Merge pull request #6957 from tom-cosgrove-arm/fix-spelling-of-doxygen-return
Fix doxygen return parameter spelling
diff --git a/docs/architecture/psa-migration/outcome-analysis.sh b/docs/architecture/psa-migration/outcome-analysis.sh
index 9084685..b26963b 100755
--- a/docs/architecture/psa-migration/outcome-analysis.sh
+++ b/docs/architecture/psa-migration/outcome-analysis.sh
@@ -1,42 +1,30 @@
#!/bin/sh
-# This script runs tests in various revisions and configurations and analyses
-# the results in order to highlight any difference in the set of tests skipped
-# in the test suites of interest.
+# This script runs tests before and after a PR and analyzes the results in
+# order to highlight any difference in the set of tests skipped.
#
-# It can be used to ensure the testing criteria mentioned in strategy.md,
+# It can be used to check the first testing criterion mentioned in strategy.md,
# end of section "Supporting builds with drivers without the software
-# implementation" are met, namely:
+# implementation", namely: the sets of tests skipped in the default config and
+# the full config must be the same before and after the PR.
#
-# - the sets of tests skipped in the default config and the full config must be
-# the same before and after the PR that implements step 3;
-# - the set of tests skipped in the driver-only build is the same as in an
-# equivalent software-based configuration, or the difference is small enough,
-# justified, and a github issue is created to track it.
-# This part is verified by tests/scripts/analyze_outcomes.py
+# USAGE:
+# - First, commit any uncommited changes. (Also, see warning below.)
+# - Then launch --> [SKIP_SSL_OPT=1] docs/architecture/psa-migration/outcome-analysis.sh
+# - SKIP_SSL_OPT=1 can optionally be set to skip ssl-opt.sh tests
#
# WARNING: this script checks out a commit other than the head of the current
# branch; it checks out the current branch again when running successfully,
# but while the script is running, or if it terminates early in error, you
# should be aware that you might be at a different commit than expected.
#
-# NOTE: This is only an example/template script, you should make a copy and
-# edit it to suit your needs. The part that needs editing is at the top.
-#
-# Also, you can comment out parts that don't need to be re-done when
+# NOTE: you can comment out parts that don't need to be re-done when
# re-running this script (for example "get numbers before this PR").
-# ----- BEGIN edit this -----
-# Space-separated list of test suites to ignore:
-# if SSS is in that list, test_suite_SSS and test_suite_SSS.* are ignored.
-IGNORE="md mdx shax" # accelerated
-IGNORE="$IGNORE entropy hmac_drbg random" # disabled (ext. RNG)
-IGNORE="$IGNORE psa_crypto_init" # needs internal RNG
-IGNORE="$IGNORE hkdf" # disabled in the all.sh component tested
-# ----- END edit this -----
-
set -eu
+: ${SKIP_SSL_OPT:=0}
+
cleanup() {
make clean
git checkout -- include/mbedtls/mbedtls_config.h include/psa/crypto_config.h
@@ -45,7 +33,14 @@
record() {
export MBEDTLS_TEST_OUTCOME_FILE="$PWD/outcome-$1.csv"
rm -f $MBEDTLS_TEST_OUTCOME_FILE
+
make check
+
+ if [ $SKIP_SSL_OPT -eq 0 ]; then
+ make -C programs ssl/ssl_server2 ssl/ssl_client2 \
+ test/udp_proxy test/query_compile_time_config
+ tests/ssl-opt.sh
+ fi
}
# save current HEAD
@@ -54,21 +49,26 @@
# get the numbers before this PR for default and full
cleanup
git checkout $(git merge-base HEAD development)
+
record "before-default"
cleanup
+
scripts/config.py full
record "before-full"
# get the numbers now for default and full
cleanup
git checkout $HEAD
+
record "after-default"
cleanup
+
scripts/config.py full
record "after-full"
