Merge pull request #984 from Mbed-TLS/mbedtls-2.28.2-merge-back
Mbedtls 2.28.2 merge back
diff --git a/.uncrustify.cfg b/.uncrustify.cfg
new file mode 100644
index 0000000..ac9173e
--- /dev/null
+++ b/.uncrustify.cfg
@@ -0,0 +1,254 @@
+# Configuration options for Uncrustify specifying the Mbed TLS code style.
+#
+# Note: The code style represented by this file has not yet been introduced
+# to Mbed TLS.
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# Line length options
+
+# Wrap lines at 100 characters
+code_width = 100
+
+# Allow splitting long for statements between the condition statements
+ls_for_split_full = true
+
+# Allow splitting function calls between arguments
+ls_func_split_full = true
+
+input_tab_size = 4
+
+# Spaces-only indentation
+indent_with_tabs = 0
+
+indent_columns = 4
+
+# Indent 'case' 1 level from 'switch'
+indent_switch_case = indent_columns
+
+# Line-up strings broken by '\'
+indent_align_string = true
+
+# Braces on the same line (Egyptian-style braces)
+nl_enum_brace = remove
+nl_union_brace = remove
+nl_struct_brace = remove
+nl_do_brace = remove
+nl_if_brace = remove
+nl_for_brace = remove
+nl_else_brace = remove
+nl_while_brace = remove
+nl_switch_brace = remove
+
+# Braces on same line as keywords that follow them - 'else' and the 'while' in 'do {} while ()';
+nl_brace_else = remove
+nl_brace_while = remove
+# Space before else on the same line
+sp_brace_else = add
+# If else is on the same line as '{', force exactly 1 space between them
+sp_else_brace = force
+
+# Functions are the exception and have braces on the next line
+nl_fcall_brace = add
+nl_fdef_brace = add
+
+# Force exactly one space between ')' and '{' in statements
+sp_sparen_brace = force
+
+# At least 1 space around assignment
+sp_assign = add
+
+# Remove spaces around the preprocessor '##' token-concatenate
+sp_pp_concat = ignore
+
+# At least 1 space around '||' and '&&'
+sp_bool = add
+
+# But no space after the '!' operator
+sp_not = remove
+
+# No space after the bitwise-not '~' operator
+sp_inv = remove
+
+# No space after the addressof '&' operator
+sp_addr = remove
+
+# No space around the member '.' and '->' operators
+sp_member = remove
+
+# No space after the dereference '*' operator
+sp_deref = remove
+
+# No space after a unary negation '-'
+sp_sign = remove
+
+# No space between the '++'/'--' operator and its operand
+sp_incdec = remove
+
+# At least 1 space around comparison operators
+sp_compare = add
+
+# Remove spaces inside all kinds of parentheses:
+
+# Remove spaces inside parentheses
+sp_inside_paren = remove
+
+# No spaces inside statement parentheses
+sp_inside_sparen = remove
+
+# No spaces inside cast parentheses '( char )x' -> '(char)x'
+sp_inside_paren_cast = remove
+
+# No spaces inside function parentheses
+sp_inside_fparen = remove
+# (The case where the function has no parameters/arguments)
+sp_inside_fparens = remove
+
+# No spaces inside the first parentheses in a function type
+sp_inside_tparen = remove
+
+# (Uncrustify >= 0.74.0) No spaces inside parens in for statements
+sp_inside_for = remove
+
+# Remove spaces between nested parentheses '( (' -> '(('
+sp_paren_paren = remove
+# (Uncrustify >= 0.74.0)
+sp_sparen_paren = remove
+
+# Remove spaces between ')' and adjacent '('
+sp_cparen_oparen = remove
+
+# (Uncrustify >= 0.73.0) space between 'do' and '{'
+sp_do_brace_open = force
+
+# (Uncrustify >= 0.73.0) space between '}' and 'while'
+sp_brace_close_while = force
+
+# At least 1 space before a '*' pointer star
+sp_before_ptr_star = add
+
+# Remove spaces between pointer stars
+sp_between_ptr_star = remove
+
+# No space after a pointer star
+sp_after_ptr_star = remove
+
+# But allow a space in the case of e.g. char * const x;
+sp_after_ptr_star_qualifier = ignore
+
+# Remove space after star in a function return type
+sp_after_ptr_star_func = remove
+
+# At least 1 space after a type in variable definition etc
+sp_after_type = add
+
+# Force exactly 1 space between a statement keyword (e.g. 'if') and an opening parenthesis
+sp_before_sparen = force
+
+# Remove a space before a ';'
+sp_before_semi = remove
+# (Uncrustify >= 0.73.0) Remove space before a semi in a non-empty for
+sp_before_semi_for = remove
+# (Uncrustify >= 0.73.0) Remove space in empty first statement of a for
+sp_before_semi_for_empty = remove
+# (Uncrustify >= 0.74.0) Remove space in empty middle statement of a for
+sp_between_semi_for_empty = remove
+
+# Add a space after a ';' (unless a comment follows)
+sp_after_semi = add
+# (Uncrustify >= 0.73.0) Add a space after a semi in non-empty for statements
+sp_after_semi_for = add
+# (Uncrustify >= 0.73.0) No space after final semi in empty for statements
+sp_after_semi_for_empty = remove
+
+# Remove spaces on the inside of square brackets '[]'
+sp_inside_square = remove
+
+# Must have at least 1 space after a comma
+sp_after_comma = add
+
+# Must not have a space before a comma
+sp_before_comma = remove
+
+# No space before the ':' in a case statement
+sp_before_case_colon = remove
+
+# No space after a cast - '(char) x' -> '(char)x'
+sp_after_cast = remove
+
+# No space between 'sizeof' and '('
+sp_sizeof_paren = remove
+
+# At least 1 space inside '{ }'
+sp_inside_braces = add
+
+# At least 1 space inside '{ }' in an enum
+sp_inside_braces_enum = add
+
+# At least 1 space inside '{ }' in a struct
+sp_inside_braces_struct = add
+
+# At least 1 space between a function return type and the function name
+sp_type_func = add
+
+# No space between a function name and its arguments/parameters
+sp_func_proto_paren = remove
