \
- if( ( ( TEST ) != ( PARAM_ERR_VALUE ) ) || \
- ( mbedtls_test_param_failed_check_expected_call( ) != 0 ) ) \
- { \
- mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \
- goto exit; \
- } \
- mbedtls_test_param_failed_check_expected_call( ); \
- } while( 0 )
-
-/**
- * \brief This macro tests the statement passed to it as a test step or
- * individual test in a test case. The macro assumes the test will fail
- * and will generate an error.
- *
- * It assumes the library function under test cannot return a value and
- * assumes errors can only be indicated byt calls to
- * MBEDTLS_PARAM_FAILED().
- *
- * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
- * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the
- * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test
- * can be made.
- *
- * This macro is intended for negative parameter validation tests,
- * where the failing function can only return an error by calling
- * MBEDTLS_PARAM_FAILED() to indicate the error.
- *
- * \param TEST The test expression to be tested.
- */
-#define TEST_INVALID_PARAM( TEST ) \
- do { \
- memcpy( jmp_tmp, mbedtls_test_param_failed_get_state_buf( ), \
- sizeof( jmp_tmp ) ); \
- if( setjmp( mbedtls_test_param_failed_get_state_buf( ) ) == 0 ) \
- { \
- TEST; \
- mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \
- goto exit; \
- } \
- mbedtls_test_param_failed_reset_state( ); \
- } while( 0 )
-#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */
-
-/**
- * \brief This macro tests the statement passed to it as a test step or
- * individual test in a test case. The macro assumes the test will not fail.
- *
- * It assumes the library function under test cannot return a value and
- * assumes errors can only be indicated by calls to
- * MBEDTLS_PARAM_FAILED().
- *
- * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
- * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the
- * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test
- * can be made.
- *
- * This macro is intended to test that functions returning void
- * accept all of the parameter values they're supposed to accept - eg
- * that they don't call MBEDTLS_PARAM_FAILED() when a parameter
- * that's allowed to be NULL happens to be NULL.
- *
- * Note: for functions that return something other that void,
- * checking that they accept all the parameters they're supposed to
- * accept is best done by using TEST_ASSERT() and checking the return
- * value as well.
- *
- * Note: this macro is available even when #MBEDTLS_CHECK_PARAMS is
- * disabled, as it makes sense to check that the functions accept all
- * legal values even if this option is disabled - only in that case,
- * the test is more about whether the function segfaults than about
- * whether it invokes MBEDTLS_PARAM_FAILED().
- *
- * \param TEST The test expression to be tested.
- */
-#define TEST_VALID_PARAM( TEST ) \
- TEST_ASSERT( ( TEST, 1 ) );
-
#define TEST_HELPER_ASSERT(a) if( !( a ) ) \
{ \
mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \
diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h
index 57eae58..aa0aeb5 100644
--- a/tests/include/test/psa_exercise_key.h
+++ b/tests/include/test/psa_exercise_key.h
@@ -32,11 +32,7 @@
*
* This is used in some smoke tests.
*/
-#if defined(PSA_WANT_ALG_MD2)
-#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD2
-#elif defined(PSA_WANT_ALG_MD4)
-#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD4
-#elif defined(PSA_WANT_ALG_MD5)
+#if defined(PSA_WANT_ALG_MD5)
#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5
/* MBEDTLS_RIPEMD160_C omitted. This is necessary for the sake of
* exercise_signature_key() because Mbed TLS doesn't support RIPEMD160
@@ -111,9 +107,6 @@
#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER_ALG)
#define KNOWN_SUPPORTED_CIPHER_ALG KNOWN_SUPPORTED_BLOCK_CIPHER_ALG
#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER
-#elif defined(MBEDTLS_RC4_C)
-#define KNOWN_SUPPORTED_CIPHER_ALG PSA_ALG_RC4
-#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE PSA_KEY_TYPE_RC4
#else
#undef KNOWN_SUPPORTED_CIPHER_ALG
#undef KNOWN_SUPPORTED_CIPHER_KEY_TYPE
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 41a18b5..596e27d 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -651,6 +651,9 @@
}
pre_generate_files() {
+ # since make doesn't have proper dependencies, remove any possibly outdate
+ # file that might be around before generating fresh ones
+ make neat
make generated_files
}
@@ -1026,7 +1029,6 @@
scripts/config.py unset MBEDTLS_CTR_DRBG_C
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
- scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG
# When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG,
# the SSL test programs don't have an RNG and can't work. Explicitly
# make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG.
@@ -1049,7 +1051,6 @@
scripts/config.py unset MBEDTLS_CTR_DRBG_C
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
- scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG
make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites"
@@ -1074,43 +1075,6 @@
if_build_succeeded tests/ssl-opt.sh -f 'Default\|opaque'
}
-component_test_ecp_no_internal_rng () {
- msg "build: Default plus ECP_NO_INTERNAL_RNG minus DRBG modules"
- scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG
- scripts/config.py unset MBEDTLS_CTR_DRBG_C
- scripts/config.py unset MBEDTLS_HMAC_DRBG_C
- scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_C # requires a DRBG
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto
-
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: ECP_NO_INTERNAL_RNG, no DRBG module"
- make test
-
- # no SSL tests as they all depend on having a DRBG
-}
-
-component_test_ecp_restartable_no_internal_rng () {
- msg "build: Default plus ECP_RESTARTABLE and ECP_NO_INTERNAL_RNG, no DRBG"
- scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG
- scripts/config.py set MBEDTLS_ECP_RESTARTABLE
- scripts/config.py unset MBEDTLS_CTR_DRBG_C
- scripts/config.py unset MBEDTLS_HMAC_DRBG_C
- scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_C # requires CTR_DRBG
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto
-
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: ECP_RESTARTABLE and ECP_NO_INTERNAL_RNG, no DRBG module"
- make test
-
- # no SSL tests as they all depend on having a DRBG
-}
-
component_test_everest () {
msg "build: Everest ECDH context (ASan build)" # ~ 6 min
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
@@ -1125,7 +1089,7 @@
msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
# Exclude some symmetric ciphers that are redundant here to gain time.
- if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4'
+ if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES'
}
component_test_everest_curve25519_only () {
@@ -1213,8 +1177,8 @@
msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
- msg "test: compat.sh RC4, DES, 3DES & NULL (full config)" # ~ 2 min
- if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR'
+ msg "test: compat.sh DES, 3DES & NULL (full config)" # ~ 2 min
+ if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES'
msg "test: compat.sh ARIA + ChachaPoly"
if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
@@ -1390,6 +1354,38 @@
make TEST_CPP=1
}
+component_build_module_alt () {
+ msg "build: MBEDTLS_XXX_ALT" # ~30s
+ scripts/config.py full
+ # Disable options that are incompatible with some ALT implementations.
+ # aesni.c and padlock.c reference mbedtls_aes_context fields directly.
+ scripts/config.py unset MBEDTLS_AESNI_C
+ scripts/config.py unset MBEDTLS_PADLOCK_C
+ # You can only have one threading implementation: alt or pthread, not both.
+ scripts/config.py unset MBEDTLS_THREADING_PTHREAD
+ # The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields
+ # directly and assumes the implementation works with partial groups.
+ scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
+ # Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable
+ # MBEDTLS_XXX_YYY_ALT which are for single functions.
+ scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT'
+ scripts/config.py unset MBEDTLS_DHM_ALT #incompatible with MBEDTLS_DEBUG_C
+ # We can only compile, not link, since we don't have any implementations
+ # suitable for testing with the dummy alt headers.
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
+}
+
+component_build_dhm_alt () {
+ msg "build: MBEDTLS_DHM_ALT" # ~30s
+ scripts/config.py full
+ scripts/config.py set MBEDTLS_DHM_ALT
+ # debug.c currently references mbedtls_dhm_context fields directly.
+ scripts/config.py unset MBEDTLS_DEBUG_C
+ # We can only compile, not link, since we don't have any implementations
+ # suitable for testing with the dummy alt headers.
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
+}
+
component_test_no_use_psa_crypto_full_cmake_asan() {
# full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan"
@@ -1412,8 +1408,8 @@
msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)"
if_build_succeeded tests/compat.sh
- msg "test: compat.sh RC4, DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
- if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
+ msg "test: compat.sh DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
+ if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES'
msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)"
if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
@@ -1460,8 +1456,6 @@
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CFB"
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA"
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA"
- loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD2"
- loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD4"
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD5"
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_OFB"
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160"
@@ -1590,46 +1584,6 @@
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
-# This should be renamed to test and updated once the accelerator MD2 code is in place and ready to test.
-component_build_psa_accel_alg_md2() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD2 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD2 - other hashes"
- scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD2 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# This should be renamed to test and updated once the accelerator MD4 code is in place and ready to test.
-component_build_psa_accel_alg_md4() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD4 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD4 - other hashes"
- scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD4 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
-}
-
# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test.
component_build_psa_accel_alg_md5() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD5 without other hashes
@@ -1638,8 +1592,6 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
@@ -1658,8 +1610,6 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
@@ -1678,8 +1628,6 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
@@ -1698,8 +1646,6 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
@@ -1717,8 +1663,6 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
@@ -1737,8 +1681,6 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
@@ -1756,8 +1698,6 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
@@ -1860,38 +1800,6 @@
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
-component_test_check_params_functionality () {
- msg "build+test: MBEDTLS_CHECK_PARAMS functionality"
- scripts/config.py full # includes CHECK_PARAMS
- # Make MBEDTLS_PARAM_FAILED call mbedtls_param_failed().
- scripts/config.py unset MBEDTLS_CHECK_PARAMS_ASSERT
- make CC=gcc CFLAGS='-Werror -O1' all test
-}
-
-component_test_check_params_without_platform () {
- msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C"
- scripts/config.py full # includes CHECK_PARAMS
- # Keep MBEDTLS_PARAM_FAILED as assert.
- scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT
- scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT
- scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT
- scripts/config.py unset MBEDTLS_PLATFORM_MEMORY
- scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
- scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT
- scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT
- scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
- scripts/config.py unset MBEDTLS_PLATFORM_C
- make CC=gcc CFLAGS='-Werror -O1' all test
-}
-
-component_test_check_params_silent () {
- msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()"
- scripts/config.py full # includes CHECK_PARAMS
- # Set MBEDTLS_PARAM_FAILED to nothing.
- sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H"
- make CC=gcc CFLAGS='-Werror -O1' all test
-}
-
component_test_no_platform () {
# Full configuration build, without platform support, file IO and net sockets.
# This should catch missing mbedtls_printf definitions, and by disabling file
@@ -2079,7 +1987,6 @@
component_test_when_no_ciphersuites_have_mac () {
msg "build: when no ciphersuites have MAC"
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
- scripts/config.py unset MBEDTLS_ARC4_C
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
scripts/config.py unset MBEDTLS_CMAC_C
make
@@ -2226,8 +2133,6 @@
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CFB"
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA"
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA"
- loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD2"
- loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD4"
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD5"
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_OFB"
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160"
@@ -2344,7 +2249,7 @@
msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
# Exclude some symmetric ciphers that are redundant here to gain time.
- if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4'
+ if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES'
}
support_test_m32_everest () {
support_test_m32_o0 "$@"
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index 93b7e1d..8fcde6f 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -118,10 +118,10 @@
sh compat.sh -m 'tls1_2 dtls1_2'
echo
- echo '#### compat.sh: legacy (null, DES, RC4)'
+ echo '#### compat.sh: legacy (null, DES)'
OPENSSL_CMD="$OPENSSL_LEGACY" \
GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \
- sh compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR'
+ sh compat.sh -e '^$' -f 'NULL\|DES'
echo
echo '#### compat.sh: next (ARIA, ChaCha)'
diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh
index 9492896..2a06adc 100755
--- a/tests/scripts/check-names.sh
+++ b/tests/scripts/check-names.sh
@@ -90,7 +90,7 @@
printf "Likely typos: "
sort -u actual-macros enum-consts > _caps
-HEADERS=$( ls include/mbedtls/*.h include/psa/*.h )
+HEADERS=$( ls include/mbedtls/*.h include/psa/*.h | egrep -v 'compat-2\.x\.h' )
HEADERS="$HEADERS library/*.h"
HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h"
LIBRARY="$( ls library/*.c )"
diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl
index 0778481..c5f1521 100755
--- a/tests/scripts/depends-hashes.pl
+++ b/tests/scripts/depends-hashes.pl
@@ -54,8 +54,6 @@
# should be tested together. Certain options depend on eachother and
# separating them would generate invalid configurations.
my @hash_configs = (
- ['unset MBEDTLS_MD2_C'],
- ['unset MBEDTLS_MD4_C'],
['unset MBEDTLS_MD5_C'],
['unset MBEDTLS_SHA512_C', 'unset MBEDTLS_SHA384_C '],
['unset MBEDTLS_SHA384_C'],
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 8c53414..9615c29 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -295,6 +295,38 @@
*extra_arguments])
return tc
+ def key_for_lifetime(
+ self,
+ lifetime: str,
+ ) -> StorageKey:
+ """Construct a test key for the given lifetime."""
+ short = lifetime
+ short = re.sub(r'PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION',
+ r'', short)
+ short = re.sub(r'PSA_KEY_[A-Z]+_', r'', short)
+ description = 'lifetime: ' + short
+ key = StorageKey(version=self.version,
+ id=1, lifetime=lifetime,
+ type='PSA_KEY_TYPE_RAW_DATA', bits=8,
+ usage='PSA_KEY_USAGE_EXPORT', alg=0, alg2=0,
+ material=b'L',
+ description=description)
+ return key
+
+ def all_keys_for_lifetimes(self) -> Iterator[StorageKey]:
+ """Generate test keys covering lifetimes."""
+ lifetimes = sorted(self.constructors.lifetimes)
+ expressions = self.constructors.generate_expressions(lifetimes)
+ for lifetime in expressions:
+ # Don't attempt to create or load a volatile key in storage
+ if 'VOLATILE' in lifetime:
+ continue
+ # Don't attempt to create a read-only key in storage,
+ # but do attempt to load one.
+ if 'READ_ONLY' in lifetime and self.forward:
+ continue
+ yield self.key_for_lifetime(lifetime)
+
def key_for_usage_flags(
self,
usage_flags: List[str],
@@ -395,12 +427,17 @@
# one go, which is a significant performance gain as the information
# includes numerical values obtained by compiling a C program.
keys = [] #type: List[StorageKey]
+ keys += self.all_keys_for_lifetimes()
keys += self.all_keys_for_usage_flags()
keys += self.all_keys_for_types()
keys += self.all_keys_for_algorithms()
for key in keys:
+ if key.location_value() != 0:
+ # Skip keys with a non-default location, because they
+ # require a driver and we currently have no mechanism to
+ # determine whether a driver is available.
+ continue
yield self.make_test_case(key)
- # To do: vary id, lifetime
class TestGenerator:
diff --git a/tests/scripts/list-enum-consts.pl b/tests/scripts/list-enum-consts.pl
index 225612f..6d93693 100755
--- a/tests/scripts/list-enum-consts.pl
+++ b/tests/scripts/list-enum-consts.pl
@@ -23,8 +23,7 @@
-d 'include/mbedtls' or die "$0: must be run from root\n";
-@ARGV = <include/mbedtls/*.h>;
-push @ARGV, <library/*.h>;
+@ARGV = grep { ! /compat-2\.x\.h/ } <include/mbedtls/*.h>;
push @ARGV, "3rdparty/everest/include/everest/everest.h";
push @ARGV, "3rdparty/everest/include/everest/x25519.h";
push @ARGV, glob("library/*.h");
diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh
index b8a6d53..9698fc8 100755
--- a/tests/scripts/list-identifiers.sh
+++ b/tests/scripts/list-identifiers.sh
@@ -47,9 +47,9 @@
if [ $INTERNAL ]
then
- HEADERS=$( ls library/*.h )
+ HEADERS=$( ls include/mbedtls/*_internal.h library/*.h | egrep -v 'compat-2\.x\.h' )
else
- HEADERS=$( ls include/mbedtls/*.h include/psa/*.h library/*.h )
+ HEADERS=$( ls include/mbedtls/*.h include/psa/*.h library/*.h | egrep -v 'compat-2\.x\.h' )
HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h"
fi
diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh
index fd19c47..2e62359 100755
--- a/tests/scripts/list-macros.sh
+++ b/tests/scripts/list-macros.sh
@@ -22,7 +22,7 @@
exit 1
fi
-HEADERS=$( ls include/mbedtls/*.h include/psa/*.h tests/include/test/drivers/*.h )
+HEADERS=$( ls include/mbedtls/*.h include/psa/*.h tests/include/test/drivers/*.h | egrep -v 'compat-2\.x\.h' )
HEADERS="$HEADERS library/*.h"
HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h"
diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py
index 8690f22..2705f06 100755
--- a/tests/scripts/set_psa_test_dependencies.py
+++ b/tests/scripts/set_psa_test_dependencies.py
@@ -61,9 +61,7 @@
# Only modules that provide cryptographic mechanisms are listed here.
# Platform, data formatting, X.509 or TLS modules are omitted.
'MBEDTLS_AES_C',
- 'MBEDTLS_ARC4_C',
'MBEDTLS_BIGNUM_C',
- #cipher#'MBEDTLS_BLOWFISH_C',
'MBEDTLS_CAMELLIA_C',
'MBEDTLS_ARIA_C',
'MBEDTLS_CCM_C',
@@ -82,8 +80,6 @@
'MBEDTLS_HKDF_C',
'MBEDTLS_HMAC_DRBG_C',
'MBEDTLS_NIST_KW_C',
- 'MBEDTLS_MD2_C',
- 'MBEDTLS_MD4_C',
'MBEDTLS_MD5_C',
'MBEDTLS_PKCS5_C',
'MBEDTLS_PKCS12_C',
@@ -93,7 +89,6 @@
'MBEDTLS_SHA1_C',
'MBEDTLS_SHA256_C',
'MBEDTLS_SHA512_C',
- 'MBEDTLS_XTEA_C',
])
def is_classic_dependency(dep):
diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c
index f95aa6b..b1880f7 100644
--- a/tests/src/drivers/hash.c
+++ b/tests/src/drivers/hash.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa_crypto_hash.h"
diff --git a/tests/src/drivers/platform_builtin_keys.c b/tests/src/drivers/platform_builtin_keys.c
index 759fa78..da5865d 100644
--- a/tests/src/drivers/platform_builtin_keys.c
+++ b/tests/src/drivers/platform_builtin_keys.c
@@ -20,6 +20,8 @@
* limitations under the License.
*/
+#include <test/helpers.h>
+
#include <psa/crypto.h>
#include <psa/crypto_extra.h>
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index 25396c9..ce9ce37 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa_crypto_aead.h"
diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c
index a415dd8..9c95cc8 100644
--- a/tests/src/drivers/test_driver_cipher.c
+++ b/tests/src/drivers/test_driver_cipher.c
@@ -18,11 +18,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
index 19e1033..afa1fc2 100644
--- a/tests/src/drivers/test_driver_key_management.c
+++ b/tests/src/drivers/test_driver_key_management.c
@@ -18,11 +18,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c
index 69af107..3b766dc 100644
--- a/tests/src/drivers/test_driver_mac.c
+++ b/tests/src/drivers/test_driver_mac.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa_crypto_mac.h"
diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c
index 14de831..2d58756 100644
--- a/tests/src/drivers/test_driver_signature.c
+++ b/tests/src/drivers/test_driver_signature.c
@@ -19,11 +19,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
diff --git a/tests/src/drivers/test_driver_size.c b/tests/src/drivers/test_driver_size.c
index d8bcaee..033cf32 100644
--- a/tests/src/drivers/test_driver_size.c
+++ b/tests/src/drivers/test_driver_size.c
@@ -18,11 +18,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
index b7c9867..4d3d53d 100644
--- a/tests/src/helpers.c
+++ b/tests/src/helpers.c
@@ -19,27 +19,9 @@
#include <test/macros.h>
#include <string.h>
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include <setjmp.h>
-#endif
-
/*----------------------------------------------------------------------------*/
/* Static global variables */
-#if defined(MBEDTLS_CHECK_PARAMS)
-typedef struct
-{
- uint8_t expected_call;
- uint8_t expected_call_happened;
-
- jmp_buf state;
-
- mbedtls_test_param_failed_location_record_t location_record;
-}
-param_failed_ctx_t;
-static param_failed_ctx_t param_failed_ctx;
-#endif
-
#if defined(MBEDTLS_PLATFORM_C)
static mbedtls_platform_context platform_ctx;
#endif
@@ -222,67 +204,6 @@
return ret;
}
-#if defined(MBEDTLS_CHECK_PARAMS)
-void mbedtls_test_param_failed_get_location_record(
- mbedtls_test_param_failed_location_record_t *location_record )
-{
- *location_record = param_failed_ctx.location_record;
-}
-
-void mbedtls_test_param_failed_expect_call( void )
-{
- param_failed_ctx.expected_call_happened = 0;
- param_failed_ctx.expected_call = 1;
-}
-
-int mbedtls_test_param_failed_check_expected_call( void )
-{
- param_failed_ctx.expected_call = 0;
-
- if( param_failed_ctx.expected_call_happened != 0 )
- return( 0 );
-
- return( -1 );
-}
-
-void* mbedtls_test_param_failed_get_state_buf( void )
-{
- return ¶m_failed_ctx.state;
-}
-
-void mbedtls_test_param_failed_reset_state( void )
-{
- memset( param_failed_ctx.state, 0, sizeof( param_failed_ctx.state ) );
-}
-
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- /* Record the location of the failure */
- param_failed_ctx.location_record.failure_condition = failure_condition;
- param_failed_ctx.location_record.file = file;
- param_failed_ctx.location_record.line = line;
-
- /* If we are testing the callback function... */
- if( param_failed_ctx.expected_call != 0 )
- {
- param_failed_ctx.expected_call = 0;
- param_failed_ctx.expected_call_happened = 1;
- }
- else
- {
- /* ...else try a long jump. If the execution state has not been set-up
- * or reset then the long jump buffer is all zero's and the call will
- * with high probability fault, emphasizing there is something to look
- * at.
- */
-
- longjmp( param_failed_ctx.state, 1 );
- }
-}
-#endif /* MBEDTLS_CHECK_PARAMS */
-
#if defined(MBEDTLS_TEST_HOOKS)
void mbedtls_test_err_add_check( int high, int low,
const char *file, int line )
@@ -338,3 +259,18 @@
}
}
#endif /* MBEDTLS_TEST_HOOKS */
+
+#if defined(MBEDTLS_BIGNUM_C)
+int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s )
+{
+ /* mbedtls_mpi_read_string() currently retains leading zeros.
+ * It always allocates at least one limb for the value 0. */
+ if( s[0] == 0 )
+ {
+ mbedtls_mpi_free( X );
+ return( 0 );
+ }
+ else
+ return( mbedtls_mpi_read_string( X, radix, s ) );
+}
+#endif
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index f48a64e..e4e55c9 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -316,13 +316,14 @@
#endif
}
+ /* Some algorithms require the payload to have the size of
+ * the hash encoded in the algorithm. Use this input size
+ * even for algorithms that allow other input sizes. */
+ if( hash_alg != 0 )
+ payload_length = PSA_HASH_LENGTH( hash_alg );
+
if( usage & PSA_KEY_USAGE_SIGN_HASH )
{
- /* Some algorithms require the payload to have the size of
- * the hash encoded in the algorithm. Use this input size
- * even for algorithms that allow other input sizes. */
- if( hash_alg != 0 )
- payload_length = PSA_HASH_LENGTH( hash_alg );
PSA_ASSERT( psa_sign_hash( key, alg,
payload, payload_length,
signature, sizeof( signature ),
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index a54aab1..c8e4985 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1008,7 +1008,7 @@
run_test_psa_force_curve() {
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSA - ECDH with $1" \
- "$P_SRV debug_level=4 force_version=tls1_2" \
+ "$P_SRV debug_level=4 force_version=tls1_2 curves=$1" \
"$P_CLI debug_level=4 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \
0 \
-c "Successfully setup PSA-based decryption cipher context" \
@@ -1233,7 +1233,7 @@
# Checks that:
# - things work with all ciphersuites active (used with config-full in all.sh)
-# - the expected (highest security) parameters are selected
+# - the expected parameters are selected
# ("signature_algorithm ext: 6" means SHA-512 (highest common hash))
run_test "Default" \
"$P_SRV debug_level=3" \
@@ -1242,7 +1242,7 @@
-s "Protocol is TLSv1.2" \
-s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \
-s "client hello v3, signature_algorithm ext: 6" \
- -s "ECDHE curve: secp521r1" \
+ -s "ECDHE curve: x25519" \
-S "error" \
-C "error"
@@ -1464,102 +1464,6 @@
-S "next record in same datagram" \
-C "next record in same datagram"
-# Tests for Truncated HMAC extension
-
-run_test "Truncated HMAC: client default, server default" \
- "$P_SRV debug_level=4" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC: client disabled, server default" \
- "$P_SRV debug_level=4" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC: client enabled, server default" \
- "$P_SRV debug_level=4" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC: client enabled, server disabled" \
- "$P_SRV debug_level=4 trunc_hmac=0" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC: client disabled, server enabled" \
- "$P_SRV debug_level=4 trunc_hmac=1" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC: client enabled, server enabled" \
- "$P_SRV debug_level=4 trunc_hmac=1" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
- 0 \
- -S "dumping 'expected mac' (20 bytes)" \
- -s "dumping 'expected mac' (10 bytes)"
-
-run_test "Truncated HMAC, DTLS: client default, server default" \
- "$P_SRV dtls=1 debug_level=4" \
- "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC, DTLS: client disabled, server default" \
- "$P_SRV dtls=1 debug_level=4" \
- "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC, DTLS: client enabled, server default" \
- "$P_SRV dtls=1 debug_level=4" \
- "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC, DTLS: client enabled, server disabled" \
- "$P_SRV dtls=1 debug_level=4 trunc_hmac=0" \
- "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC, DTLS: client disabled, server enabled" \
- "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \
- "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
- 0 \
- -s "dumping 'expected mac' (20 bytes)" \
- -S "dumping 'expected mac' (10 bytes)"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Truncated HMAC, DTLS: client enabled, server enabled" \
- "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \
- "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
- 0 \
- -S "dumping 'expected mac' (20 bytes)" \
- -s "dumping 'expected mac' (10 bytes)"
-
# Tests for Context serialization
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
@@ -2872,10 +2776,10 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
0 \
- -c "Maximum input fragment length is $MAX_CONTENT_LEN" \
- -c "Maximum output fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum input fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum output fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
+ -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
+ -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
+ -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
@@ -2886,10 +2790,10 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
0 \
- -c "Maximum input fragment length is $MAX_CONTENT_LEN" \
- -c "Maximum output fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum input fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum output fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
+ -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
+ -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
+ -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
@@ -2903,10 +2807,10 @@
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
1 \
- -c "Maximum input fragment length is $MAX_CONTENT_LEN" \
- -c "Maximum output fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum input fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum output fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
+ -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
+ -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
+ -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
@@ -2922,10 +2826,10 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
0 \
- -C "Maximum input fragment length is 16384" \
- -C "Maximum output fragment length is 16384" \
- -S "Maximum input fragment length is 16384" \
- -S "Maximum output fragment length is 16384" \
+ -C "Maximum incoming record payload length is 16384" \
+ -C "Maximum outgoing record payload length is 16384" \
+ -S "Maximum incoming record payload length is 16384" \
+ -S "Maximum outgoing record payload length is 16384" \
-c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
-s "$MAX_CONTENT_LEN bytes read" \
-s "1 bytes read"
@@ -2935,10 +2839,10 @@
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
1 \
- -C "Maximum input fragment length is 16384" \
- -C "Maximum output fragment length is 16384" \
- -S "Maximum input fragment length is 16384" \
- -S "Maximum output fragment length is 16384" \
+ -C "Maximum incoming record payload length is 16384" \
+ -C "Maximum outgoing record payload length is 16384" \
+ -S "Maximum incoming record payload length is 16384" \
+ -S "Maximum outgoing record payload length is 16384" \
-c "fragment larger than.*maximum "
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
@@ -2946,10 +2850,10 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
- -c "Maximum input fragment length is 4096" \
- -c "Maximum output fragment length is 4096" \
- -s "Maximum input fragment length is 4096" \
- -s "Maximum output fragment length is 4096" \
+ -c "Maximum incoming record payload length is 4096" \
+ -c "Maximum outgoing record payload length is 4096" \
+ -s "Maximum incoming record payload length is 4096" \
+ -s "Maximum outgoing record payload length is 4096" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -2960,10 +2864,10 @@
"$P_SRV debug_level=3 max_frag_len=1024" \
"$P_CLI debug_level=3 max_frag_len=512" \
0 \
- -c "Maximum input fragment length is 512" \
- -c "Maximum output fragment length is 512" \
- -s "Maximum input fragment length is 512" \
- -s "Maximum output fragment length is 512" \
+ -c "Maximum incoming record payload length is 512" \
+ -c "Maximum outgoing record payload length is 512" \
+ -s "Maximum incoming record payload length is 512" \
+ -s "Maximum outgoing record payload length is 512" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -2974,10 +2878,10 @@
"$P_SRV debug_level=3 max_frag_len=2048" \
"$P_CLI debug_level=3 max_frag_len=512" \
0 \
- -c "Maximum input fragment length is 512" \
- -c "Maximum output fragment length is 512" \
- -s "Maximum input fragment length is 512" \
- -s "Maximum output fragment length is 512" \
+ -c "Maximum incoming record payload length is 512" \
+ -c "Maximum outgoing record payload length is 512" \
+ -s "Maximum incoming record payload length is 512" \
+ -s "Maximum outgoing record payload length is 512" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -2988,10 +2892,10 @@
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3 max_frag_len=512" \
0 \
- -c "Maximum input fragment length is 512" \
- -c "Maximum output fragment length is 512" \
- -s "Maximum input fragment length is 512" \
- -s "Maximum output fragment length is 512" \
+ -c "Maximum incoming record payload length is 512" \
+ -c "Maximum outgoing record payload length is 512" \
+ -s "Maximum incoming record payload length is 512" \
+ -s "Maximum outgoing record payload length is 512" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3002,10 +2906,10 @@
"$P_SRV debug_level=3 max_frag_len=512" \
"$P_CLI debug_level=3 max_frag_len=1024" \
0 \
- -c "Maximum input fragment length is 1024" \
- -c "Maximum output fragment length is 1024" \
- -s "Maximum input fragment length is 1024" \
- -s "Maximum output fragment length is 512" \
+ -c "Maximum incoming record payload length is 1024" \
+ -c "Maximum outgoing record payload length is 1024" \
+ -s "Maximum incoming record payload length is 1024" \
+ -s "Maximum outgoing record payload length is 512" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3016,10 +2920,10 @@
"$P_SRV debug_level=3 max_frag_len=2048" \
"$P_CLI debug_level=3 max_frag_len=1024" \
0 \
- -c "Maximum input fragment length is 1024" \
- -c "Maximum output fragment length is 1024" \
- -s "Maximum input fragment length is 1024" \
- -s "Maximum output fragment length is 1024" \
+ -c "Maximum incoming record payload length is 1024" \
+ -c "Maximum outgoing record payload length is 1024" \
+ -s "Maximum incoming record payload length is 1024" \
+ -s "Maximum outgoing record payload length is 1024" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3030,10 +2934,10 @@
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3 max_frag_len=1024" \
0 \
- -c "Maximum input fragment length is 1024" \
- -c "Maximum output fragment length is 1024" \
- -s "Maximum input fragment length is 1024" \
- -s "Maximum output fragment length is 1024" \
+ -c "Maximum incoming record payload length is 1024" \
+ -c "Maximum outgoing record payload length is 1024" \
+ -s "Maximum incoming record payload length is 1024" \
+ -s "Maximum outgoing record payload length is 1024" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3044,10 +2948,10 @@
"$P_SRV debug_level=3 max_frag_len=512" \
"$P_CLI debug_level=3 max_frag_len=2048" \
0 \
- -c "Maximum input fragment length is 2048" \
- -c "Maximum output fragment length is 2048" \
- -s "Maximum input fragment length is 2048" \
- -s "Maximum output fragment length is 512" \
+ -c "Maximum incoming record payload length is 2048" \
+ -c "Maximum outgoing record payload length is 2048" \
+ -s "Maximum incoming record payload length is 2048" \
+ -s "Maximum outgoing record payload length is 512" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3058,10 +2962,10 @@
"$P_SRV debug_level=3 max_frag_len=1024" \
"$P_CLI debug_level=3 max_frag_len=2048" \
0 \
- -c "Maximum input fragment length is 2048" \
- -c "Maximum output fragment length is 2048" \
- -s "Maximum input fragment length is 2048" \
- -s "Maximum output fragment length is 1024" \
+ -c "Maximum incoming record payload length is 2048" \
+ -c "Maximum outgoing record payload length is 2048" \
+ -s "Maximum incoming record payload length is 2048" \
+ -s "Maximum outgoing record payload length is 1024" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3072,10 +2976,10 @@
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3 max_frag_len=2048" \
0 \
- -c "Maximum input fragment length is 2048" \
- -c "Maximum output fragment length is 2048" \
- -s "Maximum input fragment length is 2048" \
- -s "Maximum output fragment length is 2048" \
+ -c "Maximum incoming record payload length is 2048" \
+ -c "Maximum outgoing record payload length is 2048" \
+ -s "Maximum incoming record payload length is 2048" \
+ -s "Maximum outgoing record payload length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3086,10 +2990,10 @@
"$P_SRV debug_level=3 max_frag_len=512" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
- -c "Maximum input fragment length is 4096" \
- -c "Maximum output fragment length is 4096" \
- -s "Maximum input fragment length is 4096" \
- -s "Maximum output fragment length is 512" \
+ -c "Maximum incoming record payload length is 4096" \
+ -c "Maximum outgoing record payload length is 4096" \
+ -s "Maximum incoming record payload length is 4096" \
+ -s "Maximum outgoing record payload length is 512" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3100,10 +3004,10 @@
"$P_SRV debug_level=3 max_frag_len=1024" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
- -c "Maximum input fragment length is 4096" \
- -c "Maximum output fragment length is 4096" \
- -s "Maximum input fragment length is 4096" \
- -s "Maximum output fragment length is 1024" \
+ -c "Maximum incoming record payload length is 4096" \
+ -c "Maximum outgoing record payload length is 4096" \
+ -s "Maximum incoming record payload length is 4096" \
+ -s "Maximum outgoing record payload length is 1024" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3114,10 +3018,10 @@
"$P_SRV debug_level=3 max_frag_len=2048" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
- -c "Maximum input fragment length is 4096" \
- -c "Maximum output fragment length is 4096" \
- -s "Maximum input fragment length is 4096" \
- -s "Maximum output fragment length is 2048" \
+ -c "Maximum incoming record payload length is 4096" \
+ -c "Maximum outgoing record payload length is 4096" \
+ -s "Maximum incoming record payload length is 4096" \
+ -s "Maximum outgoing record payload length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3128,10 +3032,10 @@
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3" \
0 \
- -c "Maximum input fragment length is $MAX_CONTENT_LEN" \
- -c "Maximum output fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum input fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum output fragment length is 4096" \
+ -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
+ -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
+ -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
+ -s "Maximum outgoing record payload length is 4096" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
@@ -3143,8 +3047,8 @@
"$G_SRV" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
- -c "Maximum input fragment length is 4096" \
- -c "Maximum output fragment length is 4096" \
+ -c "Maximum incoming record payload length is 4096" \
+ -c "Maximum outgoing record payload length is 4096" \
-c "client hello, adding max_fragment_length extension" \
-c "found max_fragment_length extension"
@@ -3153,10 +3057,10 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
0 \
- -c "Maximum input fragment length is 2048" \
- -c "Maximum output fragment length is 2048" \
- -s "Maximum input fragment length is 2048" \
- -s "Maximum output fragment length is 2048" \
+ -c "Maximum incoming record payload length is 2048" \
+ -c "Maximum outgoing record payload length is 2048" \
+ -s "Maximum incoming record payload length is 2048" \
+ -s "Maximum outgoing record payload length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3169,10 +3073,10 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
0 \
- -c "Maximum input fragment length is 2048" \
- -c "Maximum output fragment length is 2048" \
- -s "Maximum input fragment length is 2048" \
- -s "Maximum output fragment length is 2048" \
+ -c "Maximum incoming record payload length is 2048" \
+ -c "Maximum outgoing record payload length is 2048" \
+ -s "Maximum incoming record payload length is 2048" \
+ -s "Maximum outgoing record payload length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3186,10 +3090,10 @@
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
1 \
- -c "Maximum input fragment length is 2048" \
- -c "Maximum output fragment length is 2048" \
- -s "Maximum input fragment length is 2048" \
- -s "Maximum output fragment length is 2048" \
+ -c "Maximum incoming record payload length is 2048" \
+ -c "Maximum outgoing record payload length is 2048" \
+ -s "Maximum incoming record payload length is 2048" \
+ -s "Maximum outgoing record payload length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3296,10 +3200,10 @@
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
0 \
- -c "Maximum input fragment length is 2048" \
- -c "Maximum output fragment length is 2048" \
- -s "Maximum input fragment length is 2048" \
- -s "Maximum output fragment length is 512" \
+ -c "Maximum incoming record payload length is 2048" \
+ -c "Maximum outgoing record payload length is 2048" \
+ -s "Maximum incoming record payload length is 2048" \
+ -s "Maximum outgoing record payload length is 512" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -5660,22 +5564,6 @@
0 \
-s "Read from client: 1 bytes read"
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet TLS 1.2 BlockCipher, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=1 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=1 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
- 0 \
- -s "Read from client: 1 bytes read"
-
run_test "Small client packet TLS 1.2 AEAD" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \
@@ -5708,24 +5596,6 @@
0 \
-s "Read from client: 1 bytes read"
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet DTLS 1.2, truncated hmac" \
- "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1" \
- "$P_CLI dtls=1 request_size=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet DTLS 1.2, without EtM, truncated MAC" \
- "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \
- "$P_CLI dtls=1 request_size=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
- 0 \
- -s "Read from client: 1 bytes read"
-
# Tests for small server packets
run_test "Small server packet TLS 1.2 BlockCipher" \
@@ -5749,22 +5619,6 @@
0 \
-c "Read from server: 1 bytes read"
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet TLS 1.2 BlockCipher, truncated MAC" \
- "$P_SRV response_size=1 trunc_hmac=1" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV response_size=1 trunc_hmac=1" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
- 0 \
- -c "Read from server: 1 bytes read"
-
run_test "Small server packet TLS 1.2 AEAD" \
"$P_SRV response_size=1" \
"$P_CLI force_version=tls1_2 \
@@ -5797,24 +5651,6 @@
0 \
-c "Read from server: 1 bytes read"
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet DTLS 1.2, truncated hmac" \
- "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1" \
- "$P_CLI dtls=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet DTLS 1.2, without EtM, truncated MAC" \
- "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \
- "$P_CLI dtls=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
- 0 \
- -c "Read from server: 1 bytes read"
-
# Test for large client packets
# How many fragments do we expect to write $1 bytes?
@@ -5845,23 +5681,6 @@
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large client packet TLS 1.2 BlockCipher, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=16384 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=16384 force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
run_test "Large client packet TLS 1.2 AEAD" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 \
@@ -5900,15 +5719,6 @@
0 \
-c "Read from server: 16384 bytes read"
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large server packet TLS 1.2 BlockCipher truncated MAC" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls1_2 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
- trunc_hmac=1" \
- 0 \
- -c "Read from server: 16384 bytes read"
-
run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
"$P_SRV response_size=16384 trunc_hmac=1" \
"$P_CLI force_version=tls1_2 \
@@ -5933,9 +5743,12 @@
# Tests for restartable ECC
+# Force the use of a curve that supports restartable ECC (secp256r1).
+
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, default" \
- "$P_SRV auth_mode=required" \
+ "$P_SRV curves=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
key_file=data_files/server5.key crt_file=data_files/server5.crt \
debug_level=1" \
@@ -5946,8 +5759,9 @@
-C "mbedtls_pk_sign.*4b00"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=0" \
- "$P_SRV auth_mode=required" \
+ "$P_SRV curves=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
key_file=data_files/server5.key crt_file=data_files/server5.crt \
debug_level=1 ec_max_ops=0" \
@@ -5958,8 +5772,9 @@
-C "mbedtls_pk_sign.*4b00"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=65535" \
- "$P_SRV auth_mode=required" \
+ "$P_SRV curves=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
key_file=data_files/server5.key crt_file=data_files/server5.crt \
debug_level=1 ec_max_ops=65535" \
@@ -5970,8 +5785,9 @@
-C "mbedtls_pk_sign.*4b00"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=1000" \
- "$P_SRV auth_mode=required" \
+ "$P_SRV curves=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
key_file=data_files/server5.key crt_file=data_files/server5.crt \
debug_level=1 ec_max_ops=1000" \
@@ -5982,8 +5798,9 @@
-c "mbedtls_pk_sign.*4b00"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=1000, badsign" \
- "$P_SRV auth_mode=required \
+ "$P_SRV curves=secp256r1 auth_mode=required \
crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -5999,8 +5816,9 @@
-c "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
- "$P_SRV auth_mode=required \
+ "$P_SRV curves=secp256r1 auth_mode=required \
crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -6016,8 +5834,9 @@
-C "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \
- "$P_SRV auth_mode=required \
+ "$P_SRV curves=secp256r1 auth_mode=required \
crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -6033,8 +5852,9 @@
-C "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: DTLS, max_ops=1000" \
- "$P_SRV auth_mode=required dtls=1" \
+ "$P_SRV curves=secp256r1 auth_mode=required dtls=1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
key_file=data_files/server5.key crt_file=data_files/server5.crt \
dtls=1 debug_level=1 ec_max_ops=1000" \
@@ -6045,8 +5865,9 @@
-c "mbedtls_pk_sign.*4b00"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=1000 no client auth" \
- "$P_SRV" \
+ "$P_SRV curves=secp256r1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
debug_level=1 ec_max_ops=1000" \
0 \
@@ -6056,8 +5877,9 @@
-C "mbedtls_pk_sign.*4b00"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \
- "$P_SRV psk=abc123" \
+ "$P_SRV curves=secp256r1 psk=abc123" \
"$P_CLI force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
psk=abc123 debug_level=1 ec_max_ops=1000" \
0 \
@@ -8555,12 +8377,6 @@
"$P_SRV eap_tls=1 debug_level=3" \
"$P_CLI eap_tls=1 debug_level=3" \
0 \
- -s "exported maclen is " \
- -s "exported keylen is " \
- -s "exported ivlen is " \
- -c "exported maclen is " \
- -c "exported keylen is " \
- -c "exported ivlen is " \
-c "EAP-TLS key material is:"\
-s "EAP-TLS key material is:"\
-c "EAP-TLS IV is:" \
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 2ef07fa..7481c5b 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -2,13 +2,16 @@
/*----------------------------------------------------------------------------*/
/* Headers */
-#include <test/macros.h>
#include <test/helpers.h>
+#include <test/macros.h>
#include <test/random.h>
#include <test/psa_crypto_helpers.h>
#include <stdlib.h>
+#if defined (MBEDTLS_ERROR_C)
+#include "mbedtls/error.h"
+#endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
@@ -28,11 +31,6 @@
#include "mbedtls/memory_buffer_alloc.h"
#endif
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-#include <setjmp.h>
-#endif
-
#ifdef _MSC_VER
#include <basetsd.h>
typedef UINT8 uint8_t;
@@ -78,10 +76,6 @@
/*----------------------------------------------------------------------------*/
/* Global variables */
-#if defined(MBEDTLS_CHECK_PARAMS)
-jmp_buf jmp_tmp;
-#endif
-
/*----------------------------------------------------------------------------*/
/* Helper flags for complex dependencies */
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index ac00f45..1278d95 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -29,14 +29,6 @@
#include MBEDTLS_CONFIG_FILE
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_TEST_HOOKS)
-#include "mbedtls/error.h"
-#endif
-
/* Test code may use deprecated identifiers only if the preprocessor symbol
* MBEDTLS_TEST_DEPRECATED is defined. When building tests, set
* MBEDTLS_TEST_DEPRECATED explicitly if MBEDTLS_DEPRECATED_WARNING is
@@ -159,50 +151,6 @@
};
/**
- * \brief Execute the test function.
- *
- * This is a wrapper function around the test function execution
- * to allow the setjmp() call used to catch any calls to the
- * parameter failure callback, to be used. Calls to setjmp()
- * can invalidate the state of any local auto variables.
- *
- * \param fp Function pointer to the test function.
- * \param params Parameters to pass to the #TestWrapper_t wrapper function.
- *
- */
-void execute_function_ptr(TestWrapper_t fp, void **params)
-{
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
- mbedtls_test_enable_insecure_external_rng( );
-#endif
-
-#if defined(MBEDTLS_CHECK_PARAMS)
- mbedtls_test_param_failed_location_record_t location_record;
-
- if ( setjmp( mbedtls_test_param_failed_get_state_buf( ) ) == 0 )
- {
- fp( params );
- }
- else
- {
- /* Unexpected parameter validation error */
- mbedtls_test_param_failed_get_location_record( &location_record );
- mbedtls_test_fail( location_record.failure_condition,
- location_record.line,
- location_record.file );
- }
-
- mbedtls_test_param_failed_reset_state( );
-#else
- fp( params );
-#endif
-
-#if defined(MBEDTLS_TEST_MUTEX_USAGE)
- mbedtls_test_mutex_usage_check( );
-#endif /* MBEDTLS_TEST_MUTEX_USAGE */
-}
-
-/**
* \brief Dispatches test functions based on function index.
*
* \param func_idx Test function index.
@@ -222,7 +170,17 @@
{
fp = test_funcs[func_idx];
if ( fp )
- execute_function_ptr(fp, params);
+ {
+ #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+ mbedtls_test_enable_insecure_external_rng( );
+ #endif
+
+ fp( params );
+
+ #if defined(MBEDTLS_TEST_MUTEX_USAGE)
+ mbedtls_test_mutex_usage_check( );
+ #endif /* MBEDTLS_TEST_MUTEX_USAGE */
+ }
else
ret = DISPATCH_UNSUPPORTED_SUITE;
}
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index 754a167..1892c25 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -206,10 +206,9 @@
mbedtls_aes_xts_init( &ctx );
memset( data_unit, 0x00, sizeof( data_unit ) );
-
- /* Valid pointers are passed for builds with MBEDTLS_CHECK_PARAMS, as
- * otherwise we wouldn't get to the size check we're interested in. */
TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, length, data_unit, src, output ) == retval );
+exit:
+ mbedtls_aes_xts_free( &ctx );
}
/* END_CASE */
@@ -359,194 +358,41 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void aes_check_params( )
+/* BEGIN_CASE depends_on:NOT_DEFINED */
+void aes_invalid_mode( )
{
mbedtls_aes_context aes_ctx;
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
- mbedtls_aes_xts_context xts_ctx;
-#endif
- const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
const unsigned char in[16] = { 0 };
unsigned char out[16];
- size_t size;
- const int valid_mode = MBEDTLS_AES_ENCRYPT;
const int invalid_mode = 42;
- TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) );
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
- TEST_INVALID_PARAM( mbedtls_aes_xts_init( NULL ) );
-#endif
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_setkey_enc( NULL, key, 128 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_setkey_enc( &aes_ctx, NULL, 128 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_setkey_dec( NULL, key, 128 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_setkey_dec( &aes_ctx, NULL, 128 ) );
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_xts_setkey_enc( NULL, key, 128 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_xts_setkey_enc( &xts_ctx, NULL, 128 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_xts_setkey_dec( NULL, key, 128 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_xts_setkey_dec( &xts_ctx, NULL, 128 ) );
-#endif
-
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ecb( NULL,
- valid_mode, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ecb( &aes_ctx,
- invalid_mode, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ecb( &aes_ctx,
- valid_mode, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ecb( &aes_ctx,
- valid_mode, in, NULL ) );
+ TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ecb( &aes_ctx, invalid_mode, in, out ) );
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cbc( NULL,
- valid_mode, 16,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cbc( &aes_ctx,
- invalid_mode, 16,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cbc( &aes_ctx,
- valid_mode, 16,
- NULL, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cbc( &aes_ctx,
- valid_mode, 16,
- out, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cbc( &aes_ctx,
- valid_mode, 16,
- out, in, NULL ) );
+ TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cbc( &aes_ctx, invalid_mode, 16,
+ out, in, out ) );
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_xts( NULL,
- valid_mode, 16,
- in, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_xts( &xts_ctx,
- invalid_mode, 16,
- in, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_xts( &xts_ctx,
- valid_mode, 16,
- NULL, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_xts( &xts_ctx,
- valid_mode, 16,
- in, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_xts( &xts_ctx,
- valid_mode, 16,
- in, in, NULL ) );
+ mbedtls_aes_xts_context xts_ctx;
+
+ TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_xts( &xts_ctx, invalid_mode, 16,
+ in, in, out ) );
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb128( NULL,
- valid_mode, 16,
- &size, out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb128( &aes_ctx,
- invalid_mode, 16,
- &size, out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb128( &aes_ctx,
- valid_mode, 16,
- NULL, out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb128( &aes_ctx,
- valid_mode, 16,
- &size, NULL, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb128( &aes_ctx,
- valid_mode, 16,
- &size, out, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb128( &aes_ctx,
- valid_mode, 16,
- &size, out, in, NULL ) );
+ size_t size;
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb8( NULL,
- valid_mode, 16,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb8( &aes_ctx,
- invalid_mode, 16,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb8( &aes_ctx,
- valid_mode, 16,
- NULL, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb8( &aes_ctx,
- valid_mode, 16,
- out, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb8( &aes_ctx,
- valid_mode, 16,
- out, in, NULL ) );
+ TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb128( &aes_ctx, invalid_mode, 16,
+ &size, out, in, out ) );
+ TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb8( &aes_ctx, invalid_mode, 16,
+ out, in, out ) );
#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ofb( NULL, 16,
- &size, out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ofb( &aes_ctx, 16,
- NULL, out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ofb( &aes_ctx, 16,
- &size, NULL, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ofb( &aes_ctx, 16,
- &size, out, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ofb( &aes_ctx, 16,
- &size, out, in, NULL ) );
-#endif /* MBEDTLS_CIPHER_MODE_OFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ctr( NULL, 16, &size, out,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ctr( &aes_ctx, 16, NULL, out,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, NULL,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
- NULL, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
- out, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
- out, in, NULL ) );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
}
/* END_CASE */
@@ -569,12 +415,6 @@
size_t size;
#endif
- /* These calls accept NULL */
- TEST_VALID_PARAM( mbedtls_aes_free( NULL ) );
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
- TEST_VALID_PARAM( mbedtls_aes_xts_free( NULL ) );
-#endif
-
#if defined(MBEDTLS_CIPHER_MODE_CBC)
TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT,
15,
@@ -609,6 +449,14 @@
TEST_ASSERT( mbedtls_aes_crypt_ofb( &aes_ctx, 16, &size, out, in, out )
== MBEDTLS_ERR_AES_BAD_INPUT_DATA );
#endif
+
+/*
+ * The following line needs to be added to make the code compilable
+ * when all the conditions above will be not define in a specific
+ * choice of features.