+cleanup
# analysis
@@ -77,15 +77,19 @@
make generated_files >/dev/null
data_files=$(cd tests/suites && echo *.data)
for data in $data_files; do
- suite=${data#test_suite_}
- suite=${suite%.data}
- suite_base=${suite%%.*}
- case " $IGNORE " in
- *" $suite_base "*) :;;
- *) SUITES="$SUITES $suite";;
- esac
+ suite=${data%.data}
+ SUITES="$SUITES $suite"
done
make neat
+
+ if [ $SKIP_SSL_OPT -eq 0 ]; then
+ SUITES="$SUITES ssl-opt"
+ extra_files=$(cd tests/opt-testcases && echo *.sh)
+ for extra in $extra_files; do
+ suite=${extra%.sh}
+ SUITES="$SUITES $suite"
+ done
+ fi
}
compare_suite () {
@@ -93,7 +97,7 @@
new="outcome-$2.csv"
suite="$3"
- pattern_suite=";test_suite_$suite;"
+ pattern_suite=";$suite;"
total=$(grep -c "$pattern_suite" "$ref")
sed_cmd="s/^.*$pattern_suite\(.*\);SKIP.*/\1/p"
sed -n "$sed_cmd" "$ref" > skipped-ref
@@ -101,8 +105,9 @@
nb_ref=$(wc -l <skipped-ref)
nb_new=$(wc -l <skipped-new)
- printf "%36s: total %4d; skipped %4d -> %4d\n" \
- $suite $total $nb_ref $nb_new
+ name=${suite#test_suite_}
+ printf "%40s: total %4d; skipped %4d -> %4d\n" \
+ $name $total $nb_ref $nb_new
if diff skipped-ref skipped-new | grep '^> '; then
ret=1
else
diff --git a/docs/architecture/psa-migration/strategy.md b/docs/architecture/psa-migration/strategy.md
index 0ad5fa0..1542324 100644
--- a/docs/architecture/psa-migration/strategy.md
+++ b/docs/architecture/psa-migration/strategy.md
@@ -386,15 +386,16 @@
result in more tests being skipped, which is easy to miss. Care must be
taken to ensure this does not happen. The following criteria can be used:
-- the sets of tests skipped in the default config and the full config must be
- the same before and after the PR that implements step 3;
-- the set of tests skipped in the driver-only build is the same as in an
- equivalent software-based configuration, or the difference is small enough,
- justified, and a github issue is created to track it.
-
-Note that the favourable case is when the number of tests skipped is 0 in the
-driver-only build. In other cases, analysis of the outcome files is needed,
-see the example script `outcome-analysis.sh` in the same directory.
+1. The sets of tests skipped in the default config and the full config must be
+ the same before and after the PR that implements step 3. This is tested
+manually for each PR that changes dependency declarations by using the script
+`outcome-analysis.sh` in the present directory.
+2. The set of tests skipped in the driver-only build is the same as in an
+ equivalent software-based configuration. This is tested automatically by the
+CI in the "Results analysis" stage, by running
+`tests/scripts/analyze_outcomes.py`. See the
+`analyze_driver_vs_reference_xxx` actions in the script and the comments above
+their declaration for how to do that locally.
Migrating away from the legacy API
diff --git a/docs/getting_started.md b/docs/getting_started.md
index fdbf0e9..507afa1 100644
--- a/docs/getting_started.md
+++ b/docs/getting_started.md
@@ -1,8 +1,9 @@
-## Getting started with Mbed Crypto
+## Getting started with Mbed TLS
-### What is Mbed Crypto?
+### What is Mbed TLS?
-Mbed Crypto is an open source cryptographic library that supports a wide range of cryptographic operations, including:
+Mbed TLS is an open source cryptographic library that supports a wide range of
+cryptographic operations, including:
* Key management
* Hashing
* Symmetric cryptography
@@ -11,20 +12,25 @@
* Key generation and derivation
* Authenticated encryption with associated data (AEAD)
-The Mbed Crypto library is a reference implementation of the cryptography interface of the Arm Platform Security Architecture (PSA). It is written in portable C.