+sp_func_def_paren = remove
+sp_func_call_paren = remove
+
+# No space between '__attribute__' and '('
+sp_attribute_paren = remove
+
+# No space between 'defined' and '(' in preprocessor conditions
+sp_defined_paren = remove
+
+# At least 1 space between a macro's name and its definition
+sp_macro = add
+sp_macro_func = add
+
+# Force exactly 1 space between a '}' and the name of a typedef if on the same line
+sp_brace_typedef = force
+
+# At least 1 space before a '\' line continuation
+sp_before_nl_cont = add
+
+# At least 1 space around '?' and ':' in ternary statements
+sp_cond_colon = add
+sp_cond_question = add
+
+# Space between #else/#endif and comment afterwards
+sp_endif_cmt = add
+
+# Remove newlines at the start of a file
+nl_start_of_file = remove
+
+# At least 1 newline at the end of a file
+nl_end_of_file = add
+nl_end_of_file_min = 1
+
+# Add braces in single-line statements
+mod_full_brace_do = add
+mod_full_brace_for = add
+mod_full_brace_if = add
+mod_full_brace_while = add
+
+# Remove parentheses from return statements
+mod_paren_on_return = remove
+
+# Disable removal of leading spaces in a multi-line comment if the first and
+# last lines are the same length
+cmt_multi_check_last = false
diff --git a/CMakeLists.txt b/CMakeLists.txt
index e18f607..72cc737 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -137,35 +137,32 @@
# Create a symbolic link from ${base_name} in the binary directory
# to the corresponding path in the source directory.
+# Note: Copies the file(s) on Windows.
function(link_to_source base_name)
- # Get OS dependent path to use in `execute_process`
- if (CMAKE_HOST_WIN32)
- #mklink is an internal command of cmd.exe it can only work with \
- string(REPLACE "/" "\\" link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}")
- string(REPLACE "/" "\\" target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}")
- else()
- set(link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}")
- set(target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}")
- endif()
+ set(link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}")
+ set(target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}")
if (NOT EXISTS ${link})
if (CMAKE_HOST_UNIX)
- set(command ln -s ${target} ${link})
+ execute_process(COMMAND ln -s ${target} ${link}
+ RESULT_VARIABLE result
+ ERROR_VARIABLE output)
+
+ if (NOT ${result} EQUAL 0)
+ message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}")
+ endif()
else()
if (IS_DIRECTORY ${target})
- set(command cmd.exe /c mklink /j ${link} ${target})
+ file(GLOB_RECURSE files FOLLOW_SYMLINKS RELATIVE ${target} "${target}/*")
+ foreach(file IN LISTS files)
+ if(NOT IS_DIRECTORY "${target}/${file}")
+ configure_file("${target}/${file}" "${link}/${file}" COPYONLY)
+ endif()
+ endforeach(file)
else()
- set(command cmd.exe /c mklink /h ${link} ${target})
+ configure_file(${target} ${link} COPYONLY)
endif()
endif()
-
- execute_process(COMMAND ${command}
- RESULT_VARIABLE result
- ERROR_VARIABLE output)
-
- if (NOT ${result} EQUAL 0)
- message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}")
- endif()
endif()
endfunction(link_to_source)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index d19fe57..fc79e49 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -32,13 +32,9 @@
The project aims to minimise the impact on users upgrading to newer versions of the library and it should not be necessary for a user to make any changes to their own code to work with a newer version of the library. Unless the user has made an active decision to use newer features, a newer generation of the library or a change has been necessary due to a security issue or other significant software defect, no modifications to their own code should be necessary. To achieve this, API compatibility is maintained between different versions of Mbed TLS on the main development branch and in LTS (Long Term Support) branches, as described in [BRANCHES.md](BRANCHES.md).
-To minimise such disruption to users, where a change to the interface is required, all changes to the ABI or API, even on the main development branch where new features are added, need to be justifiable by either being a significant enhancement, new feature or bug fix which is best resolved by an interface change. If there is an API change, the contribution, if accepted, will be merged only when there will be a major release.
+To minimise such disruption to users, where a change to the interface is required, all changes to the ABI or API, even on the main development branch where new features are added, need to be justifiable by either being a significant enhancement, new feature or bug fix which is best resolved by an interface change. If there is an API change, the contribution, if accepted, will be merged only when there is a major release.
-Where changes to an existing interface are necessary, functions in the public interface which need to be changed, are marked as 'deprecated'. This is done with the preprocessor symbols `MBEDTLS_DEPRECATED_WARNING` and `MBEDTLS_DEPRECATED_REMOVED`. Then, a new function with a new name but similar if not identical behaviour to the original function containing the necessary changes should be created alongside the existing deprecated function.
-
-When a build is made with the deprecation preprocessor symbols defined, a compiler warning will be generated to warn a user that the function will be removed at some point in the future, notifying users that they should change from the older deprecated function to the newer function at their own convenience.