+ */
+ TEST_ASSERT( 1 );
+/* TODO: It will be removed when the whole test will be reworked */
}
/* END_CASE */
diff --git a/tests/suites/test_suite_aes.rest.data b/tests/suites/test_suite_aes.rest.data
index 6a76b43..3b43c90 100644
--- a/tests/suites/test_suite_aes.rest.data
+++ b/tests/suites/test_suite_aes.rest.data
@@ -10,8 +10,8 @@
AES-256-CBC Decrypt (Invalid input length)
aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
-AES - Optional Parameter Validation (MBEDTLS_CHECK_PARAMS)
-aes_check_params:
+AES - Mode Parameter Validation
+aes_invalid_mode:
AES - Mandatory Parameter Validation and Valid Parameters
aes_misc_params:
diff --git a/tests/suites/test_suite_arc4.data b/tests/suites/test_suite_arc4.data
deleted file mode 100644
index cf32c85..0000000
--- a/tests/suites/test_suite_arc4.data
+++ /dev/null
@@ -1,27 +0,0 @@
-Test vector ARC4 [Cryptlib]
-mbedtls_arc4_crypt:"0000000000000000":"0123456789abcdef":"7494c2e7104b0879"
-
-Test vector ARC4 [COMMERCE]
-mbedtls_arc4_crypt:"dcee4cf92c":"618a63d2fb":"f13829c9de"
-
-Test vector ARC4 [SSH ARCFOUR]
-mbedtls_arc4_crypt:"527569736c696e6e756e206c61756c75206b6f727669737373616e692c2074e4686be470e46964656e2070e4e46c6ce42074e47973696b75752e204b6573e479f66e206f6e206f6e6e69206f6d616e616e692c206b61736b6973617675756e206c61616b736f7420766572686f75752e20456e206d6120696c6f697473652c20737572652068756f6b61612c206d75747461206d657473e46e2074756d6d757573206d756c6c652074756f6b61612e205075756e746f2070696c76656e2c206d692068756b6b75752c207369696e746f20766172616e207475756c6973656e2c206d69206e756b6b75752e2054756f6b7375742076616e616d6f6e206a61207661726a6f74207665656e2c206e69697374e420737964e46d656e69206c61756c756e207465656e2e202d2045696e6f204c65696e6f":"29041972fb42ba5fc7127712f13829c9":"358186999001e6b5daf05eceeb7eee21e0689c1f00eea81f7dd2caaee1d2763e68af0ead33d66c268bc946c484fbe94c5f5e0b86a59279e4f824e7a640bd223210b0a61160b7bce986ea65688003596b630a6b90f8e0caf6912a98eb872176e83c202caa64166d2cce57ff1bca57b213f0ed1aa72fb8ea52b0be01cd1e412867720b326eb389d011bd70d8af035fb0d8589dbce3c666f5ea8d4c7954c50c3f340b0467f81b425961c11843074df620f208404b394cf9d37ff54b5f1ad8f6ea7da3c561dfa7281f964463d2cc35a4d1b03490dec51b0711fbd6f55f79234d5b7c766622a66de92be996461d5e4dc878ef9bca030521e8351e4baed2fd04f9467368c4ad6ac186d08245b263a2666d1f6c5420f1599dfd9f438921c2f5a463938ce0982265eef70179bc553f339eb1a4c1af5f6a547f"
-
-Test Vector ARC4 [RFC6229 40-bit]
-mbedtls_arc4_crypt:"0000000000000000000000000000000000000000000000000000000000000000":"0102030405":"b2396305f03dc027ccc3524a0a1118a86982944f18fc82d589c403a47a0d0919"
-
-Test Vector ARC4 [RFC6229 56-bit]
-mbedtls_arc4_crypt:"0000000000000000000000000000000000000000000000000000000000000000":"01020304050607":"293f02d47f37c9b633f2af5285feb46be620f1390d19bd84e2e0fd752031afc1"
-
-Test Vector ARC4 [RFC6229 64-bit]
-mbedtls_arc4_crypt:"0000000000000000000000000000000000000000000000000000000000000000":"0102030405060708":"97ab8a1bf0afb96132f2f67258da15a88263efdb45c4a18684ef87e6b19e5b09"
-
-Test Vector ARC4 [RFC6229 128-bit]
-mbedtls_arc4_crypt:"0000000000000000000000000000000000000000000000000000000000000000":"0102030405060708090a0b0c0d0e0f10":"9ac7cc9a609d1ef7b2932899cde41b975248c4959014126a6e8a84f11d1a9e1c"
-
-TMP
-mbedtls_arc4_crypt:"1400002433c96cfa5c53a65184fcba83d9793f42522f94e49bf25edcb7a23c9eaae5ca84f6ee6da8":"5e58b1ad80":"e9a3d07ea1a3eac9fd73dcb14c409f2d434a72b6aa077e0924bcffc236f55d2d372b289707571531"
-
-ARC4 Selftest
-depends_on:MBEDTLS_SELF_TEST
-arc4_selftest:
diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function
deleted file mode 100644
index c1e2386..0000000
--- a/tests/suites/test_suite_arc4.function
+++ /dev/null
@@ -1,37 +0,0 @@
-/* BEGIN_HEADER */
-#include "mbedtls/arc4.h"
-/* END_HEADER */
-
-/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_ARC4_C
- * END_DEPENDENCIES
- */
-
-/* BEGIN_CASE */
-void mbedtls_arc4_crypt( data_t * src_str, data_t * key_str, data_t * dst )
-{
- unsigned char dst_str[1000];
- mbedtls_arc4_context ctx;
-
- memset(dst_str, 0x00, 1000);
- mbedtls_arc4_init( &ctx );
-
-
- mbedtls_arc4_setup(&ctx, key_str->x, key_str->len);
- TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_str->len,
- src_str->x, dst_str ) == 0 );
-
- TEST_ASSERT( mbedtls_test_hexcmp( dst_str, dst->x,
- src_str->len, dst->len ) == 0 );
-
-exit:
- mbedtls_arc4_free( &ctx );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void arc4_selftest( )
-{
- TEST_ASSERT( mbedtls_arc4_self_test( 1 ) == 0 );
-}
-/* END_CASE */
diff --git a/tests/suites/test_suite_aria.data b/tests/suites/test_suite_aria.data
index 8848978..94b6e7e 100644
--- a/tests/suites/test_suite_aria.data
+++ b/tests/suites/test_suite_aria.data
@@ -1,6 +1,3 @@
-ARIA - Valid parameters
-aria_valid_param:
-
ARIA - Invalid parameters
aria_invalid_param:
diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function
index 6d6a203..0426324 100644
--- a/tests/suites/test_suite_aria.function
+++ b/tests/suites/test_suite_aria.function
@@ -16,18 +16,10 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE */
-void aria_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_aria_free( NULL ) );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE depends_on:NOT_DEFINED */
void aria_invalid_param( )
{
mbedtls_aria_context ctx;
- unsigned char key[128 / 8] = { 0 };
unsigned char input[MBEDTLS_ARIA_BLOCKSIZE] = { 0 };
unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] = { 0 };
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE] = { 0 };
@@ -35,78 +27,22 @@
((void) iv_off);
((void) iv);
-
- TEST_INVALID_PARAM( mbedtls_aria_init( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_setkey_enc( NULL, key,
- sizeof( key ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_setkey_enc( &ctx, NULL,
- sizeof( key ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_setkey_dec( NULL, key,
- sizeof( key ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_setkey_dec( &ctx, NULL,
- sizeof( key ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ecb( NULL, input, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ecb( &ctx, NULL, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ecb( &ctx, input, NULL ) );
+ ((void) ctx);
+ ((void) input);
+ ((void) output);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cbc( NULL,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
mbedtls_aria_crypt_cbc( &ctx,
42 /* invalid mode */,
sizeof( input ),
iv,
input,
output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cbc( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- NULL,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cbc( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- iv,
- NULL,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cbc( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- iv,
- input,
- NULL ) );
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cfb128( NULL,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- &iv_off,
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
mbedtls_aria_crypt_cfb128( &ctx,
42, /* invalid mode */
sizeof( input ),
@@ -114,91 +50,8 @@
iv,
input,
output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cfb128( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- NULL,
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cfb128( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- &iv_off,
- NULL,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cfb128( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- &iv_off,
- iv,
- NULL,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cfb128( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- &iv_off,
- iv,
- input,
- NULL ) );
#endif /* MBEDTLS_CIPHER_MODE_CFB */
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ctr( NULL,
- sizeof( input ),
- &iv_off,
- iv,
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ctr( &ctx,
- sizeof( input ),
- NULL,
- iv,
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ctr( &ctx,
- sizeof( input ),
- &iv_off,
- NULL,
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ctr( &ctx,
- sizeof( input ),
- &iv_off,
- iv,
- NULL,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ctr( &ctx,
- sizeof( input ),
- &iv_off,
- iv,
- iv,
- NULL,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ctr( &ctx,
- sizeof( input ),
- &iv_off,
- iv,
- iv,
- input,
- NULL ) );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
exit:
return;
diff --git a/tests/suites/test_suite_asn1parse.function b/tests/suites/test_suite_asn1parse.function
index abcd1db..535274b 100644
--- a/tests/suites/test_suite_asn1parse.function
+++ b/tests/suites/test_suite_asn1parse.function
@@ -417,7 +417,7 @@
}
#if defined(MBEDTLS_BIGNUM_C)
- ret = mbedtls_mpi_read_string( &expected_mpi, 16, expected_hex );
+ ret = mbedtls_test_read_mpi( &expected_mpi, 16, expected_hex );
TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
if( ret == MBEDTLS_ERR_MPI_BAD_INPUT_DATA )
{
diff --git a/tests/suites/test_suite_blowfish.data b/tests/suites/test_suite_blowfish.data
deleted file mode 100644
index c9639f6..0000000
--- a/tests/suites/test_suite_blowfish.data
+++ /dev/null
@@ -1,314 +0,0 @@
-BLOWFISH - Valid parameters
-blowfish_valid_param:
-
-BLOWFISH - Invalid parameters
-blowfish_invalid_param:
-
-BLOWFISH-ECB Encrypt SSLeay reference #1
-blowfish_encrypt_ecb:"0000000000000000":"0000000000000000":"4ef997456198dd78":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #2
-blowfish_encrypt_ecb:"ffffffffffffffff":"ffffffffffffffff":"51866fd5b85ecb8a":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #3
-blowfish_encrypt_ecb:"3000000000000000":"1000000000000001":"7d856f9a613063f2":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #4
-blowfish_encrypt_ecb:"1111111111111111":"1111111111111111":"2466dd878b963c9d":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #5
-blowfish_encrypt_ecb:"0123456789abcdef":"1111111111111111":"61f9c3802281b096":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #6
-blowfish_encrypt_ecb:"1111111111111111":"0123456789abcdef":"7d0cc630afda1ec7":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #7
-blowfish_encrypt_ecb:"0000000000000000":"0000000000000000":"4ef997456198dd78":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #8
-blowfish_encrypt_ecb:"fedcba9876543210":"0123456789abcdef":"0aceab0fc6a0a28d":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #9
-blowfish_encrypt_ecb:"7ca110454a1a6e57":"01a1d6d039776742":"59c68245eb05282b":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #10
-blowfish_encrypt_ecb:"0131d9619dc1376e":"5cd54ca83def57da":"b1b8cc0b250f09a0":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #11
-blowfish_encrypt_ecb:"07a1133e4a0b2686":"0248d43806f67172":"1730e5778bea1da4":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #12
-blowfish_encrypt_ecb:"3849674c2602319e":"51454b582ddf440a":"a25e7856cf2651eb":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #13
-blowfish_encrypt_ecb:"04b915ba43feb5b6":"42fd443059577fa2":"353882b109ce8f1a":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #14
-blowfish_encrypt_ecb:"0113b970fd34f2ce":"059b5e0851cf143a":"48f4d0884c379918":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #15
-blowfish_encrypt_ecb:"0170f175468fb5e6":"0756d8e0774761d2":"432193b78951fc98":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #16
-blowfish_encrypt_ecb:"43297fad38e373fe":"762514b829bf486a":"13f04154d69d1ae5":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #17
-blowfish_encrypt_ecb:"07a7137045da2a16":"3bdd119049372802":"2eedda93ffd39c79":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #18
-blowfish_encrypt_ecb:"04689104c2fd3b2f":"26955f6835af609a":"d887e0393c2da6e3":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #19
-blowfish_encrypt_ecb:"37d06bb516cb7546":"164d5e404f275232":"5f99d04f5b163969":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #20
-blowfish_encrypt_ecb:"1f08260d1ac2465e":"6b056e18759f5cca":"4a057a3b24d3977b":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #21
-blowfish_encrypt_ecb:"584023641aba6176":"004bd6ef09176062":"452031c1e4fada8e":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #22
-blowfish_encrypt_ecb:"025816164629b007":"480d39006ee762f2":"7555ae39f59b87bd":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #23
-blowfish_encrypt_ecb:"49793ebc79b3258f":"437540c8698f3cfa":"53c55f9cb49fc019":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #24
-blowfish_encrypt_ecb:"4fb05e1515ab73a7":"072d43a077075292":"7a8e7bfa937e89a3":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #25
-blowfish_encrypt_ecb:"49e95d6d4ca229bf":"02fe55778117f12a":"cf9c5d7a4986adb5":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #26
-blowfish_encrypt_ecb:"018310dc409b26d6":"1d9d5c5018f728c2":"d1abb290658bc778":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #27
-blowfish_encrypt_ecb:"1c587f1c13924fef":"305532286d6f295a":"55cb3774d13ef201":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #28
-blowfish_encrypt_ecb:"0101010101010101":"0123456789abcdef":"fa34ec4847b268b2":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #29
-blowfish_encrypt_ecb:"1f1f1f1f0e0e0e0e":"0123456789abcdef":"a790795108ea3cae":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #30
-blowfish_encrypt_ecb:"e0fee0fef1fef1fe":"0123456789abcdef":"c39e072d9fac631d":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #31
-blowfish_encrypt_ecb:"0000000000000000":"ffffffffffffffff":"014933e0cdaff6e4":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #32
-blowfish_encrypt_ecb:"ffffffffffffffff":"0000000000000000":"f21e9a77b71c49bc":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #33
-blowfish_encrypt_ecb:"0123456789abcdef":"0000000000000000":"245946885754369a":0
-
-BLOWFISH-ECB Encrypt SSLeay reference #34
-blowfish_encrypt_ecb:"fedcba9876543210":"ffffffffffffffff":"6b5c5a9c5d9e0a5a":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #1
-blowfish_decrypt_ecb:"0000000000000000":"4ef997456198dd78":"0000000000000000":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #2
-blowfish_decrypt_ecb:"ffffffffffffffff":"51866fd5b85ecb8a":"ffffffffffffffff":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #3
-blowfish_decrypt_ecb:"3000000000000000":"7d856f9a613063f2":"1000000000000001":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #4
-blowfish_decrypt_ecb:"1111111111111111":"2466dd878b963c9d":"1111111111111111":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #5
-blowfish_decrypt_ecb:"0123456789abcdef":"61f9c3802281b096":"1111111111111111":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #6
-blowfish_decrypt_ecb:"1111111111111111":"7d0cc630afda1ec7":"0123456789abcdef":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #7
-blowfish_decrypt_ecb:"0000000000000000":"4ef997456198dd78":"0000000000000000":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #8
-blowfish_decrypt_ecb:"fedcba9876543210":"0aceab0fc6a0a28d":"0123456789abcdef":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #9
-blowfish_decrypt_ecb:"7ca110454a1a6e57":"59c68245eb05282b":"01a1d6d039776742":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #10
-blowfish_decrypt_ecb:"0131d9619dc1376e":"b1b8cc0b250f09a0":"5cd54ca83def57da":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #11
-blowfish_decrypt_ecb:"07a1133e4a0b2686":"1730e5778bea1da4":"0248d43806f67172":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #12
-blowfish_decrypt_ecb:"3849674c2602319e":"a25e7856cf2651eb":"51454b582ddf440a":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #13
-blowfish_decrypt_ecb:"04b915ba43feb5b6":"353882b109ce8f1a":"42fd443059577fa2":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #14
-blowfish_decrypt_ecb:"0113b970fd34f2ce":"48f4d0884c379918":"059b5e0851cf143a":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #15
-blowfish_decrypt_ecb:"0170f175468fb5e6":"432193b78951fc98":"0756d8e0774761d2":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #16
-blowfish_decrypt_ecb:"43297fad38e373fe":"13f04154d69d1ae5":"762514b829bf486a":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #17
-blowfish_decrypt_ecb:"07a7137045da2a16":"2eedda93ffd39c79":"3bdd119049372802":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #18
-blowfish_decrypt_ecb:"04689104c2fd3b2f":"d887e0393c2da6e3":"26955f6835af609a":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #19
-blowfish_decrypt_ecb:"37d06bb516cb7546":"5f99d04f5b163969":"164d5e404f275232":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #20
-blowfish_decrypt_ecb:"1f08260d1ac2465e":"4a057a3b24d3977b":"6b056e18759f5cca":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #21
-blowfish_decrypt_ecb:"584023641aba6176":"452031c1e4fada8e":"004bd6ef09176062":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #22
-blowfish_decrypt_ecb:"025816164629b007":"7555ae39f59b87bd":"480d39006ee762f2":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #23
-blowfish_decrypt_ecb:"49793ebc79b3258f":"53c55f9cb49fc019":"437540c8698f3cfa":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #24
-blowfish_decrypt_ecb:"4fb05e1515ab73a7":"7a8e7bfa937e89a3":"072d43a077075292":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #25
-blowfish_decrypt_ecb:"49e95d6d4ca229bf":"cf9c5d7a4986adb5":"02fe55778117f12a":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #26
-blowfish_decrypt_ecb:"018310dc409b26d6":"d1abb290658bc778":"1d9d5c5018f728c2":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #27
-blowfish_decrypt_ecb:"1c587f1c13924fef":"55cb3774d13ef201":"305532286d6f295a":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #28
-blowfish_decrypt_ecb:"0101010101010101":"fa34ec4847b268b2":"0123456789abcdef":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #29
-blowfish_decrypt_ecb:"1f1f1f1f0e0e0e0e":"a790795108ea3cae":"0123456789abcdef":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #30
-blowfish_decrypt_ecb:"e0fee0fef1fef1fe":"c39e072d9fac631d":"0123456789abcdef":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #31
-blowfish_decrypt_ecb:"0000000000000000":"014933e0cdaff6e4":"ffffffffffffffff":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #32
-blowfish_decrypt_ecb:"ffffffffffffffff":"f21e9a77b71c49bc":"0000000000000000":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #33
-blowfish_decrypt_ecb:"0123456789abcdef":"245946885754369a":"0000000000000000":0
-
-BLOWFISH-ECB Decrypt SSLeay reference #34
-blowfish_decrypt_ecb:"fedcba9876543210":"6b5c5a9c5d9e0a5a":"ffffffffffffffff":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #1
-blowfish_encrypt_ecb:"f0":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA
-
-BLOWFISH-SETKEY Setkey SSLeay reference #2
-blowfish_encrypt_ecb:"f0e1":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA
-
-BLOWFISH-SETKEY Setkey SSLeay reference #3
-blowfish_encrypt_ecb:"f0e1d2":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA
-
-BLOWFISH-SETKEY Setkey SSLeay reference #4
-blowfish_encrypt_ecb:"f0e1d2c3":"fedcba9876543210":"be1e639408640f05":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #5
-blowfish_encrypt_ecb:"f0e1d2c3b4":"fedcba9876543210":"b39e44481bdb1e6e":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #6
-blowfish_encrypt_ecb:"f0e1d2c3b4a5":"fedcba9876543210":"9457aa83b1928c0d":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #7
-blowfish_encrypt_ecb:"f0e1d2c3b4a596":"fedcba9876543210":"8bb77032f960629d":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #8
-blowfish_encrypt_ecb:"f0e1d2c3b4a59687":"fedcba9876543210":"e87a244e2cc85e82":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #9
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778":"fedcba9876543210":"15750e7a4f4ec577":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #10
-blowfish_encrypt_ecb:"f0e1d2c3b4a596877869":"fedcba9876543210":"122ba70b3ab64ae0":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #11
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a":"fedcba9876543210":"3a833c9affc537f6":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #12
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b":"fedcba9876543210":"9409da87a90f6bf2":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #13
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c":"fedcba9876543210":"884f80625060b8b4":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #14
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d":"fedcba9876543210":"1f85031c19e11968":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #15
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e":"fedcba9876543210":"79d9373a714ca34f":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #16
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f":"fedcba9876543210":"93142887ee3be15c":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #17
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00":"fedcba9876543210":"03429e838ce2d14b":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #18
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f0011":"fedcba9876543210":"a4299e27469ff67b":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #19
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f001122":"fedcba9876543210":"afd5aed1c1bc96a8":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #20
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233":"fedcba9876543210":"10851c0e3858da9f":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #21
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f0011223344":"fedcba9876543210":"e6f51ed79b9db21f":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #22
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f001122334455":"fedcba9876543210":"64a6e14afd36b46f":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #23
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566":"fedcba9876543210":"80c7d7d45a5479ad":0
-
-BLOWFISH-SETKEY Setkey SSLeay reference #24
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f0011223344556677":"fedcba9876543210":"05044b62fa52d080":0
-
-BLOWFISH-SETKEY Setkey 440 bits
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0f":"fedcba9876543210":"9a2ab8f1b00c73d2":0
-
-BLOWFISH-SETKEY Setkey 448 bits
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fff":"fedcba9876543210":"2fb3ab7f0ee91b69":0
-
-BLOWFISH-SETKEY Setkey 456 bits
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fffff":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA
-
-BLOWFISH-CBC Encrypt [#1]
-blowfish_encrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F722000000000":"6b77b4d63006dee605b156e27403979358deb9e7154616d959f1652bd5ff92cc":0
-
-BLOWFISH-CBC Decrypt [#1]
-blowfish_decrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CC":"37363534333231204e6f77206973207468652074696d6520666f722000000000":0
-
-BLOWFISH-CBC Encrypt [#2]
-blowfish_encrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F7220000000":"":MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
-
-BLOWFISH-CBC Decrypt [#2]
-blowfish_decrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CC00":"":MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
-
-BLOWFISH-CFB Encrypt
-blowfish_encrypt_cfb64:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F722000":"e73214a2822139caf26ecf6d2eb9e76e3da3de04d1517200519d57a6c3"
-
-BLOWFISH-CFB Decrypt
-blowfish_decrypt_cfb64:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"E73214A2822139CAF26ECF6D2EB9E76E3DA3DE04D1517200519D57A6C3":"37363534333231204e6f77206973207468652074696d6520666f722000"
-
-BLOWFISH-CTR Encrypt
-blowfish_encrypt_ctr:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F722000":"e73214a2822139ca60254740dd8c5b8acf5e9569c4affeb944b8fc020e"
-
-BLOWFISH-CTR Decrypt
-blowfish_encrypt_ctr:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"e73214a2822139ca60254740dd8c5b8acf5e9569c4affeb944b8fc020e":"37363534333231204e6f77206973207468652074696d6520666f722000"
diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function
deleted file mode 100644
index f89353c..0000000
--- a/tests/suites/test_suite_blowfish.function
+++ /dev/null
@@ -1,338 +0,0 @@
-/* BEGIN_HEADER */
-#include "mbedtls/blowfish.h"
-/* END_HEADER */
-
-/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_BLOWFISH_C
- * END_DEPENDENCIES
- */
-
-/* BEGIN_CASE */
-void blowfish_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_blowfish_free( NULL ) );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void blowfish_invalid_param( )
-{
- mbedtls_blowfish_context ctx;
- unsigned char buf[16] = { 0 };
- size_t const valid_keylength = sizeof( buf ) * 8;
- size_t valid_mode = MBEDTLS_BLOWFISH_ENCRYPT;
- size_t invalid_mode = 42;
- size_t off;
- ((void) off);
-
- TEST_INVALID_PARAM( mbedtls_blowfish_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_blowfish_free( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_setkey( NULL,
- buf,
- valid_keylength ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_setkey( &ctx,
- NULL,
- valid_keylength ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ecb( NULL,
- valid_mode,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ecb( &ctx,
- invalid_mode,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ecb( &ctx,
- valid_mode,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ecb( &ctx,
- valid_mode,
- buf, NULL ) );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cbc( NULL,
- valid_mode,
- sizeof( buf ),
- buf, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cbc( &ctx,
- invalid_mode,
- sizeof( buf ),
- buf, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cbc( &ctx,
- valid_mode,
- sizeof( buf ),
- NULL, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cbc( &ctx,
- valid_mode,
- sizeof( buf ),
- buf, NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cbc( &ctx,
- valid_mode,
- sizeof( buf ),
- buf, buf, NULL ) );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cfb64( NULL,
- valid_mode,
- sizeof( buf ),
- &off, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cfb64( &ctx,
- invalid_mode,
- sizeof( buf ),
- &off, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cfb64( &ctx,
- valid_mode,
- sizeof( buf ),
- NULL, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cfb64( &ctx,
- valid_mode,
- sizeof( buf ),
- &off, NULL,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cfb64( &ctx,
- valid_mode,
- sizeof( buf ),
- &off, buf,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cfb64( &ctx,
- valid_mode,
- sizeof( buf ),
- &off, buf,
- buf, NULL ) );
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ctr( NULL,
- sizeof( buf ),
- &off,
- buf, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ctr( &ctx,
- sizeof( buf ),
- NULL,
- buf, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- NULL, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- buf, NULL,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- buf, buf,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- buf, buf,
- buf, NULL ) );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-exit:
- return;
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void blowfish_encrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * dst, int setkey_result )
-{
- unsigned char output[100];
- mbedtls_blowfish_context ctx;
-
- memset(output, 0x00, 100);
- mbedtls_blowfish_init( &ctx );
-
-
- TEST_ASSERT( mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
- if( setkey_result == 0 )
- {
- TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->x, output ) == 0 );
-
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
- }
-
-exit:
- mbedtls_blowfish_free( &ctx );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void blowfish_decrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * dst, int setkey_result )
-{
- unsigned char output[100];
- mbedtls_blowfish_context ctx;
-
- memset(output, 0x00, 100);
- mbedtls_blowfish_init( &ctx );
-
-
- TEST_ASSERT( mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
- if( setkey_result == 0 )
- {
- TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->x, output ) == 0 );
-
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
- }
-
-exit:
- mbedtls_blowfish_free( &ctx );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void blowfish_encrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst,
- int cbc_result )
-{
- unsigned char output[100];
- mbedtls_blowfish_context ctx;
-
- memset(output, 0x00, 100);
- mbedtls_blowfish_init( &ctx );
-
-
- mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
-
- TEST_ASSERT( mbedtls_blowfish_crypt_cbc( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len , iv_str->x, src_str->x, output ) == cbc_result );
- if( cbc_result == 0 )
- {
-
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
- src_str->len, dst->len ) == 0 );
- }
-
-exit:
- mbedtls_blowfish_free( &ctx );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void blowfish_decrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst,
- int cbc_result )
-{
- unsigned char output[100];
- mbedtls_blowfish_context ctx;
-
- memset(output, 0x00, 100);
- mbedtls_blowfish_init( &ctx );
-
-
- mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
- TEST_ASSERT( mbedtls_blowfish_crypt_cbc( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len , iv_str->x, src_str->x, output ) == cbc_result );
- if( cbc_result == 0)
- {
-
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
- dst->len ) == 0 );
- }
-
-exit:
- mbedtls_blowfish_free( &ctx );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void blowfish_encrypt_cfb64( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst )
-{
- unsigned char output[100];
- mbedtls_blowfish_context ctx;
- size_t iv_offset = 0;
-
- memset(output, 0x00, 100);
- mbedtls_blowfish_init( &ctx );
-
-
- mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
- TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
-
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
- dst->len ) == 0 );
-
-exit:
- mbedtls_blowfish_free( &ctx );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void blowfish_decrypt_cfb64( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst )
-{
- unsigned char output[100];
- mbedtls_blowfish_context ctx;
- size_t iv_offset = 0;
-
- memset(output, 0x00, 100);
- mbedtls_blowfish_init( &ctx );
-
-
- mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
- TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
-
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
- dst->len ) == 0 );
-
-exit:
- mbedtls_blowfish_free( &ctx );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */
-void blowfish_encrypt_ctr( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst )
-{
- unsigned char stream_str[100];
- unsigned char output[100];
- mbedtls_blowfish_context ctx;
- size_t iv_offset = 0;
-
- memset(stream_str, 0x00, 100);
- memset(output, 0x00, 100);
- mbedtls_blowfish_init( &ctx );
-
-
- mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
- TEST_ASSERT( mbedtls_blowfish_crypt_ctr( &ctx, src_str->len, &iv_offset, iv_str->x, stream_str, src_str->x, output ) == 0 );
-
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
- dst->len ) == 0 );
-
-exit:
- mbedtls_blowfish_free( &ctx );
-}
-/* END_CASE */
diff --git a/tests/suites/test_suite_camellia.data b/tests/suites/test_suite_camellia.data
index 3d11b8c..3f73abc 100644
--- a/tests/suites/test_suite_camellia.data
+++ b/tests/suites/test_suite_camellia.data
@@ -1,6 +1,3 @@
-Camellia - Valid parameters
-camellia_valid_param:
-
Camellia - Invalid parameters
camellia_invalid_param:
diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function
index 312495c..cc18d5b 100644
--- a/tests/suites/test_suite_camellia.function
+++ b/tests/suites/test_suite_camellia.function
@@ -7,167 +7,37 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE */
-void camellia_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_camellia_free( NULL ) );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE depends_on:NOT_DEFINED */
void camellia_invalid_param( )
{
mbedtls_camellia_context ctx;
unsigned char buf[16] = { 0 };
- const size_t valid_keybits = 128;
const int invalid_mode = 42;
- const int valid_mode = MBEDTLS_CAMELLIA_ENCRYPT;
size_t off;
((void) off);
- TEST_INVALID_PARAM( mbedtls_camellia_init( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_setkey_enc( NULL,
- buf,
- valid_keybits ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_setkey_enc( &ctx,
- NULL,
- valid_keybits ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_setkey_dec( NULL,
- buf,
- valid_keybits ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_setkey_dec( &ctx,
- NULL,
- valid_keybits ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ecb( NULL,
- valid_mode,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
mbedtls_camellia_crypt_ecb( &ctx,
invalid_mode,
buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ecb( &ctx,
- valid_mode,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ecb( &ctx,
- valid_mode,
- buf, NULL ) );
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cbc( NULL,
- valid_mode,
- sizeof( buf ),
- buf, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
mbedtls_camellia_crypt_cbc( &ctx,
invalid_mode,
sizeof( buf ),
buf, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cbc( &ctx,
- valid_mode,
- sizeof( buf ),
- NULL, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cbc( &ctx,
- valid_mode,
- sizeof( buf ),
- buf, NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cbc( &ctx,
- valid_mode,
- sizeof( buf ),
- buf, buf, NULL ) );
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cfb128( NULL,
- valid_mode,
- sizeof( buf ),
- &off, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
mbedtls_camellia_crypt_cfb128( &ctx,
invalid_mode,
sizeof( buf ),
&off, buf,
buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cfb128( &ctx,
- valid_mode,
- sizeof( buf ),
- NULL, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cfb128( &ctx,
- valid_mode,
- sizeof( buf ),
- &off, NULL,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cfb128( &ctx,
- valid_mode,
- sizeof( buf ),
- &off, buf,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cfb128( &ctx,
- valid_mode,
- sizeof( buf ),
- &off, buf,
- buf, NULL ) );
#endif /* MBEDTLS_CIPHER_MODE_CFB */
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ctr( NULL,
- sizeof( buf ),
- &off,
- buf, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ctr( &ctx,
- sizeof( buf ),
- NULL,
- buf, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- NULL, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- buf, NULL,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- buf, buf,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- buf, buf,
- buf, NULL ) );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
exit:
return;
}
diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index 4f83468..a14d4be 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -1,12 +1,6 @@
CCM self test
mbedtls_ccm_self_test:
-CCM - Invalid parameters
-ccm_invalid_param:
-
-CCM - Valid parameters
-ccm_valid_param:
-
CCM init #1 AES-128: OK
depends_on:MBEDTLS_AES_C
mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_AES:128:0
@@ -19,9 +13,9 @@
depends_on:MBEDTLS_AES_C
mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_AES:224:MBEDTLS_ERR_CCM_BAD_INPUT
-CCM init #4 BLOWFISH-128: bad block size
-depends_on:MBEDTLS_BLOWFISH_C
-mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_BLOWFISH:128:MBEDTLS_ERR_CCM_BAD_INPUT
+CCM init #4 DES: bad block size
+depends_on:MBEDTLS_DES_C
+mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_DES:128:MBEDTLS_ERR_CCM_BAD_INPUT
CCM lengths #1 all OK
ccm_lengths:5:10:5:8:0
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 5a3726e..840583c 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -291,216 +291,3 @@
mbedtls_ccm_free( &ctx );
}
/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void ccm_invalid_param( )
-{
- struct mbedtls_ccm_context ctx;
- unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
- mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES;
- int valid_len = sizeof(valid_buffer);
- int valid_bitlen = valid_len * 8;
-
- mbedtls_ccm_init( &ctx );
-
- /* mbedtls_ccm_init() */
- TEST_INVALID_PARAM( mbedtls_ccm_init( NULL ) );
-
- /* mbedtls_ccm_setkey() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_setkey( NULL, valid_cipher, valid_buffer, valid_bitlen ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_setkey( &ctx, valid_cipher, NULL, valid_bitlen ) );
-
- /* mbedtls_ccm_encrypt_and_tag() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_encrypt_and_tag( NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, NULL,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- NULL, valid_len ) );
-
- /* mbedtls_ccm_star_encrypt_and_tag() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_encrypt_and_tag( NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, NULL,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- NULL, valid_len ) );
-
- /* mbedtls_ccm_auth_decrypt() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_auth_decrypt( NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_auth_decrypt( &ctx, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, NULL,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- NULL, valid_len ) );
-
- /* mbedtls_ccm_star_auth_decrypt() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_auth_decrypt( NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, NULL,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- NULL, valid_len ) );
-
-exit:
- mbedtls_ccm_free( &ctx );
- return;
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void ccm_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_ccm_free( NULL ) );
-exit:
- return;
-}
-/* END_CASE */
diff --git a/tests/suites/test_suite_chacha20.data b/tests/suites/test_suite_chacha20.data
index 3f9033e..8609460 100644
--- a/tests/suites/test_suite_chacha20.data
+++ b/tests/suites/test_suite_chacha20.data
@@ -22,8 +22,5 @@
ChaCha20 RFC 7539 Test Vector #3 (Decrypt)
chacha20_crypt:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000000000000000002":42:"62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1":"2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e"
-ChaCha20 Paremeter Validation
-chacha20_bad_params:
-
ChaCha20 Selftest
chacha20_self_test:
diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function
index 67c8de2..9afadb7 100644
--- a/tests/suites/test_suite_chacha20.function
+++ b/tests/suites/test_suite_chacha20.function
@@ -66,52 +66,6 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void chacha20_bad_params()
-{
- unsigned char key[32];
- unsigned char nonce[12];
- unsigned char src[1];
- unsigned char dst[1];
- uint32_t counter = 0;
- size_t len = sizeof( src );
- mbedtls_chacha20_context ctx;
-
- TEST_INVALID_PARAM( mbedtls_chacha20_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_chacha20_free( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_setkey( NULL, key ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_setkey( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_starts( NULL, nonce, counter ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_starts( &ctx, NULL, counter ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_update( NULL, 0, src, dst ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_update( &ctx, len, NULL, dst ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_update( &ctx, len, src, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_crypt( NULL, nonce, counter, 0, src, dst ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_crypt( key, NULL, counter, 0, src, dst ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_crypt( key, nonce, counter, len, NULL, dst ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_crypt( key, nonce, counter, len, src, NULL ) );
-
-exit:
- return;
-
-}
-/* END_CASE */
-
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void chacha20_self_test()
{
diff --git a/tests/suites/test_suite_chachapoly.data b/tests/suites/test_suite_chachapoly.data
index 34cb568..02c7bf3 100644
--- a/tests/suites/test_suite_chachapoly.data
+++ b/tests/suites/test_suite_chachapoly.data
@@ -19,9 +19,6 @@
ChaCha20-Poly1305 State Flow
chachapoly_state:
-ChaCha20-Poly1305 Parameter Validation
-chachapoly_bad_params:
-
ChaCha20-Poly1305 Selftest
depends_on:MBEDTLS_SELF_TEST
chachapoly_selftest:
diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function
index 96128e4..2e1e7b2 100644
--- a/tests/suites/test_suite_chachapoly.function
+++ b/tests/suites/test_suite_chachapoly.function
@@ -66,137 +66,6 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void chachapoly_bad_params()
-{
- unsigned char key[32];
- unsigned char nonce[12];
- unsigned char aad[1];
- unsigned char input[1];
- unsigned char output[1];
- unsigned char mac[16];
- size_t input_len = sizeof( input );
- size_t aad_len = sizeof( aad );
- mbedtls_chachapoly_context ctx;
-
- memset( key, 0x00, sizeof( key ) );
- memset( nonce, 0x00, sizeof( nonce ) );
- memset( aad, 0x00, sizeof( aad ) );
- memset( input, 0x00, sizeof( input ) );
- memset( output, 0x00, sizeof( output ) );
- memset( mac, 0x00, sizeof( mac ) );
-
- TEST_INVALID_PARAM( mbedtls_chachapoly_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_chachapoly_free( NULL ) );
-
- /* setkey */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_setkey( NULL, key ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_setkey( &ctx, NULL ) );
-
- /* encrypt_and_tag */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_encrypt_and_tag( NULL,
- 0, nonce,
- aad, 0,
- input, output, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_encrypt_and_tag( &ctx,
- 0, NULL,
- aad, 0,
- input, output, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_encrypt_and_tag( &ctx,
- 0, nonce,
- NULL, aad_len,
- input, output, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_encrypt_and_tag( &ctx,
- input_len, nonce,
- aad, 0,
- NULL, output, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_encrypt_and_tag( &ctx,
- input_len, nonce,
- aad, 0,
- input, NULL, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_encrypt_and_tag( &ctx,
- 0, nonce,
- aad, 0,
- input, output, NULL ) );
-
- /* auth_decrypt */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_auth_decrypt( NULL,
- 0, nonce,
- aad, 0,
- mac, input, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_auth_decrypt( &ctx,
- 0, NULL,
- aad, 0,
- mac, input, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_auth_decrypt( &ctx,
- 0, nonce,
- NULL, aad_len,
- mac, input, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_auth_decrypt( &ctx,
- 0, nonce,
- aad, 0,
- NULL, input, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_auth_decrypt( &ctx,
- input_len, nonce,
- aad, 0,
- mac, NULL, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_auth_decrypt( &ctx,
- input_len, nonce,
- aad, 0,
- mac, input, NULL ) );
-
- /* starts */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_starts( NULL, nonce,
- MBEDTLS_CHACHAPOLY_ENCRYPT ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_starts( &ctx, NULL,
- MBEDTLS_CHACHAPOLY_ENCRYPT ) );
-
- /* update_aad */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_update_aad( NULL, aad,
- aad_len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_update_aad( &ctx, NULL,
- aad_len ) );
-
- /* update */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_update( NULL, input_len,
- input, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_update( &ctx, input_len,
- NULL, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_update( &ctx, input_len,
- input, NULL ) );
-
- /* finish */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_finish( NULL, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_finish( &ctx, NULL ) );
-
-exit:
- return;
-}
-/* END_CASE */
-
/* BEGIN_CASE */
void chachapoly_state()
{
diff --git a/tests/suites/test_suite_cipher.arc4.data b/tests/suites/test_suite_cipher.arc4.data
deleted file mode 100644
index 7a47373..0000000
--- a/tests/suites/test_suite_cipher.arc4.data
+++ /dev/null
@@ -1,107 +0,0 @@
-ARC4 Decrypt empty buffer
-depends_on:MBEDTLS_ARC4_C
-dec_empty_buf:MBEDTLS_CIPHER_ARC4_128:0:0
-
-ARC4 Encrypt and decrypt 0 bytes
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:0:-1
-
-ARC4 Encrypt and decrypt 1 byte
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:1:-1
-
-ARC4 Encrypt and decrypt 2 bytes
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:2:-1
-
-ARC4 Encrypt and decrypt 7 bytes
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:7:-1
-
-ARC4 Encrypt and decrypt 8 bytes
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:8:-1
-
-ARC4 Encrypt and decrypt 9 bytes
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:9:-1
-
-ARC4 Encrypt and decrypt 15 bytes
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:15:-1
-
-ARC4 Encrypt and decrypt 16 bytes
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:16:-1
-
-ARC4 Encrypt and decrypt 17 bytes
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:17:-1
-
-ARC4 Encrypt and decrypt 31 bytes
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:31:-1
-
-ARC4 Encrypt and decrypt 32 bytes [#1]
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:32:-1
-
-ARC4 Encrypt and decrypt 32 bytes [#2]
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:33:-1
-
-ARC4 Encrypt and decrypt 47 bytes
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:47:-1
-
-ARC4 Encrypt and decrypt 48 bytes
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:48:-1
-
-ARC4 Encrypt and decrypt 49 bytes
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:49:-1
-
-ARC4 Encrypt and decrypt 0 bytes in multiple parts
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:0:-1:0:0:0:0
-
-ARC4 Encrypt and decrypt 1 bytes in multiple parts 1
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:1:0:-1:1:0:1:0
-
-ARC4 Encrypt and decrypt 1 bytes in multiple parts 2
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:1:-1:0:1:0:1
-
-ARC4 Encrypt and decrypt 16 bytes in multiple parts 1
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:0:-1:16:0:16:0
-
-ARC4 Encrypt and decrypt 16 bytes in multiple parts 2
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:16:-1:0:16:0:16
-
-ARC4 Encrypt and decrypt 16 bytes in multiple parts 3
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:1:15:-1:1:15:1:15
-
-ARC4 Encrypt and decrypt 16 bytes in multiple parts 4
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:15:1:-1:15:1:15:1
-
-ARC4 Encrypt and decrypt 22 bytes in multiple parts 1 [#1]
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:15:7:-1:15:7:15:7
-
-ARC4 Encrypt and decrypt 22 bytes in multiple parts 1 [#2]
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:6:-1:16:6:16:6
-
-ARC4 Encrypt and decrypt 22 bytes in multiple parts 1 [#3]
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:17:6:-1:17:6:17:6
-
-ARC4 Encrypt and decrypt 32 bytes in multiple parts 1
-depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:16:-1:16:16:16:16
diff --git a/tests/suites/test_suite_cipher.blowfish.data b/tests/suites/test_suite_cipher.blowfish.data
deleted file mode 100644
index a05a4e7..0000000
--- a/tests/suites/test_suite_cipher.blowfish.data
+++ /dev/null
@@ -1,607 +0,0 @@
-BLOWFISH CBC Decrypt empty buffer
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-dec_empty_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:0:0
-
-BLOWFISH Encrypt and decrypt 0 bytes [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:-1
-
-BLOWFISH Encrypt and decrypt 1 byte [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:1:-1
-
-BLOWFISH Encrypt and decrypt 2 bytes [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:2:-1
-
-BLOWFISH Encrypt and decrypt 7 bytes [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:7:-1
-
-BLOWFISH Encrypt and decrypt 8 bytes [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:-1
-
-BLOWFISH Encrypt and decrypt 9 bytes [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:9:-1
-
-BLOWFISH Encrypt and decrypt 15 bytes [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:15:-1
-
-BLOWFISH Encrypt and decrypt 16 bytes [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:-1
-
-BLOWFISH Encrypt and decrypt 17 bytes [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:17:-1
-
-BLOWFISH Encrypt and decrypt 31 bytes [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:31:-1
-
-BLOWFISH Encrypt and decrypt 32 bytes [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:-1
-
-BLOWFISH Encrypt and decrypt 32 bytes [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:33:-1
-
-BLOWFISH Encrypt and decrypt 47 bytes [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:47:-1
-
-BLOWFISH Encrypt and decrypt 48 bytes [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:-1
-
-BLOWFISH Encrypt and decrypt 49 bytes [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:49:-1
-
-BLOWFISH Encrypt and decrypt 0 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:MBEDTLS_PADDING_ONE_AND_ZEROS
-
-BLOWFISH Encrypt and decrypt 1 byte with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:1:MBEDTLS_PADDING_ONE_AND_ZEROS
-
-BLOWFISH Encrypt and decrypt 2 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:2:MBEDTLS_PADDING_ONE_AND_ZEROS
-
-BLOWFISH Encrypt and decrypt 7 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:7:MBEDTLS_PADDING_ONE_AND_ZEROS
-
-BLOWFISH Encrypt and decrypt 8 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:MBEDTLS_PADDING_ONE_AND_ZEROS
-
-BLOWFISH Encrypt and decrypt 9 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:9:MBEDTLS_PADDING_ONE_AND_ZEROS
-
-BLOWFISH Encrypt and decrypt 15 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:15:MBEDTLS_PADDING_ONE_AND_ZEROS
-
-BLOWFISH Encrypt and decrypt 16 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:MBEDTLS_PADDING_ONE_AND_ZEROS
-
-BLOWFISH Encrypt and decrypt 17 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:17:MBEDTLS_PADDING_ONE_AND_ZEROS
-
-BLOWFISH Encrypt and decrypt 31 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:31:MBEDTLS_PADDING_ONE_AND_ZEROS
-
-BLOWFISH Encrypt and decrypt 32 bytes with one and zeros padding [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:MBEDTLS_PADDING_ONE_AND_ZEROS
-
-BLOWFISH Encrypt and decrypt 32 bytes with one and zeros padding [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:33:MBEDTLS_PADDING_ONE_AND_ZEROS
-
-BLOWFISH Encrypt and decrypt 47 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:47:MBEDTLS_PADDING_ONE_AND_ZEROS
-
-BLOWFISH Encrypt and decrypt 48 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:MBEDTLS_PADDING_ONE_AND_ZEROS
-
-BLOWFISH Encrypt and decrypt 49 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:49:MBEDTLS_PADDING_ONE_AND_ZEROS
-
-BLOWFISH Encrypt and decrypt 0 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:MBEDTLS_PADDING_ZEROS_AND_LEN
-
-BLOWFISH Encrypt and decrypt 1 byte with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:1:MBEDTLS_PADDING_ZEROS_AND_LEN
-
-BLOWFISH Encrypt and decrypt 2 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:2:MBEDTLS_PADDING_ZEROS_AND_LEN
-
-BLOWFISH Encrypt and decrypt 7 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:7:MBEDTLS_PADDING_ZEROS_AND_LEN
-
-BLOWFISH Encrypt and decrypt 8 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:MBEDTLS_PADDING_ZEROS_AND_LEN
-
-BLOWFISH Encrypt and decrypt 9 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:9:MBEDTLS_PADDING_ZEROS_AND_LEN
-
-BLOWFISH Encrypt and decrypt 15 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:15:MBEDTLS_PADDING_ZEROS_AND_LEN
-
-BLOWFISH Encrypt and decrypt 16 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:MBEDTLS_PADDING_ZEROS_AND_LEN
-
-BLOWFISH Encrypt and decrypt 17 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:17:MBEDTLS_PADDING_ZEROS_AND_LEN
-
-BLOWFISH Encrypt and decrypt 31 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:31:MBEDTLS_PADDING_ZEROS_AND_LEN
-
-BLOWFISH Encrypt and decrypt 32 bytes with zeros and len padding [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:MBEDTLS_PADDING_ZEROS_AND_LEN
-
-BLOWFISH Encrypt and decrypt 32 bytes with zeros and len padding [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:33:MBEDTLS_PADDING_ZEROS_AND_LEN
-
-BLOWFISH Encrypt and decrypt 47 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:47:MBEDTLS_PADDING_ZEROS_AND_LEN
-
-BLOWFISH Encrypt and decrypt 48 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:MBEDTLS_PADDING_ZEROS_AND_LEN
-
-BLOWFISH Encrypt and decrypt 49 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:49:MBEDTLS_PADDING_ZEROS_AND_LEN
-
-BLOWFISH Encrypt and decrypt 0 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:MBEDTLS_PADDING_ZEROS
-
-BLOWFISH Encrypt and decrypt 1 byte with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:1:MBEDTLS_PADDING_ZEROS
-
-BLOWFISH Encrypt and decrypt 2 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:2:MBEDTLS_PADDING_ZEROS
-
-BLOWFISH Encrypt and decrypt 7 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:7:MBEDTLS_PADDING_ZEROS
-
-BLOWFISH Encrypt and decrypt 8 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:MBEDTLS_PADDING_ZEROS
-
-BLOWFISH Encrypt and decrypt 9 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:9:MBEDTLS_PADDING_ZEROS
-
-BLOWFISH Encrypt and decrypt 15 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:15:MBEDTLS_PADDING_ZEROS
-
-BLOWFISH Encrypt and decrypt 16 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:MBEDTLS_PADDING_ZEROS
-
-BLOWFISH Encrypt and decrypt 17 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:17:MBEDTLS_PADDING_ZEROS
-
-BLOWFISH Encrypt and decrypt 31 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:31:MBEDTLS_PADDING_ZEROS
-
-BLOWFISH Encrypt and decrypt 32 bytes with zeros padding [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:MBEDTLS_PADDING_ZEROS
-
-BLOWFISH Encrypt and decrypt 32 bytes with zeros padding [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:33:MBEDTLS_PADDING_ZEROS
-
-BLOWFISH Encrypt and decrypt 47 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:47:MBEDTLS_PADDING_ZEROS
-
-BLOWFISH Encrypt and decrypt 48 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:MBEDTLS_PADDING_ZEROS
-
-BLOWFISH Encrypt and decrypt 49 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:49:MBEDTLS_PADDING_ZEROS
-
-BLOWFISH Encrypt and decrypt 0 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:MBEDTLS_PADDING_NONE
-
-BLOWFISH Encrypt and decrypt 8 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:MBEDTLS_PADDING_NONE
-
-BLOWFISH Encrypt and decrypt 16 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:MBEDTLS_PADDING_NONE
-
-BLOWFISH Encrypt and decrypt 32 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:MBEDTLS_PADDING_NONE
-
-BLOWFISH Encrypt and decrypt 48 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:MBEDTLS_PADDING_NONE
-
-BLOWFISH Try encrypting 1 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:1:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-
-BLOWFISH Try encrypting 2 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:2:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-
-BLOWFISH Try encrypting 7 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:7:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-
-BLOWFISH Try encrypting 9 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:9:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-
-BLOWFISH Try encrypting 15 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:15:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-
-BLOWFISH Try encrypting 17 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:17:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-
-BLOWFISH Try encrypting 31 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:31:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-
-BLOWFISH Try encrypting 33 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:33:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-
-BLOWFISH Try encrypting 47 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:47:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-
-BLOWFISH Try encrypting 49 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:49:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-
-BLOWFISH Encrypt and decrypt 0 bytes in multiple parts [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:0:-1:0:0:0:0
-
-BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 1 [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:1:0:-1:0:0:0:0
-
-BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 2 [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:1:-1:0:0:0:0
-
-BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 1 [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:0:-1:16:0:8:8
-
-BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 2 [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:16:-1:0:16:0:16
-
-BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 3 [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:1:15:-1:0:16:0:16
-
-BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 4 [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:15:1:-1:8:8:8:8
-
-BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:15:7:-1:8:8:8:8
-
-BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:6:-1:16:0:8:8
-
-BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:17:6:-1:16:0:16:0
-
-BLOWFISH Encrypt and decrypt 32 bytes in multiple parts 1 [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:16:-1:16:16:8:24
-
-BLOWFISH Encrypt and decrypt 0 bytes [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:0:-1
-
-BLOWFISH Encrypt and decrypt 1 byte [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:1:-1
-
-BLOWFISH Encrypt and decrypt 2 bytes [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:2:-1
-
-BLOWFISH Encrypt and decrypt 7 bytes [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:7:-1
-
-BLOWFISH Encrypt and decrypt 8 bytes [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:8:-1
-
-BLOWFISH Encrypt and decrypt 9 bytes [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:9:-1
-
-BLOWFISH Encrypt and decrypt 15 bytes [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:15:-1
-
-BLOWFISH Encrypt and decrypt 16 bytes [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:16:-1
-
-BLOWFISH Encrypt and decrypt 17 bytes [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:17:-1
-
-BLOWFISH Encrypt and decrypt 31 bytes [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:31:-1
-
-BLOWFISH Encrypt and decrypt 32 bytes [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:32:-1
-
-BLOWFISH Encrypt and decrypt 32 bytes [#4]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:33:-1
-
-BLOWFISH Encrypt and decrypt 47 bytes [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:47:-1
-
-BLOWFISH Encrypt and decrypt 48 bytes [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:48:-1
-
-BLOWFISH Encrypt and decrypt 49 bytes [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:49:-1
-
-BLOWFISH Encrypt and decrypt 0 bytes in multiple parts [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:0:-1:0:0:0:0
-
-BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 1 [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:1:0:-1:1:0:1:0
-
-BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 2 [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:1:-1:0:1:0:1
-
-BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 1 [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:0:-1:16:0:16:0
-
-BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 2 [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:16:-1:0:16:0:16
-
-BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 3 [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:1:15:-1:1:15:1:15
-
-BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 4 [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:15:1:-1:15:1:15:1
-
-BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#4]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:15:7:-1:15:7:15:7
-
-BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#5]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:6:-1:16:6:16:6
-
-BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#6]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:17:6:-1:17:6:17:6
-
-BLOWFISH Encrypt and decrypt 32 bytes in multiple parts 1 [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:16:-1:16:16:16:16
-
-BLOWFISH Encrypt and decrypt 0 bytes [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:0:-1
-
-BLOWFISH Encrypt and decrypt 1 byte [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:1:-1
-
-BLOWFISH Encrypt and decrypt 2 bytes [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:2:-1
-
-BLOWFISH Encrypt and decrypt 7 bytes [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:7:-1
-
-BLOWFISH Encrypt and decrypt 8 bytes [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:8:-1
-
-BLOWFISH Encrypt and decrypt 9 bytes [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:9:-1
-
-BLOWFISH Encrypt and decrypt 15 bytes [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:15:-1
-
-BLOWFISH Encrypt and decrypt 16 bytes [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:16:-1
-
-BLOWFISH Encrypt and decrypt 17 bytes [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:17:-1
-
-BLOWFISH Encrypt and decrypt 31 bytes [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:31:-1
-
-BLOWFISH Encrypt and decrypt 32 bytes [#5]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:32:-1
-
-BLOWFISH Encrypt and decrypt 32 bytes [#6]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:33:-1
-
-BLOWFISH Encrypt and decrypt 47 bytes [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:47:-1
-
-BLOWFISH Encrypt and decrypt 48 bytes [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:48:-1
-
-BLOWFISH Encrypt and decrypt 49 bytes [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:49:-1
-
-BLOWFISH Encrypt and decrypt 0 bytes in multiple parts [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:0:-1:0:0:0:0
-
-BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 1 [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:1:0:-1:1:0:1:0
-
-BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 2 [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:1:-1:0:1:0:1
-
-BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 1 [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:0:-1:16:0:16:0
-
-BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 2 [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:16:-1:0:16:0:16
-
-BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 3 [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:1:15:-1:1:15:1:15
-
-BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 4 [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:15:1:-1:15:1:15:1
-
-BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#7]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:15:7:-1:15:7:15:7
-
-BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#8]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:6:-1:16:6:16:6
-
-BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#9]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:17:6:-1:17:6:17:6
-
-BLOWFISH Encrypt and decrypt 32 bytes in multiple parts 1 [#3]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:16:-1:16:16:16:16
-
-BLOWFISH CBC Encrypt and decrypt 7 bytes, 192-bits key
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":192:7:-1
-
-BLOWFISH CTR Encrypt and decrypt 7 bytes, 192-bits key
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":192:7:-1
-
-BLOWFISH CFB64 Encrypt and decrypt 7 bytes, 192-bits key
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":192:7:-1
-
-BLOWFISH ECB Encrypt test vector (SSLeay) #1
-depends_on:MBEDTLS_BLOWFISH_C
-test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"0000000000000000":"4ef997456198dd78":0
-
-BLOWFISH ECB Encrypt test vector (SSLeay) #2
-depends_on:MBEDTLS_BLOWFISH_C
-test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffff":"ffffffffffffffff":"51866fd5b85ecb8a":0
-
-BLOWFISH ECB Encrypt test vector (SSLeay) #3
-depends_on:MBEDTLS_BLOWFISH_C
-test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_ENCRYPT:"fedcba9876543210fedcba9876543210":"0123456789abcdef":"0aceab0fc6a0a28d":0
-
-BLOWFISH ECB Encrypt test vector (SSLeay) #3, 64-bit key
-depends_on:MBEDTLS_BLOWFISH_C
-test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_ENCRYPT:"fedcba9876543210":"0123456789abcdef":"0aceab0fc6a0a28d":0
-
-BLOWFISH ECB Encrypt test vector (SSLeay) #3, 192-bit key
-depends_on:MBEDTLS_BLOWFISH_C
-test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_ENCRYPT:"fedcba9876543210fedcba9876543210fedcba9876543210":"0123456789abcdef":"0aceab0fc6a0a28d":0
-
-BLOWFISH ECB Decrypt test vector (SSLeay) #1
-depends_on:MBEDTLS_BLOWFISH_C
-test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"4ef997456198dd78":"0000000000000000":0
-
-BLOWFISH ECB Decrypt test vector (SSLeay) #2
-depends_on:MBEDTLS_BLOWFISH_C
-test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_DECRYPT:"ffffffffffffffffffffffffffffffff":"51866fd5b85ecb8a":"ffffffffffffffff":0
-
-BLOWFISH ECB Decrypt test vector (SSLeay) #3
-depends_on:MBEDTLS_BLOWFISH_C
-test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_DECRYPT:"3849674c2602319e3849674c2602319e":"a25e7856cf2651eb":"51454b582ddf440a":0
-
-BLOWFISH ECB Decrypt test vector (SSLeay) #3, 64-bit key
-depends_on:MBEDTLS_BLOWFISH_C
-test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_DECRYPT:"3849674c2602319e":"a25e7856cf2651eb":"51454b582ddf440a":0
-
-BLOWFISH ECB Decrypt test vector (SSLeay) #3, 192-bit key
-depends_on:MBEDTLS_BLOWFISH_C
-test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_DECRYPT:"3849674c2602319e3849674c2602319e3849674c2602319e":"a25e7856cf2651eb":"51454b582ddf440a":0
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 3d3f6a3..674349f 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -207,327 +207,27 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE depends_on:NOT_DEFINED */
void cipher_invalid_param_conditional( )
{
mbedtls_cipher_context_t valid_ctx;
- mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT;
mbedtls_operation_t invalid_operation = 100;
- mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS;
unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
int valid_size = sizeof(valid_buffer);
int valid_bitlen = valid_size * 8;
const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type(
*( mbedtls_cipher_list() ) );
- size_t size_t_var;
-
- (void)valid_mode; /* In some configurations this is unused */
-
- /* mbedtls_cipher_init() */
- TEST_VALID_PARAM( mbedtls_cipher_init( &valid_ctx ) );
- TEST_INVALID_PARAM( mbedtls_cipher_init( NULL ) );
-
- /* mbedtls_cipher_setup() */
- TEST_VALID_PARAM( mbedtls_cipher_setup( &valid_ctx, valid_info ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_setup( NULL, valid_info ) );
-
- /* mbedtls_cipher_get_block_size() */
- TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_block_size( NULL ) );
-
- /* mbedtls_cipher_get_cipher_mode() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_MODE_NONE,
- mbedtls_cipher_get_cipher_mode( NULL ) );
-
- /* mbedtls_cipher_get_iv_size() */
- TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_iv_size( NULL ) );
-
- /* mbedtls_cipher_get_type() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_CIPHER_NONE,
- mbedtls_cipher_get_type( NULL ) );
-
- /* mbedtls_cipher_get_name() */
- TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_name( NULL ) );
-
- /* mbedtls_cipher_get_key_bitlen() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_KEY_LENGTH_NONE,
- mbedtls_cipher_get_key_bitlen( NULL ) );
-
- /* mbedtls_cipher_get_operation() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_OPERATION_NONE,
- mbedtls_cipher_get_operation( NULL ) );
-
- /* mbedtls_cipher_setkey() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_setkey( NULL,
- valid_buffer,
- valid_bitlen,
- valid_operation ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_setkey( &valid_ctx,
- NULL,
- valid_bitlen,
- valid_operation ) );
- TEST_INVALID_PARAM_RET(
+ TEST_EQUAL(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
mbedtls_cipher_setkey( &valid_ctx,
valid_buffer,
valid_bitlen,
invalid_operation ) );
- /* mbedtls_cipher_set_iv() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_set_iv( NULL,
- valid_buffer,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_set_iv( &valid_ctx,
- NULL,
- valid_size ) );
-
- /* mbedtls_cipher_reset() */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_reset( NULL ) );
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- /* mbedtls_cipher_update_ad() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_update_ad( NULL,
- valid_buffer,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_update_ad( &valid_ctx,
- NULL,
- valid_size ) );
-#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
- /* mbedtls_cipher_set_padding_mode() */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_set_padding_mode( NULL, valid_mode ) );
-#endif
-
- /* mbedtls_cipher_update() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_update( NULL,
- valid_buffer,
- valid_size,
- valid_buffer,
- &size_t_var ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_update( &valid_ctx,
- NULL, valid_size,
- valid_buffer,
- &size_t_var ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_update( &valid_ctx,
- valid_buffer, valid_size,
- NULL,
- &size_t_var ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_update( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer,
- NULL ) );
-
- /* mbedtls_cipher_finish() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_finish( NULL,
- valid_buffer,
- &size_t_var ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_finish( &valid_ctx,
- NULL,
- &size_t_var ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_finish( &valid_ctx,
- valid_buffer,
- NULL ) );
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- /* mbedtls_cipher_write_tag() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_write_tag( NULL,
- valid_buffer,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_write_tag( &valid_ctx,
- NULL,
- valid_size ) );
-
- /* mbedtls_cipher_check_tag() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_check_tag( NULL,
- valid_buffer,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_check_tag( &valid_ctx,
- NULL,
- valid_size ) );
-#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
-
- /* mbedtls_cipher_crypt() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_crypt( NULL,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_crypt( &valid_ctx,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_crypt( &valid_ctx,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, &size_t_var ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_crypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, &size_t_var ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_crypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, NULL ) );
-
-#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
- /* mbedtls_cipher_auth_encrypt_ext */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt_ext( NULL,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, NULL,
- valid_size ) );
-
- /* mbedtls_cipher_auth_decrypt_ext */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt_ext( NULL,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, NULL,
- valid_size ) );
-#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */
-
- /* mbedtls_cipher_free() */
- TEST_VALID_PARAM( mbedtls_cipher_free( NULL ) );
exit:
- TEST_VALID_PARAM( mbedtls_cipher_free( &valid_ctx ) );
+ ;
}
/* END_CASE */
diff --git a/tests/suites/test_suite_cipher.padding.data b/tests/suites/test_suite_cipher.padding.data
index dc4c9d7..0370fb3 100644
--- a/tests/suites/test_suite_cipher.padding.data
+++ b/tests/suites/test_suite_cipher.padding.data
@@ -29,18 +29,6 @@
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
set_padding:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_PKCS7:0
-Set padding with BLOWFISH-CBC
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-set_padding:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_PKCS7:0
-
-Set padding with BLOWFISH-CFB
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-set_padding:MBEDTLS_CIPHER_BLOWFISH_CFB64:MBEDTLS_PADDING_PKCS7:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
-
-Set padding with BLOWFISH-CTR
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-set_padding:MBEDTLS_CIPHER_BLOWFISH_CTR:MBEDTLS_PADDING_PKCS7:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
-
Set padding with NULL
depends_on:MBEDTLS_CIPHER_NULL_CIPHER
set_padding:MBEDTLS_CIPHER_NULL:MBEDTLS_PADDING_PKCS7:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
@@ -57,10 +45,6 @@
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
set_padding:MBEDTLS_CIPHER_DES_CBC:-1:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
-Set non-existent padding with BLOWFISH-CBC
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
-set_padding:MBEDTLS_CIPHER_BLOWFISH_CBC:-1:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
-
Check PKCS padding #1 (correct)
depends_on:MBEDTLS_CIPHER_PADDING_PKCS7
check_padding:MBEDTLS_PADDING_PKCS7:"DABBAD0004040404":0:4
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index c3ffe3b..a46f21c 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -288,7 +288,7 @@
/* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT).