+Mbed TLS provides a reference implementation of the cryptography interface of
+the Arm Platform Security Architecture (PSA). It is written in portable C.
-The Mbed Crypto library is distributed under the Apache License, version 2.0.
+Mbed TLS is distributed under the Apache License, version 2.0.
#### Platform Security Architecture (PSA)
Arm's Platform Security Architecture (PSA) is a holistic set of threat models,
-security analyses, hardware and firmware architecture specifications, and an open source firmware reference implementation. PSA provides a recipe, based on industry best practice, that enables you to design security into both hardware and firmware consistently. Part of the API provided by PSA is the cryptography interface, which provides access to a set of primitives.
+security analyses, hardware and firmware architecture specifications, and an
+open source firmware reference implementation. PSA provides a recipe, based on
+industry best practice, that enables you to design security into both hardware
+and firmware consistently. Part of the API provided by PSA is the cryptography
+interface, which provides access to a set of primitives.
-### Using Mbed Crypto
+### Using Mbed TLS
-* [Getting the Mbed Crypto library](#getting-the-mbed-crypto-library)
-* [Building the Mbed Crypto library](#building-the-mbed-crypto-library)
-* [Using the Mbed Crypto library](#using-the-mbed-crypto-library)
+* [Getting the Mbed TLS library](#getting-the-mbed-tls-library)
+* [Building the Mbed TLS library](#building-the-mbed-tls-library)
+* [Using the PSA Crypto API](#using-the-psa-crypto-api)
* [Importing a key](#importing-a-key)
* [Signing a message using RSA](#signing-a-message-using-RSA)
* [Encrypting or decrypting using symmetric ciphers](#encrypting-or-decrypting-using-symmetric-ciphers)
@@ -33,37 +39,45 @@
* [Generating a random value](#generating-a-random-value)
* [Authenticating and encrypting or decrypting a message](#authenticating-and-encrypting-or-decrypting-a-message)
* [Generating and exporting keys](#generating-and-exporting-keys)
-* [More about the Mbed Crypto library](#more-about-the-mbed-crypto-library)
+* [More about the PSA Crypto API](#more-about-the-psa-crypto-api)
-### Getting the Mbed Crypto library
+### Getting the Mbed TLS library
-Mbed Crypto releases are available in the [public GitHub repository](https://github.com/ARMmbed/mbed-crypto).
+Mbed TLS releases are available in the [public GitHub repository](https://github.com/Mbed-TLS/mbedtls).
-### Building the Mbed Crypto library
+### Building the Mbed TLS library
**Prerequisites to building the library with the provided makefiles:**
* GNU Make.
-* A C toolchain (compiler, linker, archiver).
-* Python 2 or Python 3 (either works) to generate the test code.
+* A C toolchain (compiler, linker, archiver) that supports C99.
+* Python 3.6 to generate the test code.
* Perl to run the tests.
-If you have a C compiler such as GCC or Clang, just run `make` in the top-level directory to build the library, a set of unit tests and some sample programs.
+If you have a C compiler such as GCC or Clang, just run `make` in the top-level
+directory to build the library, a set of unit tests and some sample programs.
-To select a different compiler, set the `CC` variable to the name or path of the compiler and linker (default: `cc`) and set `AR` to a compatible archiver (default: `ar`); for example:
+To select a different compiler, set the `CC` variable to the name or path of the
+compiler and linker (default: `cc`) and set `AR` to a compatible archiver
+(default: `ar`); for example:
```
make CC=arm-linux-gnueabi-gcc AR=arm-linux-gnueabi-ar
```
-The provided makefiles pass options to the compiler that assume a GCC-like command line syntax. To use a different compiler, you may need to pass different values for `CFLAGS`, `WARNINGS_CFLAGS` and `LDFLAGS`.
+The provided makefiles pass options to the compiler that assume a GCC-like
+command line syntax. To use a different compiler, you may need to pass different
+values for `CFLAGS`, `WARNINGS_CFLAGS` and `LDFLAGS`.