-
-Therefore, no changes are permitted to the definition of functions in the public interface which will change the API. Instead the interface can only be changed by its extension. As described above, if a function needs to be changed, a new function needs to be created alongside it, with a new name, and whatever change is necessary, such as a new parameter or the addition of a return value.
+No changes are permitted to the definition of functions in the public interface which will change the API. Instead the interface can only be changed by its extension. Where changes to an existing interface are necessary, functions in the public interface which need to be changed are marked as 'deprecated'. If there is a strong reason to replace an existing function with one that has a slightly different interface (different prototype, or different documented behavior), create a new function with a new name with the desired interface. Keep the old function, but mark it as deprecated.
Periodically, the library will remove deprecated functions from the library which will be a breaking change in the API, but such changes will be made only in a planned, structured way that gives sufficient notice to users of the library.
diff --git a/ChangeLog.d/fix_hard_link_across_drives b/ChangeLog.d/fix_hard_link_across_drives
new file mode 100644
index 0000000..0c55c30
--- /dev/null
+++ b/ChangeLog.d/fix_hard_link_across_drives
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix a build issue on Windows where the source and build directory could not be on
+ different drives (#5751).
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 7ae1ff9..f1b00f2 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -28,6 +28,7 @@
#ifndef MBEDTLS_CHECK_CONFIG_H
#define MBEDTLS_CHECK_CONFIG_H
+/* *INDENT-OFF* */
/*
* We assume CHAR_BIT is 8 in many places. In practice, this is true on our
* target platforms, so not an issue, but let's just be extra sure.
@@ -955,4 +956,5 @@
*/
typedef int mbedtls_iso_c_forbids_empty_translation_units;
+/* *INDENT-ON* */
#endif /* MBEDTLS_CHECK_CONFIG_H */
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 6d83da8..ce100d3 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -917,13 +917,13 @@
* parameter-verification failure.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen,
- unsigned char *tag, size_t tag_len )
- MBEDTLS_DEPRECATED;
+int MBEDTLS_DEPRECATED mbedtls_cipher_auth_encrypt(
+ mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *ad, size_t ad_len,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen,
+ unsigned char *tag, size_t tag_len );
/**
* \brief The generic authenticated decryption (AEAD) function.
@@ -976,13 +976,13 @@
* \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen,
- const unsigned char *tag, size_t tag_len )
- MBEDTLS_DEPRECATED;
+int MBEDTLS_DEPRECATED mbedtls_cipher_auth_decrypt(
+ mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *ad, size_t ad_len,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen,
+ const unsigned char *tag, size_t tag_len );
#undef MBEDTLS_DEPRECATED
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_CIPHER_MODE_AEAD */
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index faa3b9e..b75947c 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -2861,7 +2861,7 @@
*
* \note To perform a multi-part hash-and-sign signature algorithm, first use
* a multi-part hash operation and then pass the resulting hash to
- * psa_sign_hash(). PSA_ALG_GET_HASH(\p alg) can be used to determine the
+ * psa_sign_hash(). PSA_ALG_SIGN_GET_HASH(\p alg) can be used to determine the
* hash algorithm to use.
*
* \param[in] key Identifier of the key to use for the operation.
@@ -2927,7 +2927,7 @@
* \note To perform a multi-part hash-and-sign signature verification
* algorithm, first use a multi-part hash operation to hash the message
* and then pass the resulting hash to psa_verify_hash().
- * PSA_ALG_GET_HASH(\p alg) can be used to determine the hash algorithm
+ * PSA_ALG_SIGN_GET_HASH(\p alg) can be used to determine the hash algorithm
* to use.
*
* \param[in] key Identifier of the key to use for the operation.
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index a4b4927..4df4fe4 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -1690,7 +1690,7 @@
#define PSA_ALG_HKDF_BASE ((psa_algorithm_t)0x08000100)
/** Macro to build an HKDF algorithm.
*
- * For example, `PSA_ALG_HKDF(PSA_ALG_SHA256)` is HKDF using HMAC-SHA-256.
+ * For example, `PSA_ALG_HKDF(PSA_ALG_SHA_256)` is HKDF using HMAC-SHA-256.
*
* This key derivation algorithm uses the following inputs:
* - #PSA_KEY_DERIVATION_INPUT_SALT is the salt used in the "extract" step.
@@ -1743,7 +1743,7 @@
* concatenation of ServerHello.Random + ClientHello.Random,
* and the label is "key expansion".
*
- * For example, `PSA_ALG_TLS12_PRF(PSA_ALG_SHA256)` represents the
+ * For example, `PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)` represents the
* TLS 1.2 PRF using HMAC-SHA-256.
*
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
@@ -1789,7 +1789,7 @@
* ClientHello.Random + ServerHello.Random,
* and the label is "master secret" or "extended master secret".
*
- * For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA256)` represents the
+ * For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)` represents the
* TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.