* Make sure it's detected as an error and doesn't cause memory
* corruption. */
- TEST_ASSERT( mbedtls_ctr_drbg_update_ret(
+ TEST_ASSERT( mbedtls_ctr_drbg_update(
&ctx, entropy, sizeof( entropy ) ) != 0 );
/* Now enable PR, so the next few calls should all reseed */
diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data
index 0935c12..4a1a1be 100644
--- a/tests/suites/test_suite_debug.data
+++ b/tests/suites/test_suite_debug.data
@@ -37,6 +37,27 @@
Debug print buffer #5
mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n"
+Debug print mbedtls_mpi: 0 (empty representation)
+mbedtls_debug_print_mpi:16:"":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n"
+
+Debug print mbedtls_mpi: 0 (non-empty representation)
+mbedtls_debug_print_mpi:16:"00000000000000":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n"
+
+Debug print mbedtls_mpi #2: 3 bits
+mbedtls_debug_print_mpi:16:"00000000000007":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (3 bits) is\:\nMyFile(0999)\: 07\n"
+
+Debug print mbedtls_mpi: 49 bits
+mbedtls_debug_print_mpi:16:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n"
+
+Debug print mbedtls_mpi: 759 bits
+mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000041379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (759 bits) is\:\nMyFile(0999)\: 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a 14\nMyFile(0999)\: 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90 ff\nMyFile(0999)\: e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c 09\nMyFile(0999)\: 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89 af\nMyFile(0999)\: 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b 52\nMyFile(0999)\: 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
+
+Debug print mbedtls_mpi: 764 bits #1
+mbedtls_debug_print_mpi:16:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
+
+Debug print mbedtls_mpi: 764 bits #2
+mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
+
Debug print certificate #1 (RSA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
@@ -44,21 +65,3 @@
Debug print certificate #2 (EC)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
-
-Debug print mbedtls_mpi #1
-mbedtls_debug_print_mpi:16:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n"
-
-Debug print mbedtls_mpi #2
-mbedtls_debug_print_mpi:16:"00000000000007":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (3 bits) is\:\nMyFile(0999)\: 07\n"
-
-Debug print mbedtls_mpi #3
-mbedtls_debug_print_mpi:16:"00000000000000":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n"
-
-Debug print mbedtls_mpi #4
-mbedtls_debug_print_mpi:16:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
-
-Debug print mbedtls_mpi #5
-mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
-
-Debug print mbedtls_mpi #6
-mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000041379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (759 bits) is\:\nMyFile(0999)\: 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a 14\nMyFile(0999)\: 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90 ff\nMyFile(0999)\: e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c 09\nMyFile(0999)\: 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89 af\nMyFile(0999)\: 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b 52\nMyFile(0999)\: 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index ad50e53..197a7ef 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -179,7 +179,7 @@
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &val, radix, value ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &val, radix, value ) == 0 );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data
index 33c7216..f18db2e 100644
--- a/tests/suites/test_suite_dhm.data
+++ b/tests/suites/test_suite_dhm.data
@@ -1,9 +1,6 @@
Diffie-Hellman full exchange: tiny x_size
dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622":0
-Diffie-Hellman parameter validation
-dhm_invalid_params:
-
Diffie-Hellman full exchange: 5-bit, x_size=3
dhm_do_dhm:10:"23":3:10:"5":0
@@ -73,18 +70,36 @@
Diffie-Hellman full exchange: 286-bit
dhm_do_dhm:10:"93450983094850938450983409623982317398171298719873918739182739712938719287391879381271":36:10:"9345098309485093845098340962223981329819812792137312973297123912791271":0
-Diffie-Hellman trivial subgroup #1
-dhm_do_dhm:10:"23":1:10:"1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
-
-Diffie-Hellman trivial subgroup #2
-dhm_do_dhm:10:"23":1:10:"-1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
-
Diffie-Hellman small modulus
dhm_do_dhm:10:"3":1:10:"5":MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED+MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Diffie-Hellman zero modulus
dhm_do_dhm:10:"0":1:10:"5":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+Diffie-Hellman with G=0
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"0":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+
+Diffie-Hellman with G=1
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+
+Diffie-Hellman with G=-1
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"-1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+
+Diffie-Hellman with G=P-1
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409622":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+
+Diffie-Hellman with G=P-2
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409621":0
+
+Diffie-Hellman with G=P
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409623":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+
+Diffie-Hellman with G=P+1
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409624":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+
+Diffie-Hellman with G=P+2
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409625":0
+
Diffie-Hellman: x_size < 0
dhm_do_dhm:10:"93450983094850938450983409623":-1:10:"9345098304850938450983409622":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function
index 6d3743f..bc43016 100644
--- a/tests/suites/test_suite_dhm.function
+++ b/tests/suites/test_suite_dhm.function
@@ -1,6 +1,23 @@
/* BEGIN_HEADER */
#include "mbedtls/dhm.h"
+int check_get_value( const mbedtls_dhm_context *ctx,
+ mbedtls_dhm_parameter param,
+ const mbedtls_mpi *expected )
+{
+ mbedtls_mpi actual;
+ int ok = 0;
+ mbedtls_mpi_init( &actual );
+
+ TEST_ASSERT( mbedtls_dhm_get_value( ctx, param, &actual ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &actual, expected ) == 0 );
+ ok = 1;
+
+exit:
+ mbedtls_mpi_free( &actual );
+ return( ok );
+}
+
/* Sanity checks on a Diffie-Hellman parameter: check the length-value
* syntax and check that the value is the expected one (taken from the
* DHM context by the caller). */
@@ -70,113 +87,6 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void dhm_invalid_params( )
-{
- mbedtls_dhm_context ctx;
- unsigned char buf[42] = { 0 };
- unsigned char *buf_null = NULL;
- mbedtls_mpi X;
- size_t const buflen = sizeof( buf );
- size_t len;
-
- TEST_INVALID_PARAM( mbedtls_dhm_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_dhm_free( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_read_params( NULL,
- (unsigned char**) &buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_read_params( &ctx, &buf_null, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_read_params( &ctx, NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_read_params( &ctx,
- (unsigned char**) &buf,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_params( NULL, buflen,
- buf, &len,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_params( &ctx, buflen,
- NULL, &len,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_params( &ctx, buflen,
- buf, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_params( &ctx, buflen,
- buf, &len,
- NULL,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_set_group( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_set_group( &ctx, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_set_group( &ctx, &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_read_public( NULL, buf, buflen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_read_public( &ctx, NULL, buflen ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_public( NULL, buflen,
- buf, buflen,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_public( &ctx, buflen,
- NULL, buflen,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_public( &ctx, buflen,
- buf, buflen,
- NULL,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_calc_secret( NULL, buf, buflen, &len,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_calc_secret( &ctx, NULL, buflen, &len,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_calc_secret( &ctx, buf, buflen, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_parse_dhm( NULL, buf, buflen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_parse_dhm( &ctx, NULL, buflen ) );
-
-#if defined(MBEDTLS_FS_IO)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_parse_dhmfile( NULL, "" ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_parse_dhmfile( &ctx, NULL ) );
-#endif /* MBEDTLS_FS_IO */
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
-exit:
- return;
-}
-/* END_CASE */
-
/* BEGIN_CASE */
void dhm_do_dhm( int radix_P, char *input_P, int x_size,
int radix_G, char *input_G, int result )
@@ -206,9 +116,11 @@
/*
* Set params
*/
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx_srv.P, radix_P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx_srv.G, radix_G, input_G ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx_srv.P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx_srv.G, radix_G, input_G ) == 0 );
pub_cli_len = mbedtls_mpi_size( &ctx_srv.P );
+ TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_P, &ctx_srv.P ) );
+ TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_G, &ctx_srv.G ) );
/*
* First key exchange
@@ -225,6 +137,9 @@
ske[ske_len++] = 0;
ske[ske_len++] = 0;
TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 );
+ /* The domain parameters must be the same on both side. */
+ TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_P, &ctx_srv.P ) );
+ TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_G, &ctx_srv.G ) );
TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len,
&mbedtls_test_rnd_pseudo_rand,
@@ -235,12 +150,26 @@
&sec_srv_len,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 );
+ TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ),
+ &sec_cli_len,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( sec_srv_len == sec_cli_len );
TEST_ASSERT( sec_srv_len != 0 );
TEST_ASSERT( memcmp( sec_srv, sec_cli, sec_srv_len ) == 0 );
+ /* Internal value checks */
+ TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_X, &ctx_cli.X ) );
+ TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_X, &ctx_srv.X ) );
+ /* Cross-checks */
+ TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_GX, &ctx_srv.GY ) );
+ TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_GY, &ctx_srv.GX ) );
+ TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_K, &ctx_srv.K ) );
+ TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_GX, &ctx_cli.GY ) );
+ TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_GY, &ctx_cli.GX ) );
+ TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_K, &ctx_cli.K ) );
+
/* Re-do calc_secret on server a few times to test update of blinding values */
for( i = 0; i < 3; i++ )
{
@@ -280,7 +209,10 @@
&sec_srv_len,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 );
+ TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ),
+ &sec_cli_len,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( sec_srv_len == sec_cli_len );
TEST_ASSERT( sec_srv_len != 0 );
@@ -307,7 +239,7 @@
TEST_ASSERT( mbedtls_mpi_shift_l( &P, ( P_bytes * 8 ) - 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_set_bit( &P, 0, 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &G, radix_G, input_G ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &G, radix_G, input_G ) == 0 );
TEST_ASSERT( mbedtls_dhm_set_group( &ctx, &P, &G ) == 0 );
TEST_ASSERT( mbedtls_dhm_make_public( &ctx, (int) mbedtls_mpi_size( &P ),
@@ -331,14 +263,15 @@
mbedtls_dhm_init( &ctx );
mbedtls_mpi_init( &P ); mbedtls_mpi_init( &G );
- TEST_ASSERT( mbedtls_mpi_read_string( &P, 16, p ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &G, 16, g ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, 16, p ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &G, 16, g ) == 0 );
TEST_ASSERT( mbedtls_dhm_parse_dhmfile( &ctx, filename ) == 0 );
- TEST_ASSERT( ctx.len == (size_t) len );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.G, &G ) == 0 );
+ TEST_EQUAL( mbedtls_dhm_get_len( &ctx ), (size_t) len );
+ TEST_EQUAL( mbedtls_dhm_get_bitlen( &ctx ), mbedtls_mpi_bitlen( &P ) );
+ TEST_ASSERT( check_get_value( &ctx, MBEDTLS_DHM_PARAM_P, &P ) );
+ TEST_ASSERT( check_get_value( &ctx, MBEDTLS_DHM_PARAM_G, &G ) );
exit:
mbedtls_mpi_free( &P ); mbedtls_mpi_free( &G );
diff --git a/tests/suites/test_suite_ecdh.data b/tests/suites/test_suite_ecdh.data
index d9e81a6..cc58432 100644
--- a/tests/suites/test_suite_ecdh.data
+++ b/tests/suites/test_suite_ecdh.data
@@ -1,6 +1,3 @@
-ECDH - Valid parameters
-ecdh_valid_param:
-
ECDH - Invalid parameters
ecdh_invalid_param:
diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function
index d52849a..6893bcf 100644
--- a/tests/suites/test_suite_ecdh.function
+++ b/tests/suites/test_suite_ecdh.function
@@ -43,141 +43,17 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE */
-void ecdh_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_ecdh_free( NULL ) );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE depends_on:NOT_DEFINED */
void ecdh_invalid_param( )
{
- mbedtls_ecp_group grp;
mbedtls_ecdh_context ctx;
- mbedtls_mpi m;
- mbedtls_ecp_point P;
mbedtls_ecp_keypair kp;
- size_t olen;
- unsigned char buf[42] = { 0 };
- const unsigned char *buf_null = NULL;
- size_t const buflen = sizeof( buf );
int invalid_side = 42;
- mbedtls_ecp_group_id valid_grp = MBEDTLS_ECP_DP_SECP192R1;
- TEST_INVALID_PARAM( mbedtls_ecdh_init( NULL ) );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- TEST_INVALID_PARAM( mbedtls_ecdh_enable_restart( NULL ) );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_gen_public( NULL, &m, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_gen_public( &grp, NULL, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_gen_public( &grp, &m, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_gen_public( &grp, &m, &P,
- NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_compute_shared( NULL, &m, &P, &m,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_compute_shared( &grp, NULL, &P, &m,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_compute_shared( &grp, &m, NULL, &m,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_compute_shared( &grp, &m, &P, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_setup( NULL, valid_grp ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_params( NULL, &olen, buf, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_params( &ctx, NULL, buf, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_params( &ctx, &olen, NULL, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_params( &ctx, &olen, buf, buflen, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_read_params( NULL,
- (const unsigned char**) &buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_read_params( &ctx, &buf_null,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_read_params( &ctx, NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_read_params( &ctx,
- (const unsigned char**) &buf,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_get_params( NULL, &kp,
- MBEDTLS_ECDH_OURS ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_get_params( &ctx, NULL,
- MBEDTLS_ECDH_OURS ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdh_get_params( &ctx, &kp,
invalid_side ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_public( NULL, &olen, buf, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_public( &ctx, NULL, buf, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_public( &ctx, &olen, NULL, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_public( &ctx, &olen, buf, buflen, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_read_public( NULL, buf, buflen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_read_public( &ctx, NULL, buflen ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_calc_secret( NULL, &olen, buf, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_calc_secret( &ctx, NULL, buf, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_calc_secret( &ctx, &olen, NULL, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
exit:
return;
}
@@ -209,7 +85,8 @@
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB,
- NULL, NULL ) == 0 );
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &zB ) == 0 );
@@ -230,11 +107,13 @@
mbedtls_ecp_point qA, qB;
mbedtls_mpi dA, dB, zA, zB, check;
mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB );
mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &dB );
mbedtls_mpi_init( &zA ); mbedtls_mpi_init( &zB ); mbedtls_mpi_init( &check );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
@@ -278,24 +157,28 @@
mbedtls_test_rnd_buffer_rand,
&rnd_info_A ) == 0 );
TEST_ASSERT( ! mbedtls_ecp_is_zero( &qA ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xA_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, xA_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.X, &check ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, yA_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, yA_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.Y, &check ) == 0 );
TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB,
mbedtls_test_rnd_buffer_rand,
&rnd_info_B ) == 0 );
TEST_ASSERT( ! mbedtls_ecp_is_zero( &qB ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xB_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, xB_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.X, &check ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, yB_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, yB_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.Y, &check ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, z_str ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA, NULL, NULL ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, z_str ) == 0 );
+ TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &check ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB, NULL, NULL ) == 0 );
+ TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zB, &check ) == 0 );
exit:
@@ -339,7 +222,8 @@
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &res_len, res_buf, 1000,
- NULL, NULL ) == 0 );
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( len == res_len );
TEST_ASSERT( memcmp( buf, res_buf, len ) == 0 );
@@ -359,12 +243,14 @@
const unsigned char *vbuf;
size_t len;
mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B;
+ mbedtls_test_rnd_pseudo_info rnd_info;
int cnt_restart;
mbedtls_ecp_group grp;
mbedtls_ecp_group_init( &grp );
mbedtls_ecdh_init( &srv );
mbedtls_ecdh_init( &cli );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
rnd_info_A.fallback_f_rng = mbedtls_test_rnd_std_rand;
rnd_info_A.fallback_p_rng = NULL;
@@ -439,7 +325,8 @@
cnt_restart = 0;
do {
ret = mbedtls_ecdh_calc_secret( &srv, &len, buf, sizeof( buf ),
- NULL, NULL );
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info );
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
TEST_ASSERT( ret == 0 );
@@ -456,7 +343,8 @@
cnt_restart = 0;
do {
ret = mbedtls_ecdh_calc_secret( &cli, &len, buf, sizeof( buf ),
- NULL, NULL );
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info );
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
TEST_ASSERT( ret == 0 );
diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data
index e510c50..95efc73 100644
--- a/tests/suites/test_suite_ecdsa.data
+++ b/tests/suites/test_suite_ecdsa.data
@@ -1,6 +1,3 @@
-ECDSA Parameter validation
-ecdsa_invalid_param:
-
ECDSA primitive hash zero #1
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP192R1
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 2cb8925..8803762 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -7,203 +7,6 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void ecdsa_invalid_param( )
-{
- mbedtls_ecdsa_context ctx;
- mbedtls_ecp_keypair key;
- mbedtls_ecp_group grp;
- mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1;
- mbedtls_ecp_point P;
- mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
- mbedtls_mpi m;
- size_t slen;
- unsigned char buf[42] = { 0 };
-
- TEST_INVALID_PARAM( mbedtls_ecdsa_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_ecdsa_free( NULL ) );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- TEST_INVALID_PARAM( mbedtls_ecdsa_restart_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_ecdsa_restart_free( NULL ) );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign( NULL, &m, &m, &m,
- buf, sizeof( buf ),
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign( &grp, NULL, &m, &m,
- buf, sizeof( buf ),
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign( &grp, &m, NULL, &m,
- buf, sizeof( buf ),
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign( &grp, &m, &m, NULL,
- buf, sizeof( buf ),
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign( &grp, &m, &m, &m,
- NULL, sizeof( buf ),
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign( &grp, &m, &m, &m,
- buf, sizeof( buf ),
- NULL, NULL ) );
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign_det_ext( NULL, &m, &m, &m,
- buf, sizeof( buf ),
- valid_md,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign_det_ext( &grp, NULL, &m, &m,
- buf, sizeof( buf ),
- valid_md,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign_det_ext( &grp, &m, NULL, &m,
- buf, sizeof( buf ),
- valid_md,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, NULL,
- buf, sizeof( buf ),
- valid_md,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, &m,
- NULL, sizeof( buf ),
- valid_md,
- mbedtls_test_rnd_std_rand,
- NULL ) );
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_verify( NULL,
- buf, sizeof( buf ),
- &P, &m, &m ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_verify( &grp,
- NULL, sizeof( buf ),
- &P, &m, &m ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_verify( &grp,
- buf, sizeof( buf ),
- NULL, &m, &m ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_verify( &grp,
- buf, sizeof( buf ),
- &P, NULL, &m ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_verify( &grp,
- buf, sizeof( buf ),
- &P, &m, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature( NULL, valid_md, buf, sizeof( buf ),
- buf, &slen, mbedtls_test_rnd_std_rand,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature( &ctx, valid_md, NULL, sizeof( buf ),
- buf, &slen, mbedtls_test_rnd_std_rand,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ),
- NULL, &slen, mbedtls_test_rnd_std_rand,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ),
- buf, NULL, mbedtls_test_rnd_std_rand,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature_restartable( NULL, valid_md, buf,
- sizeof( buf ), buf, &slen,
- mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, NULL,
- sizeof( buf ), buf, &slen,
- mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf,
- sizeof( buf ), NULL, &slen,
- mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf,
- sizeof( buf ), buf, NULL,
- mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_read_signature( NULL,
- buf, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_read_signature( &ctx,
- NULL, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_read_signature( &ctx,
- buf, sizeof( buf ),
- NULL, sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_read_signature_restartable( NULL,
- buf, sizeof( buf ),
- buf, sizeof( buf ),
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_read_signature_restartable( &ctx,
- NULL, sizeof( buf ),
- buf, sizeof( buf ),
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_read_signature_restartable( &ctx,
- buf, sizeof( buf ),
- NULL, sizeof( buf ),
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_genkey( NULL, valid_group,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_genkey( &ctx, valid_group,
- NULL, NULL ) );
-
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_from_keypair( NULL, &key ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_from_keypair( &ctx, NULL ) );
-
-exit:
- return;
-}
-/* END_CASE */
-
/* BEGIN_CASE */
void ecdsa_prim_zero( int id )
{
@@ -289,9 +92,9 @@
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &d, 16, d_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &r_check, 16, r_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &s_check, 16, s_str ) == 0 );
rnd_info.fallback_f_rng = mbedtls_test_rnd_std_rand;
rnd_info.fallback_p_rng = NULL;
rnd_info.buf = rnd_buf->x;
@@ -354,9 +157,9 @@
memset( hash, 0, sizeof( hash ) );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &d, 16, d_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &r_check, 16, r_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &s_check, 16, s_str ) == 0 );
md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL );
@@ -585,7 +388,7 @@
memset( sig, 0, sizeof( sig ) );
TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx.d, 16, d_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx.d, 16, d_str ) == 0 );
md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL );
diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function
index ab672a8..311733b 100644
--- a/tests/suites/test_suite_ecjpake.function
+++ b/tests/suites/test_suite_ecjpake.function
@@ -98,100 +98,22 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE depends_on:NOT_DEFINED */
void ecjpake_invalid_param( )
{
mbedtls_ecjpake_context ctx;
unsigned char buf[42] = { 0 };
- size_t olen;
size_t const len = sizeof( buf );
- mbedtls_ecjpake_role valid_role = MBEDTLS_ECJPAKE_SERVER;
mbedtls_ecjpake_role invalid_role = (mbedtls_ecjpake_role) 42;
mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP256R1;
- TEST_INVALID_PARAM( mbedtls_ecjpake_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_ecjpake_free( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_setup( NULL,
- valid_role,
- valid_md,
- valid_group,
- buf, len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecjpake_setup( &ctx,
invalid_role,
valid_md,
valid_group,
buf, len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_setup( &ctx,
- valid_role,
- valid_md,
- valid_group,
- NULL, len ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_check( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_one( NULL, buf, len, &olen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_one( &ctx, NULL, len, &olen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_one( &ctx, buf, len, NULL,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_one( &ctx, buf, len, &olen, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_two( NULL, buf, len, &olen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_two( &ctx, NULL, len, &olen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_two( &ctx, buf, len, NULL,
- mbedtls_test_rnd_std_rand, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_two( &ctx, buf, len, &olen, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_read_round_one( NULL,
- buf, len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_read_round_one( &ctx,
- NULL, len ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_read_round_two( NULL,
- buf, len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_read_round_two( &ctx,
- NULL, len ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_derive_secret( NULL, buf, len, &olen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_derive_secret( &ctx, NULL, len, &olen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_derive_secret( &ctx, buf, len, NULL,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_derive_secret( &ctx, buf, len, &olen, NULL, NULL ) );
exit:
return;
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 5f92ca4..485046f 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -1,6 +1,3 @@
-ECP valid params
-ecp_valid_param:
-
ECP invalid params
ecp_invalid_param:
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 934598d..2afc355 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -23,347 +23,26 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE */
-void ecp_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_ecp_group_free( NULL ) );
- TEST_VALID_PARAM( mbedtls_ecp_keypair_free( NULL ) );
- TEST_VALID_PARAM( mbedtls_ecp_point_free( NULL ) );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- TEST_VALID_PARAM( mbedtls_ecp_restart_free( NULL ) );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-exit:
- return;
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE depends_on:NOT_DEFINED */
void ecp_invalid_param( )
{
mbedtls_ecp_group grp;
- mbedtls_ecp_keypair kp;
mbedtls_ecp_point P;
- mbedtls_mpi m;
- const char *x = "deadbeef";
- int valid_fmt = MBEDTLS_ECP_PF_UNCOMPRESSED;
int invalid_fmt = 42;
size_t olen;
unsigned char buf[42] = { 0 };
- const unsigned char *null_buf = NULL;
- mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1;
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- mbedtls_ecp_restart_ctx restart_ctx;
-#endif /* MBEDTLS_ECP_RESTARTABLE */
- TEST_INVALID_PARAM( mbedtls_ecp_point_init( NULL ) );
- TEST_INVALID_PARAM( mbedtls_ecp_keypair_init( NULL ) );
- TEST_INVALID_PARAM( mbedtls_ecp_group_init( NULL ) );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- TEST_INVALID_PARAM( mbedtls_ecp_restart_init( NULL ) );
- TEST_INVALID_PARAM( mbedtls_ecp_check_budget( NULL, &restart_ctx, 42 ) );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_copy( NULL, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_copy( &P, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_group_copy( NULL, &grp ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_group_copy( &grp, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_privkey( NULL,
- &m,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_privkey( &grp,
- NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_privkey( &grp,
- &m,
- NULL,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_set_zero( NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_is_zero( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_cmp( NULL, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_cmp( &P, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_read_string( NULL, 2,
- x, x ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_read_string( &P, 2,
- NULL, x ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_read_string( &P, 2,
- x, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_write_binary( NULL, &P,
- valid_fmt,
- &olen,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_write_binary( &grp, NULL,
- valid_fmt,
- &olen,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_point_write_binary( &grp, &P,
invalid_fmt,
&olen,
buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_write_binary( &grp, &P,
- valid_fmt,
- NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_write_binary( &grp, &P,
- valid_fmt,
- &olen,
- NULL, sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_read_binary( NULL, &P, buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_read_binary( &grp, NULL, buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_read_binary( &grp, &P, NULL,
- sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_point( NULL, &P,
- (const unsigned char **) &buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_point( &grp, NULL,
- (const unsigned char **) &buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_point( &grp, &P, &null_buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_point( &grp, &P, NULL,
- sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_point( NULL, &P,
- valid_fmt,
- &olen,
- buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_point( &grp, NULL,
- valid_fmt,
- &olen,
- buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_tls_write_point( &grp, &P,
invalid_fmt,
&olen,
buf,
sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_point( &grp, &P,
- valid_fmt,
- NULL,
- buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_point( &grp, &P,
- valid_fmt,
- &olen,
- NULL,
- sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_group_load( NULL, valid_group ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_group( NULL,
- (const unsigned char **) &buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_group( &grp, NULL,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_group( &grp, &null_buf,
- sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_group_id( NULL,
- (const unsigned char **) &buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_group_id( &valid_group, NULL,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_group_id( &valid_group,
- &null_buf,
- sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_group( NULL, &olen,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_group( &grp, NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_group( &grp, &olen,
- NULL, sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul( NULL, &P, &m, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul( &grp, NULL, &m, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul( &grp, &P, NULL, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul( &grp, &P, &m, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul_restartable( NULL, &P, &m, &P,
- mbedtls_test_rnd_std_rand,
- NULL , NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul_restartable( &grp, NULL, &m, &P,
- mbedtls_test_rnd_std_rand,
- NULL , NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul_restartable( &grp, &P, NULL, &P,
- mbedtls_test_rnd_std_rand,
- NULL , NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul_restartable( &grp, &P, &m, NULL,
- mbedtls_test_rnd_std_rand,
- NULL , NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd( NULL, &P, &m, &P,
- &m, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd( &grp, NULL, &m, &P,
- &m, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd( &grp, &P, NULL, &P,
- &m, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd( &grp, &P, &m, NULL,
- &m, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd( &grp, &P, &m, &P,
- NULL, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd( &grp, &P, &m, &P,
- &m, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd_restartable( NULL, &P, &m, &P,
- &m, &P, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd_restartable( &grp, NULL, &m, &P,
- &m, &P, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd_restartable( &grp, &P, NULL, &P,
- &m, &P, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd_restartable( &grp, &P, &m, NULL,
- &m, &P, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd_restartable( &grp, &P, &m, &P,
- NULL, &P, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd_restartable( &grp, &P, &m, &P,
- &m, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_check_pubkey( NULL, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_check_pubkey( &grp, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_check_pub_priv( NULL, &kp ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_check_pub_priv( &kp, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_check_privkey( NULL, &m ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_check_privkey( &grp, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( NULL, &P, &m, &P,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( &grp, NULL, &m, &P,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( &grp, &P, NULL, &P,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( &grp, &P, &m, NULL,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( &grp, &P, &m, &P, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair( NULL,
- &m, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair( &grp,
- NULL, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair( &grp,
- &m, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair( &grp,
- &m, &P,
- NULL,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_key( valid_group, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_key( valid_group, &kp,
- NULL, NULL ) );
exit:
return;
@@ -386,6 +65,8 @@
TEST_ASSERT( by_id == by_name );
TEST_ASSERT( by_id->bit_size == size );
+ TEST_ASSERT( size <= MBEDTLS_ECP_MAX_BITS );
+ TEST_ASSERT( size <= MBEDTLS_ECP_MAX_BYTES * 8 );
}
/* END_CASE */
@@ -401,9 +82,9 @@
TEST_ASSERT( mbedtls_ecp_group_load( &grp, grp_id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &P.X, 16, x_hex ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &P.Y, 16, y_hex ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &P.Z, 16, z_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P.X, 16, x_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P.Y, 16, y_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P.Z, 16, z_hex ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &P ) == ret );
@@ -443,22 +124,24 @@
mbedtls_mpi dA, xA, yA, dB, xZ, yZ;
int cnt_restarts;
int ret;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_ecp_restart_init( &ctx );
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &R ); mbedtls_ecp_point_init( &P );
mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); mbedtls_mpi_init( &yA );
mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &xZ ); mbedtls_mpi_init( &yZ );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &dA, 16, dA_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &xA, 16, xA_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &yA, 16, yA_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &dA, 16, dA_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &xA, 16, xA_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &yA, 16, yA_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &dB, 16, dB_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &xZ, 16, xZ_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &yZ, 16, yZ_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &dB, 16, dB_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &xZ, 16, xZ_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &yZ, 16, yZ_str ) == 0 );
mbedtls_ecp_set_max_ops( (unsigned) max_ops );
@@ -466,7 +149,8 @@
cnt_restarts = 0;
do {
ECP_PT_RESET( &R );
- ret = mbedtls_ecp_mul_restartable( &grp, &R, &dA, &grp.G, NULL, NULL, &ctx );
+ ret = mbedtls_ecp_mul_restartable( &grp, &R, &dA, &grp.G,
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info, &ctx );
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts );
TEST_ASSERT( ret == 0 );
@@ -481,7 +165,8 @@
cnt_restarts = 0;
do {
ECP_PT_RESET( &R );
- ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P, NULL, NULL, &ctx );
+ ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P,
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info, &ctx );
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts );
TEST_ASSERT( ret == 0 );
@@ -495,7 +180,8 @@
* This test only makes sense when we actually restart */
if( min_restarts > 0 )
{
- ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P, NULL, NULL, &ctx );
+ ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P,
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info, &ctx );
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
}
@@ -536,13 +222,13 @@
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &u1, 16, u1_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &u2, 16, u2_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &xR, 16, xR_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &yR, 16, yR_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &u1, 16, u1_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &u2, 16, u2_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &xR, 16, xR_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &yR, 16, yR_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q.X, 16, xQ_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q.Y, 16, yQ_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q.X, 16, xQ_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q.Y, 16, yQ_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_lset( &Q.Z, 1 ) == 0 );
mbedtls_ecp_set_max_ops( (unsigned) max_ops );
@@ -599,26 +285,28 @@
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &dA, 16, dA_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &xA, 16, xA_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &yA, 16, yA_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &dB, 16, dB_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &xB, 16, xB_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &yB, 16, yB_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &xZ, 16, xZ_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &yZ, 16, yZ_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &dA, 16, dA_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &xA, 16, xA_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &yA, 16, yA_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &dB, 16, dB_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &xB, 16, xB_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &yB, 16, yB_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &xZ, 16, xZ_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &yZ, 16, yZ_str ) == 0 );
TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G,
&mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yA ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
- TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &R, NULL, NULL ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &R,
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xZ ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yZ ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
- TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &grp.G, NULL, NULL ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &grp.G,
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xB ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yB ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
@@ -654,11 +342,11 @@
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &dA, 16, dA_hex ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &dB, 16, dB_hex ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &xA, 16, xA_hex ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &xB, 16, xB_hex ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &xS, 16, xS_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &dA, 16, dA_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &dB, 16, dB_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &xA, 16, xA_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &xB, 16, xB_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &xS, 16, xS_hex ) == 0 );
TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G,
&mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
@@ -670,11 +358,13 @@
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xS ) == 0 );
- TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &grp.G, NULL, NULL ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &grp.G,
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xB ) == 0 );
- TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &R, NULL, NULL ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &R,
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xS ) == 0 );
@@ -794,6 +484,7 @@
TEST_EQUAL( 0, mbedtls_ecp_point_write_binary(
&grp, &R, MBEDTLS_ECP_PF_UNCOMPRESSED,
&len, actual_result, sizeof( actual_result ) ) );
+ TEST_ASSERT( len <= MBEDTLS_ECP_MAX_PT_LEN );
ASSERT_COMPARE( expected_result->x, expected_result->len,
actual_result, len );
@@ -817,7 +508,7 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &R );
mbedtls_ecp_group_init( &grp );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, 16, N_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, 16, N_str ) == 0 );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( grp.modp != NULL );
@@ -856,15 +547,16 @@
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &P.X, 16, x ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &P.Y, 16, y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &P.Z, 16, z ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P.X, 16, x ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P.Y, 16, y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P.Z, 16, z ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_write_binary( &grp, &P, format,
&olen, buf, blen ) == ret );
if( ret == 0 )
{
+ TEST_ASSERT( olen <= MBEDTLS_ECP_MAX_PT_LEN );
TEST_ASSERT( mbedtls_test_hexcmp( buf, out->x, olen, out->len ) == 0 );
}
@@ -887,9 +579,9 @@
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, x ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Z, 16, z ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, x ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Z, 16, z ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_read_binary( &grp, &P, buf->x, buf->len ) == ret );
@@ -931,9 +623,9 @@
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, x ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Z, 16, z ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, x ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Z, 16, z ) == 0 );
TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &P, &vbuf, buf->len ) == ret );
@@ -1068,7 +760,7 @@
mbedtls_mpi_init( &d );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, key_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &d, 16, key_hex ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_privkey( &grp, &d ) == ret );
@@ -1084,9 +776,11 @@
int ret )
{
mbedtls_ecp_keypair pub, prv;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_ecp_keypair_init( &pub );
mbedtls_ecp_keypair_init( &prv );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
if( id_pub != MBEDTLS_ECP_DP_NONE )
TEST_ASSERT( mbedtls_ecp_group_load( &pub.grp, id_pub ) == 0 );
@@ -1095,9 +789,10 @@
if( id != MBEDTLS_ECP_DP_NONE )
TEST_ASSERT( mbedtls_ecp_group_load( &prv.grp, id ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_read_string( &prv.Q, 16, Qx, Qy ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &prv.d, 16, d ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &prv.d, 16, d ) == 0 );
- TEST_ASSERT( mbedtls_ecp_check_pub_priv( &pub, &prv ) == ret );