-To run the unit tests on the host machine, run `make test` from the top-level directory. If you are cross-compiling, copy the test executable from the `tests` directory to the target machine.
+To run the unit tests on the host machine, run `make test` from the top-level
+directory. If you are cross-compiling, copy the test executable from the `tests`
+directory to the target machine.
-### Using the Mbed Crypto library
+### Using the PSA Crypto API
-To use the Mbed Crypto APIs, call `psa_crypto_init()` before calling any other API. This initializes the library.
+If using PSA Crypto, you must initialize the library by calling
+`psa_crypto_init()` before any other PSA API.
### Importing a key
-To use a key for cryptography operations in Mbed Crypto, you need to first
+To use a key for cryptography operations in PSA, you need to first
import it. The import operation returns the identifier of the key for use
with other function calls.
@@ -114,7 +128,8 @@
### Signing a message using RSA
-Mbed Crypto supports encrypting, decrypting, signing and verifying messages using public key signature algorithms, such as RSA or ECDSA.
+The PSA Crypto API supports encrypting, decrypting, signing and verifying
+messages using public key signature algorithms, such as RSA or ECDSA.
**Prerequisites to performing asymmetric signature operations:**
* Initialize the library with a successful call to `psa_crypto_init()`.
@@ -184,21 +199,33 @@
### Using symmetric ciphers
-Mbed Crypto supports encrypting and decrypting messages using various symmetric cipher algorithms (both block and stream ciphers).
+The PSA Crypto API supports encrypting and decrypting messages using various
+symmetric cipher algorithms (both block and stream ciphers).
**Prerequisites to working with the symmetric cipher API:**
* Initialize the library with a successful call to `psa_crypto_init()`.
-* Have a symmetric key. This key's usage flags must include `PSA_KEY_USAGE_ENCRYPT` to allow encryption or `PSA_KEY_USAGE_DECRYPT` to allow decryption.
+* Have a symmetric key. This key's usage flags must include
+ `PSA_KEY_USAGE_ENCRYPT` to allow encryption or `PSA_KEY_USAGE_DECRYPT` to
+ allow decryption.
**To encrypt a message with a symmetric cipher:**
-1. Allocate an operation (`psa_cipher_operation_t`) structure to pass to the cipher functions.
+1. Allocate an operation (`psa_cipher_operation_t`) structure to pass to the
+ cipher functions.
1. Initialize the operation structure to zero or to `PSA_CIPHER_OPERATION_INIT`.
-1. Call `psa_cipher_encrypt_setup()` to specify the algorithm and the key to be used.
-1. Call either `psa_cipher_generate_iv()` or `psa_cipher_set_iv()` to generate or set the initialization vector (IV). We recommend calling `psa_cipher_generate_iv()`, unless you require a specific IV value.
-1. Call `psa_cipher_update()` with the message to encrypt. You may call this function multiple times, passing successive fragments of the message on successive calls.
-1. Call `psa_cipher_finish()` to end the operation and output the encrypted message.
+1. Call `psa_cipher_encrypt_setup()` to specify the algorithm and the key to be
+ used.
+1. Call either `psa_cipher_generate_iv()` or `psa_cipher_set_iv()` to generate
+ or set the initialization vector (IV). We recommend calling
+ `psa_cipher_generate_iv()`, unless you require a specific IV value.
+1. Call `psa_cipher_update()` with the message to encrypt. You may call this
+ function multiple times, passing successive fragments of the message on
+ successive calls.
+1. Call `psa_cipher_finish()` to end the operation and output the encrypted
+ message.
-This example shows how to encrypt data using an AES (Advanced Encryption Standard) key in CBC (Cipher Block Chaining) mode with no padding (assuming all prerequisites have been fulfilled):
+This example shows how to encrypt data using an AES (Advanced Encryption
+Standard) key in CBC (Cipher Block Chaining) mode with no padding (assuming all
+prerequisites have been fulfilled):
```c
void encrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len)
{
@@ -275,15 +302,20 @@
```
**To decrypt a message with a symmetric cipher:**
-1. Allocate an operation (`psa_cipher_operation_t`) structure to pass to the cipher functions.