*
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
diff --git a/library/entropy.c b/library/entropy.c
index e3b337f..77e2bfd 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -590,7 +590,7 @@
}
/*
- * A test to ensure hat the entropy sources are functioning correctly
+ * A test to ensure that the entropy sources are functioning correctly
* and there is no obvious failure. The test performs the following checks:
* - The entropy source is not providing only 0s (all bits unset) or 1s (all
* bits set).
diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index aab0f83..e18e85d 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -148,4 +148,4 @@
const uint8_t *ciphertext, size_t ciphertext_length,
uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
-#endif /* PSA_CRYPTO_AEAD */
+#endif /* PSA_CRYPTO_AEAD_H */
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index c455ecb..c9b86fe 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -275,7 +275,7 @@
alg, hash, hash_length,
signature, signature_size, signature_length ) );
}
-#endif /* PSA_CRYPTO_SE_C */
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
@@ -359,7 +359,7 @@
alg, hash, hash_length,
signature, signature_length ) );
}
-#endif /* PSA_CRYPTO_SE_C */
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
@@ -579,7 +579,7 @@
return( PSA_SUCCESS );
}
-#endif /* PSA_CRYPTO_SE_C */
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
switch( location )
{
@@ -641,7 +641,7 @@
*( (psa_key_slot_number_t *)key_buffer ),
data, data_size, data_length ) );
}
-#endif /* PSA_CRYPTO_SE_C */
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
switch( location )
{
diff --git a/library/psa_crypto_its.h b/library/psa_crypto_its.h
index 3a3f49a..1b8dc20 100644
--- a/library/psa_crypto_its.h
+++ b/library/psa_crypto_its.h
@@ -73,7 +73,7 @@
* \return A status indicating the success/failure of the operation
*
* \retval #PSA_SUCCESS The operation completed successfully
- * \retval #PSA_ERROR_NOT_PERMITTED The operation failed because the provided `uid` value was already created with PSA_STORAGE_WRITE_ONCE_FLAG
+ * \retval #PSA_ERROR_NOT_PERMITTED The operation failed because the provided `uid` value was already created with PSA_STORAGE_FLAG_WRITE_ONCE
* \retval #PSA_ERROR_NOT_SUPPORTED The operation failed because one or more of the flags provided in `create_flags` is not supported or is not valid
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE The operation failed because there was insufficient space on the storage medium
* \retval #PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error)
@@ -137,7 +137,7 @@
*
* \retval #PSA_SUCCESS The operation completed successfully
* \retval #PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided key value was not found in the storage
- * \retval #PSA_ERROR_NOT_PERMITTED The operation failed because the provided key value was created with PSA_STORAGE_WRITE_ONCE_FLAG
+ * \retval #PSA_ERROR_NOT_PERMITTED The operation failed because the provided key value was created with PSA_STORAGE_FLAG_WRITE_ONCE
* \retval #PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error)
*/
psa_status_t psa_its_remove(psa_storage_uid_t uid);
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 0563c0b..8efccce 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1363,10 +1363,6 @@
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
for( i = 0; ciphersuites[i] != 0; i++ )
-#else
- for( i = 0; ciphersuites[i] != 0; i++ )
- for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
-#endif
{
if( p[0] != 0 ||
MBEDTLS_GET_UINT16_BE(p, 1) != ciphersuites[i] )
@@ -1381,6 +1377,24 @@
if( ciphersuite_info != NULL )
goto have_ciphersuite_v2;
}
+#else
+ for( i = 0; ciphersuites[i] != 0; i++ )
+ for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
+ {
+ if( p[0] != 0 ||
+ MBEDTLS_GET_UINT16_BE(p, 1) != ciphersuites[i] )
+ continue;
+
+ got_common_suite = 1;
+
+ if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
+ &ciphersuite_info ) ) != 0 )
+ return( ret );
+
+ if( ciphersuite_info != NULL )
+ goto have_ciphersuite_v2;
+ }
+#endif
if( got_common_suite )
{
@@ -2233,10 +2247,6 @@
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
for( i = 0; ciphersuites[i] != 0; i++ )
-#else
- for( i = 0; ciphersuites[i] != 0; i++ )
- for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
-#endif
{
if( MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i] )
continue;
@@ -2250,6 +2260,23 @@
if( ciphersuite_info != NULL )
goto have_ciphersuite;
}
+#else
+ for( i = 0; ciphersuites[i] != 0; i++ )
+ for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
+ {
+ if( MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i] )
+ continue;
+
+ got_common_suite = 1;
+
+ if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
+ &ciphersuite_info ) ) != 0 )
+ return( ret );
+
+ if( ciphersuite_info != NULL )
+ goto have_ciphersuite;
+ }
+#endif
if( got_common_suite )
{
diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c
index 5d64349..bc1cd12 100644
--- a/programs/psa/key_ladder_demo.c
+++ b/programs/psa/key_ladder_demo.c
@@ -704,4 +704,6 @@
usage( );
return( EXIT_FAILURE );
}
-#endif /* MBEDTLS_SHA256_C && MBEDTLS_MD_C && MBEDTLS_AES_C && MBEDTLS_CCM_C && MBEDTLS_PSA_CRYPTO_C && MBEDTLS_FS_IO */
+#endif /* MBEDTLS_SHA256_C && MBEDTLS_MD_C &&
+ MBEDTLS_AES_C && MBEDTLS_CCM_C &&
+ MBEDTLS_PSA_CRYPTO_C && MBEDTLS_FS_IO */
diff --git a/scripts/code_style.py b/scripts/code_style.py
new file mode 100755
index 0000000..68cd556
--- /dev/null
+++ b/scripts/code_style.py
@@ -0,0 +1,158 @@
+#!/usr/bin/env python3
+"""Check or fix the code style by running Uncrustify.
+
+Note: The code style enforced by this script is not yet introduced to
+Mbed TLS. At present this script will only be used to prepare for a future
+change of code style.