+ TEST_ASSERT( mbedtls_ecp_check_pub_priv( &pub, &prv,
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret );
exit:
mbedtls_ecp_keypair_free( &pub );
diff --git a/tests/suites/test_suite_gcm.aes128_de.data b/tests/suites/test_suite_gcm.aes128_de.data
index c865b0c..3df31e5 100644
--- a/tests/suites/test_suite_gcm.aes128_de.data
+++ b/tests/suites/test_suite_gcm.aes128_de.data
@@ -670,6 +670,58 @@
depends_on:MBEDTLS_AES_C
gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"659b9e729d12f68b73fdc2f7260ab114":"fd0732a38224c3f16f58de3a7f333da2ecdb6eec92b469544a891966dd4f8fb64a711a793f1ef6a90e49765eacaccdd8cc438c2b57c51902d27a82ee4f24925a864a9513a74e734ddbf77204a99a3c0060fcfbaccae48fe509bc95c3d6e1b1592889c489801265715e6e4355a45357ce467c1caa2f1c3071bd3a9168a7d223e3":"459df18e2dfbd66d6ad04978432a6d97":"ee0b0b52a729c45b899cc924f46eb1908e55aaaeeaa0c4cdaacf57948a7993a6debd7b6cd7aa426dc3b3b6f56522ba3d5700a820b1697b8170bad9ca7caf1050f13d54fb1ddeb111086cb650e1c5f4a14b6a927205a83bf49f357576fd0f884a83b068154352076a6e36a5369436d2c8351f3e6bfec65b4816e3eb3f144ed7f9":32:"8e5a6a79":"FAIL":"":0
+AES-GCM NIST CAVS 14.0 - empty ciphertext, AD length: 128 bytes, ciphertext updates: 0
+depends_on:MBEDTLS_AES_C
+gcm_decrypt_and_verify_empty_cipher:MBEDTLS_CIPHER_ID_AES:"63c3f81500746eaf383fe3975d84f849":"0799d4152fd73c1604b4610cf7171fe1":"cb8248e5f904cc9ccccf6f273fe621eee1b4d7ed98480f9e806a48b84e2d6a733772ecf8fb7fe91805715cddab2b462b89f6e6c7cf873f65031f13c357d5f57b00b7c391c39e78ad1ed94be236ca0ae316bce11bc33c5d701fdfc58abbe918b9c42f7b3d6e89d46f9784b388a6e6daf47730b9fa665d755a17e89932fa669c44":"c53d01e53ee4a6ea106ea4a66538265e":0
+
+AES-GCM NIST CAVS 14.0 - empty ciphertext, AD length: 128 bytes, ciphertext updates: 1
+depends_on:MBEDTLS_AES_C
+gcm_decrypt_and_verify_empty_cipher:MBEDTLS_CIPHER_ID_AES:"63c3f81500746eaf383fe3975d84f849":"0799d4152fd73c1604b4610cf7171fe1":"cb8248e5f904cc9ccccf6f273fe621eee1b4d7ed98480f9e806a48b84e2d6a733772ecf8fb7fe91805715cddab2b462b89f6e6c7cf873f65031f13c357d5f57b00b7c391c39e78ad1ed94be236ca0ae316bce11bc33c5d701fdfc58abbe918b9c42f7b3d6e89d46f9784b388a6e6daf47730b9fa665d755a17e89932fa669c44":"c53d01e53ee4a6ea106ea4a66538265e":1
+
+AES-GCM NIST CAVS 14.0 - empty ciphertext, AD length: 128 bytes, ciphertext updates: 2
+depends_on:MBEDTLS_AES_C
+gcm_decrypt_and_verify_empty_cipher:MBEDTLS_CIPHER_ID_AES:"63c3f81500746eaf383fe3975d84f849":"0799d4152fd73c1604b4610cf7171fe1":"cb8248e5f904cc9ccccf6f273fe621eee1b4d7ed98480f9e806a48b84e2d6a733772ecf8fb7fe91805715cddab2b462b89f6e6c7cf873f65031f13c357d5f57b00b7c391c39e78ad1ed94be236ca0ae316bce11bc33c5d701fdfc58abbe918b9c42f7b3d6e89d46f9784b388a6e6daf47730b9fa665d755a17e89932fa669c44":"c53d01e53ee4a6ea106ea4a66538265e":2
+
+AES-GCM NIST CAVS 14.0 - empty ciphertext, AD length: 90 bytes, ciphertext updates: 0
+depends_on:MBEDTLS_AES_C
+gcm_decrypt_and_verify_empty_cipher:MBEDTLS_CIPHER_ID_AES:"42c6e06f7f07c793864f6033f9022a41":"bd1258f14570dc663f81c31916bcb45490a7df15c95d827fd9e36aaf12f8fc51b8c0bc823faf1cccf9e6d6d3b132e874993325a1a2b1b61f9dacbb4a458de8d25dbf0ba4282d64a06686ddd0f099300b98e91362ffbeb44ebd22ad3c92ee06b230e234f85363642f57d0154aee09ff08d0e560b5728a5db8a18b26438177c45f":"ef675d5e33198af58e72d7f379dd35bd7234aa7a52ae28531ee2e77d6bf30f05c507b8cc72361f11e70017b30c0e374dd283d29c324c67d43d92868485b0ac2cc4e0dfef362df74c927f935d630611fa26c5be9bea49291d3875":"6640b62190bb4a11d4c7b37039bba6fb":0
+
+AES-GCM NIST CAVS 14.0 - empty ciphertext, AD length: 90 bytes, ciphertext updates: 1
+depends_on:MBEDTLS_AES_C
+gcm_decrypt_and_verify_empty_cipher:MBEDTLS_CIPHER_ID_AES:"42c6e06f7f07c793864f6033f9022a41":"bd1258f14570dc663f81c31916bcb45490a7df15c95d827fd9e36aaf12f8fc51b8c0bc823faf1cccf9e6d6d3b132e874993325a1a2b1b61f9dacbb4a458de8d25dbf0ba4282d64a06686ddd0f099300b98e91362ffbeb44ebd22ad3c92ee06b230e234f85363642f57d0154aee09ff08d0e560b5728a5db8a18b26438177c45f":"ef675d5e33198af58e72d7f379dd35bd7234aa7a52ae28531ee2e77d6bf30f05c507b8cc72361f11e70017b30c0e374dd283d29c324c67d43d92868485b0ac2cc4e0dfef362df74c927f935d630611fa26c5be9bea49291d3875":"6640b62190bb4a11d4c7b37039bba6fb":1
+
+AES-GCM NIST CAVS 14.0 - empty ciphertext, AD length: 90 bytes, ciphertext updates: 2
+depends_on:MBEDTLS_AES_C
+gcm_decrypt_and_verify_empty_cipher:MBEDTLS_CIPHER_ID_AES:"42c6e06f7f07c793864f6033f9022a41":"bd1258f14570dc663f81c31916bcb45490a7df15c95d827fd9e36aaf12f8fc51b8c0bc823faf1cccf9e6d6d3b132e874993325a1a2b1b61f9dacbb4a458de8d25dbf0ba4282d64a06686ddd0f099300b98e91362ffbeb44ebd22ad3c92ee06b230e234f85363642f57d0154aee09ff08d0e560b5728a5db8a18b26438177c45f":"ef675d5e33198af58e72d7f379dd35bd7234aa7a52ae28531ee2e77d6bf30f05c507b8cc72361f11e70017b30c0e374dd283d29c324c67d43d92868485b0ac2cc4e0dfef362df74c927f935d630611fa26c5be9bea49291d3875":"6640b62190bb4a11d4c7b37039bba6fb":2
+
+AES-GCM NIST CAVS 14.0 - empty AD, ciphertext length: 128 bytes, AD updates: 0
+depends_on:MBEDTLS_AES_C
+gcm_decrypt_and_verify_empty_ad:MBEDTLS_CIPHER_ID_AES:"c58583f6479d9bc9f1bffddefee66e59":"cee448b48d3506ff3ecc227a87987846":"564a9f700cbc1f895e4f4fa6426f73b4956896a15e6127e7560d74e3fd0b980d2ee45b7a6a3884fa613d91d13921e3f90967d7132bdafcd146dd8ff7147ed1964c2bdb3e12f4133d3dbbc3bf030ff37b1d2147c493ce885068d9ba5bebae24903aaac004aa0ab73fe789e4150e75ddc2bde2700db02e6398d53e88ac652964ac":"361fc2896d7ee986ecef7cbe665bc60c":"9cce7db3fc087d8cb384f6b1a81f03b3fafa2e3281e9f0fcf08a8283929f32439bb0d302516f0ab65b79181fc223a42345bad6e46ff8bcb55add90207f74481227f71a6230a3e13739ef2d015f5003638234b01e58537b7cfab5a8edac19721f41d46948987d1bb1b1d9485a672647bb3b5cb246a1d753a0d107bff036ac7d95":0
+
+AES-GCM NIST CAVS 14.0 - empty AD, ciphertext length: 128 bytes, AD updates: 1
+depends_on:MBEDTLS_AES_C
+gcm_decrypt_and_verify_empty_ad:MBEDTLS_CIPHER_ID_AES:"c58583f6479d9bc9f1bffddefee66e59":"cee448b48d3506ff3ecc227a87987846":"564a9f700cbc1f895e4f4fa6426f73b4956896a15e6127e7560d74e3fd0b980d2ee45b7a6a3884fa613d91d13921e3f90967d7132bdafcd146dd8ff7147ed1964c2bdb3e12f4133d3dbbc3bf030ff37b1d2147c493ce885068d9ba5bebae24903aaac004aa0ab73fe789e4150e75ddc2bde2700db02e6398d53e88ac652964ac":"361fc2896d7ee986ecef7cbe665bc60c":"9cce7db3fc087d8cb384f6b1a81f03b3fafa2e3281e9f0fcf08a8283929f32439bb0d302516f0ab65b79181fc223a42345bad6e46ff8bcb55add90207f74481227f71a6230a3e13739ef2d015f5003638234b01e58537b7cfab5a8edac19721f41d46948987d1bb1b1d9485a672647bb3b5cb246a1d753a0d107bff036ac7d95":1
+
+AES-GCM NIST CAVS 14.0 - empty AD, ciphertext length: 128 bytes, AD updates: 2
+depends_on:MBEDTLS_AES_C
+gcm_decrypt_and_verify_empty_ad:MBEDTLS_CIPHER_ID_AES:"c58583f6479d9bc9f1bffddefee66e59":"cee448b48d3506ff3ecc227a87987846":"564a9f700cbc1f895e4f4fa6426f73b4956896a15e6127e7560d74e3fd0b980d2ee45b7a6a3884fa613d91d13921e3f90967d7132bdafcd146dd8ff7147ed1964c2bdb3e12f4133d3dbbc3bf030ff37b1d2147c493ce885068d9ba5bebae24903aaac004aa0ab73fe789e4150e75ddc2bde2700db02e6398d53e88ac652964ac":"361fc2896d7ee986ecef7cbe665bc60c":"9cce7db3fc087d8cb384f6b1a81f03b3fafa2e3281e9f0fcf08a8283929f32439bb0d302516f0ab65b79181fc223a42345bad6e46ff8bcb55add90207f74481227f71a6230a3e13739ef2d015f5003638234b01e58537b7cfab5a8edac19721f41d46948987d1bb1b1d9485a672647bb3b5cb246a1d753a0d107bff036ac7d95":2
+
+AES-GCM NIST CAVS 14.0 - empty AD, ciphertext length: 51 bytes, AD updates: 0
+depends_on:MBEDTLS_AES_C
+gcm_decrypt_and_verify_empty_ad:MBEDTLS_CIPHER_ID_AES:"24168b48b45759c8d4f9b061f0cbc16a":"b8e5ede75254cc4542191c7e7b0319ad81651451b639caf81c81c98301a4a0af70e291a4e35b448917be1e400fc64a22edf32913162558c2591ee3e80f397d73dfbc68b82da49bda9bcbb6aaf26919e21c1773cf51f6c5b71784f47978cc0d593b4be0259ab22b0b48de733a884c50a8c148c495973a8f5f84f2e93755666bf5":"be19c7e3d3e63f73d833c967d8d62f388ab9617a2adebe5abd99b5ec64599c46bc28bc62770e08995b0bbf27089e3e17b80424":"4aec633d4daed9ce76d697c11f66f34e":"cb7f10bda7da8a2569ed1f3b667127a1e0fb197283aa16ab8cddd43186bd126b118e671cab3e325877fe0e79f1863f89122c8f":0
+
+AES-GCM NIST CAVS 14.0 - empty AD, ciphertext length: 51 bytes, AD updates: 1
+depends_on:MBEDTLS_AES_C
+gcm_decrypt_and_verify_empty_ad:MBEDTLS_CIPHER_ID_AES:"24168b48b45759c8d4f9b061f0cbc16a":"b8e5ede75254cc4542191c7e7b0319ad81651451b639caf81c81c98301a4a0af70e291a4e35b448917be1e400fc64a22edf32913162558c2591ee3e80f397d73dfbc68b82da49bda9bcbb6aaf26919e21c1773cf51f6c5b71784f47978cc0d593b4be0259ab22b0b48de733a884c50a8c148c495973a8f5f84f2e93755666bf5":"be19c7e3d3e63f73d833c967d8d62f388ab9617a2adebe5abd99b5ec64599c46bc28bc62770e08995b0bbf27089e3e17b80424":"4aec633d4daed9ce76d697c11f66f34e":"cb7f10bda7da8a2569ed1f3b667127a1e0fb197283aa16ab8cddd43186bd126b118e671cab3e325877fe0e79f1863f89122c8f":1
+
+AES-GCM NIST CAVS 14.0 - empty AD, ciphertext length: 51 bytes, AD updates: 2
+depends_on:MBEDTLS_AES_C
+gcm_decrypt_and_verify_empty_ad:MBEDTLS_CIPHER_ID_AES:"24168b48b45759c8d4f9b061f0cbc16a":"b8e5ede75254cc4542191c7e7b0319ad81651451b639caf81c81c98301a4a0af70e291a4e35b448917be1e400fc64a22edf32913162558c2591ee3e80f397d73dfbc68b82da49bda9bcbb6aaf26919e21c1773cf51f6c5b71784f47978cc0d593b4be0259ab22b0b48de733a884c50a8c148c495973a8f5f84f2e93755666bf5":"be19c7e3d3e63f73d833c967d8d62f388ab9617a2adebe5abd99b5ec64599c46bc28bc62770e08995b0bbf27089e3e17b80424":"4aec633d4daed9ce76d697c11f66f34e":"cb7f10bda7da8a2569ed1f3b667127a1e0fb197283aa16ab8cddd43186bd126b118e671cab3e325877fe0e79f1863f89122c8f":2
+
+AES-GCM NIST - empty AD, empty ciphertext
+depends_on:MBEDTLS_AES_C
+gcm_decrypt_and_verify_no_ad_no_cipher:MBEDTLS_CIPHER_ID_AES:"cf063a34d4a9a76c2c86787d3f96db71":"113b9785971864c83b01c787":"72ac8493e3a5228b5d130a69d2510e42"
+
AES-GCM Bad IV (AES-128,128,0,0,32) #0
depends_on:MBEDTLS_AES_C
gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT
diff --git a/tests/suites/test_suite_gcm.aes128_en.data b/tests/suites/test_suite_gcm.aes128_en.data
index b1dae75..d60c458 100644
--- a/tests/suites/test_suite_gcm.aes128_en.data
+++ b/tests/suites/test_suite_gcm.aes128_en.data
@@ -670,6 +670,58 @@
depends_on:MBEDTLS_AES_C
gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fe481476fce76efcfc78ed144b0756f1":"246e1f2babab8da98b17cc928bd49504d7d87ea2cc174f9ffb7dbafe5969ff824a0bcb52f35441d22f3edcd10fab0ec04c0bde5abd3624ca25cbb4541b5d62a3deb52c00b75d68aaf0504d51f95b8dcbebdd8433f4966c584ac7f8c19407ca927a79fa4ead2688c4a7baafb4c31ef83c05e8848ec2b4f657aab84c109c91c277":"1a2c18c6bf13b3b2785610c71ccd98ca":"b0ab3cb5256575774b8242b89badfbe0dfdfd04f5dd75a8e5f218b28d3f6bc085a013defa5f5b15dfb46132db58ed7a9ddb812d28ee2f962796ad988561a381c02d1cf37dca5fd33e081d61cc7b3ab0b477947524a4ca4cb48c36f48b302c440be6f5777518a60585a8a16cea510dbfc5580b0daac49a2b1242ff55e91a8eae8":"5587620bbb77f70afdf3cdb7ae390edd0473286d86d3f862ad70902d90ff1d315947c959f016257a8fe1f52cc22a54f21de8cb60b74808ac7b22ea7a15945371e18b77c9571aad631aa080c60c1e472019fa85625fc80ed32a51d05e397a8987c8fece197a566689d24d05361b6f3a75616c89db6123bf5902960b21a18bc03a":32:"bd4265a8":0
+AES-GCM NIST CAVS 14.0 - empty plaintext, AD length: 128 bytes, ciphertext updates: 0
+depends_on:MBEDTLS_AES_C
+gcm_encrypt_and_tag_empty_cipher:MBEDTLS_CIPHER_ID_AES:"e28c435211743a7872e4a0bd7602336a":"2ddbee94fcbfacea080ded468f67180c":"63190ef542656cc2b69a9b0daf8dbd2d38cd75f17b92d6d891c17b0337ad4fe4539d9154722fa430782a1d79620e974661918166e39c453c5a98759a13d2766138c7750e6cbdc7b6d7cbe44f3f4de7bb562d9bce6e6e2e815444842b89ba8b73454218c483e574ca886a84e8c9aa6f56dd1541a7e35a4a5b8f6a05ad5bb013e9":"2ce6d74cda466354a736636bf18acfc0":0
+
+AES-GCM NIST CAVS 14.0 - empty plaintext, AD length: 128 bytes, ciphertext updates: 1
+depends_on:MBEDTLS_AES_C
+gcm_encrypt_and_tag_empty_cipher:MBEDTLS_CIPHER_ID_AES:"e28c435211743a7872e4a0bd7602336a":"2ddbee94fcbfacea080ded468f67180c":"63190ef542656cc2b69a9b0daf8dbd2d38cd75f17b92d6d891c17b0337ad4fe4539d9154722fa430782a1d79620e974661918166e39c453c5a98759a13d2766138c7750e6cbdc7b6d7cbe44f3f4de7bb562d9bce6e6e2e815444842b89ba8b73454218c483e574ca886a84e8c9aa6f56dd1541a7e35a4a5b8f6a05ad5bb013e9":"2ce6d74cda466354a736636bf18acfc0":1
+
+AES-GCM NIST CAVS 14.0 - empty plaintext, AD length: 128 bytes, ciphertext updates: 2
+depends_on:MBEDTLS_AES_C
+gcm_encrypt_and_tag_empty_cipher:MBEDTLS_CIPHER_ID_AES:"e28c435211743a7872e4a0bd7602336a":"2ddbee94fcbfacea080ded468f67180c":"63190ef542656cc2b69a9b0daf8dbd2d38cd75f17b92d6d891c17b0337ad4fe4539d9154722fa430782a1d79620e974661918166e39c453c5a98759a13d2766138c7750e6cbdc7b6d7cbe44f3f4de7bb562d9bce6e6e2e815444842b89ba8b73454218c483e574ca886a84e8c9aa6f56dd1541a7e35a4a5b8f6a05ad5bb013e9":"2ce6d74cda466354a736636bf18acfc0":2
+
+AES-GCM NIST CAVS 14.0 - empty plaintext, AD length: 90 bytes, ciphertext updates: 0
+depends_on:MBEDTLS_AES_C
+gcm_encrypt_and_tag_empty_cipher:MBEDTLS_CIPHER_ID_AES:"20b5b6b854e187b058a84d57bc1538b6":"94c1935afc061cbf254b936f":"ca418e71dbf810038174eaa3719b3fcb80531c7110ad9192d105eeaafa15b819ac005668752b344ed1b22faf77048baf03dbddb3b47d6b00e95c4f005e0cc9b7627ccafd3f21b3312aa8d91d3fa0893fe5bff7d44ca46f23afe0":"b37286ebaf4a54e0ffc2a1deafc9f6db":0
+
+AES-GCM NIST CAVS 14.0 - empty plaintext, AD length: 90 bytes, ciphertext updates: 1
+depends_on:MBEDTLS_AES_C
+gcm_encrypt_and_tag_empty_cipher:MBEDTLS_CIPHER_ID_AES:"20b5b6b854e187b058a84d57bc1538b6":"94c1935afc061cbf254b936f":"ca418e71dbf810038174eaa3719b3fcb80531c7110ad9192d105eeaafa15b819ac005668752b344ed1b22faf77048baf03dbddb3b47d6b00e95c4f005e0cc9b7627ccafd3f21b3312aa8d91d3fa0893fe5bff7d44ca46f23afe0":"b37286ebaf4a54e0ffc2a1deafc9f6db":1
+
+AES-GCM NIST CAVS 14.0 - empty plaintext, AD length: 90 bytes, ciphertext updates: 2
+depends_on:MBEDTLS_AES_C
+gcm_encrypt_and_tag_empty_cipher:MBEDTLS_CIPHER_ID_AES:"20b5b6b854e187b058a84d57bc1538b6":"94c1935afc061cbf254b936f":"ca418e71dbf810038174eaa3719b3fcb80531c7110ad9192d105eeaafa15b819ac005668752b344ed1b22faf77048baf03dbddb3b47d6b00e95c4f005e0cc9b7627ccafd3f21b3312aa8d91d3fa0893fe5bff7d44ca46f23afe0":"b37286ebaf4a54e0ffc2a1deafc9f6db":2
+
+AES-GCM NIST CAVS 14.0 - empty AD, plaintext length: 128 bytes, AD updates: 0
+depends_on:MBEDTLS_AES_C
+gcm_encrypt_and_tag_empty_ad:MBEDTLS_CIPHER_ID_AES:"ce0f8cfe9d64c4f4c045d11b97c2d918":"ad4c3627a494fc628316dc03faf81db8":"dfff250d380f363880963b42d6913c1ba11e8edf7c4ab8b76d79ccbaac628f548ee542f48728a9a2620a0d69339c8291e8d398440d740e310908cdee7c273cc91275ce7271ba12f69237998b07b789b3993aaac8dc4ec1914432a30f5172f79ea0539bd1f70b36d437e5170bc63039a5280816c05e1e41760b58e35696cebd55":"0de73d9702d9357c9e8619b7944e40732ac2f4dd3f1b42d8d7f36acb1f1497990d0ec3d626082cdb1384ec72a4c1d98955ba2a3aae6d81b24e9ce533eb5ede7210ae4a06d43f750138b8914d754d43bce416fee799cc4dd03949acedc34def7d6bde6ba41a4cf03d209689a3ad181f1b6dcf76ca25c87eb1c7459cc9f95ddc57":"5f6a3620e59fe8977286f502d0da7517":0
+
+AES-GCM NIST CAVS 14.0 - empty AD, plaintext length: 128 bytes, AD updates: 1
+depends_on:MBEDTLS_AES_C
+gcm_encrypt_and_tag_empty_ad:MBEDTLS_CIPHER_ID_AES:"ce0f8cfe9d64c4f4c045d11b97c2d918":"ad4c3627a494fc628316dc03faf81db8":"dfff250d380f363880963b42d6913c1ba11e8edf7c4ab8b76d79ccbaac628f548ee542f48728a9a2620a0d69339c8291e8d398440d740e310908cdee7c273cc91275ce7271ba12f69237998b07b789b3993aaac8dc4ec1914432a30f5172f79ea0539bd1f70b36d437e5170bc63039a5280816c05e1e41760b58e35696cebd55":"0de73d9702d9357c9e8619b7944e40732ac2f4dd3f1b42d8d7f36acb1f1497990d0ec3d626082cdb1384ec72a4c1d98955ba2a3aae6d81b24e9ce533eb5ede7210ae4a06d43f750138b8914d754d43bce416fee799cc4dd03949acedc34def7d6bde6ba41a4cf03d209689a3ad181f1b6dcf76ca25c87eb1c7459cc9f95ddc57":"5f6a3620e59fe8977286f502d0da7517":1
+
+AES-GCM NIST CAVS 14.0 - empty AD, plaintext length: 128 bytes, AD updates: 2
+depends_on:MBEDTLS_AES_C
+gcm_encrypt_and_tag_empty_ad:MBEDTLS_CIPHER_ID_AES:"ce0f8cfe9d64c4f4c045d11b97c2d918":"ad4c3627a494fc628316dc03faf81db8":"dfff250d380f363880963b42d6913c1ba11e8edf7c4ab8b76d79ccbaac628f548ee542f48728a9a2620a0d69339c8291e8d398440d740e310908cdee7c273cc91275ce7271ba12f69237998b07b789b3993aaac8dc4ec1914432a30f5172f79ea0539bd1f70b36d437e5170bc63039a5280816c05e1e41760b58e35696cebd55":"0de73d9702d9357c9e8619b7944e40732ac2f4dd3f1b42d8d7f36acb1f1497990d0ec3d626082cdb1384ec72a4c1d98955ba2a3aae6d81b24e9ce533eb5ede7210ae4a06d43f750138b8914d754d43bce416fee799cc4dd03949acedc34def7d6bde6ba41a4cf03d209689a3ad181f1b6dcf76ca25c87eb1c7459cc9f95ddc57":"5f6a3620e59fe8977286f502d0da7517":2
+
+AES-GCM NIST CAVS 14.0 - empty AD, plaintext length: 51 bytes, AD updates: 0
+depends_on:MBEDTLS_AES_C
+gcm_encrypt_and_tag_empty_ad:MBEDTLS_CIPHER_ID_AES:"594157ec4693202b030f33798b07176d":"49b12054082660803a1df3df":"3feef98a976a1bd634f364ac428bb59cd51fb159ec1789946918dbd50ea6c9d594a3a31a5269b0da6936c29d063a5fa2cc8a1c":"c1b7a46a335f23d65b8db4008a49796906e225474f4fe7d39e55bf2efd97fd82d4167de082ae30fa01e465a601235d8d68bc69":"ba92d3661ce8b04687e8788d55417dc2":0
+
+AES-GCM NIST CAVS 14.0 - empty AD, plaintext length: 51 bytes, AD updates: 1
+depends_on:MBEDTLS_AES_C
+gcm_encrypt_and_tag_empty_ad:MBEDTLS_CIPHER_ID_AES:"594157ec4693202b030f33798b07176d":"49b12054082660803a1df3df":"3feef98a976a1bd634f364ac428bb59cd51fb159ec1789946918dbd50ea6c9d594a3a31a5269b0da6936c29d063a5fa2cc8a1c":"c1b7a46a335f23d65b8db4008a49796906e225474f4fe7d39e55bf2efd97fd82d4167de082ae30fa01e465a601235d8d68bc69":"ba92d3661ce8b04687e8788d55417dc2":1
+
+AES-GCM NIST CAVS 14.0 - empty AD, plaintext length: 51 bytes, AD updates: 2
+depends_on:MBEDTLS_AES_C
+gcm_encrypt_and_tag_empty_ad:MBEDTLS_CIPHER_ID_AES:"594157ec4693202b030f33798b07176d":"49b12054082660803a1df3df":"3feef98a976a1bd634f364ac428bb59cd51fb159ec1789946918dbd50ea6c9d594a3a31a5269b0da6936c29d063a5fa2cc8a1c":"c1b7a46a335f23d65b8db4008a49796906e225474f4fe7d39e55bf2efd97fd82d4167de082ae30fa01e465a601235d8d68bc69":"ba92d3661ce8b04687e8788d55417dc2":2
+
+AES-GCM NIST - empty AD, empty plaintext
+depends_on:MBEDTLS_AES_C
+gcm_encrypt_and_verify_no_ad_no_cipher:MBEDTLS_CIPHER_ID_AES:"11754cd72aec309bf52f7687212e8957":"3c819d9a9bed087615030b65":"250327c674aaf477aef2675748cf6971"
+
AES-GCM Bad IV (AES-128,128,0,0,32) #0
depends_on:MBEDTLS_AES_C
gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index 9733eb2..c530e6b 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -11,20 +11,24 @@
const data_t *input,
const data_t *expected_output,
const data_t *tag,
- size_t n1 )
+ size_t n1,
+ size_t n1_add)
{
int ok = 0;
uint8_t *output = NULL;
size_t n2 = input->len - n1;
+ size_t n2_add = add->len - n1_add;
size_t olen;
/* Sanity checks on the test data */
TEST_ASSERT( n1 <= input->len );
+ TEST_ASSERT( n1_add <= add->len );
TEST_EQUAL( input->len, expected_output->len );
TEST_EQUAL( 0, mbedtls_gcm_starts( ctx, mode,
iv->x, iv->len ) );
- TEST_EQUAL( 0, mbedtls_gcm_update_ad( ctx, add->x, add->len ) );
+ TEST_EQUAL( 0, mbedtls_gcm_update_ad( ctx, add->x, n1_add ) );
+ TEST_EQUAL( 0, mbedtls_gcm_update_ad( ctx, add->x + n1_add, n2_add ) );
/* Allocate a tight buffer for each update call. This way, if the function
* tries to write beyond the advertised required buffer size, this will
@@ -46,7 +50,8 @@
output = NULL;
ASSERT_ALLOC( output, tag->len );
- TEST_EQUAL( 0, mbedtls_gcm_finish( ctx, NULL, 0, output, tag->len ) );
+ TEST_EQUAL( 0, mbedtls_gcm_finish( ctx, NULL, 0, &olen, output, tag->len ) );
+ TEST_EQUAL( 0, olen );
ASSERT_COMPARE( output, tag->len, tag->x, tag->len );
mbedtls_free( output );
output = NULL;
@@ -57,6 +62,99 @@
return( ok );
}
+static void check_cipher_with_empty_ad( mbedtls_gcm_context *ctx,
+ int mode,
+ const data_t *iv,
+ const data_t *input,
+ const data_t *expected_output,
+ const data_t *tag,
+ size_t ad_update_count)
+{
+ size_t n;
+ uint8_t *output = NULL;
+ size_t olen;
+
+ /* Sanity checks on the test data */
+ TEST_EQUAL( input->len, expected_output->len );
+
+ TEST_EQUAL( 0, mbedtls_gcm_starts( ctx, mode,
+ iv->x, iv->len ) );
+
+ for( n = 0; n < ad_update_count; n++ )
+ {
+ TEST_EQUAL( 0, mbedtls_gcm_update_ad( ctx, NULL, 0 ) );
+ }
+
+ /* Allocate a tight buffer for each update call. This way, if the function
+ * tries to write beyond the advertised required buffer size, this will
+ * count as an overflow for memory sanitizers and static checkers. */
+ ASSERT_ALLOC( output, input->len );
+ olen = 0xdeadbeef;
+ TEST_EQUAL( 0, mbedtls_gcm_update( ctx, input->x, input->len, output, input->len, &olen ) );
+ TEST_EQUAL( input->len, olen );
+ ASSERT_COMPARE( output, olen, expected_output->x, input->len );
+ mbedtls_free( output );
+ output = NULL;
+
+ ASSERT_ALLOC( output, tag->len );
+ TEST_EQUAL( 0, mbedtls_gcm_finish( ctx, NULL, 0, &olen, output, tag->len ) );
+ TEST_EQUAL( 0, olen );
+ ASSERT_COMPARE( output, tag->len, tag->x, tag->len );
+
+exit:
+ mbedtls_free( output );
+}
+
+static void check_empty_cipher_with_ad( mbedtls_gcm_context *ctx,
+ int mode,
+ const data_t *iv,
+ const data_t *add,
+ const data_t *tag,
+ size_t cipher_update_count)
+{
+ size_t olen;
+ size_t n;
+ uint8_t* output_tag = NULL;
+
+ TEST_EQUAL( 0, mbedtls_gcm_starts( ctx, mode, iv->x, iv->len ) );
+ TEST_EQUAL( 0, mbedtls_gcm_update_ad( ctx, add->x, add->len ) );
+
+ for( n = 0; n < cipher_update_count; n++ )
+ {
+ olen = 0xdeadbeef;
+ TEST_EQUAL( 0, mbedtls_gcm_update( ctx, NULL, 0, NULL, 0, &olen ) );
+ TEST_EQUAL( 0, olen );
+ }
+
+ ASSERT_ALLOC( output_tag, tag->len );
+ TEST_EQUAL( 0, mbedtls_gcm_finish( ctx, NULL, 0, &olen,
+ output_tag, tag->len ) );
+ TEST_EQUAL( 0, olen );
+ ASSERT_COMPARE( output_tag, tag->len, tag->x, tag->len );
+
+exit:
+ mbedtls_free( output_tag );
+}
+
+static void check_no_cipher_no_ad( mbedtls_gcm_context *ctx,
+ int mode,
+ const data_t *iv,
+ const data_t *tag )
+{
+ uint8_t *output = NULL;
+ size_t olen = 0;
+
+ TEST_EQUAL( 0, mbedtls_gcm_starts( ctx, mode,
+ iv->x, iv->len ) );
+ ASSERT_ALLOC( output, tag->len );
+ TEST_EQUAL( 0, mbedtls_gcm_finish( ctx, NULL, 0, &olen, output, tag->len ) );
+ TEST_EQUAL( 0, olen );
+ ASSERT_COMPARE( output, tag->len, tag->x, tag->len );
+
+exit:
+ mbedtls_free( output );
+}
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -101,6 +199,7 @@
mbedtls_gcm_context ctx;
size_t tag_len = tag_len_bits / 8;
size_t n1;
+ size_t n1_add;
mbedtls_gcm_init( &ctx );
@@ -118,12 +217,15 @@
for( n1 = 0; n1 <= src_str->len; n1 += 1 )
{
- mbedtls_test_set_step( n1 );
- if( !check_multipart( &ctx, MBEDTLS_GCM_ENCRYPT,
- iv_str, add_str, src_str,
- dst, tag,
- n1 ) )
- goto exit;
+ for( n1_add = 0; n1_add <= add_str->len; n1_add += 1 )
+ {
+ mbedtls_test_set_step( n1 * 10000 + n1_add );
+ if( !check_multipart( &ctx, MBEDTLS_GCM_ENCRYPT,
+ iv_str, add_str, src_str,
+ dst, tag,
+ n1, n1_add ) )
+ goto exit;
+ }
}
}
@@ -144,6 +246,7 @@
int ret;
size_t tag_len = tag_len_bits / 8;
size_t n1;
+ size_t n1_add;
mbedtls_gcm_init( &ctx );
@@ -166,12 +269,15 @@
for( n1 = 0; n1 <= src_str->len; n1 += 1 )
{
- mbedtls_test_set_step( n1 );
- if( !check_multipart( &ctx, MBEDTLS_GCM_DECRYPT,
- iv_str, add_str, src_str,
- pt_result, tag_str,
- n1 ) )
- goto exit;
+ for( n1_add = 0; n1_add <= add_str->len; n1_add += 1 )
+ {
+ mbedtls_test_set_step( n1 * 10000 + n1_add );
+ if( !check_multipart( &ctx, MBEDTLS_GCM_DECRYPT,
+ iv_str, add_str, src_str,
+ pt_result, tag_str,
+ n1, n1_add ) )
+ goto exit;
+ }
}
}
}
@@ -181,163 +287,83 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void gcm_invalid_param( )
+/* BEGIN_CASE */
+void gcm_decrypt_and_verify_empty_cipher( int cipher_id,
+ data_t * key_str,
+ data_t * iv_str,
+ data_t * add_str,
+ data_t * tag_str,
+ int cipher_update_calls )
{
mbedtls_gcm_context ctx;
- unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
- mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES;
- int valid_mode = MBEDTLS_GCM_ENCRYPT;
- int valid_len = sizeof(valid_buffer);
- int valid_bitlen = 128, invalid_bitlen = 1;
- size_t olen;
mbedtls_gcm_init( &ctx );
- /* mbedtls_gcm_init() */
- TEST_INVALID_PARAM( mbedtls_gcm_init( NULL ) );
+ TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == 0 );
+ check_empty_cipher_with_ad( &ctx, MBEDTLS_GCM_DECRYPT,
+ iv_str, add_str, tag_str,
+ cipher_update_calls );
- /* mbedtls_gcm_setkey */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_setkey( NULL, valid_cipher, valid_buffer, valid_bitlen ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_setkey( &ctx, valid_cipher, NULL, valid_bitlen ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_setkey( &ctx, valid_cipher, valid_buffer, invalid_bitlen ) );
+ mbedtls_gcm_free( &ctx );
+}
+/* END_CASE */
- /* mbedtls_gcm_crypt_and_tag() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_crypt_and_tag( NULL, valid_mode, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_len, valid_buffer ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_len, valid_buffer ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_buffer,
- valid_len, valid_buffer ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_buffer,
- valid_len, valid_buffer ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, NULL,
- valid_len, valid_buffer ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_len, NULL ) );
+/* BEGIN_CASE */
+void gcm_decrypt_and_verify_empty_ad( int cipher_id,
+ data_t * key_str,
+ data_t * iv_str,
+ data_t * src_str,
+ data_t * tag_str,
+ data_t * pt_result,
+ int ad_update_calls )
+{
+ mbedtls_gcm_context ctx;
- /* mbedtls_gcm_auth_decrypt() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_auth_decrypt( NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_auth_decrypt( &ctx, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_buffer) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_buffer) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, NULL) );
+ mbedtls_gcm_init( &ctx );
- /* mbedtls_gcm_starts() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_starts( NULL, valid_mode,
- valid_buffer, valid_len ) );
+ TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == 0 );
+ check_cipher_with_empty_ad( &ctx, MBEDTLS_GCM_DECRYPT,
+ iv_str, src_str, pt_result, tag_str,
+ ad_update_calls );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_starts( &ctx, valid_mode,
- NULL, valid_len ) );
+ mbedtls_gcm_free( &ctx );
+}
+/* END_CASE */
- /* mbedtls_gcm_update_ad() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_update_ad( &ctx,
- NULL, valid_len ) );
+/* BEGIN_CASE */
+void gcm_decrypt_and_verify_no_ad_no_cipher( int cipher_id,
+ data_t * key_str,
+ data_t * iv_str,
+ data_t * tag_str )
+{
+ mbedtls_gcm_context ctx;
- /* mbedtls_gcm_update() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_update( NULL, valid_buffer, valid_len,
- valid_buffer, valid_len, &olen ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_update( &ctx, NULL, valid_len,
- valid_buffer, valid_len, &olen ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_update( &ctx, valid_buffer, valid_len,
- NULL, valid_len, &olen ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_update( &ctx, valid_buffer, valid_len,
- valid_buffer, valid_len, NULL ) );
+ mbedtls_gcm_init( &ctx );
- /* mbedtls_gcm_finish() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_finish( NULL, NULL, 0, valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_finish( &ctx, NULL, 0, NULL, valid_len ) );
+ TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == 0 );
+ check_no_cipher_no_ad( &ctx, MBEDTLS_GCM_DECRYPT,
+ iv_str, tag_str );
+
+ mbedtls_gcm_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void gcm_encrypt_and_tag_empty_cipher( int cipher_id,
+ data_t * key_str,
+ data_t * iv_str,
+ data_t * add_str,
+ data_t * tag_str,
+ int cipher_update_calls )
+{
+ mbedtls_gcm_context ctx;
+
+ mbedtls_gcm_init( &ctx );
+
+ TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == 0 );
+ check_empty_cipher_with_ad( &ctx, MBEDTLS_GCM_ENCRYPT,
+ iv_str, add_str, tag_str,
+ cipher_update_calls );
exit:
mbedtls_gcm_free( &ctx );
@@ -345,11 +371,63 @@
/* END_CASE */
/* BEGIN_CASE */
-void gcm_valid_param( )
+void gcm_encrypt_and_tag_empty_ad( int cipher_id,
+ data_t * key_str,
+ data_t * iv_str,
+ data_t * src_str,
+ data_t * dst,
+ data_t * tag_str,
+ int ad_update_calls )
{
- TEST_VALID_PARAM( mbedtls_gcm_free( NULL ) );
+ mbedtls_gcm_context ctx;
+
+ mbedtls_gcm_init( &ctx );
+
+ TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == 0 );
+ check_cipher_with_empty_ad( &ctx, MBEDTLS_GCM_ENCRYPT,
+ iv_str, src_str, dst, tag_str,
+ ad_update_calls );
+
exit:
- return;
+ mbedtls_gcm_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void gcm_encrypt_and_verify_no_ad_no_cipher( int cipher_id,
+ data_t * key_str,
+ data_t * iv_str,
+ data_t * tag_str )
+{
+ mbedtls_gcm_context ctx;
+
+ mbedtls_gcm_init( &ctx );
+
+ TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == 0 );
+ check_no_cipher_no_ad( &ctx, MBEDTLS_GCM_ENCRYPT,
+ iv_str, tag_str );
+
+ mbedtls_gcm_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:NOT_DEFINED */
+void gcm_invalid_param( )
+{
+ mbedtls_gcm_context ctx;
+ unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
+ mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES;
+ int invalid_bitlen = 1;
+
+ mbedtls_gcm_init( &ctx );
+
+ /* mbedtls_gcm_setkey */
+ TEST_EQUAL(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_setkey( &ctx, valid_cipher, valid_buffer, invalid_bitlen ) );
+
+exit:
+ mbedtls_gcm_free( &ctx );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_gcm.misc.data b/tests/suites/test_suite_gcm.misc.data
index cf01526..f22b7a3 100644
--- a/tests/suites/test_suite_gcm.misc.data
+++ b/tests/suites/test_suite_gcm.misc.data
@@ -1,5 +1,2 @@
GCM - Invalid parameters
gcm_invalid_param:
-
-GCM - Valid parameters
-gcm_valid_param:
diff --git a/tests/suites/test_suite_hkdf.data b/tests/suites/test_suite_hkdf.data
index 1583736..d2f7ab3 100644
--- a/tests/suites/test_suite_hkdf.data
+++ b/tests/suites/test_suite_hkdf.data
@@ -15,84 +15,84 @@
HKDF RFC5869 Test Vector #1
depends_on:MBEDTLS_SHA256_C
-test_hkdf:6:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"
+test_hkdf:MBEDTLS_MD_SHA256:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"
HKDF RFC5869 Test Vector #2
depends_on:MBEDTLS_SHA256_C
-test_hkdf:6:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87"
+test_hkdf:MBEDTLS_MD_SHA256:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87"
HKDF RFC5869 Test Vector #3
depends_on:MBEDTLS_SHA256_C
-test_hkdf:6:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"":"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8"
+test_hkdf:MBEDTLS_MD_SHA256:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"":"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8"
HKDF RFC5869 Test Vector #4
depends_on:MBEDTLS_SHA1_C
-test_hkdf:4:"0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896"
+test_hkdf:MBEDTLS_MD_SHA1:"0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896"
HKDF RFC5869 Test Vector #5
depends_on:MBEDTLS_SHA1_C
-test_hkdf:4:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4"
+test_hkdf:MBEDTLS_MD_SHA1:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4"
HKDF RFC5869 Test Vector #6
depends_on:MBEDTLS_SHA1_C
-test_hkdf:4:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"":"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918"
+test_hkdf:MBEDTLS_MD_SHA1:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"":"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918"
HKDF RFC5869 Test Vector #7
depends_on:MBEDTLS_SHA1_C
-test_hkdf:4:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"":"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48"
+test_hkdf:MBEDTLS_MD_SHA1:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"":"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48"
HKDF RFC5869 Test Vector #1 Extract
depends_on:MBEDTLS_SHA256_C
-test_hkdf_extract:6:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5"
+test_hkdf_extract:MBEDTLS_MD_SHA256:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5"
HKDF RFC5869 Test Vector #2 Extract
depends_on:MBEDTLS_SHA256_C
-test_hkdf_extract:6:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244"
+test_hkdf_extract:MBEDTLS_MD_SHA256:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244"
HKDF RFC5869 Test Vector #3 Extract
depends_on:MBEDTLS_SHA256_C
-test_hkdf_extract:6:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04"
+test_hkdf_extract:MBEDTLS_MD_SHA256:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04"
HKDF RFC5869 Test Vector #4 Extract
depends_on:MBEDTLS_SHA1_C
-test_hkdf_extract:4:"0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243"
+test_hkdf_extract:MBEDTLS_MD_SHA1:"0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243"
HKDF RFC5869 Test Vector #5 Extract
depends_on:MBEDTLS_SHA1_C
-test_hkdf_extract:4:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"8adae09a2a307059478d309b26c4115a224cfaf6"
+test_hkdf_extract:MBEDTLS_MD_SHA1:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"8adae09a2a307059478d309b26c4115a224cfaf6"
HKDF RFC5869 Test Vector #6 Extract
depends_on:MBEDTLS_SHA1_C
-test_hkdf_extract:4:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01"
+test_hkdf_extract:MBEDTLS_MD_SHA1:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01"
HKDF RFC5869 Test Vector #7 Extract
depends_on:MBEDTLS_SHA1_C
-test_hkdf_extract:4:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"2adccada18779e7c2077ad2eb19d3f3e731385dd"
+test_hkdf_extract:MBEDTLS_MD_SHA1:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"2adccada18779e7c2077ad2eb19d3f3e731385dd"
HKDF RFC5869 Test Vector #1 Expand
depends_on:MBEDTLS_SHA256_C
-test_hkdf_expand:6:"f0f1f2f3f4f5f6f7f8f9":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"
+test_hkdf_expand:MBEDTLS_MD_SHA256:"f0f1f2f3f4f5f6f7f8f9":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"
HKDF RFC5869 Test Vector #2 Expand
depends_on:MBEDTLS_SHA256_C
-test_hkdf_expand:6:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87"
+test_hkdf_expand:MBEDTLS_MD_SHA256:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87"
HKDF RFC5869 Test Vector #3 Expand
depends_on:MBEDTLS_SHA256_C
-test_hkdf_expand:6:"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8"
+test_hkdf_expand:MBEDTLS_MD_SHA256:"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8"
HKDF RFC5869 Test Vector #4 Expand
depends_on:MBEDTLS_SHA1_C
-test_hkdf_expand:4:"f0f1f2f3f4f5f6f7f8f9":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896"
+test_hkdf_expand:MBEDTLS_MD_SHA1:"f0f1f2f3f4f5f6f7f8f9":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896"
HKDF RFC5869 Test Vector #5 Expand
depends_on:MBEDTLS_SHA1_C
-test_hkdf_expand:4:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"8adae09a2a307059478d309b26c4115a224cfaf6":"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4"
+test_hkdf_expand:MBEDTLS_MD_SHA1:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"8adae09a2a307059478d309b26c4115a224cfaf6":"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4"
HKDF RFC5869 Test Vector #6 Expand
depends_on:MBEDTLS_SHA1_C
-test_hkdf_expand:4:"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918"
+test_hkdf_expand:MBEDTLS_MD_SHA1:"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918"
HKDF RFC5869 Test Vector #7 Expand
depends_on:MBEDTLS_SHA1_C
-test_hkdf_expand:4:"":"2adccada18779e7c2077ad2eb19d3f3e731385dd":"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48"
+test_hkdf_expand:MBEDTLS_MD_SHA1:"":"2adccada18779e7c2077ad2eb19d3f3e731385dd":"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48"
diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data
index dbe6aa8..a741068 100644
--- a/tests/suites/test_suite_md.data
+++ b/tests/suites/test_suite_md.data
@@ -5,14 +5,6 @@
MD NULL/uninitialised arguments
md_null_args:
-Information on MD2
-depends_on:MBEDTLS_MD2_C
-md_info:MBEDTLS_MD_MD2:"MD2":16
-
-Information on MD4
-depends_on:MBEDTLS_MD4_C
-md_info:MBEDTLS_MD_MD4:"MD4":16
-
Information on MD5
depends_on:MBEDTLS_MD5_C
md_info:MBEDTLS_MD_MD5:"MD5":16
@@ -41,62 +33,6 @@
depends_on:MBEDTLS_SHA512_C
md_info:MBEDTLS_MD_SHA512:"SHA512":64
-generic mbedtls_md2 Test vector RFC1319 #1
-depends_on:MBEDTLS_MD2_C
-md_text:"MD2":"":"8350e5a3e24c153df2275c9f80692773"
-
-generic mbedtls_md2 Test vector RFC1319 #2
-depends_on:MBEDTLS_MD2_C
-md_text:"MD2":"a":"32ec01ec4a6dac72c0ab96fb34c0b5d1"
-
-generic mbedtls_md2 Test vector RFC1319 #3
-depends_on:MBEDTLS_MD2_C
-md_text:"MD2":"abc":"da853b0d3f88d99b30283a69e6ded6bb"
-
-generic mbedtls_md2 Test vector RFC1319 #4
-depends_on:MBEDTLS_MD2_C
-md_text:"MD2":"message digest":"ab4f496bfb2a530b219ff33031fe06b0"
-
-generic mbedtls_md2 Test vector RFC1319 #5
-depends_on:MBEDTLS_MD2_C
-md_text:"MD2":"abcdefghijklmnopqrstuvwxyz":"4e8ddff3650292ab5a4108c3aa47940b"
-
-generic mbedtls_md2 Test vector RFC1319 #6
-depends_on:MBEDTLS_MD2_C
-md_text:"MD2":"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789":"da33def2a42df13975352846c30338cd"
-
-generic mbedtls_md2 Test vector RFC1319 #7
-depends_on:MBEDTLS_MD2_C
-md_text:"MD2":"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"d5976f79d83d3a0dc9806c3c66f3efd8"
-
-generic mbedtls_md4 Test vector RFC1320 #1
-depends_on:MBEDTLS_MD4_C
-md_text:"MD4":"":"31d6cfe0d16ae931b73c59d7e0c089c0"
-
-generic mbedtls_md4 Test vector RFC1320 #2
-depends_on:MBEDTLS_MD4_C
-md_text:"MD4":"a":"bde52cb31de33e46245e05fbdbd6fb24"
-
-generic mbedtls_md4 Test vector RFC1320 #3
-depends_on:MBEDTLS_MD4_C
-md_text:"MD4":"abc":"a448017aaf21d8525fc10ae87aa6729d"
-
-generic mbedtls_md4 Test vector RFC1320 #4
-depends_on:MBEDTLS_MD4_C
-md_text:"MD4":"message digest":"d9130a8164549fe818874806e1c7014b"
-
-generic mbedtls_md4 Test vector RFC1320 #5
-depends_on:MBEDTLS_MD4_C
-md_text:"MD4":"abcdefghijklmnopqrstuvwxyz":"d79e1c308aa5bbcdeea8ed63df412da9"
-
-generic mbedtls_md4 Test vector RFC1320 #6
-depends_on:MBEDTLS_MD4_C
-md_text:"MD4":"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789":"043f8582f241db351ce627e153e7f0e4"
-
-generic mbedtls_md4 Test vector RFC1320 #7
-depends_on:MBEDTLS_MD4_C
-md_text:"MD4":"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"e33b4ddc9c38f2199c3e7b164fcc0536"
-
generic mbedtls_md5 Test vector RFC1321 #1
depends_on:MBEDTLS_MD5_C
md_text:"MD5":"":"d41d8cd98f00b204e9800998ecf8427e"
@@ -157,30 +93,6 @@
depends_on:MBEDTLS_RIPEMD160_C
md_text:"RIPEMD160":"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb"
-generic HMAC-MD2 Hash File OpenSSL test #1
-depends_on:MBEDTLS_MD2_C
-mbedtls_md_hmac:"MD2":16:"61616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"d5732582f494f5ddf35efd166c85af9c"
-
-generic HMAC-MD2 Hash File OpenSSL test #2
-depends_on:MBEDTLS_MD2_C
-mbedtls_md_hmac:"MD2":16:"61616161616161616161616161616161":"270fcf11f27c27448457d7049a7edb084a3e554e0b2acf5806982213f0ad516402e4c869c4ff2171e18e3489baa3125d2c3056ebb616296f9b6aa97ef68eeabcdc0b6dde47775004096a241efcf0a90d19b34e898cc7340cdc940f8bdd46e23e352f34bca131d4d67a7c2ddb8d0d68b67f06152a128168e1c341c37e0a66c5018999b7059bcc300beed2c19dd1152d2fe062853293b8f3c8b5":"54ab68503f7d1b5c7741340dff2722a9"
-
-generic HMAC-MD2 Hash File OpenSSL test #3
-depends_on:MBEDTLS_MD2_C
-mbedtls_md_hmac:"MD2":16:"61616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"d850e5f554558cf0fe79a0612e1d0365"
-
-generic HMAC-MD4 Hash File OpenSSL test #1
-depends_on:MBEDTLS_MD4_C
-mbedtls_md_hmac:"MD4":16:"61616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"eabd0fbefb82fb0063a25a6d7b8bdc0f"
-
-generic HMAC-MD4 Hash File OpenSSL test #2
-depends_on:MBEDTLS_MD4_C
-mbedtls_md_hmac:"MD4":16:"61616161616161616161616161616161":"270fcf11f27c27448457d7049a7edb084a3e554e0b2acf5806982213f0ad516402e4c869c4ff2171e18e3489baa3125d2c3056ebb616296f9b6aa97ef68eeabcdc0b6dde47775004096a241efcf0a90d19b34e898cc7340cdc940f8bdd46e23e352f34bca131d4d67a7c2ddb8d0d68b67f06152a128168e1c341c37e0a66c5018999b7059bcc300beed2c19dd1152d2fe062853293b8f3c8b5":"cec3c5e421a7b783aa89cacf78daf6dc"
-
-generic HMAC-MD4 Hash File OpenSSL test #3
-depends_on:MBEDTLS_MD4_C
-mbedtls_md_hmac:"MD4":16:"61616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"ad5f0a04116109b397b57f9cc9b6df4b"
-
generic HMAC-MD5 Hash File OpenSSL test #1
depends_on:MBEDTLS_MD5_C
mbedtls_md_hmac:"MD5":16:"61616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"42552882f00bd4633ea81135a184b284"
@@ -193,14 +105,6 @@
depends_on:MBEDTLS_MD5_C
mbedtls_md_hmac:"MD5":16:"61616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"e97f623936f98a7f741c4bd0612fecc2"
-HMAC-MD2 Bouncy Castle test #1
-depends_on:MBEDTLS_MD2_C
-mbedtls_md_hmac:"MD2":16:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"4869205468657265":"dc1923ef5f161d35bef839ca8c807808"
-
-HMAC-MD4 Bouncy Castle test #1
-depends_on:MBEDTLS_MD4_C
-mbedtls_md_hmac:"MD4":16:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"4869205468657265":"5570ce964ba8c11756cdc3970278ff5a"
-
HMAC-MD5 Bouncy Castle test #1
depends_on:MBEDTLS_MD5_C
mbedtls_md_hmac:"MD5":16:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"4869205468657265":"5ccec34ea9656392457fa1ac27f08fbc"
@@ -261,62 +165,6 @@
depends_on:MBEDTLS_RIPEMD160_C
mbedtls_md_hmac:"RIPEMD160":20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b657920616e64204c6172676572205468616e204f6e6520426c6f636b2d53697a652044617461":"69ea60798d71616cce5fd0871e23754cd75d5a0a"
-generic multi step mbedtls_md2 Test vector RFC1319 #1
-depends_on:MBEDTLS_MD_C:MBEDTLS_MD2_C
-md_text_multi:"MD2":"":"8350e5a3e24c153df2275c9f80692773"
-
-generic multi step mbedtls_md2 Test vector RFC1319 #2
-depends_on:MBEDTLS_MD2_C
-md_text_multi:"MD2":"a":"32ec01ec4a6dac72c0ab96fb34c0b5d1"
-
-generic multi step mbedtls_md2 Test vector RFC1319 #3
-depends_on:MBEDTLS_MD2_C
-md_text_multi:"MD2":"abc":"da853b0d3f88d99b30283a69e6ded6bb"
-
-generic multi step mbedtls_md2 Test vector RFC1319 #4
-depends_on:MBEDTLS_MD2_C
-md_text_multi:"MD2":"message digest":"ab4f496bfb2a530b219ff33031fe06b0"
-
-generic multi step mbedtls_md2 Test vector RFC1319 #5
-depends_on:MBEDTLS_MD2_C
-md_text_multi:"MD2":"abcdefghijklmnopqrstuvwxyz":"4e8ddff3650292ab5a4108c3aa47940b"
-
-generic multi step mbedtls_md2 Test vector RFC1319 #6
-depends_on:MBEDTLS_MD2_C
-md_text_multi:"MD2":"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789":"da33def2a42df13975352846c30338cd"
-
-generic multi step mbedtls_md2 Test vector RFC1319 #7
-depends_on:MBEDTLS_MD2_C
-md_text_multi:"MD2":"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"d5976f79d83d3a0dc9806c3c66f3efd8"
-
-generic multi step mbedtls_md4 Test vector RFC1320 #1
-depends_on:MBEDTLS_MD4_C
-md_text_multi:"MD4":"":"31d6cfe0d16ae931b73c59d7e0c089c0"
-
-generic multi step mbedtls_md4 Test vector RFC1320 #2
-depends_on:MBEDTLS_MD4_C
-md_text_multi:"MD4":"a":"bde52cb31de33e46245e05fbdbd6fb24"
-
-generic multi step mbedtls_md4 Test vector RFC1320 #3
-depends_on:MBEDTLS_MD4_C
-md_text_multi:"MD4":"abc":"a448017aaf21d8525fc10ae87aa6729d"
-
-generic multi step mbedtls_md4 Test vector RFC1320 #4
-depends_on:MBEDTLS_MD4_C
-md_text_multi:"MD4":"message digest":"d9130a8164549fe818874806e1c7014b"
-
-generic multi step mbedtls_md4 Test vector RFC1320 #5
-depends_on:MBEDTLS_MD4_C
-md_text_multi:"MD4":"abcdefghijklmnopqrstuvwxyz":"d79e1c308aa5bbcdeea8ed63df412da9"
-
-generic multi step mbedtls_md4 Test vector RFC1320 #6
-depends_on:MBEDTLS_MD4_C
-md_text_multi:"MD4":"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789":"043f8582f241db351ce627e153e7f0e4"
-
-generic multi step mbedtls_md4 Test vector RFC1320 #7
-depends_on:MBEDTLS_MD4_C
-md_text_multi:"MD4":"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"e33b4ddc9c38f2199c3e7b164fcc0536"
-
generic multi step mbedtls_md5 Test vector RFC1321 #1
depends_on:MBEDTLS_MD5_C
md_text_multi:"MD5":"":"d41d8cd98f00b204e9800998ecf8427e"
@@ -377,30 +225,6 @@
depends_on:MBEDTLS_RIPEMD160_C
md_text_multi:"RIPEMD160":"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb"
-generic multi step HMAC-MD2 Hash File OpenSSL test #1
-depends_on:MBEDTLS_MD2_C
-md_hmac_multi:"MD2":16:"61616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"d5732582f494f5ddf35efd166c85af9c"
-
-generic multi step HMAC-MD2 Hash File OpenSSL test #2
-depends_on:MBEDTLS_MD2_C
-md_hmac_multi:"MD2":16:"61616161616161616161616161616161":"270fcf11f27c27448457d7049a7edb084a3e554e0b2acf5806982213f0ad516402e4c869c4ff2171e18e3489baa3125d2c3056ebb616296f9b6aa97ef68eeabcdc0b6dde47775004096a241efcf0a90d19b34e898cc7340cdc940f8bdd46e23e352f34bca131d4d67a7c2ddb8d0d68b67f06152a128168e1c341c37e0a66c5018999b7059bcc300beed2c19dd1152d2fe062853293b8f3c8b5":"54ab68503f7d1b5c7741340dff2722a9"
-
-generic multi step HMAC-MD2 Hash File OpenSSL test #3
-depends_on:MBEDTLS_MD2_C
-md_hmac_multi:"MD2":16:"61616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"d850e5f554558cf0fe79a0612e1d0365"
-
-generic multi step HMAC-MD4 Hash File OpenSSL test #1
-depends_on:MBEDTLS_MD4_C
-md_hmac_multi:"MD4":16:"61616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"eabd0fbefb82fb0063a25a6d7b8bdc0f"
-
-generic multi step HMAC-MD4 Hash File OpenSSL test #2
-depends_on:MBEDTLS_MD4_C
-md_hmac_multi:"MD4":16:"61616161616161616161616161616161":"270fcf11f27c27448457d7049a7edb084a3e554e0b2acf5806982213f0ad516402e4c869c4ff2171e18e3489baa3125d2c3056ebb616296f9b6aa97ef68eeabcdc0b6dde47775004096a241efcf0a90d19b34e898cc7340cdc940f8bdd46e23e352f34bca131d4d67a7c2ddb8d0d68b67f06152a128168e1c341c37e0a66c5018999b7059bcc300beed2c19dd1152d2fe062853293b8f3c8b5":"cec3c5e421a7b783aa89cacf78daf6dc"
-
-generic multi step HMAC-MD4 Hash File OpenSSL test #3
-depends_on:MBEDTLS_MD4_C
-md_hmac_multi:"MD4":16:"61616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"ad5f0a04116109b397b57f9cc9b6df4b"
-
generic multi step HMAC-MD5 Hash File OpenSSL test #1
depends_on:MBEDTLS_MD5_C
md_hmac_multi:"MD5":16:"61616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"42552882f00bd4633ea81135a184b284"
@@ -469,38 +293,6 @@
depends_on:MBEDTLS_RIPEMD160_C
md_hmac_multi:"RIPEMD160":20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b657920616e64204c6172676572205468616e204f6e6520426c6f636b2d53697a652044617461":"69ea60798d71616cce5fd0871e23754cd75d5a0a"
-generic MD2 Hash file #1
-depends_on:MBEDTLS_MD2_C
-mbedtls_md_file:"MD2":"data_files/hash_file_1":"b593c098712d2e21628c8986695451a8"
-
-generic MD2 Hash file #2
-depends_on:MBEDTLS_MD2_C
-mbedtls_md_file:"MD2":"data_files/hash_file_2":"3c027b7409909a4c4b26bbab69ad9f4f"
-
-generic MD2 Hash file #3
-depends_on:MBEDTLS_MD2_C
-mbedtls_md_file:"MD2":"data_files/hash_file_3":"6bb43eb285e81f414083a94cdbe2989d"
-
-generic MD2 Hash file #4
-depends_on:MBEDTLS_MD2_C
-mbedtls_md_file:"MD2":"data_files/hash_file_4":"8350e5a3e24c153df2275c9f80692773"
-
-generic MD4 Hash file #1
-depends_on:MBEDTLS_MD4_C
-mbedtls_md_file:"MD4":"data_files/hash_file_1":"8d19772c176bd27153b9486715e2c0b9"
-
-generic MD4 Hash file #2
-depends_on:MBEDTLS_MD4_C
-mbedtls_md_file:"MD4":"data_files/hash_file_2":"f2ac53b8542882a5a0007c6f84b4d9fd"
-
-generic MD4 Hash file #3
-depends_on:MBEDTLS_MD4_C