+1. Allocate an operation (`psa_cipher_operation_t`) structure to pass to the
+ cipher functions.
1. Initialize the operation structure to zero or to `PSA_CIPHER_OPERATION_INIT`.
-1. Call `psa_cipher_decrypt_setup()` to specify the algorithm and the key to be used.
+1. Call `psa_cipher_decrypt_setup()` to specify the algorithm and the key to be
+ used.
1. Call `psa_cipher_set_iv()` with the IV for the decryption.
-1. Call `psa_cipher_update()` with the message to encrypt. You may call this function multiple times, passing successive fragments of the message on successive calls.
-1. Call `psa_cipher_finish()` to end the operation and output the decrypted message.
+1. Call `psa_cipher_update()` with the message to encrypt. You may call this
+ function multiple times, passing successive fragments of the message on
+ successive calls.
+1. Call `psa_cipher_finish()` to end the operation and output the decrypted
+ message.
-This example shows how to decrypt encrypted data using an AES key in CBC mode with no padding
-(assuming all prerequisites have been fulfilled):
+This example shows how to decrypt encrypted data using an AES key in CBC mode
+with no padding (assuming all prerequisites have been fulfilled):
```c
void decrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len)
{
@@ -360,34 +392,49 @@
#### Handling cipher operation contexts
-After you've initialized the operation structure with a successful call to `psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()`, you can terminate the operation at any time by calling `psa_cipher_abort()`.
+After you've initialized the operation structure with a successful call to
+`psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()`, you can terminate
+the operation at any time by calling `psa_cipher_abort()`.
-The call to `psa_cipher_abort()` frees any resources associated with the operation, except for the operation structure itself.
+The call to `psa_cipher_abort()` frees any resources associated with the
+operation, except for the operation structure itself.
-Mbed Crypto implicitly calls `psa_cipher_abort()` when:
-* A call to `psa_cipher_generate_iv()`, `psa_cipher_set_iv()` or `psa_cipher_update()` fails (returning any status other than `PSA_SUCCESS`).
+The PSA Crypto API implicitly calls `psa_cipher_abort()` when:
+* A call to `psa_cipher_generate_iv()`, `psa_cipher_set_iv()` or
+ `psa_cipher_update()` fails (returning any status other than `PSA_SUCCESS`).
* A call to `psa_cipher_finish()` succeeds or fails.
-After an implicit or explicit call to `psa_cipher_abort()`, the operation structure is invalidated; in other words, you cannot reuse the operation structure for the same operation. You can, however, reuse the operation structure for a different operation by calling either `psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()` again.
+After an implicit or explicit call to `psa_cipher_abort()`, the operation
+structure is invalidated; in other words, you cannot reuse the operation
+structure for the same operation. You can, however, reuse the operation
+structure for a different operation by calling either
+`psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()` again.
-You must call `psa_cipher_abort()` at some point for any operation that is initialized successfully (by a successful call to `psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()`).
+You must call `psa_cipher_abort()` at some point for any operation that is
+initialized successfully (by a successful call to `psa_cipher_encrypt_setup()`
+or `psa_cipher_decrypt_setup()`).
-Making multiple sequential calls to `psa_cipher_abort()` on an operation that is terminated (either implicitly or explicitly) is safe and has no effect.
+Making multiple sequential calls to `psa_cipher_abort()` on an operation that
+is terminated (either implicitly or explicitly) is safe and has no effect.
### Hashing a message
-Mbed Crypto lets you compute and verify hashes using various hashing
+The PSA Crypto API lets you compute and verify hashes using various hashing
algorithms.
**Prerequisites to working with the hash APIs:**
* Initialize the library with a successful call to `psa_crypto_init()`.
**To calculate a hash:**
-1. Allocate an operation structure (`psa_hash_operation_t`) to pass to the hash functions.
+1. Allocate an operation structure (`psa_hash_operation_t`) to pass to the hash
+ functions.