+"""
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import argparse
+import io
+import os
+import subprocess
+import sys
+from typing import List
+
+UNCRUSTIFY_SUPPORTED_VERSION = "0.75.1"
+CONFIG_FILE = ".uncrustify.cfg"
+UNCRUSTIFY_EXE = "uncrustify"
+UNCRUSTIFY_ARGS = ["-c", CONFIG_FILE]
+STDOUT_UTF8 = io.TextIOWrapper(sys.stdout.buffer, encoding='utf-8')
+STDERR_UTF8 = io.TextIOWrapper(sys.stderr.buffer, encoding='utf-8')
+
+def print_err(*args):
+ print("Error: ", *args, file=STDERR_UTF8)
+
+def get_src_files() -> List[str]:
+ """
+ Use git ls-files to get a list of the source files
+ """
+ git_ls_files_cmd = ["git", "ls-files",
+ "*.[hc]",
+ "tests/suites/*.function",
+ "scripts/data_files/*.fmt"]
+
+ result = subprocess.run(git_ls_files_cmd, stdout=subprocess.PIPE, \
+ stderr=STDERR_UTF8, check=False)
+
+ if result.returncode != 0:
+ print_err("git ls-files returned: " + str(result.returncode))
+ return []
+ else:
+ src_files = str(result.stdout, "utf-8").split()
+ # Don't correct style for files in 3rdparty/
+ src_files = list(filter( \
+ lambda filename: not filename.startswith("3rdparty/"), \
+ src_files))
+ return src_files
+
+def get_uncrustify_version() -> str:
+ """
+ Get the version string from Uncrustify
+ """
+ result = subprocess.run([UNCRUSTIFY_EXE, "--version"], \
+ stdout=subprocess.PIPE, stderr=subprocess.PIPE, check=False)
+ if result.returncode != 0:
+ print_err("Could not get Uncrustify version:", str(result.stderr, "utf-8"))
+ return ""
+ else:
+ return str(result.stdout, "utf-8")
+
+def check_style_is_correct(src_file_list: List[str]) -> bool:
+ """
+ Check the code style and output a diff for each file whose style is
+ incorrect.
+ """
+ style_correct = True
+ for src_file in src_file_list:
+ uncrustify_cmd = [UNCRUSTIFY_EXE] + UNCRUSTIFY_ARGS + [src_file]
+ subprocess.run(uncrustify_cmd, stdout=subprocess.PIPE, \
+ stderr=subprocess.PIPE, check=False)
+
+ # Uncrustify makes changes to the code and places the result in a new
+ # file with the extension ".uncrustify". To get the changes (if any)
+ # simply diff the 2 files.
+ diff_cmd = ["diff", "-u", src_file, src_file + ".uncrustify"]
+ result = subprocess.run(diff_cmd, stdout=subprocess.PIPE, \
+ stderr=STDERR_UTF8, check=False)
+ if len(result.stdout) > 0:
+ print(src_file + " - Incorrect code style.", file=STDOUT_UTF8)
+ print("File changed - diff:", file=STDOUT_UTF8)
+ print(str(result.stdout, "utf-8"), file=STDOUT_UTF8)
+ style_correct = False
+ else:
+ print(src_file + " - OK.", file=STDOUT_UTF8)
+
+ # Tidy up artifact
+ os.remove(src_file + ".uncrustify")
+
+ return style_correct
+
+def fix_style_single_pass(src_file_list: List[str]) -> None:
+ """
+ Run Uncrustify once over the source files.
+ """
+ code_change_args = UNCRUSTIFY_ARGS + ["--no-backup"]
+ for src_file in src_file_list:
+ uncrustify_cmd = [UNCRUSTIFY_EXE] + code_change_args + [src_file]
+ subprocess.run(uncrustify_cmd, check=False, stdout=STDOUT_UTF8, \
+ stderr=STDERR_UTF8)
+
+def fix_style(src_file_list: List[str]) -> int:
+ """
+ Fix the code style. This takes 2 passes of Uncrustify.
+ """
+ fix_style_single_pass(src_file_list)
+ fix_style_single_pass(src_file_list)
+
+ # Guard against future changes that cause the codebase to require
+ # more passes.
+ if not check_style_is_correct(src_file_list):
+ print("Code style still incorrect after second run of Uncrustify.")
+ return 1
+ else:
+ return 0
+
+def main() -> int:
+ """
+ Main with command line arguments.
+ """
+ uncrustify_version = get_uncrustify_version().strip()
+ if UNCRUSTIFY_SUPPORTED_VERSION not in uncrustify_version:
+ print("Warning: Using unsupported Uncrustify version '" \
+ + uncrustify_version + "' (Note: The only supported version" \
+ "is " + UNCRUSTIFY_SUPPORTED_VERSION + ")", file=STDOUT_UTF8)
+
+ src_files = get_src_files()
+
+ parser = argparse.ArgumentParser()
+ parser.add_argument('-f', '--fix', action='store_true', \
+ help='modify source files to fix the code style')
+
+ args = parser.parse_args()
+
+ if args.fix:
+ # Fix mode
+ return fix_style(src_files)
+ else:
+ # Check mode
+ if check_style_is_correct(src_files):
+ return 0
+ else:
+ return 1
+
+if __name__ == '__main__':
+ sys.exit(main())
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 3426cf1..ba37e33 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -185,7 +185,8 @@
export CTEST_OUTPUT_ON_FAILURE=1
# CFLAGS and LDFLAGS for Asan builds that don't use CMake
- ASAN_CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all'
+ # default to -O2, use -Ox _after_ this if you want another level
+ ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
# Gather the list of available components. These are the functions
# defined in this script whose name starts with "component_".
@@ -3353,6 +3354,26 @@
[ "$ver_major" -eq 3 ] && [ "$ver_minor" -ge 10 ]
}
+component_test_corrected_code_style () {
+ ./scripts/code_style.py --fix
+
+ msg "build: make, default config (out-of-box), corrected code style"
+ make
+
+ msg "test: main suites make, default config (out-of-box), corrected code style"
+ make test
+
+ # Clean up code-style corrections
+ git checkout -- .