-mbedtls_md_file:"MD4":"data_files/hash_file_3":"195c15158e2d07881d9a654095ce4a42"
-
-generic MD4 Hash file #4
-depends_on:MBEDTLS_MD4_C
-mbedtls_md_file:"MD4":"data_files/hash_file_4":"31d6cfe0d16ae931b73c59d7e0c089c0"
-
generic MD5 Hash file #1
depends_on:MBEDTLS_MD5_C
mbedtls_md_file:"MD5":"data_files/hash_file_1":"52bcdc983c9ed64fc148a759b3c7a415"
diff --git a/tests/suites/test_suite_mdx.data b/tests/suites/test_suite_mdx.data
index 3d063a4..ff3f73f 100644
--- a/tests/suites/test_suite_mdx.data
+++ b/tests/suites/test_suite_mdx.data
@@ -1,46 +1,4 @@
-# Test MD2, MD4, MD5 and RIPEMD160
-mbedtls_md2 Test vector RFC1319 #1
-md2_text:"":"8350e5a3e24c153df2275c9f80692773"
-
-mbedtls_md2 Test vector RFC1319 #2
-md2_text:"a":"32ec01ec4a6dac72c0ab96fb34c0b5d1"
-
-mbedtls_md2 Test vector RFC1319 #3
-md2_text:"abc":"da853b0d3f88d99b30283a69e6ded6bb"
-
-mbedtls_md2 Test vector RFC1319 #4
-md2_text:"message digest":"ab4f496bfb2a530b219ff33031fe06b0"
-
-mbedtls_md2 Test vector RFC1319 #5
-md2_text:"abcdefghijklmnopqrstuvwxyz":"4e8ddff3650292ab5a4108c3aa47940b"
-
-mbedtls_md2 Test vector RFC1319 #6
-md2_text:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789":"da33def2a42df13975352846c30338cd"
-
-mbedtls_md2 Test vector RFC1319 #7
-md2_text:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"d5976f79d83d3a0dc9806c3c66f3efd8"
-
-mbedtls_md4 Test vector RFC1320 #1
-md4_text:"":"31d6cfe0d16ae931b73c59d7e0c089c0"
-
-mbedtls_md4 Test vector RFC1320 #2
-md4_text:"a":"bde52cb31de33e46245e05fbdbd6fb24"
-
-mbedtls_md4 Test vector RFC1320 #3
-md4_text:"abc":"a448017aaf21d8525fc10ae87aa6729d"
-
-mbedtls_md4 Test vector RFC1320 #4
-md4_text:"message digest":"d9130a8164549fe818874806e1c7014b"
-
-mbedtls_md4 Test vector RFC1320 #5
-md4_text:"abcdefghijklmnopqrstuvwxyz":"d79e1c308aa5bbcdeea8ed63df412da9"
-
-mbedtls_md4 Test vector RFC1320 #6
-md4_text:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789":"043f8582f241db351ce627e153e7f0e4"
-
-mbedtls_md4 Test vector RFC1320 #7
-md4_text:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"e33b4ddc9c38f2199c3e7b164fcc0536"
-
+# Test MD5 and RIPEMD160
mbedtls_md5 Test vector RFC1321 #1
md5_text:"":"d41d8cd98f00b204e9800998ecf8427e"
@@ -86,12 +44,6 @@
mbedtls_ripemd160 Test vector from paper #8
ripemd160_text:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb"
-MD2 Selftest
-md2_selftest:
-
-MD4 Selftest
-md4_selftest:
-
MD5 Selftest
md5_selftest:
diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function
index aa35c58..73f9123 100644
--- a/tests/suites/test_suite_mdx.function
+++ b/tests/suites/test_suite_mdx.function
@@ -1,50 +1,8 @@
/* BEGIN_HEADER */
-#include "mbedtls/md2.h"
-#include "mbedtls/md4.h"
#include "mbedtls/md5.h"
#include "mbedtls/ripemd160.h"
/* END_HEADER */
-/* BEGIN_CASE depends_on:MBEDTLS_MD2_C */
-void md2_text( char * text_src_string, data_t * hash )
-{
- int ret;
- unsigned char src_str[100];
- unsigned char output[16];
-
- memset( src_str, 0x00, sizeof src_str );
- memset( output, 0x00, sizeof output );
-
- strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
-
- ret = mbedtls_md2_ret( src_str, strlen( (char *) src_str ), output );
- TEST_ASSERT( ret == 0 ) ;
-
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
- sizeof output, hash->len ) == 0 );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_MD4_C */
-void md4_text( char * text_src_string, data_t * hash )
-{
- int ret;
- unsigned char src_str[100];
- unsigned char output[16];
-
- memset( src_str, 0x00, sizeof src_str );
- memset( output, 0x00, sizeof output );
-
- strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
-
- ret = mbedtls_md4_ret( src_str, strlen( (char *) src_str ), output );
- TEST_ASSERT( ret == 0 );
-
- TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
- sizeof output, hash->len ) == 0 );
-}
-/* END_CASE */
-
/* BEGIN_CASE depends_on:MBEDTLS_MD5_C */
void md5_text( char * text_src_string, data_t * hash )
{
@@ -57,7 +15,7 @@
strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
- ret = mbedtls_md5_ret( src_str, strlen( (char *) src_str ), output );
+ ret = mbedtls_md5( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
@@ -77,7 +35,7 @@
strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
- ret = mbedtls_ripemd160_ret( src_str, strlen( (char *) src_str ), output );
+ ret = mbedtls_ripemd160( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
@@ -85,20 +43,6 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_MD2_C:MBEDTLS_SELF_TEST */
-void md2_selftest( )
-{
- TEST_ASSERT( mbedtls_md2_self_test( 1 ) == 0 );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_MD4_C:MBEDTLS_SELF_TEST */
-void md4_selftest( )
-{
- TEST_ASSERT( mbedtls_md4_self_test( 1 ) == 0 );
-}
-/* END_CASE */
-
/* BEGIN_CASE depends_on:MBEDTLS_MD5_C:MBEDTLS_SELF_TEST */
void md5_selftest( )
{
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data
index 1671d6e..02a11c8 100644
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_mpi.data
@@ -1,9 +1,3 @@
-MPI - Valid parameters
-mpi_valid_param:
-
-MPI - Invalid parameters
-mpi_invalid_param:
-
Arguments with no value
mpi_null:
@@ -68,13 +62,13 @@
mpi_read_write_string:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":16:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":200:0:0
Test mpi_read_write_string #8 (Empty MPI hex -> hex)
-mpi_read_write_string:16:"":16:"00":4:0:0
+mpi_read_write_string:16:"":16:"":4:0:0
Test mpi_read_write_string #9 (Empty MPI hex -> dec)
mpi_read_write_string:16:"":10:"0":4:0:0
Test mpi_read_write_string #8 (Empty MPI dec -> hex)
-mpi_read_write_string:10:"":16:"00":4:0:0
+mpi_read_write_string:10:"":16:"":4:0:0
Test mpi_read_write_string #9 (Empty MPI dec -> dec)
mpi_read_write_string:10:"":10:"0":4:0:0
@@ -121,6 +115,12 @@
Base test mbedtls_mpi_write_file #1
mbedtls_mpi_write_file:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":16:"data_files/mpi_write"
+Test mbedtls_mpi_lsb: 0 (null)
+mbedtls_mpi_lsb:16:"":0
+
+Test mbedtls_mpi_lsb: 0 (1 limb)
+mbedtls_mpi_lsb:16:"0":0
+
Base test mbedtls_mpi_lsb #1
mbedtls_mpi_lsb:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":2
@@ -151,7 +151,10 @@
Base test mbedtls_mpi_bitlen #6
mbedtls_mpi_bitlen:10:"10":4
-Base test mbedtls_mpi_bitlen #7
+Base test mbedtls_mpi_bitlen: 0 (null)
+mbedtls_mpi_bitlen:10:"":0
+
+Base test mbedtls_mpi_bitlen: 0 (1 limb)
mbedtls_mpi_bitlen:10:"0":0
Base test mbedtls_mpi_cmp_int #1
@@ -199,6 +202,90 @@
Base test mbedtls_mpi_cmp_mpi (Mixed values) #6
mbedtls_mpi_cmp_mpi:10:"-2":10:"31231231289798":-1
+Test mbedtls_mpi_cmp_mpi: 0 (null) = 0 (null)
+mbedtls_mpi_cmp_mpi:10:"":10:"":0
+
+Test mbedtls_mpi_cmp_mpi: 0 (null) = 0 (1 limb)
+mbedtls_mpi_cmp_mpi:10:"":10:"0":0
+
+Test mbedtls_mpi_cmp_mpi: 0 (1 limb) = 0 (null)
+mbedtls_mpi_cmp_mpi:10:"0":10:"":0
+
+Test mbedtls_mpi_cmp_mpi: 0 (1 limb) = 0 (1 limb)
+mbedtls_mpi_cmp_mpi:10:"0":10:"0":0
+
+Test mbedtls_mpi_cmp_mpi: 0 (null) < positive
+mbedtls_mpi_cmp_mpi:10:"":10:"123":-1
+
+Test mbedtls_mpi_cmp_mpi: 0 (1 limb) < positive
+mbedtls_mpi_cmp_mpi:10:"0":10:"123":-1
+
+Test mbedtls_mpi_cmp_mpi: 0 (null) > negative
+mbedtls_mpi_cmp_mpi:10:"":10:"-123":1
+
+Test mbedtls_mpi_cmp_mpi: 0 (1 limb) > negative
+mbedtls_mpi_cmp_mpi:10:"0":10:"-123":1
+
+Test mbedtls_mpi_cmp_mpi: positive > 0 (null)
+mbedtls_mpi_cmp_mpi:10:"123":10:"":1
+
+Test mbedtls_mpi_cmp_mpi: positive > 0 (1 limb)
+mbedtls_mpi_cmp_mpi:10:"123":10:"0":1
+
+Test mbedtls_mpi_cmp_mpi: negative < 0 (null)
+mbedtls_mpi_cmp_mpi:10:"-123":10:"":-1
+
+Test mbedtls_mpi_cmp_mpi: negative < 0 (1 limb)
+mbedtls_mpi_cmp_mpi:10:"-123":10:"0":-1
+
+Test mbedtls_mpi_cmp_mpi: 0 (null) < positive with leading zero limb
+mbedtls_mpi_cmp_mpi:16:"":16:"0000000000000000123":-1
+
+Test mbedtls_mpi_cmp_mpi: 0 (1 limb) < positive with leading zero limb
+mbedtls_mpi_cmp_mpi:16:"0":16:"0000000000000000123":-1
+
+Test mbedtls_mpi_cmp_mpi: 0 (null) > negative with leading zero limb
+mbedtls_mpi_cmp_mpi:16:"":16:"-0000000000000000123":1
+
+Test mbedtls_mpi_cmp_mpi: 0 (1 limb) > negative with leading zero limb
+mbedtls_mpi_cmp_mpi:16:"0":16:"-0000000000000000123":1
+
+Test mbedtls_mpi_cmp_mpi: positive with leading zero limb > 0 (null)
+mbedtls_mpi_cmp_mpi:16:"0000000000000000123":16:"":1
+
+Test mbedtls_mpi_cmp_mpi: positive with leading zero limb > 0 (1 limb)
+mbedtls_mpi_cmp_mpi:16:"0000000000000000123":16:"0":1
+
+Test mbedtls_mpi_cmp_mpi: negative with leading zero limb < 0 (null)
+mbedtls_mpi_cmp_mpi:16:"-0000000000000000123":16:"":-1
+
+Test mbedtls_mpi_cmp_mpi: negative with leading zero limb < 0 (1 limb)
+mbedtls_mpi_cmp_mpi:16:"-0000000000000000123":16:"0":-1
+
+Test mbedtls_mpi_cmp_mpi: 0 (null) < large positive
+mbedtls_mpi_cmp_mpi:16:"":16:"1230000000000000000":-1
+
+Test mbedtls_mpi_cmp_mpi: 0 (1 limb) < large positive
+mbedtls_mpi_cmp_mpi:16:"0":16:"1230000000000000000":-1
+
+Test mbedtls_mpi_cmp_mpi: 0 (null) > large negative
+mbedtls_mpi_cmp_mpi:16:"":16:"-1230000000000000000":1
+
+Test mbedtls_mpi_cmp_mpi: 0 (1 limb) > large negative
+mbedtls_mpi_cmp_mpi:16:"0":16:"-1230000000000000000":1
+
+Test mbedtls_mpi_cmp_mpi: large positive > 0 (null)
+mbedtls_mpi_cmp_mpi:16:"1230000000000000000":16:"":1
+
+Test mbedtls_mpi_cmp_mpi: large positive > 0 (1 limb)
+mbedtls_mpi_cmp_mpi:16:"1230000000000000000":16:"0":1
+
+Test mbedtls_mpi_cmp_mpi: large negative < 0 (null)
+mbedtls_mpi_cmp_mpi:16:"-1230000000000000000":16:"":-1
+
+Test mbedtls_mpi_cmp_mpi: large negative < 0 (1 limb)
+mbedtls_mpi_cmp_mpi:16:"-1230000000000000000":16:"0":-1
+
Base test mbedtls_mpi_lt_mpi_ct #1
mbedtls_mpi_lt_mpi_ct:1:"2B5":1:"2B5":0:0
@@ -232,6 +319,9 @@
Base test mbedtls_mpi_lt_mpi_ct (Y is longer in storage)
mbedtls_mpi_lt_mpi_ct:3:"2B5":4:"2B5":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+Base test mbedtls_mpi_lt_mpi_ct (length=0)
+mbedtls_mpi_lt_mpi_ct:0:"":0:"":0:0
+
Base test mbedtls_mpi_lt_mpi_ct (corner case - 64 bit) #1
mbedtls_mpi_lt_mpi_ct:2:"7FFFFFFFFFFFFFFF":2:"FF":0:0
@@ -304,7 +394,16 @@
Base test mbedtls_mpi_cmp_abs (Negative values) #3
mbedtls_mpi_cmp_abs:10:"-2":10:"-1":1
-Base test mbedtls_mpi_cmp_abs (Zero and Zero) #4
+Test mbedtls_mpi_cmp_abs: 0 (null) = 0 (null)
+mbedtls_mpi_cmp_abs:10:"":10:"":0
+
+Test mbedtls_mpi_cmp_abs: 0 (null) = 0 (1 limb)
+mbedtls_mpi_cmp_abs:10:"":10:"0":0
+
+Test mbedtls_mpi_cmp_abs: 0 (1 limb) = 0 (null)
+mbedtls_mpi_cmp_abs:10:"0":10:"":0
+
+Test mbedtls_mpi_cmp_abs: 0 (1 limb) = 0 (1 limb)
mbedtls_mpi_cmp_abs:10:"0":10:"0":0
Base test mbedtls_mpi_cmp_abs (Mix values) #1
@@ -316,84 +415,261 @@
Base test mbedtls_mpi_cmp_abs (Mix values) #3
mbedtls_mpi_cmp_abs:10:"-2":10:"1":1
-Copy zero (1 limb) to positive (1 limb)
-mbedtls_mpi_copy_sint:0:1500
+Copy large negative to large negative
+mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5"
-Copy zero (1 limb) to negative (1 limb)
-mbedtls_mpi_copy_sint:0:-1500
+Copy large negative to large positive
+mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5"
-Copy positive (1 limb) to zero (1 limb)
-mbedtls_mpi_copy_sint:1500:0
+Copy large negative to small negative
+mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"-beef"
-Copy negative (1 limb) to zero (1 limb)
-mbedtls_mpi_copy_sint:-1500:0
+Copy large negative to small positive
+mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"beef"
-Copy positive (1 limb) to negative (1 limb)
-mbedtls_mpi_copy_sint:1500:-42
+Copy large negative to zero (1 limb)
+mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"0"
-Copy negative (1 limb) to positive (1 limb)
-mbedtls_mpi_copy_sint:-42:1500
+Copy large negative to zero (null)
+mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":""
+
+Copy large positive to large negative
+mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5"
+
+Copy large positive to large positive
+mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5"
+
+Copy large positive to small negative
+mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"-beef"
+
+Copy large positive to small positive
+mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"beef"
+
+Copy large positive to zero (1 limb)
+mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"0"
+
+Copy large positive to zero (null)
+mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":""
+
+Copy small negative to large negative
+mbedtls_mpi_copy:"-bead":"-face1e55ca11ab1ecab005e5"
+
+Copy small negative to large positive
+mbedtls_mpi_copy:"-bead":"face1e55ca11ab1ecab005e5"
+
+Copy small negative to small negative
+mbedtls_mpi_copy:"-bead":"-beef"
+
+Copy small negative to small positive
+mbedtls_mpi_copy:"-bead":"beef"
+
+Copy small negative to zero (1 limb)
+mbedtls_mpi_copy:"-bead":"0"
+
+Copy small negative to zero (null)
+mbedtls_mpi_copy:"-bead":""
+
+Copy small positive to large negative
+mbedtls_mpi_copy:"bead":"-face1e55ca11ab1ecab005e5"
+
+Copy small positive to large positive
+mbedtls_mpi_copy:"bead":"face1e55ca11ab1ecab005e5"
+
+Copy small positive to small negative
+mbedtls_mpi_copy:"bead":"-beef"
+
+Copy small positive to small positive
+mbedtls_mpi_copy:"bead":"beef"
+
+Copy small positive to zero (1 limb)
+mbedtls_mpi_copy:"bead":"0"
+
+Copy small positive to zero (null)
+mbedtls_mpi_copy:"bead":""
+
+Copy zero (1 limb) to large negative
+mbedtls_mpi_copy:"0":"-face1e55ca11ab1ecab005e5"
+
+Copy zero (1 limb) to large positive
+mbedtls_mpi_copy:"0":"face1e55ca11ab1ecab005e5"
+
+Copy zero (1 limb) to small negative
+mbedtls_mpi_copy:"0":"-beef"
+
+Copy zero (1 limb) to small positive
+mbedtls_mpi_copy:"0":"beef"
+
+Copy zero (1 limb) to zero (1 limb)
+mbedtls_mpi_copy:"0":"0"
+
+Copy zero (1 limb) to zero (null)
+mbedtls_mpi_copy:"0":""
+
+Copy zero (null) to large negative
+mbedtls_mpi_copy:"":"-face1e55ca11ab1ecab005e5"
+
+Copy zero (null) to large positive
+mbedtls_mpi_copy:"":"face1e55ca11ab1ecab005e5"
+
+Copy zero (null) to small negative
+mbedtls_mpi_copy:"":"-beef"
+
+Copy zero (null) to small positive
+mbedtls_mpi_copy:"":"beef"
+
+Copy zero (null) to zero (1 limb)
+mbedtls_mpi_copy:"":"0"
Copy zero (null) to zero (null)
-mbedtls_mpi_copy_binary:"":""
+mbedtls_mpi_copy:"":""
-Copy zero (null) to positive (1 limb)
-mbedtls_mpi_copy_binary:"":"1234"
+Copy self: large negative
+mpi_copy_self:"-ca5cadedb01dfaceacc01ade"
-Copy positive (1 limb) to zero (null)
-mbedtls_mpi_copy_binary:"1234":""
+Copy self: large positive
+mpi_copy_self:"ca5cadedb01dfaceacc01ade"
-Copy positive to larger
-mbedtls_mpi_copy_binary:"bead":"ca5cadedb01dfaceacc01ade"
+Copy self: small negative
+mpi_copy_self:"-bead"
-Copy positive to smaller
-mbedtls_mpi_copy_binary:"ca5cadedb01dfaceacc01ade":"bead"
-
-Copy self: positive (1 limb)
-mpi_copy_self:14
+Copy self: small positive
+mpi_copy_self:"bead"
Copy self: zero (1 limb)
-mpi_copy_self:0
+mpi_copy_self:"0"
-Swap zero (1 limb) with positive (1 limb)
-mbedtls_mpi_swap_sint:0:1500
+Copy self: zero (null)
+mpi_copy_self:""
-Swap zero (1 limb) with negative (1 limb)
-mbedtls_mpi_swap_sint:0:-1500
+Swap large negative with large negative
+mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5"
-Swap positive (1 limb) with zero (1 limb)
-mbedtls_mpi_swap_sint:1500:0
+Swap large negative with large positive
+mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5"
-Swap negative (1 limb) with zero (1 limb)
-mbedtls_mpi_swap_sint:-1500:0
+Swap large negative with small negative
+mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"-beef"
-Swap positive (1 limb) with negative (1 limb)
-mbedtls_mpi_swap_sint:1500:-42
+Swap large negative with small positive
+mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"beef"
-Swap negative (1 limb) with positive (1 limb)
-mbedtls_mpi_swap_sint:-42:1500
+Swap large negative with zero (1 limb)
+mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"0"
+
+Swap large negative with zero (null)
+mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":""
+
+Swap large positive with large negative
+mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5"
+
+Swap large positive with large positive
+mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5"
+
+Swap large positive with small negative
+mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"-beef"
+
+Swap large positive with small positive
+mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"beef"
+
+Swap large positive with zero (1 limb)
+mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"0"
+
+Swap large positive with zero (null)
+mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":""
+
+Swap small negative with large negative
+mbedtls_mpi_swap:"-bead":"-face1e55ca11ab1ecab005e5"
+
+Swap small negative with large positive
+mbedtls_mpi_swap:"-bead":"face1e55ca11ab1ecab005e5"
+
+Swap small negative with small negative
+mbedtls_mpi_swap:"-bead":"-beef"
+
+Swap small negative with small positive
+mbedtls_mpi_swap:"-bead":"beef"
+
+Swap small negative with zero (1 limb)
+mbedtls_mpi_swap:"-bead":"0"
+
+Swap small negative with zero (null)
+mbedtls_mpi_swap:"-bead":""
+
+Swap small positive with large negative
+mbedtls_mpi_swap:"bead":"-face1e55ca11ab1ecab005e5"
+
+Swap small positive with large positive
+mbedtls_mpi_swap:"bead":"face1e55ca11ab1ecab005e5"
+
+Swap small positive with small negative
+mbedtls_mpi_swap:"bead":"-beef"
+
+Swap small positive with small positive
+mbedtls_mpi_swap:"bead":"beef"
+
+Swap small positive with zero (1 limb)
+mbedtls_mpi_swap:"bead":"0"
+
+Swap small positive with zero (null)
+mbedtls_mpi_swap:"bead":""
+
+Swap zero (1 limb) with large negative
+mbedtls_mpi_swap:"0":"-face1e55ca11ab1ecab005e5"
+
+Swap zero (1 limb) with large positive
+mbedtls_mpi_swap:"0":"face1e55ca11ab1ecab005e5"
+
+Swap zero (1 limb) with small negative
+mbedtls_mpi_swap:"0":"-beef"
+
+Swap zero (1 limb) with small positive
+mbedtls_mpi_swap:"0":"beef"
+
+Swap zero (1 limb) with zero (1 limb)
+mbedtls_mpi_swap:"0":"0"
+
+Swap zero (1 limb) with zero (null)
+mbedtls_mpi_swap:"0":""
+
+Swap zero (null) with large negative
+mbedtls_mpi_swap:"":"-face1e55ca11ab1ecab005e5"
+
+Swap zero (null) with large positive
+mbedtls_mpi_swap:"":"face1e55ca11ab1ecab005e5"
+
+Swap zero (null) with small negative
+mbedtls_mpi_swap:"":"-beef"
+
+Swap zero (null) with small positive
+mbedtls_mpi_swap:"":"beef"
+
+Swap zero (null) with zero (1 limb)
+mbedtls_mpi_swap:"":"0"
Swap zero (null) with zero (null)
-mbedtls_mpi_swap_binary:"":""
+mbedtls_mpi_swap:"":""
-Swap zero (null) with positive (1 limb)
-mbedtls_mpi_swap_binary:"":"1234"
+Swap self: large negative
+mpi_swap_self:"-ca5cadedb01dfaceacc01ade"
-Swap positive (1 limb) with zero (null)
-mbedtls_mpi_swap_binary:"1234":""
+Swap self: large positive
+mpi_swap_self:"ca5cadedb01dfaceacc01ade"
-Swap positive with larger
-mbedtls_mpi_swap_binary:"bead":"ca5cadedb01dfaceacc01ade"
+Swap self: small negative
+mpi_swap_self:"-bead"
-Swap positive with smaller
-mbedtls_mpi_swap_binary:"ca5cadedb01dfaceacc01ade":"bead"
+Swap self: small positive
+mpi_swap_self:"bead"
-Swap self: 1 limb
-mpi_swap_self:"face"
+Swap self: zero (1 limb)
+mpi_swap_self:"0"
-Swap self: null
+Swap self: zero (null)
mpi_swap_self:""
+Shrink 0 limbs in a buffer of size 0 to 0
+mbedtls_mpi_shrink:0:0:0:0
+
Shrink 2 limbs in a buffer of size 2 to 4
mbedtls_mpi_shrink:2:2:4:4
@@ -418,42 +694,6 @@
Shrink 0 limbs in a buffer of size 4 to 0 yielding 1
mbedtls_mpi_shrink:4:0:0:1
-Test mbedtls_mpi_safe_cond_assign #1
-mbedtls_mpi_safe_cond_assign:+1:"01":+1:"02"
-
-Test mbedtls_mpi_safe_cond_assign #2
-mbedtls_mpi_safe_cond_assign:+1:"FF000000000000000001":+1:"02"
-
-Test mbedtls_mpi_safe_cond_assign #3
-mbedtls_mpi_safe_cond_assign:+1:"01":+1:"FF000000000000000002"
-
-Test mbedtls_mpi_safe_cond_assign #4
-mbedtls_mpi_safe_cond_assign:+1:"01":-1:"02"
-
-Test mbedtls_mpi_safe_cond_assign #5
-mbedtls_mpi_safe_cond_assign:-1:"01":+1:"02"
-
-Test mbedtls_mpi_safe_cond_assign #6
-mbedtls_mpi_safe_cond_assign:-1:"01":-1:"02"
-
-Test mbedtls_mpi_safe_cond_swap #1
-mbedtls_mpi_safe_cond_swap:+1:"01":+1:"02"
-
-Test mbedtls_mpi_safe_cond_swap #2
-mbedtls_mpi_safe_cond_swap:+1:"FF000000000000000001":+1:"02"
-
-Test mbedtls_mpi_safe_cond_swap #3
-mbedtls_mpi_safe_cond_swap:+1:"01":+1:"FF000000000000000002"
-
-Test mbedtls_mpi_safe_cond_swap #4
-mbedtls_mpi_safe_cond_swap:+1:"01":-1:"02"
-
-Test mbedtls_mpi_safe_cond_swap #5
-mbedtls_mpi_safe_cond_swap:-1:"01":+1:"02"
-
-Test mbedtls_mpi_safe_cond_swap #6
-mbedtls_mpi_safe_cond_swap:-1:"01":-1:"02"
-
Base test mbedtls_mpi_add_abs #1
mbedtls_mpi_add_abs:10:"12345678":10:"642531":10:"12988209"
@@ -466,6 +706,15 @@
Base test mbedtls_mpi_add_abs #4
mbedtls_mpi_add_abs:10:"-12345678":10:"-642531":10:"12988209"
+Test mbedtls_mpi_add_abs: 0 (null) + 0 (null)
+mbedtls_mpi_add_abs:16:"":16:"":16:"0"
+
+Test mbedtls_mpi_add_abs: 0 (null) + 1
+mbedtls_mpi_add_abs:16:"":16:"01":16:"01"
+
+Test mbedtls_mpi_add_abs: 1 + 0 (null)
+mbedtls_mpi_add_abs:16:"01":16:"":16:"01"
+
Test mbedtls_mpi_add_abs #1
mbedtls_mpi_add_abs:10:"-643808006803554439230129854961492699151386107534013432918073439524138264842370630061369715394739134090922937332590384720397133335969549256322620979036686633213903952966175107096769180017646161851573147596390153":10:"56125680981752282333498088313568935051383833838594899821664631784577337171193624243181360054669678410455329112434552942717084003541384594864129940145043086760031292483340068923506115878221189886491132772739661669044958531131327771":10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924"
@@ -487,6 +736,21 @@
Base test mbedtls_mpi_add_mpi #4
mbedtls_mpi_add_mpi:10:"-12345678":10:"-642531":10:"-12988209"
+Test mbedtls_mpi_add_mpi: 0 (null) + 0 (null)
+mbedtls_mpi_add_mpi:16:"":16:"":16:"0"
+
+Test mbedtls_mpi_add_mpi: 0 (null) + 1
+mbedtls_mpi_add_mpi:16:"":16:"01":16:"01"
+
+Test mbedtls_mpi_add_mpi: 1 + 0 (null)
+mbedtls_mpi_add_mpi:16:"01":16:"":16:"01"
+
+Test mbedtls_mpi_add_mpi: 0 (null) + -1
+mbedtls_mpi_add_mpi:16:"":16:"-01":16:"-01"
+
+Test mbedtls_mpi_add_mpi: -1 + 0 (null)
+mbedtls_mpi_add_mpi:16:"-01":16:"":16:"-01"
+
Test mbedtls_mpi_add_mpi #1
mbedtls_mpi_add_mpi:10:"203956878356401977405765866929034577280193993314348263094772646453283062722701277632936616063144088173312372882677123879538709400158306567338328279154499698366071906766440037074217117805690872792848149112022286332144876183376326512083574821647933992961249917319836219304274280243803104015000563790123":10:"531872289054204184185084734375133399408303613982130856645299464930952178606045848877129147820387996428175564228204785846141207532462936339834139412401975338705794646595487324365194792822189473092273993580587964571659678084484152603881094176995594813302284232006001752128168901293560051833646881436219":10:"735829167410606161590850601304167976688497607296479119740072111384235241328747126510065763883532084601487937110881909725679916932621242907172467691556475037071866553361927361439411910627880345885122142692610250903804554267860479115964668998643528806263534149325837971432443181537363155848647445226342"
@@ -508,6 +772,12 @@
Test mbedtls_mpi_add_int #2
mbedtls_mpi_add_int:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227012776329":-9871232:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227002905097"
+Test mbedtls_mpi_add_int: 0 (null) + 0
+mbedtls_mpi_add_int:16:"":0:16:"0"
+
+Test mbedtls_mpi_add_int: 0 (null) + 1
+mbedtls_mpi_add_int:16:"":1:16:"1"
+
Base test mbedtls_mpi_sub_abs #1 (|B| > |A|)
mbedtls_mpi_sub_abs:10:"5":10:"7":10:"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
@@ -544,6 +814,24 @@
Base test mbedtls_mpi_sub_abs #4
mbedtls_mpi_sub_abs:10:"7":10:"-5":10:"2":0
+Test mbedtls_mpi_sub_abs: 0 (null) - 0 (null)
+mbedtls_mpi_sub_abs:16:"":16:"":16:"":0
+
+Test mbedtls_mpi_sub_abs: 0 (null) - 0 (1 limb)
+mbedtls_mpi_sub_abs:16:"":16:"00":16:"":0
+
+Test mbedtls_mpi_sub_abs: 0 (1 limb) - 0 (null)
+mbedtls_mpi_sub_abs:16:"00":16:"":16:"":0
+
+Test mbedtls_mpi_sub_abs: 0 (1 limb) - 0 (1 limb)
+mbedtls_mpi_sub_abs:16:"00":16:"00":16:"":0
+
+Test mbedtls_mpi_sub_abs: 1 - 0 (null)
+mbedtls_mpi_sub_abs:16:"01":16:"":16:"01":0
+
+Test mbedtls_mpi_sub_abs: 0 (null) - 1
+mbedtls_mpi_sub_abs:16:"":16:"01":16:"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+
Test mbedtls_mpi_sub_abs #1
mbedtls_mpi_sub_abs:16:"FFFFFFFFFF":16:"01":16:"FFFFFFFFFE":0
@@ -568,6 +856,27 @@
Base test mbedtls_mpi_sub_mpi #4 (Test with negative subtraction)
mbedtls_mpi_sub_mpi:10:"5":10:"-7":10:"12"
+Test mbedtls_mpi_sub_mpi: 0 (null) - 0 (null)
+mbedtls_mpi_sub_mpi:16:"":16:"":16:"0"
+
+Test mbedtls_mpi_sub_mpi: 0 (null) - 0 (1 limb)
+mbedtls_mpi_sub_mpi:16:"":16:"00":16:"0"
+
+Test mbedtls_mpi_sub_mpi: 0 (null) - 1
+mbedtls_mpi_sub_mpi:16:"":16:"1":16:"-1"
+
+Test mbedtls_mpi_sub_mpi: 0 (null) - -1
+mbedtls_mpi_sub_mpi:16:"":16:"-1":16:"1"
+
+Test mbedtls_mpi_sub_mpi: 0 (1 limb) - 0 (null)
+mbedtls_mpi_sub_mpi:16:"00":16:"":16:"0"
+
+Test mbedtls_mpi_sub_mpi: 1 - 0 (null)
+mbedtls_mpi_sub_mpi:16:"1":16:"":16:"1"
+
+Test mbedtls_mpi_sub_mpi: -1 - 0 (null)
+mbedtls_mpi_sub_mpi:16:"-1":16:"":16:"-1"
+
Test mbedtls_mpi_sub_mpi #1
mbedtls_mpi_sub_mpi:10:"531872289054204184185084734375133399408303613982130856645299464930952178606045848877129147820387996428175564228204785846141207532462936339834139412401975338705794646595487324365194792822189473092273993580587964571659678084484152603881094176995594813302284232006001752128168901293560051833646881436219":10:"203956878356401977405765866929034577280193993314348263094772646453283062722701277632936616063144088173312372882677123879538709400158306567338328279154499698366071906766440037074217117805690872792848149112022286332144876183376326512083574821647933992961249917319836219304274280243803104015000563790123":10:"327915410697802206779318867446098822128109620667782593550526818477669115883344571244192531757243908254863191345527661966602498132304629772495811133247475640339722739829047287290977675016498600299425844468565678239514801901107826091797519355347660820341034314686165532823894621049756947818646317646096"
@@ -580,12 +889,30 @@
Test mbedtls_mpi_sub_int #2
mbedtls_mpi_sub_int:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227012776329":9871232:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227002905097"
+Test mbedtls_mpi_sub_int: 0 (null) - 0
+mbedtls_mpi_sub_int:16:"":0:16:"0"
+
+Test mbedtls_mpi_sub_int: 0 (null) - 1
+mbedtls_mpi_sub_int:16:"":1:16:"-1"
+
+Test mbedtls_mpi_sub_int: 0 (null) - -1
+mbedtls_mpi_sub_int:16:"":-1:16:"1"
+
Test mbedtls_mpi_shift_l #1
mbedtls_mpi_shift_l:10:"64":1:10:"128"
Test mbedtls_mpi_shift_l #2
mbedtls_mpi_shift_l:10:"658385546911733550164516088405238961461880256029834598831972039469421755117818013653494814438931957316403111689187691446941406788869098983929874080332195117465344344350008880118042764943201875870917468833709791733282363323948005998269792207":37:10:"90487820548639020691922304619723076305400961610119884872723190678642804168382367856686134531865643066983017249846286450251272364365605022750900439437595355052945035915579216557330505438734955340526145476988250171181404966718289259743378883640981192704"
+Test mbedtls_mpi_shift_l: 0 (null) <<= 0
+mbedtls_mpi_shift_l:16:"":0:16:"0"
+
+Test mbedtls_mpi_shift_l: 0 (null) <<= 1
+mbedtls_mpi_shift_l:16:"":1:16:"0"
+
+Test mbedtls_mpi_shift_l: 0 (null) <<= 64
+mbedtls_mpi_shift_l:16:"":64:16:"0"
+
Test mbedtls_mpi_shift_r #1
mbedtls_mpi_shift_r:10:"128":1:10:"64"
@@ -604,6 +931,15 @@
Test mbedtls_mpi_shift_r #7
mbedtls_mpi_shift_r:16:"FFFFFFFFFFFFFFFF":128:16:"00"
+Test mbedtls_mpi_shift_r: 0 (null) >>= 0
+mbedtls_mpi_shift_r:16:"":0:16:"0"
+
+Test mbedtls_mpi_shift_r: 0 (null) >>= 1
+mbedtls_mpi_shift_r:16:"":1:16:"0"
+
+Test mbedtls_mpi_shift_r: 0 (null) >>= 64
+mbedtls_mpi_shift_r:16:"":64:16:"0"
+
Base test mbedtls_mpi_mul_mpi #1
mbedtls_mpi_mul_mpi:10:"5":10:"7":10:"35"
@@ -616,8 +952,131 @@
Base test mbedtls_mpi_mul_mpi #4
mbedtls_mpi_mul_mpi:10:"-5":10:"-7":10:"35"
+Test mbedtls_mpi_mul_mpi: 0 (null) * 0 (null)
+mbedtls_mpi_mul_mpi:16:"":16:"":16:"0"
+
+Test mbedtls_mpi_mul_mpi: 0 (null) * 0 (1 limb)
+mbedtls_mpi_mul_mpi:16:"":16:"00":16:"0"
+
+Test mbedtls_mpi_mul_mpi: 0 (null) * 1
+mbedtls_mpi_mul_mpi:16:"":16:"01":16:"0"
+
+Test mbedtls_mpi_mul_mpi: 0 (null) * -1
+mbedtls_mpi_mul_mpi:16:"":16:"-01":16:"0"
+
+Test mbedtls_mpi_mul_mpi: 0 (1 limb) * -1
+mbedtls_mpi_mul_mpi:16:"00":16:"-01":16:"0"
+
+Test mbedtls_mpi_mul_mpi: 0 (1 limb) * 0 (null)
+mbedtls_mpi_mul_mpi:16:"00":16:"":16:"0"
+
+Test mbedtls_mpi_mul_mpi: 1 * 0 (null)
+mbedtls_mpi_mul_mpi:16:"01":16:"":16:"0"
+
+Test mbedtls_mpi_mul_mpi: -1 * 0 (null)
+mbedtls_mpi_mul_mpi:16:"-01":16:"":16:"0"
+
+Test mbedtls_mpi_mul_mpi: -1 * 0 (1 limb)
+mbedtls_mpi_mul_mpi:16:"-01":16:"00":16:"0"
+
Test mbedtls_mpi_mul_mpi #1
-mbedtls_mpi_mul_mpi:10:"28911710017320205966167820725313234361535259163045867986277478145081076845846493521348693253530011243988160148063424837895971948244167867236923919506962312185829914482993478947657472351461336729641485069323635424692930278888923450060546465883490944265147851036817433970984747733020522259537":10:"16471581891701794764704009719057349996270239948993452268812975037240586099924712715366967486587417803753916334331355573776945238871512026832810626226164346328807407669366029926221415383560814338828449642265377822759768011406757061063524768140567867350208554439342320410551341675119078050953":10:"476221599179424887669515829231223263939342135681791605842540429321038144633323941248706405375723482912535192363845116154236465184147599697841273424891410002781967962186252583311115708128167171262206919514587899883547279647025952837516324649656913580411611297312678955801899536937577476819667861053063432906071315727948826276092545739432005962781562403795455162483159362585281248265005441715080197800335757871588045959754547836825977169125866324128449699877076762316768127816074587766799018626179199776188490087103869164122906791440101822594139648973454716256383294690817576188761"
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in B
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in B, A < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in B, B < 0
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in B, A < 0, B < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A
+mbedtls_mpi_mul_mpi:16:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A, A < 0
+mbedtls_mpi_mul_mpi:16:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A, B < 0
+mbedtls_mpi_mul_mpi:16:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A, A < 0, B < 0
+mbedtls_mpi_mul_mpi:16:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B
+mbedtls_mpi_mul_mpi:16:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B, A < 0
+mbedtls_mpi_mul_mpi:16:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B, B < 0
+mbedtls_mpi_mul_mpi:16:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B, A < 0, B < 0
+mbedtls_mpi_mul_mpi:16:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A, A < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A, B < 0
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A, A < 0, B < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in B
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in B, A < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in B, B < 0
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in B, A < 0, B < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A and B
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A and B, A < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A and B, B < 0
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A and B, A < 0, B < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in A
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in A, A < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in A, B < 0
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in A, A < 0, B < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in B
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in B, A < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in B, B < 0
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in B, A < 0, B < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
Test mbedtls_mpi_mul_int #1
mbedtls_mpi_mul_int:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227012776329":9871232:10:"20133056642518226042310730101376278483547239130123806338055387803943342738063359782107667328":"=="
@@ -631,15 +1090,45 @@
Test mbedtls_mpi_mul_int #4 (Unsigned, thus failure)
mbedtls_mpi_mul_int:10:"-2039568783564019774057658669290345772801939933143482630947726464532830627227012776329":-9871232:10:"20133056642518226042310730101376278483547239130123806338055387803943342738063359782107667328":"!="
+Test mbedtls_mpi_mul_int: 0 (null) * 0
+mbedtls_mpi_mul_int:16:"":0:16:"":"=="
+
+Test mbedtls_mpi_mul_int: 0 (null) * 1
+mbedtls_mpi_mul_int:16:"":1:16:"":"=="
+
+Test mbedtls_mpi_mul_int: 0 (null) * 0x1234
+mbedtls_mpi_mul_int:16:"":0x1234:16:"":"=="
+
Base test mbedtls_mpi_div_mpi #1
mbedtls_mpi_div_mpi:10:"1000":10:"13":10:"76":10:"12":0
-Base test mbedtls_mpi_div_mpi #2 (Divide by zero)
+Base test mbedtls_mpi_div_mpi #2 (Divide by zero (1 limb))
mbedtls_mpi_div_mpi:10:"1000":10:"0":10:"1":10:"1":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+Base test mbedtls_mpi_div_mpi #2 (Divide by zero (null))
+mbedtls_mpi_div_mpi:10:"1000":10:"":10:"1":10:"1":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+
Base test mbedtls_mpi_div_mpi #3
mbedtls_mpi_div_mpi:10:"1000":10:"-13":10:"-76":10:"12":0
+Test mbedtls_mpi_div_mpi: 0 (null) / 0 (null)
+mbedtls_mpi_div_mpi:16:"":16:"":16:"":16:"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+
+Test mbedtls_mpi_div_mpi: 0 (null) / 0 (1 limb)
+mbedtls_mpi_div_mpi:16:"":16:"0":16:"":16:"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+
+Test mbedtls_mpi_div_mpi: 0 (1 limb) / 0 (null)
+mbedtls_mpi_div_mpi:16:"0":16:"":16:"":16:"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+
+Test mbedtls_mpi_div_mpi: 0 (1 limb) / 0 (1 limb)
+mbedtls_mpi_div_mpi:16:"0":16:"0":16:"":16:"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+
+Test mbedtls_mpi_div_mpi: 0 (null) / 1
+mbedtls_mpi_div_mpi:16:"":16:"1":16:"":16:"":0
+
+Test mbedtls_mpi_div_mpi: 0 (null) / -1
+mbedtls_mpi_div_mpi:16:"":16:"-1":16:"":16:"":0
+
Test mbedtls_mpi_div_mpi #1
mbedtls_mpi_div_mpi:10:"20133056642518226042310730101376278483547239130123806338055387803943342738063359782107667328":10:"34":10:"592148724779947824773845002981655249516095268533053127589864347174804198178334111238460803":10:"26":0
@@ -667,10 +1156,22 @@
Test mbedtls_mpi_div_int #2
mbedtls_mpi_div_int:10:"20133056642518226042310730101376278483547239130123806338055387803943342738063359782107667328":-34:10:"-592148724779947824773845002981655249516095268533053127589864347174804198178334111238460803":10:"26":0
+Test mbedtls_mpi_div_int: 0 (null) / 0
+mbedtls_mpi_div_int:16:"":0:16:"":16:"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+
+Test mbedtls_mpi_div_int: 0 (1 limb) / 0
+mbedtls_mpi_div_int:16:"00":0:16:"":16:"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+
+Test mbedtls_mpi_div_int: 0 (null) / 1
+mbedtls_mpi_div_int:16:"":1:16:"":16:"":0
+
Base test mbedtls_mpi_mod_mpi #1
mbedtls_mpi_mod_mpi:10:"1000":10:"13":10:"12":0
-Base test mbedtls_mpi_mod_mpi #2 (Divide by zero)
+Base test mbedtls_mpi_mod_mpi #2 (Divide by zero (null))
+mbedtls_mpi_mod_mpi:10:"1000":10:"":10:"0":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+
+Base test mbedtls_mpi_mod_mpi #2 (Divide by zero (1 limb))
mbedtls_mpi_mod_mpi:10:"1000":10:"0":10:"0":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
Base test mbedtls_mpi_mod_mpi #3
@@ -682,6 +1183,12 @@
Base test mbedtls_mpi_mod_mpi #5 (Negative modulo)
mbedtls_mpi_mod_mpi:10:"-1000":10:"-13":10:"-12":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+Test mbedtls_mpi_mod_mpi: 0 (null) % 1
+mbedtls_mpi_mod_mpi:16:"":16:"1":16:"":0
+
+Test mbedtls_mpi_mod_mpi: 0 (null) % -1
+mbedtls_mpi_mod_mpi:16:"":16:"-1":16:"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+
Base test mbedtls_mpi_mod_int #1
mbedtls_mpi_mod_int:10:"1000":13:12:0
@@ -706,23 +1213,74 @@
Base test mbedtls_mpi_mod_int #8 (By 2)
mbedtls_mpi_mod_int:10:"1000":2:0:0
+Test mbedtls_mpi_mod_int: 0 (null) % 1
+mbedtls_mpi_mod_int:16:"":1:0:0
+
+Test mbedtls_mpi_mod_int: 0 (null) % -1
+mbedtls_mpi_mod_int:16:"":-1:0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+
Base test mbedtls_mpi_exp_mod #1
-mbedtls_mpi_exp_mod:10:"23":10:"13":10:"29":10:"":10:"24":0
+mbedtls_mpi_exp_mod:10:"23":10:"13":10:"29":10:"24":0
Base test mbedtls_mpi_exp_mod #2 (Even N)
-mbedtls_mpi_exp_mod:10:"23":10:"13":10:"30":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mbedtls_mpi_exp_mod:10:"23":10:"13":10:"30":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+
+Base test mbedtls_mpi_exp_mod #2 (N = 0 (null))
+mbedtls_mpi_exp_mod:10:"23":10:"13":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Base test mbedtls_mpi_exp_mod #3 (Negative N)
-mbedtls_mpi_exp_mod:10:"23":10:"13":10:"-29":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mbedtls_mpi_exp_mod:10:"23":10:"13":10:"-29":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Base test mbedtls_mpi_exp_mod #4 (Negative base)
-mbedtls_mpi_exp_mod:10:"-23":10:"13":10:"29":10:"":10:"5":0
+mbedtls_mpi_exp_mod:10:"-23":10:"13":10:"29":10:"5":0
Base test mbedtls_mpi_exp_mod #5 (Negative exponent)
-mbedtls_mpi_exp_mod:10:"23":10:"-13":10:"29":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mbedtls_mpi_exp_mod:10:"23":10:"-13":10:"29":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Base test mbedtls_mpi_exp_mod #6 (Negative base + exponent)
-mbedtls_mpi_exp_mod:10:"-23":10:"-13":10:"29":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mbedtls_mpi_exp_mod:10:"-23":10:"-13":10:"29":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+
+Test mbedtls_mpi_exp_mod: 0 (null) ^ 0 (null) mod 9
+mbedtls_mpi_exp_mod:16:"":16:"":16:"09":16:"1":0
+
+Test mbedtls_mpi_exp_mod: 0 (null) ^ 0 (1 limb) mod 9
+mbedtls_mpi_exp_mod:16:"":16:"00":16:"09":16:"1":0
+
+Test mbedtls_mpi_exp_mod: 0 (null) ^ 1 mod 9
+mbedtls_mpi_exp_mod:16:"":16:"01":16:"09":16:"":0
+
+Test mbedtls_mpi_exp_mod: 0 (null) ^ 2 mod 9
+mbedtls_mpi_exp_mod:16:"":16:"02":16:"09":16:"":0
+
+Test mbedtls_mpi_exp_mod: 0 (1 limb) ^ 0 (null) mod 9
+mbedtls_mpi_exp_mod:16:"00":16:"":16:"09":16:"1":0
+
+Test mbedtls_mpi_exp_mod: 0 (1 limb) ^ 0 (1 limb) mod 9
+mbedtls_mpi_exp_mod:16:"00":16:"00":16:"09":16:"1":0
+
+Test mbedtls_mpi_exp_mod: 0 (1 limb) ^ 1 mod 9
+mbedtls_mpi_exp_mod:16:"00":16:"01":16:"09":16:"":0
+
+Test mbedtls_mpi_exp_mod: 0 (1 limb) ^ 2 mod 9
+mbedtls_mpi_exp_mod:16:"00":16:"02":16:"09":16:"":0
+
+Test mbedtls_mpi_exp_mod: 1 ^ 0 (null) mod 9
+mbedtls_mpi_exp_mod:16:"01":16:"":16:"09":16:"1":0
+
+Test mbedtls_mpi_exp_mod: 4 ^ 0 (null) mod 9
+mbedtls_mpi_exp_mod:16:"04":16:"":16:"09":16:"1":0
+
+Test mbedtls_mpi_exp_mod: 10 ^ 0 (null) mod 9
+mbedtls_mpi_exp_mod:16:"0a":16:"":16:"09":16:"1":0
+
+Test mbedtls_mpi_exp_mod: 1 ^ 0 (1 limb) mod 9
+mbedtls_mpi_exp_mod:16:"01":16:"00":16:"09":16:"1":0
+
+Test mbedtls_mpi_exp_mod: 4 ^ 0 (1 limb) mod 9
+mbedtls_mpi_exp_mod:16:"04":16:"00":16:"09":16:"1":0
+
+Test mbedtls_mpi_exp_mod: 10 ^ 0 (1 limb) mod 9
+mbedtls_mpi_exp_mod:16:"0a":16:"00":16:"09":16:"1":0
Test mbedtls_mpi_exp_mod: MAX_SIZE exponent
mbedtls_mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE:10:10:"":0
@@ -744,14 +1302,14 @@
Test mbedtls_mpi_exp_mod #1
depends_on:MPI_MAX_BITS_LARGER_THAN_792
-mbedtls_mpi_exp_mod:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"583137007797276923956891216216022144052044091311388601652961409557516421612874571554415606746479105795833145583959622117418531166391184939066520869800857530421873250114773204354963864729386957427276448683092491947566992077136553066273207777134303397724679138833126700957":10:"":10:"114597449276684355144920670007147953232659436380163461553186940113929777196018164149703566472936578890991049344459204199888254907113495794730452699842273939581048142004834330369483813876618772578869083248061616444392091693787039636316845512292127097865026290173004860736":0
+mbedtls_mpi_exp_mod:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"583137007797276923956891216216022144052044091311388601652961409557516421612874571554415606746479105795833145583959622117418531166391184939066520869800857530421873250114773204354963864729386957427276448683092491947566992077136553066273207777134303397724679138833126700957":10:"114597449276684355144920670007147953232659436380163461553186940113929777196018164149703566472936578890991049344459204199888254907113495794730452699842273939581048142004834330369483813876618772578869083248061616444392091693787039636316845512292127097865026290173004860736":0
Test mbedtls_mpi_exp_mod (Negative base) [#1]
-mbedtls_mpi_exp_mod:10:"-10000000000":10:"10000000000":10:"99999":10:"":10:"1":0
+mbedtls_mpi_exp_mod:10:"-10000000000":10:"10000000000":10:"99999":10:"1":0
Test mbedtls_mpi_exp_mod (Negative base) [#2]
depends_on:MPI_MAX_BITS_LARGER_THAN_792
-mbedtls_mpi_exp_mod:16:"-9f13012cd92aa72fb86ac8879d2fde4f7fd661aaae43a00971f081cc60ca277059d5c37e89652e2af2585d281d66ef6a9d38a117e9608e9e7574cd142dc55278838a2161dd56db9470d4c1da2d5df15a908ee2eb886aaa890f23be16de59386663a12f1afbb325431a3e835e3fd89b98b96a6f77382f458ef9a37e1f84a03045c8676ab55291a94c2228ea15448ee96b626b998":16:"40a54d1b9e86789f06d9607fb158672d64867665c73ee9abb545fc7a785634b354c7bae5b962ce8040cf45f2c1f3d3659b2ee5ede17534c8fc2ec85c815e8df1fe7048d12c90ee31b88a68a081f17f0d8ce5f4030521e9400083bcea73a429031d4ca7949c2000d597088e0c39a6014d8bf962b73bb2e8083bd0390a4e00b9b3":16:"eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3":16:"":16:"21acc7199e1b90f9b4844ffe12c19f00ec548c5d32b21c647d48b6015d8eb9ec9db05b4f3d44db4227a2b5659c1a7cceb9d5fa8fa60376047953ce7397d90aaeb7465e14e820734f84aa52ad0fc66701bcbb991d57715806a11531268e1e83dd48288c72b424a6287e9ce4e5cc4db0dd67614aecc23b0124a5776d36e5c89483":0
+mbedtls_mpi_exp_mod:16:"-9f13012cd92aa72fb86ac8879d2fde4f7fd661aaae43a00971f081cc60ca277059d5c37e89652e2af2585d281d66ef6a9d38a117e9608e9e7574cd142dc55278838a2161dd56db9470d4c1da2d5df15a908ee2eb886aaa890f23be16de59386663a12f1afbb325431a3e835e3fd89b98b96a6f77382f458ef9a37e1f84a03045c8676ab55291a94c2228ea15448ee96b626b998":16:"40a54d1b9e86789f06d9607fb158672d64867665c73ee9abb545fc7a785634b354c7bae5b962ce8040cf45f2c1f3d3659b2ee5ede17534c8fc2ec85c815e8df1fe7048d12c90ee31b88a68a081f17f0d8ce5f4030521e9400083bcea73a429031d4ca7949c2000d597088e0c39a6014d8bf962b73bb2e8083bd0390a4e00b9b3":16:"eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3":16:"21acc7199e1b90f9b4844ffe12c19f00ec548c5d32b21c647d48b6015d8eb9ec9db05b4f3d44db4227a2b5659c1a7cceb9d5fa8fa60376047953ce7397d90aaeb7465e14e820734f84aa52ad0fc66701bcbb991d57715806a11531268e1e83dd48288c72b424a6287e9ce4e5cc4db0dd67614aecc23b0124a5776d36e5c89483":0
Base test GCD #1
mbedtls_mpi_gcd:10:"693":10:"609":10:"21"
@@ -762,24 +1320,105 @@
Base test GCD #3
mbedtls_mpi_gcd:10:"768454923":10:"542167814":10:"1"
-Test GCD #1
+Test GCD: 0 (null), 0 (null)
+mbedtls_mpi_gcd:16:"":16:"":16:"0"
+
+Test GCD: 0 (null), 0 (1 limb)
+mbedtls_mpi_gcd:16:"":16:"00":16:"0"
+
+Test GCD: 0 (null), 3
+mbedtls_mpi_gcd:16:"":16:"03":16:"3"
+
+Test GCD: 0 (null), 6
+mbedtls_mpi_gcd:16:"":16:"06":16:"6"
+
+Test GCD: 0 (1 limb), 0 (null)
+mbedtls_mpi_gcd:16:"00":16:"":16:"0"
+
+Test GCD: 0 (1 limb), 3
+mbedtls_mpi_gcd:16:"00":16:"03":16:"3"
+
+Test GCD: 0 (1 limb), 6
+mbedtls_mpi_gcd:16:"00":16:"06":16:"6"
+
+Test GCD: 3, 0 (null)
+mbedtls_mpi_gcd:16:"03":16:"":16:"3"
+
+Test GCD: 3, 0 (1 limb)
+mbedtls_mpi_gcd:16:"03":16:"00":16:"3"
+
+Test GCD: 6, 0 (null)
+mbedtls_mpi_gcd:16:"06":16:"":16:"6"
+
+Test GCD: 6, 0 (1 limb)
+mbedtls_mpi_gcd:16:"06":16:"00":16:"6"
+
+Test GCD: gcd=1, 0 < A < B
mbedtls_mpi_gcd:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"1"
+Test GCD: gcd=1, 0 < B < A
+mbedtls_mpi_gcd:10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"1"
+
+Test GCD: gcd=1, A > 0, B < 0
+mbedtls_mpi_gcd:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"-5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"1"
+
+Test GCD: gcd=1, A < 0 < B, |A| < |B|
+mbedtls_mpi_gcd:10:"-433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"1"
+
+Test GCD: gcd=1, B < A < 0
+mbedtls_mpi_gcd:10:"-433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"-5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"1"
+
+Test GCD: gcd=2, 0 < A < B
+mbedtls_mpi_gcd:10:"866038481820754956434747145919120219639297294032193121047538021762345738166676571147513149114791725930190032967735626087327963892955396933002903664815184654712662526249110275464787876484571564289857507839177265358101598397874265844290169694":10:"11563076655955657794301818333556815318500916759291646124084984923153517053514981820147256017227955101092765549551141776260059527143057399149435166457879071920468928461765147231860769958200758205831314967733510743119623437535521189838913942708368227442":10:"2"
+
+Test GCD: gcd=2, 0 < B < A
+mbedtls_mpi_gcd:10:"11563076655955657794301818333556815318500916759291646124084984923153517053514981820147256017227955101092765549551141776260059527143057399149435166457879071920468928461765147231860769958200758205831314967733510743119623437535521189838913942708368227442":10:"866038481820754956434747145919120219639297294032193121047538021762345738166676571147513149114791725930190032967735626087327963892955396933002903664815184654712662526249110275464787876484571564289857507839177265358101598397874265844290169694":10:"2"
+
+Test GCD: gcd=3, 0 < A < B
+mbedtls_mpi_gcd:10:"1299057722731132434652120718878680329458945941048289681571307032643518607250014856721269723672187588895285049451603439130991945839433095399504355497222776982068993789373665413197181814726857346434786261758765898037152397596811398766435254541":10:"17344614983933486691452727500335222977751375138937469186127477384730275580272472730220884025841932651639148324326712664390089290714586098724152749686818607880703392692647720847791154937301137308746972451600266114679435156303281784758370914062552341163":10:"3"
+
+Test GCD: gcd=3, 0 < B < A
+mbedtls_mpi_gcd:10:"17344614983933486691452727500335222977751375138937469186127477384730275580272472730220884025841932651639148324326712664390089290714586098724152749686818607880703392692647720847791154937301137308746972451600266114679435156303281784758370914062552341163":10:"1299057722731132434652120718878680329458945941048289681571307032643518607250014856721269723672187588895285049451603439130991945839433095399504355497222776982068993789373665413197181814726857346434786261758765898037152397596811398766435254541":10:"3"