1. Initialize the operation structure to zero or to `PSA_HASH_OPERATION_INIT`.
1. Call `psa_hash_setup()` to specify the hash algorithm.
-1. Call `psa_hash_update()` with the message to encrypt. You may call this function multiple times, passing successive fragments of the message on successive calls.
-1. Call `psa_hash_finish()` to calculate the hash, or `psa_hash_verify()` to compare the computed hash with an expected hash value.
+1. Call `psa_hash_update()` with the message to encrypt. You may call this
+ function multiple times, passing successive fragments of the message on
+ successive calls.
+1. Call `psa_hash_finish()` to calculate the hash, or `psa_hash_verify()` to
+ compare the computed hash with an expected hash value.
This example shows how to calculate the SHA-256 hash of a message:
```c
@@ -482,33 +529,46 @@
mbedtls_psa_crypto_free();
```
-The API provides the macro `PSA_HASH_LENGTH`, which returns the expected hash length (in bytes) for the specified algorithm.
+The API provides the macro `PSA_HASH_LENGTH`, which returns the expected hash
+length (in bytes) for the specified algorithm.
#### Handling hash operation contexts
-After a successful call to `psa_hash_setup()`, you can terminate the operation at any time by calling `psa_hash_abort()`. The call to `psa_hash_abort()` frees any resources associated with the operation, except for the operation structure itself.
+After a successful call to `psa_hash_setup()`, you can terminate the operation
+at any time by calling `psa_hash_abort()`. The call to `psa_hash_abort()` frees
+any resources associated with the operation, except for the operation structure
+itself.
-Mbed Crypto implicitly calls `psa_hash_abort()` when:
-1. A call to `psa_hash_update()` fails (returning any status other than `PSA_SUCCESS`).
+The PSA Crypto API implicitly calls `psa_hash_abort()` when:
+1. A call to `psa_hash_update()` fails (returning any status other than
+ `PSA_SUCCESS`).
1. A call to `psa_hash_finish()` succeeds or fails.
1. A call to `psa_hash_verify()` succeeds or fails.
-After an implicit or explicit call to `psa_hash_abort()`, the operation structure is invalidated; in other words, you cannot reuse the operation structure for the same operation. You can, however, reuse the operation structure for a different operation by calling `psa_hash_setup()` again.
+After an implicit or explicit call to `psa_hash_abort()`, the operation
+structure is invalidated; in other words, you cannot reuse the operation
+structure for the same operation. You can, however, reuse the operation
+structure for a different operation by calling `psa_hash_setup()` again.
-You must call `psa_hash_abort()` at some point for any operation that is initialized successfully (by a successful call to `psa_hash_setup()`) .
+You must call `psa_hash_abort()` at some point for any operation that is
+initialized successfully (by a successful call to `psa_hash_setup()`) .
-Making multiple sequential calls to `psa_hash_abort()` on an operation that has already been terminated (either implicitly or explicitly) is safe and has no effect.
+Making multiple sequential calls to `psa_hash_abort()` on an operation that has
+already been terminated (either implicitly or explicitly) is safe and has no
+effect.
### Generating a random value
-Mbed Crypto can generate random data.
+The PSA Crypto API can generate random data.
**Prerequisites to generating random data:**
* Initialize the library with a successful call to `psa_crypto_init()`.
-<span class="notes">**Note:** To generate a random key, use `psa_generate_key()` instead of `psa_generate_random()`.</span>
+<span class="notes">**Note:** To generate a random key, use `psa_generate_key()`
+instead of `psa_generate_random()`.</span>
-This example shows how to generate ten bytes of random data by calling `psa_generate_random()`:
+This example shows how to generate ten bytes of random data by calling
+`psa_generate_random()`:
```C
psa_status_t status;
uint8_t random[10] = { 0 };
@@ -537,16 +597,19 @@
### Deriving a new key from an existing key
-Mbed Crypto provides a key derivation API that lets you derive new keys from
-existing ones. The key derivation API has functions to take inputs, including
-other keys and data, and functions to generate outputs, such as new keys or
-other data.