+}
+
+support_test_corrected_code_style() {
+ case $(uncrustify --version) in
+ *0.75.1*) true;;
+ *) false;;
+ esac
+}
+
component_check_python_files () {
msg "Lint: Python scripts"
tests/scripts/check-python-files.sh
diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 096da96..414ce43 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -36,7 +36,7 @@
declared in the header files. This uses the nm command.
- All macros, constants, and identifiers (function names, struct names, etc)
follow the required regex pattern.
-- Typo checking: All words that begin with MBED exist as macros or constants.
+- Typo checking: All words that begin with MBED|PSA exist as macros or constants.
The script returns 0 on success, 1 on test failure, and 2 if there is a script
error. It must be run from Mbed TLS root.
@@ -190,11 +190,12 @@
class Typo(Problem): # pylint: disable=too-few-public-methods
"""
- A problem that occurs when a word using MBED doesn't appear to be defined as
- constants nor enum values. Created with NameCheck.check_for_typos()
+ A problem that occurs when a word using MBED or PSA doesn't
+ appear to be defined as constants nor enum values. Created with
+ NameCheck.check_for_typos()
Fields:
- * match: the Match object of the MBED name in question.
+ * match: the Match object of the MBED|PSA name in question.
"""
def __init__(self, match):
self.match = match
@@ -252,9 +253,14 @@
"3rdparty/everest/include/everest/everest.h",
"3rdparty/everest/include/everest/x25519.h"
])
+ private_macros = self.parse_macros([
+ "library/*.c",
+ ])
enum_consts = self.parse_enum_consts([
"include/mbedtls/*.h",
+ "include/psa/*.h",
"library/*.h",
+ "library/*.c",
"3rdparty/everest/include/everest/everest.h",
"3rdparty/everest/include/everest/x25519.h"
])
@@ -265,7 +271,7 @@
"3rdparty/everest/include/everest/everest.h",
"3rdparty/everest/include/everest/x25519.h"
])
- mbed_words = self.parse_mbed_words([
+ mbed_psa_words = self.parse_mbed_psa_words([
"include/mbedtls/*.h",
"include/psa/*.h",
"library/*.h",
@@ -293,10 +299,11 @@
self.log.debug(" {:4} Exported Symbols".format(len(symbols)))
return {
"macros": actual_macros,
+ "private_macros": private_macros,
"enum_consts": enum_consts,
"identifiers": identifiers,
"symbols": symbols,
- "mbed_words": mbed_words
+ "mbed_psa_words": mbed_psa_words
}
def is_file_excluded(self, path, exclude_wildcards):
@@ -364,25 +371,28 @@
return macros
- def parse_mbed_words(self, include, exclude=None):
+ def parse_mbed_psa_words(self, include, exclude=None):
"""
- Parse all words in the file that begin with MBED, in and out of macros,
- comments, anything.
+ Parse all words in the file that begin with MBED|PSA, in and out of
+ macros, comments, anything.
Args:
* include: A List of glob expressions to look for files through.
* exclude: A List of glob expressions for excluding files.
- Returns a List of Match objects for words beginning with MBED.
+ Returns a List of Match objects for words beginning with MBED|PSA.
"""
# Typos of TLS are common, hence the broader check below than MBEDTLS.
- mbed_regex = re.compile(r"\bMBED.+?_[A-Z0-9_]*")
+ mbed_regex = re.compile(r"\b(MBED.+?|PSA)_[A-Z0-9_]*")
exclusions = re.compile(r"// *no-check-names|#error")
files = self.get_files(include, exclude)
- self.log.debug("Looking for MBED words in {} files".format(len(files)))
+ self.log.debug(
+ "Looking for MBED|PSA words in {} files"
+ .format(len(files))
+ )
- mbed_words = []
+ mbed_psa_words = []
for filename in files:
with open(filename, "r", encoding="utf-8") as fp:
for line_no, line in enumerate(fp):
@@ -390,14 +400,14 @@
continue
for name in mbed_regex.finditer(line):
- mbed_words.append(Match(
+ mbed_psa_words.append(Match(
filename,
line,
line_no,
name.span(0),
name.group(0)))
- return mbed_words
+ return mbed_psa_words
def parse_enum_consts(self, include, exclude=None):
"""
@@ -820,11 +830,15 @@
all_caps_names = {
match.name
for match
- in self.parse_result["macros"] + self.parse_result["enum_consts"]}
+ in self.parse_result["macros"] +
+ self.parse_result["private_macros"] +
+ self.parse_result["enum_consts"]
+ }
typo_exclusion = re.compile(r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$|"
- r"MBEDTLS_TEST_LIBTESTDRIVER*")
+ r"MBEDTLS_TEST_LIBTESTDRIVER*|"
+ r"PSA_CRYPTO_DRIVER_TEST")
- for name_match in self.parse_result["mbed_words"]:
+ for name_match in self.parse_result["mbed_psa_words"]:
found = name_match.name in all_caps_names
# Since MBEDTLS_PSA_ACCEL_XXX defines are defined by the
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 5277bc3..6211fb7 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -288,6 +288,58 @@
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecp_tls_write_read_point:MBEDTLS_ECP_DP_SECP521R1
+Check ECP group metadata #1 secp192k1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP192K1:192:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffffffffffeffffee37":"000000000000000000000000000000000000000000000000":"000000000000000000000000000000000000000000000003":"db4ff10ec057e9ae26b07d0280b7f4341da5d1b1eae06c7d":"9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d":"fffffffffffffffffffffffe26f2fc170f69466a74defd8d":18
+
+Check ECP group metadata #2 secp192r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP192R1:192:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffeffffffffffffffff":"":"64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1":"188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012":"07192b95ffc8da78631011ed6b24cdd573f977a11e794811":"ffffffffffffffffffffffff99def836146bc9b1b4d22831":19