+
+Test GCD: gcd=4, 0 < A < B
+mbedtls_mpi_gcd:10:"1732076963641509912869494291838240439278594588064386242095076043524691476333353142295026298229583451860380065935471252174655927785910793866005807329630369309425325052498220550929575752969143128579715015678354530716203196795748531688580339388":10:"23126153311911315588603636667113630637001833518583292248169969846307034107029963640294512034455910202185531099102283552520119054286114798298870332915758143840937856923530294463721539916401516411662629935467021486239246875071042379677827885416736454884":10:"4"
+
+Test GCD: gcd=4, 0 < B < A
+mbedtls_mpi_gcd:10:"23126153311911315588603636667113630637001833518583292248169969846307034107029963640294512034455910202185531099102283552520119054286114798298870332915758143840937856923530294463721539916401516411662629935467021486239246875071042379677827885416736454884":10:"1732076963641509912869494291838240439278594588064386242095076043524691476333353142295026298229583451860380065935471252174655927785910793866005807329630369309425325052498220550929575752969143128579715015678354530716203196795748531688580339388":10:"4"
+
+Test GCD: gcd=6, 0 < A < B
+mbedtls_mpi_gcd:10:"2598115445462264869304241437757360658917891882096579363142614065287037214500029713442539447344375177790570098903206878261983891678866190799008710994445553964137987578747330826394363629453714692869572523517531796074304795193622797532870509082":10:"34689229967866973382905455000670445955502750277874938372254954769460551160544945460441768051683865303278296648653425328780178581429172197448305499373637215761406785385295441695582309874602274617493944903200532229358870312606563569516741828125104682326":10:"6"
+
+Test GCD: gcd=6, 0 < B < A
+mbedtls_mpi_gcd:10:"34689229967866973382905455000670445955502750277874938372254954769460551160544945460441768051683865303278296648653425328780178581429172197448305499373637215761406785385295441695582309874602274617493944903200532229358870312606563569516741828125104682326":10:"2598115445462264869304241437757360658917891882096579363142614065287037214500029713442539447344375177790570098903206878261983891678866190799008710994445553964137987578747330826394363629453714692869572523517531796074304795193622797532870509082":10:"6"
+
+Test GCD: 0 < A = B
+mbedtls_mpi_gcd:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847"
+
Base test mbedtls_mpi_inv_mod #1
mbedtls_mpi_inv_mod:10:"3":10:"11":10:"4":0
-Base test mbedtls_mpi_inv_mod #2
+Test mbedtls_mpi_inv_mod: mod 0 (null)
+mbedtls_mpi_inv_mod:10:"3":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+
+Test mbedtls_mpi_inv_mod: mod 0 (1 limb)
mbedtls_mpi_inv_mod:10:"3":10:"0":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
-Base test mbedtls_mpi_inv_mod #3
+Test mbedtls_mpi_inv_mod: mod negative
mbedtls_mpi_inv_mod:10:"3":10:"-11":10:"4":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
-Base test mbedtls_mpi_inv_mod #4
+Test mbedtls_mpi_inv_mod: 2^-1 mod 4
mbedtls_mpi_inv_mod:10:"2":10:"4":10:"0":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
-Base test mbedtls_mpi_inv_mod #5
+Test mbedtls_mpi_inv_mod: mod 1
mbedtls_mpi_inv_mod:10:"3":10:"1":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+Test mbedtls_mpi_inv_mod: 0 (null) ^-1
+mbedtls_mpi_inv_mod:16:"":16:"11":16:"":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+
+Test mbedtls_mpi_inv_mod: 0 (1 limb) ^-1
+mbedtls_mpi_inv_mod:16:"00":16:"11":16:"":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+
Test mbedtls_mpi_inv_mod #1
mbedtls_mpi_inv_mod:16:"aa4df5cb14b4c31237f98bd1faf527c283c2d0f3eec89718664ba33f9762907c":16:"fffbbd660b94412ae61ead9c2906a344116e316a256fd387874c6c675b1d587d":16:"8d6a5c1d7adeae3e94b9bcd2c47e0d46e778bc8804a2cc25c02d775dc3d05b0c":0
@@ -964,6 +1603,9 @@
Test bit getting (Larger and non-existing limb)
mbedtls_mpi_get_bit:10:"49979687":500:0
+Test bit getting in 0 (null)
+mbedtls_mpi_get_bit:10:"":500:0
+
Test bit getting (Value bit 24)
mbedtls_mpi_get_bit:10:"49979687":24:0
@@ -982,6 +1624,12 @@
Test bit set (Add above existing limbs with a 1)
mbedtls_mpi_set_bit:10:"49979687":80:1:10:"1208925819614629224685863":0
+Test bit set (Add to 0 (null) with a 0)
+mbedtls_mpi_set_bit:16:"":65:0:16:"":0
+
+Test bit set (Add to 0 (null) with a 1)
+mbedtls_mpi_set_bit:16:"":65:1:16:"020000000000000000":0
+
Test bit set (Bit index larger than 31 with a 0)
mbedtls_mpi_set_bit:16:"FFFFFFFFFFFFFFFF":32:0:16:"FFFFFFFEFFFFFFFF":0
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index 5807984..1372668 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -6,6 +6,18 @@
#define MPI_MAX_BITS_LARGER_THAN_792
#endif
+/* Check the validity of the sign bit in an MPI object. Reject representations
+ * that are not supported by the rest of the library and indicate a bug when
+ * constructing the value. */
+static int sign_is_valid( const mbedtls_mpi *X )
+{
+ if( X->s != 1 && X->s != -1 )
+ return( 0 ); // invalid sign bit, e.g. 0
+ if( mbedtls_mpi_bitlen( X ) == 0 && X->s != 1 )
+ return( 0 ); // negative zero
+ return( 1 );
+}
+
typedef struct mbedtls_test_mpi_random
{
data_t *data;
@@ -116,221 +128,6 @@
*/
/* BEGIN_CASE */
-void mpi_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_mpi_free( NULL ) );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void mpi_invalid_param( )
-{
- mbedtls_mpi X;
- const char *s_in = "00101000101010";
- char s_out[16] = { 0 };
- unsigned char u_out[16] = { 0 };
- unsigned char u_in[16] = { 0 };
- size_t olen;
- mbedtls_mpi_uint mpi_uint;
-
- TEST_INVALID_PARAM( mbedtls_mpi_init( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_grow( NULL, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_copy( NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_copy( &X, NULL ) );
-
- TEST_INVALID_PARAM( mbedtls_mpi_swap( NULL, &X ) );
- TEST_INVALID_PARAM( mbedtls_mpi_swap( &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_safe_cond_assign( NULL, &X, 0 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_safe_cond_assign( &X, NULL, 0 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_safe_cond_swap( NULL, &X, 0 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_safe_cond_swap( &X, NULL, 0 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_lset( NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_get_bit( NULL, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_set_bit( NULL, 42, 0 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_read_string( NULL, 2, s_in ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_read_string( &X, 2, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_write_string( NULL, 2,
- s_out, sizeof( s_out ),
- &olen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_write_string( &X, 2,
- NULL, sizeof( s_out ),
- &olen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_write_string( &X, 2,
- s_out, sizeof( s_out ),
- NULL ) );
-
-#if defined(MBEDTLS_FS_IO)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_read_file( NULL, 2, stdin ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_read_file( &X, 2, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_write_file( "", NULL, 2, NULL ) );
-#endif /* MBEDTLS_FS_IO */
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_read_binary( NULL, u_in,
- sizeof( u_in ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_read_binary( &X, NULL,
- sizeof( u_in ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_write_binary( NULL, u_out,
- sizeof( u_out ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_write_binary( &X, NULL,
- sizeof( u_out ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_shift_l( NULL, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_shift_r( NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_cmp_abs( NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_cmp_abs( &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_cmp_mpi( NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_cmp_mpi( &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_cmp_int( NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_abs( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_abs( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_abs( &X, &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_abs( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_abs( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_abs( &X, &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_mpi( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_mpi( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_mpi( &X, &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_mpi( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_mpi( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_mpi( &X, &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_int( NULL, &X, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_int( &X, NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_int( NULL, &X, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_int( &X, NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mul_mpi( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mul_mpi( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mul_mpi( &X, &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mul_int( NULL, &X, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mul_int( &X, NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_div_mpi( &X, &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_div_mpi( &X, &X, &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_div_int( &X, &X, NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( 0, mbedtls_mpi_lsb( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mod_mpi( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mod_mpi( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mod_mpi( &X, &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mod_int( NULL, &X, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mod_int( &mpi_uint, NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_exp_mod( NULL, &X, &X, &X, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_exp_mod( &X, NULL, &X, &X, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_exp_mod( &X, &X, NULL, &X, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_exp_mod( &X, &X, &X, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_fill_random( NULL, 42,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_fill_random( &X, 42, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_gcd( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_gcd( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_gcd( &X, &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_inv_mod( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_inv_mod( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_inv_mod( &X, &X, NULL ) );
-
-exit:
- return;
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
void mpi_null( )
{
mbedtls_mpi X, Y, Z;
@@ -365,6 +162,7 @@
TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == result_read );
if( result_read == 0 )
{
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, output_size, &len ) == result_write );
if( result_write == 0 )
{
@@ -389,6 +187,7 @@
TEST_ASSERT( mbedtls_mpi_read_binary( &X, buf->x, buf->len ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, sizeof( str ), &len ) == 0 );
TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 );
@@ -408,6 +207,7 @@
TEST_ASSERT( mbedtls_mpi_read_binary_le( &X, buf->x, buf->len ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, sizeof( str ), &len ) == 0 );
TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 );
@@ -429,7 +229,7 @@
mbedtls_mpi_init( &X );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
buflen = mbedtls_mpi_size( &X );
if( buflen > (size_t) output_size )
@@ -461,7 +261,7 @@
mbedtls_mpi_init( &X );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
buflen = mbedtls_mpi_size( &X );
if( buflen > (size_t) output_size )
@@ -502,6 +302,7 @@
if( result == 0 )
{
+ TEST_ASSERT( sign_is_valid( &X ) );
buflen = mbedtls_mpi_size( &X );
TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == 0 );
@@ -525,7 +326,7 @@
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
file_out = fopen( output_file, "w" );
TEST_ASSERT( file_out != NULL );
@@ -551,7 +352,7 @@
{
mbedtls_mpi X;
mbedtls_mpi_init( &X );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_get_bit( &X, pos ) == val );
exit:
@@ -566,12 +367,13 @@
mbedtls_mpi X, Y;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, output_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, output_Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_set_bit( &X, pos, val ) == result );
if( result == 0 )
{
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 );
}
@@ -586,7 +388,7 @@
mbedtls_mpi X;
mbedtls_mpi_init( &X );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_lsb( &X ) == (size_t) nr_bits );
exit:
@@ -600,7 +402,7 @@
mbedtls_mpi X;
mbedtls_mpi_init( &X );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_bitlen( &X ) == (size_t) nr_bits );
exit:
@@ -615,10 +417,11 @@
mbedtls_mpi A, X, Y, Z;
mbedtls_mpi_init( &A ); mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_gcd( &Z, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
exit:
@@ -647,8 +450,8 @@
mbedtls_mpi X, Y;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == input_A );
exit:
@@ -666,8 +469,8 @@
mbedtls_mpi X, Y;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, input_Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_grow( &X, size_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_grow( &Y, size_Y ) == 0 );
@@ -688,8 +491,8 @@
mbedtls_mpi X, Y;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_abs( &X, &Y ) == input_A );
exit:
@@ -698,55 +501,125 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_copy_sint( int input_X, int input_Y )
+void mbedtls_mpi_copy( char *src_hex, char *dst_hex )
{
- mbedtls_mpi X, Y;
+ mbedtls_mpi src, dst, ref;
+ mbedtls_mpi_init( &src );
+ mbedtls_mpi_init( &dst );
+ mbedtls_mpi_init( &ref );
+
+ TEST_ASSERT( mbedtls_test_read_mpi( &src, 16, src_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ref, 16, dst_hex ) == 0 );
+
+ /* mbedtls_mpi_copy() */
+ TEST_ASSERT( mbedtls_test_read_mpi( &dst, 16, dst_hex ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_copy( &dst, &src ) == 0 );
+ TEST_ASSERT( sign_is_valid( &dst ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &src ) == 0 );
+
+ /* mbedtls_mpi_safe_cond_assign(), assignment done */
+ mbedtls_mpi_free( &dst );
+ TEST_ASSERT( mbedtls_test_read_mpi( &dst, 16, dst_hex ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &dst, &src, 1 ) == 0 );
+ TEST_ASSERT( sign_is_valid( &dst ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &src ) == 0 );
+
+ /* mbedtls_mpi_safe_cond_assign(), assignment not done */
+ mbedtls_mpi_free( &dst );
+ TEST_ASSERT( mbedtls_test_read_mpi( &dst, 16, dst_hex ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &dst, &src, 0 ) == 0 );
+ TEST_ASSERT( sign_is_valid( &dst ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &ref ) == 0 );
+
+exit:
+ mbedtls_mpi_free( &src );
+ mbedtls_mpi_free( &dst );
+ mbedtls_mpi_free( &ref );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mpi_copy_self( char *input_X )
+{
+ mbedtls_mpi X, A;
+ mbedtls_mpi_init( &A );
+ mbedtls_mpi_init( &X );
+
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_copy( &X, &X ) == 0 );
+
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, 16, input_X ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
+
+exit:
+ mbedtls_mpi_free( &A );
+ mbedtls_mpi_free( &X );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_mpi_swap( char *X_hex, char *Y_hex )
+{
+ mbedtls_mpi X, Y, X0, Y0;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
+ mbedtls_mpi_init( &X0 ); mbedtls_mpi_init( &Y0 );
- TEST_ASSERT( mbedtls_mpi_lset( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_lset( &Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X0, 16, X_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y0, 16, Y_hex ) == 0 );
- TEST_ASSERT( mbedtls_mpi_copy( &Y, &X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &Y, input_X ) == 0 );
+ /* mbedtls_mpi_swap() */
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, X_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, Y_hex ) == 0 );
+ mbedtls_mpi_swap( &X, &Y );
+ TEST_ASSERT( sign_is_valid( &X ) );
+ TEST_ASSERT( sign_is_valid( &Y ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 );
+
+ /* mbedtls_mpi_safe_cond_swap(), swap done */
+ mbedtls_mpi_free( &X );
+ mbedtls_mpi_free( &Y );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, X_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, Y_hex ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 1 ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
+ TEST_ASSERT( sign_is_valid( &Y ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 );
+
+ /* mbedtls_mpi_safe_cond_swap(), swap not done */
+ mbedtls_mpi_free( &X );
+ mbedtls_mpi_free( &Y );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, X_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, Y_hex ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 0 ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
+ TEST_ASSERT( sign_is_valid( &Y ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &Y0 ) == 0 );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
+ mbedtls_mpi_free( &X0 ); mbedtls_mpi_free( &Y0 );
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_copy_binary( data_t *input_X, data_t *input_Y )
+void mpi_swap_self( char *X_hex )
{
- mbedtls_mpi X, Y, X0;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &X0 );
+ mbedtls_mpi X, X0;
+ mbedtls_mpi_init( &X ); mbedtls_mpi_init( &X0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &X, input_X->x, input_X->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &Y, input_Y->x, input_Y->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &X0, input_X->x, input_X->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, X_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X0, 16, X_hex ) == 0 );
+
+ mbedtls_mpi_swap( &X, &X );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_copy( &Y, &X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 );
-
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &X0 );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void mpi_copy_self( int input_X )
-{
- mbedtls_mpi X;
- mbedtls_mpi_init( &X );
-
- TEST_ASSERT( mbedtls_mpi_lset( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_copy( &X, &X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_X ) == 0 );
-
-exit:
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free( &X ); mbedtls_mpi_free( &X0 );
}
/* END_CASE */
@@ -757,10 +630,14 @@
mbedtls_mpi_init( &X );
TEST_ASSERT( mbedtls_mpi_grow( &X, before ) == 0 );
- TEST_ASSERT( used <= before );
- memset( X.p, 0x2a, used * sizeof( mbedtls_mpi_uint ) );
+ if( used > 0 )
+ {
+ size_t used_bit_count = used * 8 * sizeof( mbedtls_mpi_uint );
+ TEST_ASSERT( mbedtls_mpi_set_bit( &X, used_bit_count - 1, 1 ) == 0 );
+ }
+ TEST_EQUAL( X.n, (size_t) before );
TEST_ASSERT( mbedtls_mpi_shrink( &X, min ) == 0 );
- TEST_ASSERT( X.n == (size_t) after );
+ TEST_EQUAL( X.n, (size_t) after );
exit:
mbedtls_mpi_free( &X );
@@ -768,139 +645,28 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_safe_cond_assign( int x_sign, char * x_str, int y_sign,
- char * y_str )
-{
- mbedtls_mpi X, Y, XX;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &XX );
-
- TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, x_str ) == 0 );
- X.s = x_sign;
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y_str ) == 0 );
- Y.s = y_sign;
- TEST_ASSERT( mbedtls_mpi_copy( &XX, &X ) == 0 );
-
- TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &X, &Y, 0 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &XX ) == 0 );
-
- TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &X, &Y, 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 );
-
-exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &XX );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void mbedtls_mpi_safe_cond_swap( int x_sign, char * x_str, int y_sign,
- char * y_str )
-{
- mbedtls_mpi X, Y, XX, YY;
-
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
- mbedtls_mpi_init( &XX ); mbedtls_mpi_init( &YY );
-
- TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, x_str ) == 0 );
- X.s = x_sign;
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y_str ) == 0 );
- Y.s = y_sign;
-
- TEST_ASSERT( mbedtls_mpi_copy( &XX, &X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_copy( &YY, &Y ) == 0 );
-
- TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 0 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &XX ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &YY ) == 0 );
-
- TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &XX ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &YY ) == 0 );
-
-exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
- mbedtls_mpi_free( &XX ); mbedtls_mpi_free( &YY );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void mbedtls_mpi_swap_sint( int input_X, int input_Y )
-{
- mbedtls_mpi X, Y;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
-
- TEST_ASSERT( mbedtls_mpi_lset( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_lset( &Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &Y, input_Y ) == 0 );
-
- mbedtls_mpi_swap( &X, &Y );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &Y, input_X ) == 0 );
-
-exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void mbedtls_mpi_swap_binary( data_t *input_X, data_t *input_Y )
-{
- mbedtls_mpi X, Y, X0, Y0;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
- mbedtls_mpi_init( &X0 ); mbedtls_mpi_init( &Y0 );
-
- TEST_ASSERT( mbedtls_mpi_read_binary( &X, input_X->x, input_X->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &Y, input_Y->x, input_Y->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &X0, input_X->x, input_X->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &Y0, input_Y->x, input_Y->len ) == 0 );
-
- mbedtls_mpi_swap( &X, &Y );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 );
-
-exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
- mbedtls_mpi_free( &X0 ); mbedtls_mpi_free( &Y0 );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void mpi_swap_self( data_t *input_X )
-{
- mbedtls_mpi X, X0;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &X0 );
-
- TEST_ASSERT( mbedtls_mpi_read_binary( &X, input_X->x, input_X->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &X0, input_X->x, input_X->len ) == 0 );
-
- mbedtls_mpi_swap( &X, &X );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 );
-
-exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &X0 );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
void mbedtls_mpi_add_mpi( int radix_X, char * input_X, int radix_Y,
char * input_Y, int radix_A, char * input_A )
{
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_add_mpi( &Z, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
/* result == first operand */
TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
/* result == second operand */
TEST_ASSERT( mbedtls_mpi_add_mpi( &Y, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Y ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
exit:
@@ -915,18 +681,21 @@
mbedtls_mpi X, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &X ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_int( &X, 0 ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &X ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &X ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
exit:
@@ -942,19 +711,22 @@
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_add_abs( &Z, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
/* result == first operand */
TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
/* result == second operand */
TEST_ASSERT( mbedtls_mpi_add_abs( &Y, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Y ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
exit:
@@ -969,9 +741,10 @@
mbedtls_mpi X, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_add_int( &Z, &X, input_Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
exit:
@@ -986,19 +759,22 @@
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_sub_mpi( &Z, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
/* result == first operand */
TEST_ASSERT( mbedtls_mpi_sub_mpi( &X, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
/* result == second operand */
TEST_ASSERT( mbedtls_mpi_sub_mpi( &Y, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Y ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
exit:
@@ -1015,23 +791,26 @@
int res;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
res = mbedtls_mpi_sub_abs( &Z, &X, &Y );
TEST_ASSERT( res == sub_result );
+ TEST_ASSERT( sign_is_valid( &Z ) );
if( res == 0 )
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
/* result == first operand */
TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &Y ) == sub_result );
+ TEST_ASSERT( sign_is_valid( &X ) );
if( sub_result == 0 )
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
/* result == second operand */
TEST_ASSERT( mbedtls_mpi_sub_abs( &Y, &X, &Y ) == sub_result );
+ TEST_ASSERT( sign_is_valid( &Y ) );
if( sub_result == 0 )
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
@@ -1047,9 +826,10 @@
mbedtls_mpi X, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_sub_int( &Z, &X, input_Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
exit:
@@ -1064,10 +844,11 @@
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_mul_mpi( &Z, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
exit:
@@ -1083,9 +864,10 @@
mbedtls_mpi X, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_mul_int( &Z, &X, input_Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Z ) );
if( strcmp( result_comparison, "==" ) == 0 )
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
else if( strcmp( result_comparison, "!=" ) == 0 )
@@ -1108,14 +890,16 @@
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &R );
mbedtls_mpi_init( &A ); mbedtls_mpi_init( &B );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &B, radix_B, input_B ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &B, radix_B, input_B ) == 0 );
res = mbedtls_mpi_div_mpi( &Q, &R, &X, &Y );
TEST_ASSERT( res == div_result );
if( res == 0 )
{
+ TEST_ASSERT( sign_is_valid( &Q ) );
+ TEST_ASSERT( sign_is_valid( &R ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &A ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &B ) == 0 );
}
@@ -1136,13 +920,15 @@
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &A );
mbedtls_mpi_init( &B );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &B, radix_B, input_B ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &B, radix_B, input_B ) == 0 );
res = mbedtls_mpi_div_int( &Q, &R, &X, input_Y );
TEST_ASSERT( res == div_result );
if( res == 0 )
{
+ TEST_ASSERT( sign_is_valid( &Q ) );
+ TEST_ASSERT( sign_is_valid( &R ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &A ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &B ) == 0 );
}
@@ -1162,13 +948,14 @@
int res;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
res = mbedtls_mpi_mod_mpi( &X, &X, &Y );
TEST_ASSERT( res == div_result );
if( res == 0 )
{
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
}
@@ -1186,7 +973,7 @@
mbedtls_mpi_uint r;
mbedtls_mpi_init( &X );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
res = mbedtls_mpi_mod_int( &r, &X, input_Y );
TEST_ASSERT( res == div_result );
if( res == 0 )
@@ -1202,26 +989,41 @@
/* BEGIN_CASE */
void mbedtls_mpi_exp_mod( int radix_A, char * input_A, int radix_E,
char * input_E, int radix_N, char * input_N,
- int radix_RR, char * input_RR, int radix_X,
- char * input_X, int div_result )
+ int radix_X, char * input_X, int exp_result )
{
mbedtls_mpi A, E, N, RR, Z, X;
int res;
mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N );
mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &X );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
- if( strlen( input_RR ) )
- TEST_ASSERT( mbedtls_mpi_read_string( &RR, radix_RR, input_RR ) == 0 );
-
- res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR );
- TEST_ASSERT( res == div_result );
+ res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, NULL );
+ TEST_ASSERT( res == exp_result );
if( res == 0 )
{
+ TEST_ASSERT( sign_is_valid( &Z ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 );
+ }
+
+ /* Now test again with the speed-up parameter supplied as an output. */
+ res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR );
+ TEST_ASSERT( res == exp_result );
+ if( res == 0 )
+ {
+ TEST_ASSERT( sign_is_valid( &Z ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 );
+ }
+
+ /* Now test again with the speed-up parameter supplied in calculated form. */
+ res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR );
+ TEST_ASSERT( res == exp_result );
+ if( res == 0 )
+ {
+ TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 );
}
@@ -1255,7 +1057,7 @@
TEST_ASSERT( mbedtls_mpi_set_bit( &N, 0, 1 ) == 0 );
if( strlen( input_RR ) )
- TEST_ASSERT( mbedtls_mpi_read_string( &RR, radix_RR, input_RR ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &RR, radix_RR, input_RR ) == 0 );
TEST_ASSERT( mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ) == exp_result );
@@ -1274,13 +1076,14 @@
int res;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
res = mbedtls_mpi_inv_mod( &Z, &X, &Y );
TEST_ASSERT( res == div_result );
if( res == 0 )
{
+ TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
}
@@ -1296,7 +1099,7 @@
int res;
mbedtls_mpi_init( &X );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
res = mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( res == div_result );
@@ -1356,6 +1159,7 @@
TEST_ASSERT( actual_bits >= (size_t) bits );
TEST_ASSERT( actual_bits <= (size_t) bits + 1 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40,
mbedtls_test_rnd_std_rand,
@@ -1382,9 +1186,10 @@
mbedtls_mpi X, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_shift_l( &X, shift_X ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
exit:
@@ -1399,9 +1204,10 @@
mbedtls_mpi X, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_shift_r( &X, shift_X ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
exit:
@@ -1443,6 +1249,7 @@
TEST_ASSERT( mbedtls_mpi_size( &X ) + leading_zeros ==
(size_t) wanted_bytes );
TEST_ASSERT( (int) bytes_left == rng_bytes - wanted_bytes );
+ TEST_ASSERT( sign_is_valid( &X ) );
}
exit:
@@ -1500,6 +1307,7 @@
TEST_EQUAL( 0, mbedtls_mpi_random( &result, min, &upper_bound,
mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_ASSERT( sign_is_valid( &result ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &result, &upper_bound ) < 0 );
TEST_ASSERT( mbedtls_mpi_cmp_int( &result, min ) >= 0 );
if( full_stats )
@@ -1581,6 +1389,7 @@
bound_bytes->x, bound_bytes->len ) );
TEST_EQUAL( 0, mbedtls_mpi_random( &result, min, &upper_bound,
mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_ASSERT( sign_is_valid( &result ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &result, &upper_bound ) < 0 );
TEST_ASSERT( mbedtls_mpi_cmp_int( &result, min ) >= 0 );
diff --git a/tests/suites/test_suite_nist_kw.data b/tests/suites/test_suite_nist_kw.data
index d0178b6..ec82824 100644
--- a/tests/suites/test_suite_nist_kw.data
+++ b/tests/suites/test_suite_nist_kw.data
@@ -20,9 +20,9 @@
depends_on:MBEDTLS_AES_C
mbedtls_nist_kw_setkey:MBEDTLS_CIPHER_ID_AES:224:1:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
-NIST KW init #5 BLOWFISH-128: bad cipher
-depends_on:MBEDTLS_BLOWFISH_C
-mbedtls_nist_kw_setkey:MBEDTLS_CIPHER_ID_BLOWFISH:128:0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+NIST KW init #5 3DES: bad cipher
+depends_on:MBEDTLS_DES_C
+mbedtls_nist_kw_setkey:MBEDTLS_CIPHER_ID_3DES:128:0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
NIST KW lengths #1 KW plaintext OK (2 to 2^54 - 1 semiblocks)
nist_kw_plaintext_lengths:16:24:MBEDTLS_KW_MODE_KW:0
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index 9ebdc7e..5eb145d 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -1,6 +1,3 @@
-PK invalid parameters
-invalid_parameters:
-
PK valid parameters
valid_parameters:
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index ddef836..6e93bc6 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -177,7 +177,8 @@
/* unsupported functions: check_pair, debug */
TEST_ASSERT( mbedtls_pk_setup( &pk2,
mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
- TEST_ASSERT( mbedtls_pk_check_pair( &pk, &pk2 )
+ TEST_ASSERT( mbedtls_pk_check_pair( &pk, &pk2,
+ mbedtls_test_rnd_std_rand, NULL )
== MBEDTLS_ERR_PK_TYPE_MISMATCH );
TEST_ASSERT( mbedtls_pk_debug( &pk, &dbg )
== MBEDTLS_ERR_PK_TYPE_MISMATCH );
@@ -211,12 +212,6 @@
mbedtls_pk_init( &pk );
- TEST_VALID_PARAM( mbedtls_pk_free( NULL ) );
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
- TEST_VALID_PARAM( mbedtls_pk_restart_free( NULL ) );
-#endif
-
TEST_ASSERT( mbedtls_pk_setup( &pk, NULL ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -284,7 +279,8 @@
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#if defined(MBEDTLS_PK_PARSE_C)
- TEST_ASSERT( mbedtls_pk_parse_key( &pk, NULL, 0, NULL, 1 ) ==
+ TEST_ASSERT( mbedtls_pk_parse_key( &pk, NULL, 0, NULL, 1,
+ mbedtls_test_rnd_std_rand, NULL ) ==
MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, NULL, 0 ) ==
@@ -301,8 +297,8 @@
/* For the write tests to be effective, we need a valid key pair. */
mbedtls_pk_init( &pk );
TEST_ASSERT( mbedtls_pk_parse_key( &pk,
- key_data->x, key_data->len,
- NULL, 0 ) == 0 );
+ key_data->x, key_data->len, NULL, 0,
+ mbedtls_test_rnd_std_rand, NULL ) == 0 );
TEST_ASSERT( mbedtls_pk_write_key_der( &pk, NULL, 0 ) ==
MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
@@ -323,275 +319,6 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void invalid_parameters( )
-{
- size_t len;
- unsigned char *null_buf = NULL;
- unsigned char buf[1];
- unsigned char *p = buf;
- char str[1] = {0};
- mbedtls_pk_context pk;
- mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
- void *options = buf;
-
- (void) null_buf;
- (void) p;
- (void) str;
-
- mbedtls_pk_init( &pk );
-
- TEST_INVALID_PARAM( mbedtls_pk_init( NULL ) );
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
- TEST_INVALID_PARAM( mbedtls_pk_restart_init( NULL ) );
-#endif
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_setup( NULL, NULL ) );
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_setup_rsa_alt( NULL, buf,
- NULL, NULL, NULL ) );
-#endif
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_restartable( NULL,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- buf, sizeof( buf ),
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_restartable( &pk,
- MBEDTLS_MD_NONE,
- NULL, sizeof( buf ),
- buf, sizeof( buf ),
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_restartable( &pk,
- valid_md,
- NULL, 0,
- buf, sizeof( buf ),
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_restartable( &pk,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- NULL, sizeof( buf ),
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify( NULL,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify( &pk,
- MBEDTLS_MD_NONE,
- NULL, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify( &pk,
- valid_md,
- NULL, 0,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify( &pk,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- NULL, sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
- NULL,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
- &pk,
- MBEDTLS_MD_NONE,
- NULL, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
- &pk,
- valid_md,
- NULL, 0,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
- &pk,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- NULL, sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign_restartable( NULL, MBEDTLS_MD_NONE, buf, sizeof( buf ),
- buf, &len, mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ),
- buf, &len, mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign_restartable( &pk, valid_md, NULL, 0, buf, &len,
- mbedtls_test_rnd_std_rand, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ),
- NULL, &len, mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign( NULL, MBEDTLS_MD_NONE, buf, sizeof( buf ),
- buf, &len, mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ),
- buf, &len, mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign( &pk, valid_md, NULL, 0, buf, &len,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ), NULL, &len,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_decrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_decrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_encrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_encrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_check_pair( NULL, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_check_pair( &pk, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_debug( NULL, NULL ) );
-
-#if defined(MBEDTLS_PK_PARSE_C)
-#if defined(MBEDTLS_FS_IO)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_load_file( NULL, &p, &len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_load_file( str, NULL, &len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_load_file( str, &p, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_keyfile( NULL, str, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_keyfile( &pk, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_public_keyfile( NULL, str ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_public_keyfile( &pk, NULL ) );
-#endif
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_subpubkey( NULL, buf, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_subpubkey( &null_buf, buf, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_subpubkey( &p, NULL, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_subpubkey( &p, buf, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_key( NULL,
- buf, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_key( &pk,
- NULL, sizeof( buf ),
- buf, sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_public_key( NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_public_key( &pk,
- NULL, sizeof( buf ) ) );
-#endif /* MBEDTLS_PK_PARSE_C */
-
-#if defined(MBEDTLS_PK_WRITE_C)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey( NULL, p, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey( &null_buf, p, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey( &p, NULL, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey( &p, p, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey_der( NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey_der( &pk,
- NULL, sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_key_der( NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_key_der( &pk,
- NULL, sizeof( buf ) ) );
-
-#if defined(MBEDTLS_PEM_WRITE_C)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey_pem( NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey_pem( &pk,
- NULL, sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_key_pem( NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_key_pem( &pk,
- NULL, sizeof( buf ) ) );
-#endif /* MBEDTLS_PEM_WRITE_C */
-
-#endif /* MBEDTLS_PK_WRITE_C */
-}
-/* END_CASE */
-
/* BEGIN_CASE */
void pk_utils( int type, int parameter, int bitlen, int len, char * name )
{
@@ -623,9 +350,13 @@
mbedtls_pk_init( &alt );
TEST_ASSERT( mbedtls_pk_parse_public_keyfile( &pub, pub_file ) == 0 );
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &prv, prv_file, NULL ) == 0 );
+ TEST_ASSERT( mbedtls_pk_parse_keyfile( &prv, prv_file, NULL,
+ mbedtls_test_rnd_std_rand, NULL )
+ == 0 );
- TEST_ASSERT( mbedtls_pk_check_pair( &pub, &prv ) == ret );
+ TEST_ASSERT( mbedtls_pk_check_pair( &pub, &prv,
+ mbedtls_test_rnd_std_rand, NULL )
+ == ret );
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
if( mbedtls_pk_get_type( &prv ) == MBEDTLS_PK_RSA )
@@ -633,7 +364,9 @@
TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, mbedtls_pk_rsa( prv ),
mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func,
mbedtls_rsa_key_len_func ) == 0 );
- TEST_ASSERT( mbedtls_pk_check_pair( &pub, &alt ) == ret );
+ TEST_ASSERT( mbedtls_pk_check_pair( &pub, &alt,
+ mbedtls_test_rnd_std_rand, NULL )
+ == ret );
}
#endif
@@ -670,8 +403,8 @@
rsa = mbedtls_pk_rsa( pk );
rsa->len = mod / 8;
- TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 );
if( mbedtls_md_info_from_type( digest ) != NULL )
@@ -713,15 +446,16 @@
rsa = mbedtls_pk_rsa( pk );
rsa->len = mod / 8;
- TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 );
if( digest != MBEDTLS_MD_NONE )
{
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
- message_str->x, message_str->len, hash_result ) == 0 );
- hash_len = 0;
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
+ TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len,
+ hash_result ) == 0 );
+ hash_len = mbedtls_md_get_size( md_info );
}
else
{
@@ -801,7 +535,7 @@
TEST_ASSERT( mbedtls_pk_setup( &prv, mbedtls_pk_info_from_type( pk_type ) ) == 0 );
TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( prv )->grp, grp_id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &mbedtls_pk_ec( prv )->d, 16, d_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &mbedtls_pk_ec( prv )->d, 16, d_str ) == 0 );
TEST_ASSERT( mbedtls_pk_setup( &pub, mbedtls_pk_info_from_type( pk_type ) ) == 0 );
TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( pub )->grp, grp_id ) == 0 );
@@ -886,7 +620,8 @@
{
mbedtls_pk_context pk;
size_t sig_len;
- unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+ unsigned char hash[32]; // Hard-coded for SHA256
+ size_t hash_len = sizeof( hash );
unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
void *rs_ctx = NULL;
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
@@ -910,7 +645,7 @@
TEST_ASSERT( pk_genkey( &pk, parameter ) == 0 );
TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, &sig_len,
+ hash, hash_len, sig, &sig_len,
mbedtls_test_rnd_std_rand, NULL, rs_ctx ) == sign_ret );
if( sign_ret == 0 )
TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE );
@@ -918,22 +653,22 @@
sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE;
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len ) == verify_ret );
+ hash, hash_len, sig, sig_len ) == verify_ret );
if( verify_ret == 0 )
{
hash[0]++;
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len ) != 0 );
+ hash, hash_len, sig, sig_len ) != 0 );
hash[0]--;
sig[0]++;
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len ) != 0 );
+ hash, hash_len, sig, sig_len ) != 0 );
sig[0]--;
}
- TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash,
+ TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, hash_len,
sig, &sig_len,
mbedtls_test_rnd_std_rand,
NULL ) == sign_ret );
@@ -943,7 +678,7 @@
sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE;
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len, rs_ctx ) == verify_ret );
+ hash, hash_len, sig, sig_len, rs_ctx ) == verify_ret );
if( verify_ret == 0 )
{
@@ -987,8 +722,8 @@
rsa = mbedtls_pk_rsa( pk );
rsa->len = mod / 8;
- TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len,
output, &olen, sizeof( output ),
@@ -1026,12 +761,12 @@
rsa = mbedtls_pk_rsa( pk );
/* load public key */
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
/* load private key */
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_complete( rsa ) == 0 );
@@ -1138,7 +873,7 @@
size_t sig_len, ciph_len, test_len;
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
- mbedtls_rsa_init( &raw, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
+ mbedtls_rsa_init( &raw );
mbedtls_pk_init( &rsa ); mbedtls_pk_init( &alt );
memset( hash, 0x2a, sizeof hash );
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index a7fb2a5..6f859d5 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -25,11 +25,13 @@
info.length = rnd_buf->len;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
@@ -71,15 +73,17 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
memset( output, 0x00, sizeof( output ) );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
@@ -193,7 +197,7 @@
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
mbedtls_mpi_init( &Nmpi ); mbedtls_mpi_init( &Empi );
mbedtls_mpi_init( &Pmpi ); mbedtls_mpi_init( &Qmpi );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &ctx );
TEST_ASSERT( mbedtls_mpi_read_binary( &Nmpi, N, sizeof( N ) ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_binary( &Empi, E, sizeof( E ) ) == 0 );
@@ -265,6 +269,7 @@
data_t * result_str, int result )
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
unsigned char output[128];
mbedtls_rsa_context ctx;
mbedtls_mpi N, P, Q, E;
@@ -277,28 +282,30 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
+ if( md_info != NULL )
+ TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 );
- if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
-
- TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
- &info, digest, 0, hash_result,
- output ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_sign(
+ &ctx, &mbedtls_test_rnd_buffer_rand, &info,
+ digest, mbedtls_md_get_size( md_info ), hash_result,
+ output ) == result );
if( result == 0 )
{
@@ -320,25 +327,28 @@
data_t * result_str, int result )
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
mbedtls_rsa_context ctx;
mbedtls_mpi N, E;
((void) salt);
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
- if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
+ if( md_info != NULL )
+ TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, mbedtls_md_get_size( md_info ), hash_result, result_str->x ) == result );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index f7e1e24..27b0990 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -24,7 +24,9 @@
info.length = rnd_buf->len;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21, hash ) == 0 );
memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
@@ -67,7 +69,9 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21, hash ) == 0 );
memset( output, 0x00, sizeof( output ) );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
@@ -119,6 +123,7 @@
int result )
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
unsigned char output[512];
mbedtls_rsa_context ctx;
mbedtls_test_rnd_buf_info info;