+
+Check ECP group metadata #3 secp224k1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP224K1:224:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffffffffffffffffffeffffe56d":"00000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000000000000000000000000005":"a1455b334df099df30fc28a169a467e9e47075a90f7e650eb6b7a45c":"7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5":"010000000000000000000000000001dce8d2ec6184caf0a971769fb1f7":20
+
+Check ECP group metadata #4 secp224r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP224R1:224:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"ffffffffffffffffffffffffffffffff000000000000000000000001":"":"b4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4":"b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21":"bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34":"ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d":21
+
+Check ECP group metadata #5 secp256k1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP256K1:256:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f":"0000000000000000000000000000000000000000000000000000000000000000":"0000000000000000000000000000000000000000000000000000000000000007":"79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798":"483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8":"fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141":22
+
+Check ECP group metadata #6 secp256r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP256R1:256:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"ffffffff00000001000000000000000000000000ffffffffffffffffffffffff":"":"5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b":"6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296":"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5":"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551":23
+
+Check ECP group metadata #7 secp384r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP384R1:384:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff":"":"b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef":"aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7":"3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f":"ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973":24
+
+Check ECP group metadata #8 secp521r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP521R1:521:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"":"0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00":"00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66":"011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650":"01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409":25
+
+Check ECP group metadata #9 bp256r1 (RFC 5639)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_BP256R1:256:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377":"7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9":"26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6":"8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262":"547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997":"a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7":26
+
+Check ECP group metadata #10 bp384r1 (RFC 5639)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_BP384R1:384:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53":"7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826":"04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11":"1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e":"8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315":"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565":27
+
+Check ECP group metadata #11 bp512r1 (RFC 5639)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_BP512R1:512:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3":"7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca":"3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723":"81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822":"7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892":"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069":28
+
+Check ECP group metadata #12 curve25519 (RFC 7748)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_CURVE25519:256:MBEDTLS_ECP_TYPE_MONTGOMERY:"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed":"76d06":"":"9":"":"1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed":29
+
+Check ECP group metadata #13 curve448 (RFC 7748)
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_CURVE448:448:MBEDTLS_ECP_TYPE_MONTGOMERY:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"262a6":"":"5":"":"3fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3":30
+
ECP tls read group #1 (record too short)
mbedtls_ecp_tls_read_group:"0313":MBEDTLS_ERR_ECP_BAD_INPUT_DATA:0:0
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 59812b4..45e199e 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -1,5 +1,7 @@
/* BEGIN_HEADER */
#include "mbedtls/ecp.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/ecdh.h"
#include "ecp_invasive.h"
@@ -16,6 +18,44 @@
mbedtls_ecp_point_free( x ); \
mbedtls_ecp_point_init( x );
+/* Auxiliary function to compare two mbedtls_ecp_group objects. */