@@ -131,7 +136,9 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21, hash ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
memset( output, 0x00, sizeof( output ) );
@@ -146,14 +153,15 @@
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
- if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
+ if( md_info != NULL )
+ TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 );
if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY)
{
- TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
- &info, digest, 0,hash_result,
- output ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_sign(
+ &ctx, &mbedtls_test_rnd_buffer_rand, &info,
+ digest, mbedtls_md_get_size( md_info ), hash_result,
+ output ) == result );
if( result == 0 )
{
ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len );
@@ -163,9 +171,10 @@
info.length = rnd_buf->len;
}
- TEST_ASSERT( mbedtls_rsa_rsassa_pss_sign_ext( &ctx, &mbedtls_test_rnd_buffer_rand,
- &info, digest, 0, hash_result,
- fixed_salt_length, output ) == result );
+ TEST_ASSERT( mbedtls_rsa_rsassa_pss_sign_ext(
+ &ctx, &mbedtls_test_rnd_buffer_rand, &info,
+ digest, mbedtls_md_get_size( md_info ), hash_result,
+ fixed_salt_length, output ) == result );
if( result == 0 )
{
ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len );
@@ -184,12 +193,15 @@
char * salt, data_t * result_str, int result )
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
mbedtls_rsa_context ctx;
mbedtls_mpi N, E;
((void) salt);
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21, hash ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
@@ -200,10 +212,10 @@
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
- if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
+ if( md_info != NULL )
+ TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, mbedtls_md_get_size( md_info ), hash_result, result_str->x ) == result );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
@@ -225,7 +237,9 @@
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, ctx_hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21, ctx_hash ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
@@ -238,9 +252,12 @@
if( msg_digest_id != MBEDTLS_MD_NONE )
{
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( msg_digest_id ),
- message_str->x, message_str->len, hash_result ) == 0 );
- hash_len = 0;
+ const mbedtls_md_info_t *md_info =
+ mbedtls_md_info_from_type( msg_digest_id );
+ TEST_ASSERT( mbedtls_md( md_info,
+ message_str->x, message_str->len,
+ hash_result ) == 0 );
+ hash_len = mbedtls_md_get_size( md_info );
}
else
{
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index 1f73aac..1172b30 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -170,54 +170,6 @@
depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_2des.der":"PolarSSLTest":0
-Parse RSA Key #32 (PKCS#8 encrypted SHA1-RC4-128)
-depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
-pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem":"PolarSSLTest":0
-
-Parse RSA Key #32.1 (PKCS#8 encrypted SHA1-RC4-128, wrong PW)
-depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
-pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
-
-Parse RSA Key #32.2 (PKCS#8 encrypted SHA1-RC4-128, no PW)
-depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
-pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
-
-Parse RSA Key #33 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit)
-depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
-pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem":"PolarSSLTest":0
-
-Parse RSA Key #33.1 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit, wrong PW)
-depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
-pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
-
-Parse RSA Key #33.2 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit, no PW)
-depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
-pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
-
-Parse RSA Key #34 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit)
-depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
-pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem":"PolarSSLTest":0
-
-Parse RSA Key #34.1 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit, wrong PW)
-depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
-pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
-
-Parse RSA Key #34.2 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit, no PW)
-depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
-pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
-
-Parse RSA Key #35 (PKCS#8 encrypted SHA1-RC4-128 DER)
-depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
-pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der":"PolarSSLTest":0
-
-Parse RSA Key #36 (PKCS#8 encrypted SHA1-RC4-128 DER, 2048-bit)
-depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
-pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der":"PolarSSLTest":0
-
-Parse RSA Key #37 (PKCS#8 encrypted SHA1-RC4-128 DER, 4096-bit)
-depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
-pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der":"PolarSSLTest":0
-
Parse RSA Key #38 (PKCS#8 encrypted v2 PBKDF2 3DES)
depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem":"PolarSSLTest":0
@@ -1032,14 +984,6 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0
-Parse EC Key #6 (PKCS8 encrypted DER)
-depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
-pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pw.der":"polar":0
-
-Parse EC Key #7 (PKCS8 encrypted PEM)
-depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
-pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pw.pem":"polar":0
-
Parse EC Key #8 (SEC1 PEM, secp224r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 4650d33..4c7f3d2 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -21,7 +21,8 @@
if( strcmp( pwd, "NULL" ) == 0 )
pwd = NULL;
- res = mbedtls_pk_parse_keyfile( &ctx, key_file, pwd );
+ res = mbedtls_pk_parse_keyfile( &ctx, key_file, pwd,
+ mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( res == result );
@@ -96,7 +97,8 @@
mbedtls_pk_init( &ctx );
- res = mbedtls_pk_parse_keyfile( &ctx, key_file, password );
+ res = mbedtls_pk_parse_keyfile( &ctx, key_file, password,
+ mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( res == result );
@@ -120,7 +122,8 @@
mbedtls_pk_init( &pk );
- TEST_ASSERT( mbedtls_pk_parse_key( &pk, buf->x, buf->len, NULL, 0 ) == result );
+ TEST_ASSERT( mbedtls_pk_parse_key( &pk, buf->x, buf->len, NULL, 0,
+ mbedtls_test_rnd_std_rand, NULL ) == result );
exit:
mbedtls_pk_free( &pk );
diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
index 2bad4ed..d1e029a 100644
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@@ -63,7 +63,8 @@
memset( check_buf, 0, sizeof( check_buf ) );
mbedtls_pk_init( &key );
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
+ TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
+ mbedtls_test_rnd_std_rand, NULL ) == 0 );
ret = mbedtls_pk_write_key_pem( &key, buf, sizeof( buf ));
TEST_ASSERT( ret == 0 );
diff --git a/tests/suites/test_suite_poly1305.data b/tests/suites/test_suite_poly1305.data
index 13912e9..eb9712c 100644
--- a/tests/suites/test_suite_poly1305.data
+++ b/tests/suites/test_suite_poly1305.data
@@ -34,9 +34,6 @@
Poly1305 RFC 7539 Test Vector #11
mbedtls_poly1305:"0100000000000000040000000000000000000000000000000000000000000000":"13000000000000000000000000000000":"e33594d7505e43b900000000000000003394d7505e4379cd010000000000000000000000000000000000000000000000"
-Poly1305 Parameter validation
-poly1305_bad_params:
-
Poly1305 Selftest
depends_on:MBEDTLS_SELF_TEST
poly1305_selftest:
diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function
index 4b8995b..59e9277 100644
--- a/tests/suites/test_suite_poly1305.function
+++ b/tests/suites/test_suite_poly1305.function
@@ -79,45 +79,6 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void poly1305_bad_params()
-{
- unsigned char src[1];
- unsigned char key[32];
- unsigned char mac[16];
- size_t src_len = sizeof( src );
- mbedtls_poly1305_context ctx;
-
- TEST_INVALID_PARAM( mbedtls_poly1305_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_poly1305_free( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_starts( NULL, key ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_starts( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_update( NULL, src, 0 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_update( &ctx, NULL, src_len ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_finish( NULL, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_finish( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_mac( NULL, src, 0, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_mac( key, NULL, src_len, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_mac( key, src, 0, NULL ) );
-
-exit:
- return;
-}
-/* END_CASE */
-
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void poly1305_selftest()
{
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 4d9c7b6..1a8bbd6 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -1000,14 +1000,6 @@
depends_on:PSA_WANT_ALG_SHA_512
hash_setup:PSA_ALG_SHA_512:PSA_SUCCESS
-PSA hash setup: good, MD2
-depends_on:PSA_WANT_ALG_MD2
-hash_setup:PSA_ALG_MD2:PSA_SUCCESS
-
-PSA hash setup: good, MD4
-depends_on:PSA_WANT_ALG_MD4
-hash_setup:PSA_ALG_MD4:PSA_SUCCESS
-
PSA hash setup: good, MD5
depends_on:PSA_WANT_ALG_MD5
hash_setup:PSA_ALG_MD5:PSA_SUCCESS
@@ -1109,14 +1101,6 @@
depends_on:PSA_WANT_ALG_SHA_512
hash_compute_compare:PSA_ALG_SHA_512:"de4c90":"33ce98281045a5c4c9df0363d8196f1d7dfcd5ee46ac89776fd8a4344c12f123a66788af5bd41ceff1941aa5637654b4064c88c14e00465ab79a2fc6c97e1014"
-PSA hash compute: good, MD2
-depends_on:PSA_WANT_ALG_MD2
-hash_compute_compare:PSA_ALG_MD2:"616263":"da853b0d3f88d99b30283a69e6ded6bb"
-
-PSA hash compute: good, MD4
-depends_on:PSA_WANT_ALG_MD4
-hash_compute_compare:PSA_ALG_MD4:"616263":"a448017aaf21d8525fc10ae87aa6729d"
-
PSA hash compute: good, MD5
depends_on:PSA_WANT_ALG_MD5
hash_compute_compare:PSA_ALG_MD5:"616263":"900150983cd24fb0d6963f7d28e17f72"
@@ -1147,8 +1131,8 @@
mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(0):PSA_ERROR_NOT_SUPPORTED
PSA MAC setup: bad algorithm (unsupported HMAC hash algorithm)
-depends_on:!PSA_WANT_ALG_MD2
-mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(PSA_ALG_MD2):PSA_ERROR_NOT_SUPPORTED
+depends_on:!PSA_WANT_ALG_MD5
+mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(PSA_ALG_MD5):PSA_ERROR_NOT_SUPPORTED
PSA MAC setup: bad algorithm (not a MAC algorithm)
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
@@ -1410,10 +1394,10 @@
# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here
cipher_setup:PSA_KEY_TYPE_RAW_DATA:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CTR:PSA_ERROR_NOT_SUPPORTED
-PSA cipher setup: incompatible key ARC4 for CTR
+PSA cipher setup: incompatible key ChaCha20 for CTR
depends_on:MBEDTLS_ARC4_C:MBEDTLS_CIPHER_MODE_CTR
# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here
-cipher_setup:PSA_KEY_TYPE_ARC4:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CTR:PSA_ERROR_NOT_SUPPORTED
+cipher_setup:PSA_KEY_TYPE_CHACHA20:"000102030405060708090a0b0c0d0e0f10111213141516171819202122232425":PSA_ALG_CTR:PSA_ERROR_NOT_SUPPORTED
PSA cipher: bad order function calls
cipher_bad_order:
@@ -2206,6 +2190,14 @@
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":127:PSA_ERROR_BUFFER_TOO_SMALL
+PSA sign hash: RSA PSS SHA-256, wrong hash length (0 bytes)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":127:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign hash: RSA PSS SHA-256, wrong hash length (129 bytes)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":127:PSA_ERROR_INVALID_ARGUMENT
+
PSA sign hash: deterministic ECDSA SECP256R1 SHA-256, output buffer too small
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_ERROR_BUFFER_TOO_SMALL
@@ -2246,18 +2238,10 @@
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
-PSA sign/verify hash: RSA PSS SHA-256, 0 bytes
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):""
-
PSA sign/verify hash: RSA PSS SHA-256, 32 bytes (hash size)
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
-PSA sign/verify hash: RSA PSS SHA-256, 129 bytes
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
-
PSA sign/verify hash: randomized ECDSA SECP256R1 SHA-256
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
@@ -2314,17 +2298,17 @@
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"21a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE
-PSA verify hash: RSA PSS SHA-256, good signature, 0 bytes
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"34c011b625c32d992f4ab8fcfa52b616ea66270b5b75a4fc71af712f9b8806bcdd374ce50eafcbb489562b93347885f93c2de1d404c45cacccefceb112ff6ffdfe4264f91d66320bbbe09304b851b8ad6280bbccc571eebcd49c7db5dfa399a6289e1978407904598751613d9870770cdd8507e3dc7b46851dbf05ae1df2988d"
-
PSA verify hash: RSA PSS SHA-256, good signature, 32 bytes (hash size)
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"1967ae568cc071dfebeeca76b11d40bd1ec5af241c50b3dcceff21f4536c0693a7179a8d5d163a7625fefd37c161127800edeebc24fa73ca772096827bd3f75e8ccf2c64f07b7171b5c99022a4d73b760f34a385ccff0bd5ed7997d2a29d2847acb0767f93a2a404bc046c97de66d95dc9f7646fdb216b627b2ea0de8afcefb7"
-PSA verify hash: RSA PSS SHA-256, good signature, 129 bytes
+PSA verify hash: RSA PSS SHA-256, wrong hash length (0 bytes)
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"1491cead330b4ad5b092f8351518141ac11d0888591572669c1e79d6e932c488acd62d44479b0e14cd91a048778bc02398a772ad6bdb4f7764780cf0afe70293d0cac86f2695a1dcb54568bb37d7086f9e86f95a6802d2ee5a4facaa762beff5261bb2816b62cb5af86404974c3f6b67985ac1fbfdf46d6de54f6e29d9274308"
+verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"34c011b625c32d992f4ab8fcfa52b616ea66270b5b75a4fc71af712f9b8806bcdd374ce50eafcbb489562b93347885f93c2de1d404c45cacccefceb112ff6ffdfe4264f91d66320bbbe09304b851b8ad6280bbccc571eebcd49c7db5dfa399a6289e1978407904598751613d9870770cdd8507e3dc7b46851dbf05ae1df2988d":PSA_ERROR_INVALID_ARGUMENT
+
+PSA verify hash: RSA PSS SHA-256, wrong hash length (129 bytes)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"1491cead330b4ad5b092f8351518141ac11d0888591572669c1e79d6e932c488acd62d44479b0e14cd91a048778bc02398a772ad6bdb4f7764780cf0afe70293d0cac86f2695a1dcb54568bb37d7086f9e86f95a6802d2ee5a4facaa762beff5261bb2816b62cb5af86404974c3f6b67985ac1fbfdf46d6de54f6e29d9274308":PSA_ERROR_INVALID_ARGUMENT
PSA verify hash: ECDSA SECP256R1, good
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
@@ -2777,6 +2761,22 @@
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+PSA key derivation: HKDF-SHA-256, good case, omitted salt
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+
+PSA key derivation: HKDF-SHA-256, good case, info first
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+
+PSA key derivation: HKDF-SHA-256, good case, info after salt
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+
+PSA key derivation: HKDF-SHA-256, good case, omitted salt, info first
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+
PSA key derivation: HKDF-SHA-256, good case, key output
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS
@@ -2811,6 +2811,10 @@
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED
+PSA key derivation: HKDF-SHA-256, missing secret, key output
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED
+
PSA key derivation: HKDF-SHA-256, RAW_DATA key as salt
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_RAW_DATA:"412073616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS
@@ -2833,14 +2837,94 @@
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_DERIVE:"4120696e666f":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+PSA key derivation: HKDF-SHA-256, salt after secret
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, missing secret
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, missing info
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, duplicate salt step
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, duplicate secret step (direct, direct)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, duplicate secret step (direct, key)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, duplicate secret step (key, direct)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0a0a0a0a":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, duplicate secret step (key, key)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0a0a0a0a":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, duplicate info step (non-consecutive)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, duplicate info step (consecutive)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, reject label step
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, reject seed step
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
PSA key derivation: TLS 1.2 PRF SHA-256, good case
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS
+PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, good case
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+
+PSA key derivation: TLS 1.2 PRF SHA-256, missing label
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
+derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, missing label
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: TLS 1.2 PRF SHA-256, missing label and secret
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
+derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, missing label and secret
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: TLS 1.2 PRF SHA-256, no inputs
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
+derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, no inputs
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
PSA key derivation: TLS 1.2 PRF SHA-256, key first
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, key first
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
PSA key derivation: TLS 1.2 PRF SHA-256, label first
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
@@ -2893,20 +2977,36 @@
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+PSA key derivation: ECDH on P256 with HKDF-SHA256, omitted salt
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+
+PSA key derivation: ECDH on P256 with HKDF-SHA256, info first
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+
PSA key derivation: ECDH on P256 with HKDF-SHA256, key output
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_SUCCESS
-PSA key derivation: HKDF invalid state (double generate + read past capacity)
+PSA key derivation: ECDH on P256 with HKDF-SHA256, salt after secret
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: ECDH on P256 with HKDF-SHA256, missing info
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation over capacity: HKDF
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-test_derive_invalid_key_derivation_state:PSA_ALG_HKDF(PSA_ALG_SHA_256)
+derive_over_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256)
-PSA key derivation: TLS 1.2 PRF invalid state (double generate + read past capacity)
+PSA key derivation over capacity: TLS 1.2 PRF
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
-test_derive_invalid_key_derivation_state:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)
+derive_over_capacity:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)
-PSA key derivation: invalid state (call read/get_capacity after init and abort)
-test_derive_invalid_key_derivation_tests:
+PSA key derivation: actions without setup
+derive_actions_without_setup:
PSA key derivation: HKDF SHA-256, RFC5869 #1, output 42+0
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 5b5531f..33e7c95 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -16,6 +16,9 @@
#include "test/psa_crypto_helpers.h"
#include "test/psa_exercise_key.h"
+/* If this comes up, it's a bug in the test code or in the test data. */
+#define UNUSED 0xdeadbeef
+
/** An invalid export length that will never be set by psa_export_key(). */
static const size_t INVALID_EXPORT_LENGTH = ~0U;
@@ -1984,7 +1987,21 @@
mbedtls_test_set_step( output_size );
ASSERT_ALLOC( actual_mac, output_size );
- /* Calculate the MAC. */
+ /* Calculate the MAC, one-shot case. */
+ TEST_EQUAL( psa_mac_compute( key, alg,
+ input->x, input->len,
+ actual_mac, output_size, &mac_length ),
+ expected_status );
+ if( expected_status == PSA_SUCCESS )
+ {
+ ASSERT_COMPARE( expected_mac->x, expected_mac->len,
+ actual_mac, mac_length );
+ }
+
+ if( output_size > 0 )
+ memset( actual_mac, 0, output_size );
+
+ /* Calculate the MAC, multi-part case. */
PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
@@ -2036,7 +2053,11 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
- /* Test the correct MAC. */
+ /* Verify correct MAC, one-shot case. */
+ PSA_ASSERT( psa_mac_verify( key, alg, input->x, input->len,
+ expected_mac->x, expected_mac->len ) );
+
+ /* Verify correct MAC, multi-part case. */
PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
@@ -2044,7 +2065,14 @@
expected_mac->x,
expected_mac->len ) );
- /* Test a MAC that's too short. */
+ /* Test a MAC that's too short, one-shot case. */
+ TEST_EQUAL( psa_mac_verify( key, alg,
+ input->x, input->len,
+ expected_mac->x,
+ expected_mac->len - 1 ),
+ PSA_ERROR_INVALID_SIGNATURE );
+
+ /* Test a MAC that's too short, multi-part case. */
PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
@@ -2053,9 +2081,15 @@
expected_mac->len - 1 ),
PSA_ERROR_INVALID_SIGNATURE );
- /* Test a MAC that's too long. */
+ /* Test a MAC that's too long, one-shot case. */
ASSERT_ALLOC( perturbed_mac, expected_mac->len + 1 );
memcpy( perturbed_mac, expected_mac->x, expected_mac->len );
+ TEST_EQUAL( psa_mac_verify( key, alg,
+ input->x, input->len,
+ perturbed_mac, expected_mac->len + 1 ),
+ PSA_ERROR_INVALID_SIGNATURE );
+
+ /* Test a MAC that's too long, multi-part case. */
PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
@@ -2069,6 +2103,12 @@
{
mbedtls_test_set_step( i );
perturbed_mac[i] ^= 1;
+
+ TEST_EQUAL( psa_mac_verify( key, alg,
+ input->x, input->len,
+ perturbed_mac, expected_mac->len ),
+ PSA_ERROR_INVALID_SIGNATURE );
+
PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
@@ -4027,7 +4067,12 @@
for( i = 0; i < ARRAY_LENGTH( steps ); i++ )
{
- if( key_types[i] != PSA_KEY_TYPE_NONE )
+ mbedtls_test_set_step( i );
+ if( steps[i] == 0 )
+ {
+ /* Skip this step */
+ }
+ else if( key_types[i] != PSA_KEY_TYPE_NONE )
{
psa_set_key_type( &attributes, key_types[i] );
PSA_ASSERT( psa_import_key( &attributes,
@@ -4086,7 +4131,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void test_derive_invalid_key_derivation_state( int alg_arg )
+void derive_over_capacity( int alg_arg )
{
psa_algorithm_t alg = alg_arg;
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
@@ -4137,7 +4182,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void test_derive_invalid_key_derivation_tests( )
+void derive_actions_without_setup( )
{
uint8_t output_buffer[16];
size_t buffer_size = 16;
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index e86309b..3a9eff9 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -1118,7 +1118,31 @@
ASSERT_ALLOC( actual_mac, mac_buffer_size );
mbedtls_test_driver_mac_hooks.forced_status = forced_status;
- /* Calculate the MAC. */
+ /*
+ * Calculate the MAC, one-shot case.
+ */
+ status = psa_mac_compute( key, alg,
+ input->x, input->len,
+ actual_mac, mac_buffer_size,
+ &mac_length );
+
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
+ if( forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED )
+ {
+ PSA_ASSERT( status );
+ }
+ else
+ TEST_EQUAL( forced_status, status );
+
+ if( mac_buffer_size > 0 )
+ memset( actual_mac, 0, mac_buffer_size );
+ mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init();
+ mbedtls_test_driver_mac_hooks.forced_status = forced_status;
+
+ /*
+ * Calculate the MAC, multipart case.
+ */
status = psa_mac_sign_setup( &operation, key, alg );
TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
@@ -1214,7 +1238,27 @@
mbedtls_test_driver_mac_hooks.forced_status = forced_status;
- /* Test the correct MAC. */
+ /*
+ * Verify the MAC, one-shot case.
+ */
+ status = psa_mac_verify( key, alg,
+ input->x, input->len,
+ expected_mac->x, expected_mac->len );
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
+ if( forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED )
+ {
+ PSA_ASSERT( status );
+ }
+ else
+ TEST_EQUAL( forced_status, status );
+
+ mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init();
+ mbedtls_test_driver_mac_hooks.forced_status = forced_status;
+
+ /*
+ * Verify the MAC, multi-part case.
+ */
status = psa_mac_verify_setup( &operation, key, alg );
TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
diff --git a/tests/suites/test_suite_psa_crypto_hash.data b/tests/suites/test_suite_psa_crypto_hash.data
index 67158d0..9f51339 100644
--- a/tests/suites/test_suite_psa_crypto_hash.data
+++ b/tests/suites/test_suite_psa_crypto_hash.data
@@ -158,62 +158,6 @@
depends_on:PSA_WANT_ALG_SHA_512
hash_finish:PSA_ALG_SHA_512:"990d1ae71a62d7bda9bfdaa1762a68d296eee72a4cd946f287a898fbabc002ea941fd8d4d991030b4d27a637cce501a834bb95eab1b7889a3e784c7968e67cbf552006b206b68f76d9191327524fcc251aeb56af483d10b4e0c6c5e599ee8c0fe4faeca8293844a8547c6a9a90d093f2526873a19ad4a5e776794c68c742fb834793d2dfcb7fea46c63af4b70fd11cb6e41834e72ee40edb067b292a794990c288d5007e73f349fb383af6a756b8301ad6e5e0aa8cd614399bb3a452376b1575afa6bdaeaafc286cb064bb91edef97c632b6c1113d107fa93a0905098a105043c2f05397f702514439a08a9e5ddc196100721d45c8fc17d2ed659376f8a00bd5cb9a0860e26d8a29d8d6aaf52de97e9346033d6db501a35dbbaf97c20b830cd2d18c2532f3a59cc497ee64c0e57d8d060e5069b28d86edf1adcf59144b221ce3ddaef134b3124fbc7dd000240eff0f5f5f41e83cd7f5bb37c9ae21953fe302b0f6e8b68fa91c6ab99265c64b2fd9cd4942be04321bb5d6d71932376c6f2f88e02422ba6a5e2cb765df93fd5dd0728c6abdaf03bce22e0678a544e2c3636f741b6f4447ee58a8fc656b43ef817932176adbfc2e04b2c812c273cd6cbfa4098f0be036a34221fa02643f5ee2e0b38135f2a18ecd2f16ebc45f8eb31b8ab967a1567ee016904188910861ca1fa205c7adaa194b286893ffe2f4fbe0384c2aef72a4522aeafd3ebc71f9db71eeeef86c48394a1c86d5b36c352cc33a0a2c800bc99e62fd65b3a2fd69e0b53996ec13d8ce483ce9319efd9a85acefabdb5342226febb83fd1daf4b24265f50c61c6de74077ef89b6fecf9f29a1f871af1e9f89b2d345cda7499bd45c42fa5d195a1e1a6ba84851889e730da3b2b916e96152ae0c92154b49719841db7e7cc707ba8a5d7b101eb4ac7b629bb327817910fff61580b59aab78182d1a2e33473d05b00b170b29e331870826cfe45af206aa7d0246bbd8566ca7cfb2d3c10bfa1db7dd48dd786036469ce7282093d78b5e1a5b0fc81a54c8ed4ceac1e5305305e78284ac276f5d7862727aff246e17addde50c670028d572cbfc0be2e4f8b2eb28fa68ad7b4c6c2a239c460441bfb5ea049f23b08563b4e47729a59e5986a61a6093dbd54f8c36ebe87edae01f251cb060ad1364ce677d7e8d5a4a4ca966a7241cc360bc2acb280e5f9e9c1b032ad6a180a35e0c5180b9d16d026c865b252098cc1d99ba7375ca31c7702c0d943d5e3dd2f6861fa55bd46d94b67ed3e52eccd8dd06d968e01897d6de97ed3058d91dd":"8e4bc6f8b8c60fe4d68c61d9b159c8693c3151c46749af58da228442d927f23359bd6ccd6c2ec8fa3f00a86cecbfa728e1ad60b821ed22fcd309ba91a4138bc9"
-PSA hash finish: MD2 Test vector RFC1319 #1
-depends_on:PSA_WANT_ALG_MD2
-hash_finish:PSA_ALG_MD2:"":"8350e5a3e24c153df2275c9f80692773"
-
-PSA hash finish: MD2 Test vector RFC1319 #2
-depends_on:PSA_WANT_ALG_MD2
-hash_finish:PSA_ALG_MD2:"61":"32ec01ec4a6dac72c0ab96fb34c0b5d1"
-
-PSA hash finish: MD2 Test vector RFC1319 #3
-depends_on:PSA_WANT_ALG_MD2
-hash_finish:PSA_ALG_MD2:"616263":"da853b0d3f88d99b30283a69e6ded6bb"
-
-PSA hash finish: MD2 Test vector RFC1319 #4
-depends_on:PSA_WANT_ALG_MD2
-hash_finish:PSA_ALG_MD2:"6d65737361676520646967657374":"ab4f496bfb2a530b219ff33031fe06b0"
-
-PSA hash finish: MD2 Test vector RFC1319 #5
-depends_on:PSA_WANT_ALG_MD2
-hash_finish:PSA_ALG_MD2:"6162636465666768696a6b6c6d6e6f707172737475767778797a":"4e8ddff3650292ab5a4108c3aa47940b"
-
-PSA hash finish: MD2 Test vector RFC1319 #6
-depends_on:PSA_WANT_ALG_MD2
-hash_finish:PSA_ALG_MD2:"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839":"da33def2a42df13975352846c30338cd"
-
-PSA hash finish: MD2 Test vector RFC1319 #7
-depends_on:PSA_WANT_ALG_MD2
-hash_finish:PSA_ALG_MD2:"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930":"d5976f79d83d3a0dc9806c3c66f3efd8"
-
-PSA hash finish: MD4 Test vector RFC1320 #1
-depends_on:PSA_WANT_ALG_MD4
-hash_finish:PSA_ALG_MD4:"":"31d6cfe0d16ae931b73c59d7e0c089c0"
-
-PSA hash finish: MD4 Test vector RFC1320 #2
-depends_on:PSA_WANT_ALG_MD4
-hash_finish:PSA_ALG_MD4:"61":"bde52cb31de33e46245e05fbdbd6fb24"
-
-PSA hash finish: MD4 Test vector RFC1320 #3
-depends_on:PSA_WANT_ALG_MD4
-hash_finish:PSA_ALG_MD4:"616263":"a448017aaf21d8525fc10ae87aa6729d"
-
-PSA hash finish: MD4 Test vector RFC1320 #4
-depends_on:PSA_WANT_ALG_MD4
-hash_finish:PSA_ALG_MD4:"6d65737361676520646967657374":"d9130a8164549fe818874806e1c7014b"
-
-PSA hash finish: MD4 Test vector RFC1320 #5
-depends_on:PSA_WANT_ALG_MD4
-hash_finish:PSA_ALG_MD4:"6162636465666768696a6b6c6d6e6f707172737475767778797a":"d79e1c308aa5bbcdeea8ed63df412da9"
-
-PSA hash finish: MD4 Test vector RFC1320 #6
-depends_on:PSA_WANT_ALG_MD4
-hash_finish:PSA_ALG_MD4:"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839":"043f8582f241db351ce627e153e7f0e4"
-
-PSA hash finish: MD4 Test vector RFC1320 #7
-depends_on:PSA_WANT_ALG_MD4
-hash_finish:PSA_ALG_MD4:"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930":"e33b4ddc9c38f2199c3e7b164fcc0536"
-
PSA hash finish: MD5 Test vector RFC1321 #1
depends_on:PSA_WANT_ALG_MD5
hash_finish:PSA_ALG_MD5:"":"d41d8cd98f00b204e9800998ecf8427e"
@@ -294,14 +238,6 @@
depends_on:PSA_WANT_ALG_SHA_512
hash_verify:PSA_ALG_SHA_512:"bd":"296e2267d74c278daaaa940d17b0cfb74a5083f8e069726d8c841cbe596e0431cb7741a5b50f71666cfd54bacb7b00aea891499cf4ef6a03c8a83fe37c3f7baf"
-PSA hash verify: MD2
-depends_on:PSA_WANT_ALG_MD2
-hash_verify:PSA_ALG_MD2:"bd":"8c9c17665d25b35fc413c41805c679cf"
-
-PSA hash verify: MD4
-depends_on:PSA_WANT_ALG_MD4
-hash_verify:PSA_ALG_MD4:"bd":"18c33f97297efe5f8a732258289fda25"
-
PSA hash verify: MD5
depends_on:PSA_WANT_ALG_MD5
hash_verify:PSA_ALG_MD5:"bd":"abae57cb562ecf295b4a37a76efe61fb"
@@ -470,62 +406,6 @@
depends_on:PSA_WANT_ALG_SHA_512
hash_multi_part:PSA_ALG_SHA_512:"990d1ae71a62d7bda9bfdaa1762a68d296eee72a4cd946f287a898fbabc002ea941fd8d4d991030b4d27a637cce501a834bb95eab1b7889a3e784c7968e67cbf552006b206b68f76d9191327524fcc251aeb56af483d10b4e0c6c5e599ee8c0fe4faeca8293844a8547c6a9a90d093f2526873a19ad4a5e776794c68c742fb834793d2dfcb7fea46c63af4b70fd11cb6e41834e72ee40edb067b292a794990c288d5007e73f349fb383af6a756b8301ad6e5e0aa8cd614399bb3a452376b1575afa6bdaeaafc286cb064bb91edef97c632b6c1113d107fa93a0905098a105043c2f05397f702514439a08a9e5ddc196100721d45c8fc17d2ed659376f8a00bd5cb9a0860e26d8a29d8d6aaf52de97e9346033d6db501a35dbbaf97c20b830cd2d18c2532f3a59cc497ee64c0e57d8d060e5069b28d86edf1adcf59144b221ce3ddaef134b3124fbc7dd000240eff0f5f5f41e83cd7f5bb37c9ae21953fe302b0f6e8b68fa91c6ab99265c64b2fd9cd4942be04321bb5d6d71932376c6f2f88e02422ba6a5e2cb765df93fd5dd0728c6abdaf03bce22e0678a544e2c3636f741b6f4447ee58a8fc656b43ef817932176adbfc2e04b2c812c273cd6cbfa4098f0be036a34221fa02643f5ee2e0b38135f2a18ecd2f16ebc45f8eb31b8ab967a1567ee016904188910861ca1fa205c7adaa194b286893ffe2f4fbe0384c2aef72a4522aeafd3ebc71f9db71eeeef86c48394a1c86d5b36c352cc33a0a2c800bc99e62fd65b3a2fd69e0b53996ec13d8ce483ce9319efd9a85acefabdb5342226febb83fd1daf4b24265f50c61c6de74077ef89b6fecf9f29a1f871af1e9f89b2d345cda7499bd45c42fa5d195a1e1a6ba84851889e730da3b2b916e96152ae0c92154b49719841db7e7cc707ba8a5d7b101eb4ac7b629bb327817910fff61580b59aab78182d1a2e33473d05b00b170b29e331870826cfe45af206aa7d0246bbd8566ca7cfb2d3c10bfa1db7dd48dd786036469ce7282093d78b5e1a5b0fc81a54c8ed4ceac1e5305305e78284ac276f5d7862727aff246e17addde50c670028d572cbfc0be2e4f8b2eb28fa68ad7b4c6c2a239c460441bfb5ea049f23b08563b4e47729a59e5986a61a6093dbd54f8c36ebe87edae01f251cb060ad1364ce677d7e8d5a4a4ca966a7241cc360bc2acb280e5f9e9c1b032ad6a180a35e0c5180b9d16d026c865b252098cc1d99ba7375ca31c7702c0d943d5e3dd2f6861fa55bd46d94b67ed3e52eccd8dd06d968e01897d6de97ed3058d91dd":"8e4bc6f8b8c60fe4d68c61d9b159c8693c3151c46749af58da228442d927f23359bd6ccd6c2ec8fa3f00a86cecbfa728e1ad60b821ed22fcd309ba91a4138bc9"
-PSA hash multi part: MD2 Test vector RFC1319 #1
-depends_on:PSA_WANT_ALG_MD2
-hash_multi_part:PSA_ALG_MD2:"":"8350e5a3e24c153df2275c9f80692773"
-
-PSA hash multi part: MD2 Test vector RFC1319 #2
-depends_on:PSA_WANT_ALG_MD2
-hash_multi_part:PSA_ALG_MD2:"61":"32ec01ec4a6dac72c0ab96fb34c0b5d1"
-
-PSA hash multi part: MD2 Test vector RFC1319 #3
-depends_on:PSA_WANT_ALG_MD2
-hash_multi_part:PSA_ALG_MD2:"616263":"da853b0d3f88d99b30283a69e6ded6bb"
-
-PSA hash multi part: MD2 Test vector RFC1319 #4
-depends_on:PSA_WANT_ALG_MD2
-hash_multi_part:PSA_ALG_MD2:"6d65737361676520646967657374":"ab4f496bfb2a530b219ff33031fe06b0"
-
-PSA hash multi part: MD2 Test vector RFC1319 #5
-depends_on:PSA_WANT_ALG_MD2
-hash_multi_part:PSA_ALG_MD2:"6162636465666768696a6b6c6d6e6f707172737475767778797a":"4e8ddff3650292ab5a4108c3aa47940b"
-
-PSA hash multi part: MD2 Test vector RFC1319 #6
-depends_on:PSA_WANT_ALG_MD2
-hash_multi_part:PSA_ALG_MD2:"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839":"da33def2a42df13975352846c30338cd"
-
-PSA hash multi part: MD2 Test vector RFC1319 #7
-depends_on:PSA_WANT_ALG_MD2
-hash_multi_part:PSA_ALG_MD2:"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930":"d5976f79d83d3a0dc9806c3c66f3efd8"
-
-PSA hash multi part: MD4 Test vector RFC1320 #1
-depends_on:PSA_WANT_ALG_MD4
-hash_multi_part:PSA_ALG_MD4:"":"31d6cfe0d16ae931b73c59d7e0c089c0"
-
-PSA hash multi part: MD4 Test vector RFC1320 #2
-depends_on:PSA_WANT_ALG_MD4
-hash_multi_part:PSA_ALG_MD4:"61":"bde52cb31de33e46245e05fbdbd6fb24"
-
-PSA hash multi part: MD4 Test vector RFC1320 #3
-depends_on:PSA_WANT_ALG_MD4
-hash_multi_part:PSA_ALG_MD4:"616263":"a448017aaf21d8525fc10ae87aa6729d"
-
-PSA hash multi part: MD4 Test vector RFC1320 #4
-depends_on:PSA_WANT_ALG_MD4
-hash_multi_part:PSA_ALG_MD4:"6d65737361676520646967657374":"d9130a8164549fe818874806e1c7014b"
-
-PSA hash multi part: MD4 Test vector RFC1320 #5
-depends_on:PSA_WANT_ALG_MD4
-hash_multi_part:PSA_ALG_MD4:"6162636465666768696a6b6c6d6e6f707172737475767778797a":"d79e1c308aa5bbcdeea8ed63df412da9"
-
-PSA hash multi part: MD4 Test vector RFC1320 #6
-depends_on:PSA_WANT_ALG_MD4
-hash_multi_part:PSA_ALG_MD4:"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839":"043f8582f241db351ce627e153e7f0e4"
-
-PSA hash multi part: MD4 Test vector RFC1320 #7
-depends_on:PSA_WANT_ALG_MD4
-hash_multi_part:PSA_ALG_MD4:"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930":"e33b4ddc9c38f2199c3e7b164fcc0536"
-
PSA hash multi part: MD5 Test vector RFC1321 #1
depends_on:PSA_WANT_ALG_MD5
hash_multi_part:PSA_ALG_MD5:"":"d41d8cd98f00b204e9800998ecf8427e"
diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function
index d612548..9f72b47 100644
--- a/tests/suites/test_suite_psa_crypto_init.function
+++ b/tests/suites/test_suite_psa_crypto_init.function
@@ -85,12 +85,6 @@
MBEDTLS_ENTROPY_MIN_PLATFORM,
MBEDTLS_ENTROPY_SOURCE_STRONG );
#endif
-#if defined(MBEDTLS_TIMING_C)
- if( custom_entropy_sources_mask & ENTROPY_SOURCE_TIMING )
- mbedtls_entropy_add_source( ctx, mbedtls_hardclock_poll, NULL,
- MBEDTLS_ENTROPY_MIN_HARDCLOCK,
- MBEDTLS_ENTROPY_SOURCE_WEAK );
-#endif
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
if( custom_entropy_sources_mask & ENTROPY_SOURCE_HARDWARE )
mbedtls_entropy_add_source( ctx, mbedtls_hardware_poll, NULL,
diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index 4e2f4d5..a3668fc 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -1,11 +1,3 @@
-Hash: MD2
-depends_on:PSA_WANT_ALG_MD2
-hash_algorithm:PSA_ALG_MD2:16
-
-Hash: MD4
-depends_on:PSA_WANT_ALG_MD4
-hash_algorithm:PSA_ALG_MD4:16
-
Hash: MD5
depends_on:PSA_WANT_ALG_MD5
hash_algorithm:PSA_ALG_MD5:16
@@ -34,14 +26,6 @@
depends_on:PSA_WANT_ALG_SHA_512
hash_algorithm:PSA_ALG_SHA_512:64
-MAC: HMAC-MD2
-depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD2
-hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD2 ):16:64
-
-MAC: HMAC-MD4
-depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD4
-hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD4 ):16:64
-
MAC: HMAC-MD5
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD5
hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD5 ):16:64
@@ -294,6 +278,9 @@
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384
key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_384 ) ):ALG_IS_ECDH:PSA_ALG_ECDH:PSA_ALG_HKDF( PSA_ALG_SHA_384 )
+PAKE: J-PAKE
+pake_algorithm:PSA_ALG_JPAKE
+
Key type: raw data
key_type:PSA_KEY_TYPE_RAW_DATA:KEY_TYPE_IS_UNSTRUCTURED
@@ -316,10 +303,6 @@
depends_on:PSA_WANT_KEY_TYPE_CAMELLIA
block_cipher_key_type:PSA_KEY_TYPE_CAMELLIA:16
-Stream cipher key type: ARC4
-depends_on:PSA_WANT_KEY_TYPE_ARC4
-stream_cipher_key_type:PSA_KEY_TYPE_ARC4
-
Stream cipher key type: ChaCha20
depends_on:PSA_WANT_KEY_TYPE_CHACHA20
stream_cipher_key_type:PSA_KEY_TYPE_CHACHA20
@@ -361,3 +344,39 @@
DH group family: RFC 7919
dh_key_family:PSA_DH_FAMILY_RFC7919
+
+Lifetime: VOLATILE
+lifetime:PSA_KEY_LIFETIME_VOLATILE:KEY_LIFETIME_IS_VOLATILE:PSA_KEY_PERSISTENCE_VOLATILE:PSA_KEY_LOCATION_LOCAL_STORAGE
+
+Lifetime: PERSISTENT
+lifetime:PSA_KEY_LIFETIME_PERSISTENT:0:PSA_KEY_PERSISTENCE_DEFAULT:PSA_KEY_LOCATION_LOCAL_STORAGE
+
+Lifetime: volatile, local storage
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_VOLATILE, PSA_KEY_LOCATION_LOCAL_STORAGE):KEY_LIFETIME_IS_VOLATILE:PSA_KEY_PERSISTENCE_VOLATILE:PSA_KEY_LOCATION_LOCAL_STORAGE
+
+Lifetime: default, local storage
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, PSA_KEY_LOCATION_LOCAL_STORAGE):0:PSA_KEY_PERSISTENCE_DEFAULT:PSA_KEY_LOCATION_LOCAL_STORAGE
+
+Lifetime: 2, local storage
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, PSA_KEY_LOCATION_LOCAL_STORAGE):0:2:PSA_KEY_LOCATION_LOCAL_STORAGE
+
+Lifetime: 254, local storage
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(254, PSA_KEY_LOCATION_LOCAL_STORAGE):0:254:PSA_KEY_LOCATION_LOCAL_STORAGE
+
+Lifetime: read-only, local storage
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_READ_ONLY, PSA_KEY_LOCATION_LOCAL_STORAGE):KEY_LIFETIME_IS_READ_ONLY:PSA_KEY_PERSISTENCE_READ_ONLY:PSA_KEY_LOCATION_LOCAL_STORAGE
+
+Lifetime: volatile, 0x123456
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_VOLATILE, 0x123456):KEY_LIFETIME_IS_VOLATILE:PSA_KEY_PERSISTENCE_VOLATILE:0x123456
+
+Lifetime: default, 0x123456
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, 0x123456):0:PSA_KEY_PERSISTENCE_DEFAULT:0x123456
+
+Lifetime: 2, 0x123456
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, 0x123456):0:2:0x123456
+
+Lifetime: 254, 0x123456
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(254, 0x123456):0:254:0x123456
+
+Lifetime: read-only, 0x123456
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_READ_ONLY, 0x123456):KEY_LIFETIME_IS_READ_ONLY:PSA_KEY_PERSISTENCE_READ_ONLY:0x123456
diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function
index 8134f44..4790be6 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@@ -55,8 +55,21 @@
#define KEY_TYPE_IS_ECC ( 1u << 6 )
#define KEY_TYPE_IS_DH ( 1u << 7 )
-#define TEST_CLASSIFICATION_MACRO( flag, alg, flags ) \
- TEST_ASSERT( PSA_##flag( alg ) == !! ( ( flags ) & flag ) )
+/* Flags for lifetime classification macros. There is a flag for every
+ * lifetime classification macro PSA_KEY_LIFETIME_IS_xxx. The name of the
+ * flag is the name of the classification macro without the PSA_ prefix. */
+#define KEY_LIFETIME_IS_VOLATILE ( 1u << 0 )
+#define KEY_LIFETIME_IS_READ_ONLY ( 1u << 1 )
+
+#define TEST_CLASSIFICATION_MACRO( flag, alg, flags ) \
+ do \
+ { \
+ if( ( flags ) & ( flag ) ) \
+ TEST_ASSERT( PSA_##flag( alg ) ); \
+ else \
+ TEST_ASSERT( ! PSA_##flag( alg ) ); \
+ } \
+ while( 0 )
/* Check the parity of value.
*
@@ -156,6 +169,7 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
/* Length */
@@ -181,6 +195,7 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
/* Tag length */
@@ -220,6 +235,7 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, 0 );
/* Dependent algorithms */
@@ -362,6 +378,7 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
}
/* END_CASE */
@@ -462,6 +479,7 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
}
/* END_CASE */
@@ -491,6 +509,7 @@
TEST_ASSERT( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
}
/* END_CASE */
@@ -511,6 +530,7 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
/* Check combinations with key agreements */
@@ -540,6 +560,7 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
/* Shared secret derivation properties */
@@ -549,6 +570,24 @@
/* END_CASE */
/* BEGIN_CASE */
+void pake_algorithm( int alg_arg )
+{
+ psa_algorithm_t alg = alg_arg;
+
+ /* Algorithm classification */
+ TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( PSA_ALG_IS_PAKE( alg ) );
+}
+
+/* END_CASE */
+/* BEGIN_CASE */
void key_type( int type_arg, int classification_flags )
{
psa_key_type_t type = type_arg;
@@ -639,3 +678,20 @@
TEST_EQUAL( PSA_KEY_TYPE_DH_GET_FAMILY( pair_type ), group );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void lifetime( int lifetime_arg, int classification_flags,
+ int persistence_arg, int location_arg )
+{
+ psa_key_lifetime_t lifetime = lifetime_arg;
+ psa_key_persistence_t persistence = persistence_arg;
+ psa_key_location_t location = location_arg;
+ unsigned flags = classification_flags;
+
+ TEST_CLASSIFICATION_MACRO( KEY_LIFETIME_IS_VOLATILE, lifetime, flags );
+ TEST_CLASSIFICATION_MACRO( KEY_LIFETIME_IS_READ_ONLY, lifetime, flags );
+
+ TEST_EQUAL( PSA_KEY_LIFETIME_GET_PERSISTENCE( lifetime ), persistence );
+ TEST_EQUAL( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ), location );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data
index dad1205..b250634 100644
--- a/tests/suites/test_suite_psa_crypto_persistent_key.data
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.data
@@ -119,3 +119,12 @@
import/export-persistent symmetric key with restart: 16 bytes
depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C
import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:1:0
+
+Destroy invalid id: 0
+destroy_nonexistent:0:PSA_SUCCESS
+
+Destroy non-existent key
+destroy_nonexistent:1:PSA_ERROR_INVALID_HANDLE
+
+Destroy invalid id: 0xffffffff
+destroy_nonexistent:0xffffffff:PSA_ERROR_INVALID_HANDLE
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function
index 9759077..bd9b9c9 100644
--- a/tests/suites/test_suite_psa_crypto_persistent_key.function
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.function
@@ -323,3 +323,18 @@
psa_destroy_persistent_key( key_id );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void destroy_nonexistent( int id_arg, int expected_status_arg )
+{
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg );
+ psa_status_t expected_status = expected_status_arg;
+
+ PSA_INIT( );
+
+ TEST_EQUAL( expected_status, psa_destroy_key( id ) );
+
+exit:
+ PSA_DONE( );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data
index 0fedd14..68b196d 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.data
+++ b/tests/suites/test_suite_psa_crypto_slot_management.data
@@ -78,6 +78,27 @@
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:137:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_SHUTDOWN
+Persistent slot, check after closing, persistence=2
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, PSA_KEY_LOCATION_LOCAL_STORAGE):124:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING
+
+Persistent slot, check after closing and restarting, persistence=2
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, PSA_KEY_LOCATION_LOCAL_STORAGE):125:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING_WITH_SHUTDOWN
+
+Persistent slot, check after destroying, persistence=2
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, PSA_KEY_LOCATION_LOCAL_STORAGE):126:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING
+
+Persistent slot, check after destroying and restarting, persistence=2
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, PSA_KEY_LOCATION_LOCAL_STORAGE):127:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN
+
+Persistent slot, check after purging, persistence=2
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, PSA_KEY_LOCATION_LOCAL_STORAGE):200:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_PURGING
+
+Persistent slot, check after purging and restarting, persistence=2
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, PSA_KEY_LOCATION_LOCAL_STORAGE):201:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_PURGING_WITH_SHUTDOWN
+
+Persistent slot, check after restart with live handle, persistence=2
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, PSA_KEY_LOCATION_LOCAL_STORAGE):128:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_SHUTDOWN
+
Attempt to overwrite: close before
create_existent:PSA_KEY_LIFETIME_PERSISTENT:0x1736:1:CLOSE_BEFORE
@@ -107,13 +128,17 @@
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
open_fail:1:PSA_ERROR_DOES_NOT_EXIST
-Create failure: invalid lifetime for a persistent key
+Create failure: read-only key
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-create_fail:0x7fffffff:1:PSA_ERROR_INVALID_ARGUMENT
+create_fail:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_READ_ONLY, PSA_KEY_LOCATION_LOCAL_STORAGE):1:PSA_ERROR_INVALID_ARGUMENT
-Create failure: invalid lifetime for a volatile key
+Create failure: invalid location for a persistent key
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-create_fail:0x7fffff00:0:PSA_ERROR_INVALID_ARGUMENT
+create_fail:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, 0xbad10cU):1:PSA_ERROR_INVALID_ARGUMENT
+
+Create failure: invalid location for a volatile key
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+create_fail:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_VOLATILE, 0xbad10cU):0:PSA_ERROR_INVALID_ARGUMENT
Create failure: invalid key id (0) for a persistent key
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function
index 34d63a7..b90ef6e 100644
--- a/tests/suites/test_suite_psa_crypto_storage_format.function
+++ b/tests/suites/test_suite_psa_crypto_storage_format.function
@@ -8,6 +8,7 @@
#include <psa_crypto_its.h>
#define TEST_FLAG_EXERCISE 0x00000001
+#define TEST_FLAG_READ_ONLY 0x00000002
/** Write a key with the given attributes and key material to storage.
* Test that it has the expected representation.
@@ -115,10 +116,20 @@
psa_get_key_algorithm( expected_attributes ) ) );
}
- /* Destroy the key. Confirm through direct access to the storage. */
- PSA_ASSERT( psa_destroy_key( key_id ) );
- TEST_EQUAL( PSA_ERROR_DOES_NOT_EXIST,
- psa_its_get_info( uid, &storage_info ) );
+
+ if( flags & TEST_FLAG_READ_ONLY )
+ {
+ /* Read-only keys cannot be removed through the API.
+ * The key will be removed through ITS in the cleanup code below. */
+ TEST_EQUAL( PSA_ERROR_NOT_PERMITTED, psa_destroy_key( key_id ) );
+ }
+ else
+ {
+ /* Destroy the key. Confirm through direct access to the storage. */
+ PSA_ASSERT( psa_destroy_key( key_id ) );
+ TEST_EQUAL( PSA_ERROR_DOES_NOT_EXIST,
+ psa_its_get_info( uid, &storage_info ) );
+ }
ok = 1;
@@ -219,7 +230,6 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( key_id );
PSA_DONE( );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data
index cc5a047..49301aa 100644
--- a/tests/suites/test_suite_rsa.data
+++ b/tests/suites/test_suite_rsa.data
@@ -220,22 +220,6 @@
depends_on:MBEDTLS_SHA384_C:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"40dcc96822e5612eb33f1dca247a35109ba3845c7a3d556a60e656624bf1c103d94686ca7379e9e329ccd1b19b52bfd48b608df9f59a96a82d3feb0101096dbcb80e46da543b4c982ac6bb1717f24f9fe3f76b7154492b47525be1ddcaf4631d33481531be8f3e685837b40bdf4a02827d79f6a32374147174680f51c8e0d8eed9d5c445a563a7bce9ef4236e7cfdc12b2223ef457c3e8ccc6dd65cc23e977a1f03f5ef584feb9af00efc71a701f9d413b0290af17692cb821a1e863d5778e174b1130659f30583f434f09cb1212471a41dd65c102de64a194b6ae3e43cd75928049db78042c58e980aff3ea2774e42845bcf217410a118cf5deeaa64224dbc8":0
-RSA PKCS1 Sign #5 (MD2, 2048 bits RSA)
-depends_on:MBEDTLS_MD2_C:MBEDTLS_PKCS1_V15
-mbedtls_rsa_pkcs1_sign:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_MD2:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"6cbb0e4019d64dd5cd2d48fa43446e5cba1a7edbb79d91b199be75c7d3e7ae0820c44d3a120cd2910f73cbb315e15963a60ea7da3452015d9d6beb5ac998fddbd1fa3e5908abc9151f3ffb70365aaee6fb0cd440d3f5591868fc136fae38ac7bcdb3bde3c6a0362dd8b814f7edadd4a51b2edf2227a40d1e34c29f608add7746731425858eb93661c633b7a90942fca3cd594ab4ec170052d44105643518020782e76235def34d014135bad8daed590200482325c3416c3d66417e80d9f9c6322a54683638247b577445ecd0be2765ce96c4ee45213204026dfba24d5ee89e1ea75538ba39f7149a5ac0fc12d7c53cbc12481d4a8e2d410ec633d800ad4b4304":0
-
-RSA PKCS1 Sign #5 Verify
-depends_on:MBEDTLS_MD2_C:MBEDTLS_PKCS1_V15
-mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_MD2:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"6cbb0e4019d64dd5cd2d48fa43446e5cba1a7edbb79d91b199be75c7d3e7ae0820c44d3a120cd2910f73cbb315e15963a60ea7da3452015d9d6beb5ac998fddbd1fa3e5908abc9151f3ffb70365aaee6fb0cd440d3f5591868fc136fae38ac7bcdb3bde3c6a0362dd8b814f7edadd4a51b2edf2227a40d1e34c29f608add7746731425858eb93661c633b7a90942fca3cd594ab4ec170052d44105643518020782e76235def34d014135bad8daed590200482325c3416c3d66417e80d9f9c6322a54683638247b577445ecd0be2765ce96c4ee45213204026dfba24d5ee89e1ea75538ba39f7149a5ac0fc12d7c53cbc12481d4a8e2d410ec633d800ad4b4304":0
-
-RSA PKCS1 Sign #6 (MD4, 2048 bits RSA)
-depends_on:MBEDTLS_MD4_C:MBEDTLS_PKCS1_V15
-mbedtls_rsa_pkcs1_sign:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_MD4:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"b0e60dc4dfaf0f636a3a4414eae2d7bce7c3ce505a46e38f3f654d8769b31b7891ba18f89672fce204bbac6e3764355e65447c087994731cd44f086710e79e8c3ebc6e2cb61edc5d3e05848ab733d95efe2d0252a691e810c17fa57fd2dd296374c9ba17fea704685677f45d668a386c8ca433fbbb56d3bbfb43a489ed9518b1c9ab13ce497a1cec91467453bfe533145a31a095c2de541255141768ccc6fdff3fc790b5050f1122c93c3044a9346947e1b23e8125bf7edbf38c64a4286dfc1b829e983db3117959a2559a8ef97687ab673e231be213d88edc632637b58cdb2d69c51fbf6bf894cff319216718b1e696f75cd4366f53dc2e28b2a00017984207":0
-
-RSA PKCS1 Sign #6 Verify
-depends_on:MBEDTLS_MD4_C:MBEDTLS_PKCS1_V15
-mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_MD4:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"b0e60dc4dfaf0f636a3a4414eae2d7bce7c3ce505a46e38f3f654d8769b31b7891ba18f89672fce204bbac6e3764355e65447c087994731cd44f086710e79e8c3ebc6e2cb61edc5d3e05848ab733d95efe2d0252a691e810c17fa57fd2dd296374c9ba17fea704685677f45d668a386c8ca433fbbb56d3bbfb43a489ed9518b1c9ab13ce497a1cec91467453bfe533145a31a095c2de541255141768ccc6fdff3fc790b5050f1122c93c3044a9346947e1b23e8125bf7edbf38c64a4286dfc1b829e983db3117959a2559a8ef97687ab673e231be213d88edc632637b58cdb2d69c51fbf6bf894cff319216718b1e696f75cd4366f53dc2e28b2a00017984207":0
-
RSA PKCS1 Sign #7 (MD5, 2048 bits RSA)
depends_on:MBEDTLS_MD5_C:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_sign:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_MD5:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":0
@@ -389,12 +373,18 @@
RSA Private (Data larger than N)
mbedtls_rsa_private:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_PRIVATE_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+RSA Private (Data = 0 )
+mbedtls_rsa_private:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":0
+
RSA Public (Correct)
mbedtls_rsa_public:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f8700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"1f5e927c13ff231090b0f18c8c3526428ed0f4a7561457ee5afe4d22d5d9220c34ef5b9a34d0c07f7248a1f3d57f95d10f7936b3063e40660b3a7ca3e73608b013f85a6e778ac7c60d576e9d9c0c5a79ad84ceea74e4722eb3553bdb0c2d7783dac050520cb27ca73478b509873cb0dcbd1d51dd8fccb96c29ad314f36d67cc57835d92d94defa0399feb095fd41b9f0b2be10f6041079ed4290040449f8a79aba50b0a1f8cf83c9fb8772b0686ec1b29cb1814bb06f9c024857db54d395a8da9a2c6f9f53b94bec612a0cb306a3eaa9fc80992e85d9d232e37a50cabe48c9343f039601ff7d95d60025e582aec475d031888310e8ec3833b394a5cf0599101e":0
RSA Public (Data larger than N)
mbedtls_rsa_public:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_PUBLIC_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+RSA Public (Data = 0)
+mbedtls_rsa_public:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":0
+
RSA Generate Key - 128bit key
mbedtls_rsa_gen_key:128:3:0
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index efea5c1..f5f4aac 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -1,8 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/rsa.h"
#include "rsa_alt_helpers.h"
-#include "mbedtls/md2.h"
-#include "mbedtls/md4.h"
#include "mbedtls/md5.h"
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
@@ -17,349 +15,41 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE */
void rsa_invalid_param( )
{
mbedtls_rsa_context ctx;
- const int valid_padding = MBEDTLS_RSA_PKCS_V21;
const int invalid_padding = 42;
- unsigned char buf[42] = { 0 };
- size_t olen;
+ const int invalid_hash_id = 0xff;
- TEST_INVALID_PARAM( mbedtls_rsa_init( NULL, valid_padding, 0 ) );
- TEST_INVALID_PARAM( mbedtls_rsa_init( &ctx, invalid_padding, 0 ) );
- TEST_VALID_PARAM( mbedtls_rsa_free( NULL ) );
+ mbedtls_rsa_init( &ctx );
- /* No more variants because only the first argument must be non-NULL. */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_import( NULL, NULL, NULL,
- NULL, NULL, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_import_raw( NULL,
- NULL, 0,
- NULL, 0,
- NULL, 0,
- NULL, 0,
- NULL, 0 ) );
+ TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
+ invalid_padding,
+ MBEDTLS_MD_NONE ),
+ MBEDTLS_ERR_RSA_INVALID_PADDING );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_complete( NULL ) );
+ TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21,
+ invalid_hash_id ),
+ MBEDTLS_ERR_RSA_INVALID_PADDING );
- /* No more variants because only the first argument must be non-NULL. */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_export( NULL, NULL, NULL,
- NULL, NULL, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_export_raw( NULL,
- NULL, 0,
- NULL, 0,
- NULL, 0,
- NULL, 0,
- NULL, 0 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_export_crt( NULL, NULL, NULL, NULL ) );
+#if !defined(MBEDTLS_PKCS1_V15)
+ TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V15,
+ MBEDTLS_MD_NONE ),
+ MBEDTLS_ERR_RSA_INVALID_PADDING );
+#endif
- TEST_INVALID_PARAM( mbedtls_rsa_set_padding( NULL,
- valid_padding, 0 ) );
- TEST_INVALID_PARAM( mbedtls_rsa_set_padding( &ctx,
- invalid_padding, 0 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_gen_key( NULL,
- mbedtls_test_rnd_std_rand,
- NULL, 0, 0 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_gen_key( &ctx, NULL,
- NULL, 0, 0 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_check_pubkey( NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_check_privkey( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_check_pub_priv( NULL, &ctx ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_check_pub_priv( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_public( NULL, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_public( &ctx, NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_public( &ctx, buf, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_private( NULL, NULL, NULL,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_private( &ctx, NULL, NULL,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_private( &ctx, NULL, NULL,
- buf, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL,
- sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
- sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
- sizeof( buf ), buf,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL,
- NULL, sizeof( buf ),
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
- NULL, sizeof( buf ),
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
- NULL, sizeof( buf ),
- buf, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL,
- buf, sizeof( buf ),
- sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
- NULL, sizeof( buf ),
- sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
- buf, sizeof( buf ),
- sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
- buf, sizeof( buf ),
- sizeof( buf ), buf,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_decrypt( NULL, NULL, NULL,
- &olen,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
- NULL,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
- &olen,
- NULL, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
- &olen,
- buf, NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt( NULL, NULL,
- NULL, &olen,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
- NULL, NULL,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
- NULL, &olen,
- NULL, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
- NULL, &olen,
- buf, NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_decrypt( NULL, NULL, NULL,
- buf, sizeof( buf ),
- &olen,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
- NULL, sizeof( buf ),
- NULL,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
- buf, sizeof( buf ),
- &olen,
- NULL, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
- buf, sizeof( buf ),
- &olen,
- buf, NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
- 0, sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
- 0, sizeof( buf ), buf,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
- MBEDTLS_MD_SHA1,
- 0, NULL,
- buf ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
- 0, sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
- 0, sizeof( buf ), buf,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
- MBEDTLS_MD_SHA1,
- 0, NULL,
- buf ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
- 0, sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
- 0, sizeof( buf ), buf,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
- MBEDTLS_MD_SHA1,
- 0, NULL,
- buf ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign_ext( NULL, NULL, NULL,
- 0, sizeof( buf ), buf,
- MBEDTLS_RSA_SALT_LEN_ANY,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL,
- 0, sizeof( buf ), NULL,
- MBEDTLS_RSA_SALT_LEN_ANY,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL,
- 0, sizeof( buf ), buf,
- MBEDTLS_RSA_SALT_LEN_ANY,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL,
- MBEDTLS_MD_SHA1,
- 0, NULL,
- MBEDTLS_RSA_SALT_LEN_ANY,
- buf ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( NULL,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( &ctx,
- 0, sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( &ctx,
- 0, sizeof( buf ), buf,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( &ctx,
- MBEDTLS_MD_SHA1, 0, NULL,
- buf ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx,
- 0, sizeof( buf ),
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx,
- 0, sizeof( buf ), buf,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx,
- MBEDTLS_MD_SHA1,
- 0, NULL,
- buf ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify( NULL,
- 0, sizeof( buf ),
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify( &ctx,
- 0, sizeof( buf ),
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify( &ctx,
- 0, sizeof( buf ),
- buf, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify( &ctx,
- MBEDTLS_MD_SHA1,
- 0, NULL,
- buf ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify_ext( NULL,
- 0, sizeof( buf ),
- buf,
- 0, 0,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify_ext( &ctx,
- 0, sizeof( buf ),
- NULL, 0, 0,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify_ext( &ctx,
- 0, sizeof( buf ),
- buf, 0, 0,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify_ext( &ctx,
- MBEDTLS_MD_SHA1,
- 0, NULL,
- 0, 0,
- buf ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_copy( NULL, &ctx ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_copy( &ctx, NULL ) );
+#if !defined(MBEDTLS_PKCS1_V21)
+ TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21,
+ MBEDTLS_MD_NONE ),
+ MBEDTLS_ERR_RSA_INVALID_PADDING );
+#endif
exit:
- return;
+ mbedtls_rsa_free( &ctx );
}
/* END_CASE */
@@ -373,11 +63,11 @@
* unconditionally on an error path without checking whether it has
* already been called in the success path. */
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init( &ctx );
mbedtls_rsa_free( &ctx );
if( reinit )
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init( &ctx );
mbedtls_rsa_free( &ctx );
/* This test case always succeeds, functionally speaking. A plausible
@@ -394,6 +84,7 @@
data_t * result_str, int result )
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
unsigned char output[256];
mbedtls_rsa_context ctx;
mbedtls_mpi N, P, Q, E;
@@ -401,29 +92,31 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
memset( output, 0x00, sizeof( output ) );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
+ if( md_info != NULL )
+ TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 );
- if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
-
- TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
- &rnd_info, digest, 0, hash_result,
- output ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_sign(
+ &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info,
+ digest, mbedtls_md_get_size( md_info ), hash_result,
+ output ) == result );
if( result == 0 )
{
@@ -445,25 +138,26 @@
data_t * result_str, int result )
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
mbedtls_rsa_context ctx;
-
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
+ if( md_info != NULL )
+ TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 );
- if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
-
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, mbedtls_md_get_size( md_info ), hash_result, result_str->x ) == result );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
@@ -484,17 +178,19 @@
mbedtls_mpi N, P, Q, E;
mbedtls_test_rnd_pseudo_info rnd_info;
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
memset( output, 0x00, sizeof( output ) );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
@@ -531,11 +227,13 @@
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
@@ -565,11 +263,13 @@
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
@@ -606,11 +306,13 @@
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
@@ -651,16 +353,18 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
memset( output, 0x00, sizeof( output ) );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
@@ -699,18 +403,20 @@
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
- mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &ctx );
+ mbedtls_rsa_init( &ctx2 );
memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
+
+ /* Check test data consistency */
+ TEST_ASSERT( message_str->len == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
-
TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str->x, output ) == result );
if( result == 0 )
{
@@ -757,22 +463,24 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
- mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &ctx );
+ mbedtls_rsa_init( &ctx2 );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
+
+ /* Check test data consistency */
+ TEST_ASSERT( message_str->len == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
-
/* repeat three times to test updating of blinding values */
for( i = 0; i < 3; i++ )
{
@@ -834,15 +542,15 @@
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &ctx );
if( strlen( input_N ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
}
if( strlen( input_E ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
}
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
@@ -865,41 +573,41 @@
{
mbedtls_rsa_context ctx;
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &ctx );
ctx.len = mod / 8;
if( strlen( input_P ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx.P, radix_P, input_P ) == 0 );
}
if( strlen( input_Q ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx.Q, radix_Q, input_Q ) == 0 );
}
if( strlen( input_N ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx.N, radix_N, input_N ) == 0 );
}
if( strlen( input_E ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx.E, radix_E, input_E ) == 0 );
}
if( strlen( input_D ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx.D, radix_D, input_D ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx.D, radix_D, input_D ) == 0 );
}
#if !defined(MBEDTLS_RSA_NO_CRT)
if( strlen( input_DP ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DP, radix_DP, input_DP ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx.DP, radix_DP, input_DP ) == 0 );
}
if( strlen( input_DQ ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DQ, radix_DQ, input_DQ ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx.DQ, radix_DQ, input_DQ ) == 0 );
}
if( strlen( input_QP ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx.QP, radix_QP, input_QP ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx.QP, radix_QP, input_QP ) == 0 );
}
#else
((void) radix_DP); ((void) input_DP);
@@ -926,53 +634,53 @@
{
mbedtls_rsa_context pub, prv;
- mbedtls_rsa_init( &pub, MBEDTLS_RSA_PKCS_V15, 0 );
- mbedtls_rsa_init( &prv, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &pub );
+ mbedtls_rsa_init( &prv );
pub.len = mod / 8;
prv.len = mod / 8;
if( strlen( input_Npub ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &pub.N, radix_Npub, input_Npub ) == 0 );
}
if( strlen( input_Epub ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &pub.E, radix_Epub, input_Epub ) == 0 );
}
if( strlen( input_P ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &prv.P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &prv.P, radix_P, input_P ) == 0 );
}
if( strlen( input_Q ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &prv.Q, radix_Q, input_Q ) == 0 );
}
if( strlen( input_N ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &prv.N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &prv.N, radix_N, input_N ) == 0 );
}
if( strlen( input_E ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &prv.E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &prv.E, radix_E, input_E ) == 0 );
}
if( strlen( input_D ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &prv.D, radix_D, input_D ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &prv.D, radix_D, input_D ) == 0 );
}
#if !defined(MBEDTLS_RSA_NO_CRT)
if( strlen( input_DP ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &prv.DP, radix_DP, input_DP ) == 0 );
}
if( strlen( input_DQ ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &prv.DQ, radix_DQ, input_DQ ) == 0 );
}
if( strlen( input_QP ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &prv.QP, radix_QP, input_QP ) == 0 );
}
#else
((void) radix_DP); ((void) input_DP);
@@ -998,7 +706,7 @@
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
- mbedtls_rsa_init ( &ctx, 0, 0 );
+ mbedtls_rsa_init ( &ctx );
TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
@@ -1033,11 +741,11 @@
mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Qp, radix_P, output_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Pp, radix_Q, output_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Qp, radix_P, output_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Pp, radix_Q, output_Q ) == 0 );
if( corrupt )
TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 );
@@ -1074,10 +782,10 @@
mbedtls_mpi_init( &E );
mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp );
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Dp, radix_D, output_D ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Dp, radix_D, output_D ) == 0 );
if( corrupt )
{
@@ -1150,7 +858,7 @@
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init( &ctx );
mbedtls_mpi_init( &N );
mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
@@ -1160,19 +868,19 @@
(const unsigned char *) pers, strlen( pers ) ) == 0 );
if( have_N )
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
if( have_P )
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
if( have_Q )
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
if( have_D )
- TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 );
if( have_E )
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
if( !successive )
{
@@ -1291,7 +999,7 @@
mbedtls_rsa_context ctx;
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init( &ctx );
mbedtls_mpi_init( &N );
mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
@@ -1304,19 +1012,19 @@
/* Setup RSA context */
if( have_N )
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
if( have_P )
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
if( have_Q )
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
if( have_D )
- TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 );
if( have_E )
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx,
strlen( input_N ) ? &N : NULL,
@@ -1424,19 +1132,19 @@
strlen( pers ) ) == 0 );
if( have_N )
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
if( have_P )
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
if( have_Q )
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
if( have_D )
- TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 );
if( have_E )
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL,
have_P ? &P : NULL,
@@ -1471,7 +1179,7 @@
mbedtls_rsa_context ctx;
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init( &ctx );
/* Setup RSA context */
TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
@@ -1573,7 +1281,7 @@
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init( &ctx );
TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data
index 12eec84..3552346 100644
--- a/tests/suites/test_suite_shax.data
+++ b/tests/suites/test_suite_shax.data
@@ -1,9 +1,3 @@
-SHA-1 - Valid parameters
-sha1_valid_param:
-
-SHA-1 - Invalid parameters
-sha1_invalid_param:
-
# Test the operation of SHA-1 and SHA-2
SHA-1 Test Vector NIST CAVS #1
depends_on:MBEDTLS_SHA1_C
@@ -45,9 +39,6 @@
depends_on:MBEDTLS_SHA1_C
mbedtls_sha1:"8236153781bd2f1b81ffe0def1beb46f5a70191142926651503f1b3bb1016acdb9e7f7acced8dd168226f118ff664a01a8800116fd023587bfba52a2558393476f5fc69ce9c65001f23e70476d2cc81c97ea19caeb194e224339bcb23f77a83feac5096f9b3090c51a6ee6d204b735aa71d7e996d380b80822e4dfd43683af9c7442498cacbea64842dfda238cb099927c6efae07fdf7b23a4e4456e0152b24853fe0d5de4179974b2b9d4a1cdbefcbc01d8d311b5dda059136176ea698ab82acf20dd490be47130b1235cb48f8a6710473cfc923e222d94b582f9ae36d4ca2a32d141b8e8cc36638845fbc499bce17698c3fecae2572dbbd470552430d7ef30c238c2124478f1f780483839b4fb73d63a9460206824a5b6b65315b21e3c2f24c97ee7c0e78faad3df549c7ca8ef241876d9aafe9a309f6da352bec2caaa92ee8dca392899ba67dfed90aef33d41fc2494b765cb3e2422c8e595dabbfaca217757453fb322a13203f425f6073a9903e2dc5818ee1da737afc345f0057744e3a56e1681c949eb12273a3bfc20699e423b96e44bd1ff62e50a848a890809bfe1611c6787d3d741103308f849a790f9c015098286dbacfc34c1718b2c2b77e32194a75dda37954a320fa68764027852855a7e5b5274eb1e2cbcd27161d98b59ad245822015f48af82a45c0ed59be94f9af03d9736048570d6e3ef63b1770bc98dfb77de84b1bb1708d872b625d9ab9b06c18e5dbbf34399391f0f8aa26ec0dac7ff4cb8ec97b52bcb942fa6db2385dcd1b3b9d567aaeb425d567b0ebe267235651a1ed9bf78fd93d3c1dd077fe340bb04b00529c58f45124b717c168d07e9826e33376988bc5cf62845c2009980a4dfa69fbc7e5a0b1bb20a5958ca967aec68eb31dd8fccca9afcd30a26bab26279f1bf6724ff":"11863b483809ef88413ca9b0084ac4a5390640af"
-SHA-256 Valid parameters
-sha256_valid_param:
-
SHA-256 Invalid parameters
sha256_invalid_param:
@@ -110,9 +101,6 @@
SHA-512 Invalid parameters
sha512_invalid_param:
-SHA-512 Valid parameters
-sha512_valid_param:
-
SHA-384 Test Vector NIST CAVS #1
depends_on:MBEDTLS_SHA384_C
sha384:"":"38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b"
diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function
index 1d4cf71..95d45ba 100644
--- a/tests/suites/test_suite_shax.function
+++ b/tests/suites/test_suite_shax.function
@@ -5,53 +5,6 @@
/* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */
-void sha1_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_sha1_free( NULL ) );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void sha1_invalid_param( )
-{
- mbedtls_sha1_context ctx;
- unsigned char buf[64] = { 0 };
- size_t const buflen = sizeof( buf );
-
- TEST_INVALID_PARAM( mbedtls_sha1_init( NULL ) );
-
- TEST_INVALID_PARAM( mbedtls_sha1_clone( NULL, &ctx ) );
- TEST_INVALID_PARAM( mbedtls_sha1_clone( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_starts_ret( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_update_ret( NULL, buf, buflen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_update_ret( &ctx, NULL, buflen ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_finish_ret( NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_finish_ret( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_internal_sha1_process( NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_internal_sha1_process( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_ret( NULL, buflen, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_ret( buf, buflen, NULL ) );
-
-exit:
- return;
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */
void mbedtls_sha1( data_t * src_str, data_t * hash )
{
unsigned char output[41];
@@ -59,20 +12,13 @@
memset(output, 0x00, 41);
- TEST_ASSERT( mbedtls_sha1_ret( src_str->x, src_str->len, output ) == 0 );
+ TEST_ASSERT( mbedtls_sha1( src_str->x, src_str->len, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 20, hash->len ) == 0 );
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void sha256_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_sha256_free( NULL ) );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:NOT_DEFINED */
void sha256_invalid_param( )
{
mbedtls_sha256_context ctx;
@@ -81,39 +27,11 @@
int valid_type = 0;
int invalid_type = 42;
- TEST_INVALID_PARAM( mbedtls_sha256_init( NULL ) );
+ TEST_EQUAL( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_starts( &ctx, invalid_type ) );
- TEST_INVALID_PARAM( mbedtls_sha256_clone( NULL, &ctx ) );
- TEST_INVALID_PARAM( mbedtls_sha256_clone( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_starts_ret( NULL, valid_type ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_starts_ret( &ctx, invalid_type ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_update_ret( NULL, buf, buflen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_update_ret( &ctx, NULL, buflen ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_finish_ret( NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_finish_ret( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_internal_sha256_process( NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_internal_sha256_process( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_ret( NULL, buflen,
- buf, valid_type ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_ret( buf, buflen,
- NULL, valid_type ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_ret( buf, buflen,
+ TEST_EQUAL( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256( buf, buflen,
buf, invalid_type ) );
exit:
@@ -129,7 +47,7 @@
memset(output, 0x00, 57);
- TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 1 ) == 0 );
+ TEST_ASSERT( mbedtls_sha256( src_str->x, src_str->len, output, 1 ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 28, hash->len ) == 0 );
}
@@ -143,20 +61,13 @@
memset(output, 0x00, 65);
- TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 0 ) == 0 );
+ TEST_ASSERT( mbedtls_sha256( src_str->x, src_str->len, output, 0 ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 32, hash->len ) == 0 );
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
-void sha512_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_sha512_free( NULL ) );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:NOT_DEFINED */
void sha512_invalid_param( )
{
mbedtls_sha512_context ctx;
@@ -165,39 +76,11 @@
int valid_type = 0;
int invalid_type = 42;
- TEST_INVALID_PARAM( mbedtls_sha512_init( NULL ) );
+ TEST_EQUAL( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_starts( &ctx, invalid_type ) );
- TEST_INVALID_PARAM( mbedtls_sha512_clone( NULL, &ctx ) );
- TEST_INVALID_PARAM( mbedtls_sha512_clone( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_starts_ret( NULL, valid_type ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_starts_ret( &ctx, invalid_type ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_update_ret( NULL, buf, buflen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_update_ret( &ctx, NULL, buflen ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_finish_ret( NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_finish_ret( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_internal_sha512_process( NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_internal_sha512_process( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_ret( NULL, buflen,
- buf, valid_type ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_ret( buf, buflen,
- NULL, valid_type ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_ret( buf, buflen,
+ TEST_EQUAL( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512( buf, buflen,
buf, invalid_type ) );
exit:
@@ -213,7 +96,7 @@
memset(output, 0x00, 97);
- TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 1 ) == 0 );
+ TEST_ASSERT( mbedtls_sha512( src_str->x, src_str->len, output, 1 ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 48, hash->len ) == 0 );
}
@@ -227,7 +110,7 @@
memset(output, 0x00, 129);
- TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 0 ) == 0 );
+ TEST_ASSERT( mbedtls_sha512( src_str->x, src_str->len, output, 0 ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 64, hash->len ) == 0 );
}
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 141f672..e0a95ae 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -3550,326 +3550,6 @@
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
Record crypt, AES-128-GCM, 1.2
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -7278,326 +6958,6 @@
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
Record crypt, little space, AES-128-GCM, 1.2
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -9253,17 +8613,31 @@
# Vector from RFC 8448
ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
+SSL TLS 1.3 Key schedule: Early secrets derivation helper
+# Vector from RFC 8448
+ssl_tls1_3_derive_early_secrets:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62":"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df"
+
+SSL TLS 1.3 Key schedule: Handshake secrets derivation helper
+# Vector from RFC 8448
+ssl_tls1_3_derive_handshake_secrets:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
+
+SSL TLS 1.3 Key schedule: Application secrets derivation helper
+# Vector from RFC 8448
+ssl_tls1_3_derive_application_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
+
+SSL TLS 1.3 Key schedule: Resumption secrets derivation helper
+# Vector from RFC 8448
+ssl_tls1_3_derive_resumption_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
+
+SSL TLS 1.3 Key schedule: PSK binder
+# Vector from RFC 8448
+# For the resumption PSK, see Section 3, 'generate resumption secret "tls13 resumption"'
+# For all other data, see Section 4, 'construct a ClientHello handshake message:'
+ssl_tls1_3_create_psk_binder:MBEDTLS_MD_SHA256:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3":MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:"63224b2e4573f2d3454ca84b9d009a04f6be9e05711a8396473aefa01e924a14":"3add4fb2d8fdf822a0ca3cf7678ef5e88dae990141c5924d57bb6fa31b9e5f9d"
+
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
-SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.0 enabled
-depends_on:MBEDTLS_SSL_PROTO_TLS1
-ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":0
-
-SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.1 enabled
-depends_on:MBEDTLS_SSL_PROTO_TLS1_1
-ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":0
-
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384
depends_on:MBEDTLS_SHA384_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":0
@@ -9272,10 +8646,6 @@
depends_on:MBEDTLS_SHA256_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":0
-SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.X not enabled
-depends_on:!MBEDTLS_SSL_PROTO_TLS1:!MBEDTLS_SSL_PROTO_TLS1_1
-ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
-
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384 SHA-384 not enabled
depends_on:!MBEDTLS_SHA384_C
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 16a9d9e..d5123fa 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -800,7 +800,8 @@
ret = mbedtls_pk_parse_key( &( cert->pkey ),
(const unsigned char*) mbedtls_test_srv_key_rsa_der,
- mbedtls_test_srv_key_rsa_der_len, NULL, 0 );
+ mbedtls_test_srv_key_rsa_der_len, NULL, 0,
+ mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( ret == 0 );
}
else
@@ -812,7 +813,8 @@
ret = mbedtls_pk_parse_key( &( cert->pkey ),
(const unsigned char*) mbedtls_test_srv_key_ec_der,
- mbedtls_test_srv_key_ec_der_len, NULL, 0 );
+ mbedtls_test_srv_key_ec_der_len, NULL, 0,
+ mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( ret == 0 );
}
}
@@ -827,7 +829,8 @@
ret = mbedtls_pk_parse_key( &( cert->pkey ),
(const unsigned char *) mbedtls_test_cli_key_rsa_der,
- mbedtls_test_cli_key_rsa_der_len, NULL, 0 );
+ mbedtls_test_cli_key_rsa_der_len, NULL, 0,
+ mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( ret == 0 );
}
else
@@ -839,7 +842,8 @@
ret = mbedtls_pk_parse_key( &( cert->pkey ),
(const unsigned char *) mbedtls_test_cli_key_ec_der,
- mbedtls_test_cli_key_ec_der_len, NULL, 0 );
+ mbedtls_test_cli_key_ec_der_len, NULL, 0,
+ mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( ret == 0 );
}
}
@@ -1504,9 +1508,6 @@
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
session->mfl_code = 1;
#endif
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- session->trunc_hmac = 1;
-#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
session->encrypt_then_mac = 1;
#endif
@@ -3796,6 +3797,156 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+void ssl_tls1_3_derive_early_secrets( int hash_alg,
+ data_t *secret,
+ data_t *transcript,
+ data_t *traffic_expected,
+ data_t *exporter_expected )
+{
+ mbedtls_ssl_tls1_3_early_secrets secrets;
+
+ /* Double-check that we've passed sane parameters. */
+ mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+ TEST_ASSERT( md_info != 0 &&
+ secret->len == md_size &&
+ transcript->len == md_size &&
+ traffic_expected->len == md_size &&
+ exporter_expected->len == md_size );
+
+ TEST_ASSERT( mbedtls_ssl_tls1_3_derive_early_secrets(
+ md_type, secret->x, transcript->x, transcript->len,
+ &secrets ) == 0 );
+
+ ASSERT_COMPARE( secrets.client_early_traffic_secret, md_size,
+ traffic_expected->x, traffic_expected->len );
+ ASSERT_COMPARE( secrets.early_exporter_master_secret, md_size,
+ exporter_expected->x, exporter_expected->len );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+void ssl_tls1_3_derive_handshake_secrets( int hash_alg,
+ data_t *secret,
+ data_t *transcript,
+ data_t *client_expected,
+ data_t *server_expected )
+{
+ mbedtls_ssl_tls1_3_handshake_secrets secrets;
+
+ /* Double-check that we've passed sane parameters. */
+ mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+ TEST_ASSERT( md_info != 0 &&
+ secret->len == md_size &&
+ transcript->len == md_size &&
+ client_expected->len == md_size &&
+ server_expected->len == md_size );
+
+ TEST_ASSERT( mbedtls_ssl_tls1_3_derive_handshake_secrets(
+ md_type, secret->x, transcript->x, transcript->len,
+ &secrets ) == 0 );
+
+ ASSERT_COMPARE( secrets.client_handshake_traffic_secret, md_size,
+ client_expected->x, client_expected->len );
+ ASSERT_COMPARE( secrets.server_handshake_traffic_secret, md_size,
+ server_expected->x, server_expected->len );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+void ssl_tls1_3_derive_application_secrets( int hash_alg,
+ data_t *secret,
+ data_t *transcript,
+ data_t *client_expected,
+ data_t *server_expected,
+ data_t *exporter_expected )
+{
+ mbedtls_ssl_tls1_3_application_secrets secrets;
+
+ /* Double-check that we've passed sane parameters. */
+ mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+ TEST_ASSERT( md_info != 0 &&
+ secret->len == md_size &&
+ transcript->len == md_size &&
+ client_expected->len == md_size &&
+ server_expected->len == md_size &&
+ exporter_expected->len == md_size );
+
+ TEST_ASSERT( mbedtls_ssl_tls1_3_derive_application_secrets(
+ md_type, secret->x, transcript->x, transcript->len,
+ &secrets ) == 0 );
+
+ ASSERT_COMPARE( secrets.client_application_traffic_secret_N, md_size,
+ client_expected->x, client_expected->len );
+ ASSERT_COMPARE( secrets.server_application_traffic_secret_N, md_size,
+ server_expected->x, server_expected->len );
+ ASSERT_COMPARE( secrets.exporter_master_secret, md_size,
+ exporter_expected->x, exporter_expected->len );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+void ssl_tls1_3_derive_resumption_secrets( int hash_alg,
+ data_t *secret,
+ data_t *transcript,
+ data_t *resumption_expected )
+{
+ mbedtls_ssl_tls1_3_application_secrets secrets;
+
+ /* Double-check that we've passed sane parameters. */
+ mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+ TEST_ASSERT( md_info != 0 &&
+ secret->len == md_size &&
+ transcript->len == md_size &&
+ resumption_expected->len == md_size );
+
+ TEST_ASSERT( mbedtls_ssl_tls1_3_derive_resumption_master_secret(
+ md_type, secret->x, transcript->x, transcript->len,
+ &secrets ) == 0 );
+
+ ASSERT_COMPARE( secrets.resumption_master_secret, md_size,
+ resumption_expected->x, resumption_expected->len );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+void ssl_tls1_3_create_psk_binder( int hash_alg,
+ data_t *psk,
+ int psk_type,
+ data_t *transcript,
+ data_t *binder_expected )
+{
+ unsigned char binder[ MBEDTLS_MD_MAX_SIZE ];
+
+ /* Double-check that we've passed sane parameters. */
+ mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+ TEST_ASSERT( md_info != 0 &&
+ transcript->len == md_size &&
+ binder_expected->len == md_size );
+
+ TEST_ASSERT( mbedtls_ssl_tls1_3_create_psk_binder(
+ NULL, /* SSL context for debugging only */
+ md_type,
+ psk->x, psk->len,
+ psk_type,
+ transcript->x,
+ binder ) == 0 );
+
+ ASSERT_COMPARE( binder, md_size,
+ binder_expected->x, binder_expected->len );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_key_evolution( int hash_alg,
data_t *secret,
data_t *input,
@@ -3928,10 +4079,6 @@
TEST_ASSERT( original.mfl_code == restored.mfl_code );
#endif
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- TEST_ASSERT( original.trunc_hmac == restored.trunc_hmac );
-#endif
-
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
#endif
diff --git a/tests/suites/test_suite_timing.data b/tests/suites/test_suite_timing.data
index 2522da1..de89239 100644
--- a/tests/suites/test_suite_timing.data
+++ b/tests/suites/test_suite_timing.data
@@ -1,15 +1,6 @@
-Timing: hardclock
-timing_hardclock:
-
Timing: get timer
timing_get_timer:
-Timing: set alarm with no delay
-timing_set_alarm:0:
-
-Timing: set alarm with 1s delay
-timing_set_alarm:1:
-
Timing: delay 0ms
timing_delay:0:
diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function
index 74dc823..3483d85 100644
--- a/tests/suites/test_suite_timing.function
+++ b/tests/suites/test_suite_timing.function
@@ -17,15 +17,6 @@
*/
/* BEGIN_CASE */
-void timing_hardclock( )
-{
- (void) mbedtls_timing_hardclock();
- /* This goto is added to avoid warnings from the generated code. */
- goto exit;
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
void timing_get_timer( )
{
struct mbedtls_timing_hr_time time;
@@ -37,23 +28,6 @@
/* END_CASE */
/* BEGIN_CASE */
-void timing_set_alarm( int seconds )
-{
- if( seconds == 0 )
- {
- mbedtls_set_alarm( seconds );
- TEST_ASSERT( mbedtls_timing_alarmed == 1 );
- }
- else
- {
- mbedtls_set_alarm( seconds );
- TEST_ASSERT( mbedtls_timing_alarmed == 0 ||
- mbedtls_timing_alarmed == 1 );
- }
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
void timing_delay( int fin_ms )
{
mbedtls_timing_delay_context ctx;
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 59acc66..e21b450 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -22,14 +22,6 @@
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_cert_info:"data_files/test-ca.crt.der":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-02-10 14\:44\:00\nexpires on \: 2029-02-10 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
-X509 CRT information MD2 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD2\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-
-X509 CRT information MD4 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD4_C
-x509_cert_info:"data_files/cert_md4.crt":"cert. version \: 3\nserial number \: 05\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-
X509 CRT information MD5 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD5_C
x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
@@ -202,14 +194,6 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
-X509 CRL Information MD2 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_crl_info:"data_files/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA with MD2\n"
-
-X509 CRL Information MD4 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_crl_info:"data_files/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD4\n"
-
X509 CRL Information MD5 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n"
@@ -286,10 +270,6 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
mbedtls_x509_crl_parse:"data_files/crl-idpnc.pem":0
-X509 CSR Information RSA with MD4
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n"
-
X509 CSR Information RSA with MD5
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n"
@@ -527,26 +507,10 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 CRT verification #12 (Valid Cert MD2 Digest, MD2 forbidden)
-depends_on:MBEDTLS_MD2_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_md2.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL"
-
-X509 CRT verification #12 (Valid Cert MD4 Digest, MD4 forbidden)
-depends_on:MBEDTLS_MD4_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL"
-
X509 CRT verification #13 (Valid Cert MD5 Digest, MD5 forbidden)
depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL"
-X509 CRT verification #12 (Valid Cert MD2 Digest, MD2 allowed)
-depends_on:MBEDTLS_MD2_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_md2.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"all":"NULL"
-
-X509 CRT verification #12 (Valid Cert MD4 Digest, MD4 allowed)
-depends_on:MBEDTLS_MD4_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"all":"NULL"
-
X509 CRT verification #13 (Valid Cert MD5 Digest, MD5 allowed)
depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"all":"NULL"
@@ -720,7 +684,7 @@
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt_crl.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #53 (CA keyUsage missing cRLSign)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #54 (CA keyUsage missing cRLSign, no CRL)
@@ -728,11 +692,11 @@
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #55 (CA keyUsage missing keyCertSign)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crl.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #56 (CA keyUsage plain wrong)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-ds.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #57 (Valid, RSASSA-PSS, SHA-1)
@@ -1783,7 +1747,7 @@
x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, unknown critical policy)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:!MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier invalid tag)
@@ -2001,7 +1965,7 @@
x509parse_crt:"3081e430819f020104300d06092a864886f70d0101050500300f310d300b0603550403130454657374301e170d3133303731303135303233375a170d3233303730383135303233375a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d03010103320004e962551a325b21b50cf6b990e33d4318fd16677130726357a196e3efe7107bcb6bdc6d9db2a4df7c964acfe81798433d300d06092a864886f70d01010505000331001a6c18cd1e457474b2d3912743f44b571341a7859a0122774a8e19a671680878936949f904c9255bdd6fffdb33a7e6d8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0
X509 CRT ASN1 (Unsupported critical extension)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:!MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CRT ASN1 (Unsupported critical extension recognized by callback)
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index a6361d8..fea02f3 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -1173,7 +1173,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_KEY_USAGE */
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void x509_check_key_usage( char * crt_file, int usage, int ret )
{
mbedtls_x509_crt crt;
@@ -1189,7 +1189,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void x509_check_extended_key_usage( char * crt_file, data_t * oid, int ret
)
{
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index 9e2ae01..efc2fc9 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -18,10 +18,6 @@
depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0:0:0
-Certificate Request check Server1 MD4
-depends_on:MBEDTLS_MD4_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":MBEDTLS_MD_MD4:0:0:0:0
-
Certificate Request check Server1 MD5
depends_on:MBEDTLS_MD5_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0:0:0
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 44f846f..261794c 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -94,7 +94,8 @@
memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
mbedtls_pk_init( &key );
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
+ TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
+ mbedtls_test_rnd_std_rand, NULL ) == 0 );
mbedtls_x509write_csr_init( &req );
mbedtls_x509write_csr_set_md_alg( &req, md_type );
@@ -163,7 +164,8 @@
TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );
mbedtls_pk_init( &key );
- TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
+ TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
+ mbedtls_test_rnd_std_rand, NULL ) == 0 );
TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &key_id, md_alg_psa ) == 0 );
mbedtls_x509write_csr_init( &req );
@@ -225,10 +227,10 @@
mbedtls_x509write_crt_init( &crt );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file,
- subject_pwd ) == 0 );
+ subject_pwd, mbedtls_test_rnd_std_rand, NULL ) == 0 );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file,
- issuer_pwd ) == 0 );
+ issuer_pwd, mbedtls_test_rnd_std_rand, NULL ) == 0 );
#if defined(MBEDTLS_RSA_C)
/* For RSA PK contexts, create a copy as an alternative RSA context. */
@@ -246,7 +248,7 @@
(void) rsa_alt;
#endif
- TEST_ASSERT( mbedtls_mpi_read_string( &serial, 10, serial_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &serial, 10, serial_str ) == 0 );
if( ver != -1 )
mbedtls_x509write_crt_set_version( &crt, ver );
diff --git a/tests/suites/test_suite_xtea.data b/tests/suites/test_suite_xtea.data
deleted file mode 100644
index d9d06d7..0000000
--- a/tests/suites/test_suite_xtea.data
+++ /dev/null
@@ -1,76 +0,0 @@
-XTEA Encrypt_ecb #1
-xtea_encrypt_ecb:"000102030405060708090a0b0c0d0e0f":"4142434445464748":"497df3d072612cb5"
-
-XTEA Encrypt_ecb #2
-xtea_encrypt_ecb:"000102030405060708090a0b0c0d0e0f":"4141414141414141":"e78f2d13744341d8"
-
-XTEA Encrypt_ecb #3
-xtea_encrypt_ecb:"000102030405060708090a0b0c0d0e0f":"5a5b6e278948d77f":"4141414141414141"
-
-XTEA Encrypt_ecb #4
-xtea_encrypt_ecb:"00000000000000000000000000000000":"4142434445464748":"a0390589f8b8efa5"
-
-XTEA Encrypt_ecb #5
-xtea_encrypt_ecb:"00000000000000000000000000000000":"4141414141414141":"ed23375a821a8c2d"
-
-XTEA Encrypt_ecb #6
-xtea_encrypt_ecb:"00000000000000000000000000000000":"70e1225d6e4e7655":"4141414141414141"
-
-XTEA Decrypt_ecb #1
-xtea_decrypt_ecb:"000102030405060708090a0b0c0d0e0f":"497df3d072612cb5":"4142434445464748"
-
-XTEA Decrypt_ecb #2
-xtea_decrypt_ecb:"000102030405060708090a0b0c0d0e0f":"e78f2d13744341d8":"4141414141414141"
-
-XTEA Decrypt_ecb #3
-xtea_decrypt_ecb:"000102030405060708090a0b0c0d0e0f":"4141414141414141":"5a5b6e278948d77f"
-
-XTEA Decrypt_ecb #4
-xtea_decrypt_ecb:"00000000000000000000000000000000":"a0390589f8b8efa5":"4142434445464748"
-
-XTEA Decrypt_ecb #5
-xtea_decrypt_ecb:"00000000000000000000000000000000":"ed23375a821a8c2d":"4141414141414141"
-
-XTEA Decrypt_ecb #6
-xtea_decrypt_ecb:"00000000000000000000000000000000":"4141414141414141":"70e1225d6e4e7655"
-
-XTEA Encrypt CBC #1
-xtea_encrypt_cbc:"000102030405060708090a0b0c0d0e0f":"6162636465666768":"4142434445464748":"6b982bec15a7b558"
-
-XTEA Encrypt CBC #2
-xtea_encrypt_cbc:"000102030405060708090a0b0c0d0e0f":"4142434445464748":"41414141414141414141414141414141":"2c6aeb799561c8e973b0927f072e3801"
-
-XTEA Encrypt CBC #3
-xtea_encrypt_cbc:"000102030405060708090a0b0c0d0e0f":"0000000000000000":"5a5b6e278948d77f70e1225d6e4e7655e78f2d13744341d8":"41414141414141415fee100fe2c030025d8a557f2677cb33"
-
-XTEA Encrypt CBC #4
-xtea_encrypt_cbc:"00000000000000000000000000000000":"6162636465666768":"4142434445464748":"5b0c065a3803900d"
-
-XTEA Encrypt CBC #5
-xtea_encrypt_cbc:"00000000000000000000000000000000":"4142434445464748":"41414141414141414141414141414141":"bdae508aa320aa5caa7cd79dbc9c38aa"
-
-XTEA Encrypt CBC #6
-xtea_encrypt_cbc:"00000000000000000000000000000000":"0000000000000000":"5a5b6e278948d77f70e1225d6e4e7655e78f2d13744341d8":"61f5082a2c996f632da3ea16ff8e06558b69f069d8637b31"
-
-XTEA Decrypt CBC #1
-xtea_decrypt_cbc:"000102030405060708090a0b0c0d0e0f":"6162636465666768":"4142434445464748":"359def46515c71b2"
-
-XTEA Decrypt CBC #2
-xtea_decrypt_cbc:"000102030405060708090a0b0c0d0e0f":"4142434445464748":"41414141414141414141414141414141":"1b192d63cc0e90371b1a2f66c809963e"
-
-XTEA Decrypt CBC #3
-xtea_decrypt_cbc:"000102030405060708090a0b0c0d0e0f":"0000000000000000":"5a5b6e278948d77f70e1225d6e4e7655e78f2d13744341d8":"2e76e5cc03543cdc40ca03358a5764c331a0631c2f0f3714"
-
-XTEA Decrypt CBC #4
-xtea_decrypt_cbc:"00000000000000000000000000000000":"6162636465666768":"4142434445464748":"81476a15138174dc"
-
-XTEA Decrypt CBC #5
-xtea_decrypt_cbc:"00000000000000000000000000000000":"4142434445464748":"41414141414141414141414141414141":"31a361192b08311d31a0631c2f0f3714"
-
-XTEA Decrypt CBC #6
-xtea_decrypt_cbc:"00000000000000000000000000000000":"0000000000000000":"5a5b6e278948d77f70e1225d6e4e7655e78f2d13744341d8":"c1e2dbbf67ee786e29e051bea18c6abc66f1de5c2daefc2a"
-
-XTEA Selftest
-depends_on:MBEDTLS_SELF_TEST
-xtea_selftest:
-
diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function
deleted file mode 100644
index 1d5b29b..0000000
--- a/tests/suites/test_suite_xtea.function
+++ /dev/null
@@ -1,86 +0,0 @@
-/* BEGIN_HEADER */
-#include "mbedtls/xtea.h"
-/* END_HEADER */
-
-/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_XTEA_C
- * END_DEPENDENCIES
- */
-
-/* BEGIN_CASE */
-void xtea_encrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * dst )
-{
- unsigned char output[100];
- mbedtls_xtea_context ctx;
-
- memset(output, 0x00, 100);
-
-
- mbedtls_xtea_setup( &ctx, key_str->x );
- TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->x, output ) == 0 );
-
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void xtea_decrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst )
-{
- unsigned char output[100];
- mbedtls_xtea_context ctx;
-
- memset(output, 0x00, 100);
-
-
- mbedtls_xtea_setup( &ctx, key_str->x );
- TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->x, output ) == 0 );
-
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void xtea_encrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst )
-{
- unsigned char output[100];
- mbedtls_xtea_context ctx;
-
- memset(output, 0x00, 100);
-
-
- mbedtls_xtea_setup( &ctx, key_str->x );
- TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->len, iv_str->x,
- src_str->x, output ) == 0 );
-
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
- src_str->len, dst->len ) == 0 );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void xtea_decrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * dst )
-{
- unsigned char output[100];
- mbedtls_xtea_context ctx;
-
- memset(output, 0x00, 100);
-
-
- mbedtls_xtea_setup( &ctx, key_str->x );
- TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->len, iv_str->x,
- src_str->x, output ) == 0 );
-
- TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
- src_str->len, dst->len ) == 0 );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void xtea_selftest( )
-{
- TEST_ASSERT( mbedtls_xtea_self_test( 1 ) == 0 );
-}
-/* END_CASE */