+inline static int mbedtls_ecp_group_cmp( mbedtls_ecp_group *grp1,
+ mbedtls_ecp_group *grp2 )
+{
+ if( mbedtls_mpi_cmp_mpi( &grp1->P, &grp2->P ) != 0 )
+ return 1;
+ if( mbedtls_mpi_cmp_mpi( &grp1->A, &grp2->A ) != 0 )
+ return 1;
+ if( mbedtls_mpi_cmp_mpi( &grp1->B, &grp2->B ) != 0 )
+ return 1;
+ if( mbedtls_mpi_cmp_mpi( &grp1->N, &grp2->N ) != 0 )
+ return 1;
+ if( mbedtls_ecp_point_cmp( &grp1->G, &grp2->G ) != 0 )
+ return 1;
+ if( grp1->id != grp2->id )
+ return 1;
+ if( grp1->pbits != grp2->pbits )
+ return 1;
+ if( grp1->nbits != grp2->nbits )
+ return 1;
+ if( grp1->h != grp2->h )
+ return 1;
+ if( grp1->modp != grp2->modp )
+ return 1;
+ if( grp1->t_pre != grp2->t_pre )
+ return 1;
+ if( grp1->t_post != grp2->t_post )
+ return 1;
+ if( grp1->t_data != grp2->t_data )
+ return 1;
+ if( grp1->T_size != grp2->T_size )
+ return 1;
+ if( grp1->T != grp2->T )
+ return 1;
+
+ return 0;
+}
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -1065,6 +1105,124 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ECDH_C:MBEDTLS_ECDSA_C */
+void mbedtls_ecp_group_metadata( int id, int bit_size, int crv_type,
+ char* P, char* A, char* B,
+ char* G_x, char* G_y, char* N,
+ int tls_id )
+{
+ mbedtls_ecp_group grp, grp_read, grp_cpy;
+ const mbedtls_ecp_group_id *g_id;
+ mbedtls_ecp_group_id read_g_id;
+ const mbedtls_ecp_curve_info *crv, *crv_tls_id, *crv_name;
+
+ mbedtls_mpi exp_P, exp_A, exp_B, exp_G_x, exp_G_y, exp_N;
+
+ unsigned char buf[3], ecparameters[3] = { 3, 0, tls_id };
+ const unsigned char *vbuf = buf;
+ size_t olen;
+
+ mbedtls_ecp_group_init( &grp );
+ mbedtls_ecp_group_init( &grp_read );
+ mbedtls_ecp_group_init( &grp_cpy );
+
+ mbedtls_mpi_init( &exp_P );
+ mbedtls_mpi_init( &exp_A );
+ mbedtls_mpi_init( &exp_B );
+ mbedtls_mpi_init( &exp_G_x );
+ mbedtls_mpi_init( &exp_G_y );
+ mbedtls_mpi_init( &exp_N );
+
+ // Read expected parameters
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_P, P ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_A, A ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_G_x, G_x ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_N, N ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_B, B ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_G_y, G_y ), 0 );
+
+ // Convert exp_A to internal representation (A+2)/4
+ if( crv_type == MBEDTLS_ECP_TYPE_MONTGOMERY )
+ {
+ TEST_EQUAL( mbedtls_mpi_add_int( &exp_A, &exp_A, 2 ), 0 );
+ TEST_EQUAL( mbedtls_mpi_div_int( &exp_A, NULL, &exp_A, 4 ), 0 );
+ }
+
+ // Load group
+ TEST_EQUAL( mbedtls_ecp_group_load( &grp, id ), 0 );
+
+ // Compare group with expected parameters
+ // A is NULL for SECPxxxR1 curves
+ // B and G_y are NULL for curve25519 and curve448
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_P, &grp.P ), 0 );
+ if( *A != 0 )
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_A, &grp.A ), 0 );
+ if( *B != 0 )
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_B, &grp.B ), 0 );
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_G_x, &grp.G.X ), 0 );
+ if( *G_y != 0 )
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_G_y, &grp.G.Y ), 0 );
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_N, &grp.N ), 0 );
+
+ // Load curve info and compare with known values
+ crv = mbedtls_ecp_curve_info_from_grp_id( id );
+ TEST_EQUAL( crv->grp_id, id );
+ TEST_EQUAL( crv->bit_size, bit_size );
+ TEST_EQUAL( crv->tls_id, tls_id );
+
+ // Load curve from TLS ID and name, and compare IDs
+ crv_tls_id = mbedtls_ecp_curve_info_from_tls_id( crv->tls_id );
+ crv_name = mbedtls_ecp_curve_info_from_name( crv->name );
+ TEST_EQUAL( crv_tls_id->grp_id, id );
+ TEST_EQUAL( crv_name->grp_id, id );
+
+ // Validate write_group against test data
+ TEST_EQUAL( mbedtls_ecp_tls_write_group( &grp, &olen,
+ buf, sizeof( buf ) ),
+ 0 );
+ TEST_EQUAL( mbedtls_test_hexcmp( buf, ecparameters, olen,
+ sizeof( ecparameters ) ),
+ 0 );
+
+ // Read group from buffer and compare with expected ID
+ TEST_EQUAL( mbedtls_ecp_tls_read_group_id( &read_g_id, &vbuf, olen ),
+ 0 );
+ TEST_EQUAL( read_g_id, id );
+ vbuf = buf;
+ TEST_EQUAL( mbedtls_ecp_tls_read_group( &grp_read, &vbuf, olen ),
+ 0 );
+ TEST_EQUAL( grp_read.id, id );
+
+ // Check curve type, and if it can be used for ECDH/ECDSA
+ TEST_EQUAL( mbedtls_ecp_get_type( &grp ), crv_type );
+ TEST_EQUAL( mbedtls_ecdh_can_do( id ), 1 );
+ TEST_EQUAL( mbedtls_ecdsa_can_do( id ),
+ crv_type == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS );
+
+ // Copy group and compare with original
+ TEST_EQUAL( mbedtls_ecp_group_copy( &grp_cpy, &grp ), 0 );
+ TEST_EQUAL( mbedtls_ecp_group_cmp( &grp, &grp_cpy ), 0 );
+
+ // Check curve is in curve list and group ID list
+ for( crv = mbedtls_ecp_curve_list( );
+ crv->grp_id != MBEDTLS_ECP_DP_NONE &&
+ crv->grp_id != (unsigned) id;
+ crv++ );
+ TEST_EQUAL( crv->grp_id, id );
+ for( g_id = mbedtls_ecp_grp_id_list( );
+ *g_id != MBEDTLS_ECP_DP_NONE && *g_id != (unsigned) id;
+ g_id++ );
+ TEST_EQUAL( *g_id, (unsigned) id );
+
+exit:
+ mbedtls_ecp_group_free( &grp ); mbedtls_ecp_group_free( &grp_cpy );
+ mbedtls_ecp_group_free( &grp_read );
+ mbedtls_mpi_free( &exp_P ); mbedtls_mpi_free( &exp_A );
+ mbedtls_mpi_free( &exp_B ); mbedtls_mpi_free( &exp_G_x );
+ mbedtls_mpi_free( &exp_G_y ); mbedtls_mpi_free( &exp_N );
+}
+/* END_CASE */
+
/* BEGIN_CASE */
void mbedtls_ecp_check_privkey( int id, char * key_hex, int ret )
{