+The PSA Crypto API provides a key derivation API that lets you derive new keys
+from existing ones. The key derivation API has functions to take inputs,
+including other keys and data, and functions to generate outputs, such as
+new keys or other data.
You must first initialize and set up a key derivation context,
-provided with a key and, optionally, other data. Then, use the key derivation context to either read derived data to a buffer or send derived data directly to a key slot.
+provided with a key and, optionally, other data. Then, use the key derivation
+context to either read derived data to a buffer or send derived data directly
+to a key slot.
-See the documentation for the particular algorithm (such as HKDF or the TLS1.2 PRF) for
-information about which inputs to pass when, and when you can obtain which outputs.
+See the documentation for the particular algorithm (such as HKDF or the
+TLS 1.2 PRF) for information about which inputs to pass when, and when you can
+obtain which outputs.
**Prerequisites to working with the key derivation APIs:**
* Initialize the library with a successful call to `psa_crypto_init()`.
@@ -563,11 +626,11 @@
function, specifying the derivation algorithm `PSA_ALG_HKDF(PSA_ALG_SHA_256)`.
1. Provide an optional salt with `psa_key_derivation_input_bytes()`.
1. Provide info with `psa_key_derivation_input_bytes()`.
-1. Provide a secret with `psa_key_derivation_input_key()`, referencing a key that
- can be used for key derivation.
+1. Provide a secret with `psa_key_derivation_input_key()`, referencing a key
+ that can be used for key derivation.
1. Set the key attributes desired for the new derived key. We'll set
- the `PSA_KEY_USAGE_ENCRYPT` usage flag and the `PSA_ALG_CTR` algorithm for this
- example.
+ the `PSA_KEY_USAGE_ENCRYPT` usage flag and the `PSA_ALG_CTR` algorithm for
+ this example.
1. Derive the key by calling `psa_key_derivation_output_key()`.
1. Clean up the key derivation context.
@@ -675,11 +738,13 @@
### Authenticating and encrypting or decrypting a message
-Mbed Crypto provides a simple way to authenticate and encrypt with associated data (AEAD), supporting the `PSA_ALG_CCM` algorithm.
+The PSA Crypto API provides a simple way to authenticate and encrypt with
+associated data (AEAD), supporting the `PSA_ALG_CCM` algorithm.
**Prerequisites to working with the AEAD cipher APIs:**
* Initialize the library with a successful call to `psa_crypto_init()`.
-* The key attributes for the key used for derivation must have the `PSA_KEY_USAGE_ENCRYPT` or `PSA_KEY_USAGE_DECRYPT` usage flags.
+* The key attributes for the key used for derivation must have the
+ `PSA_KEY_USAGE_ENCRYPT` or `PSA_KEY_USAGE_DECRYPT` usage flags.
This example shows how to authenticate and encrypt a message:
```C
@@ -829,7 +894,7 @@
### Generating and exporting keys
-Mbed Crypto provides a simple way to generate a key or key pair.
+The PSA Crypto API provides a simple way to generate a key or key pair.
**Prerequisites to using key generation and export APIs:**
* Initialize the library with a successful call to `psa_crypto_init()`.
@@ -837,7 +902,9 @@
**To generate an ECDSA key:**
1. Set the desired key attributes for key generation by calling
`psa_set_key_algorithm()` with the chosen ECDSA algorithm (such as
- `PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)`). You only want to export the public key, not the key pair (or private key); therefore, do not set `PSA_KEY_USAGE_EXPORT`.
+ `PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)`). You only want to export the
+ public key, not the key pair (or private key); therefore, do not
+ set `PSA_KEY_USAGE_EXPORT`.
1. Generate a key by calling `psa_generate_key()`.
1. Export the generated public key by calling `psa_export_public_key()`:
```C
@@ -891,4 +958,5 @@
### More about the PSA Crypto API
-For more information about the PSA Crypto API, please see the [PSA Cryptography API Specification](https://armmbed.github.io/mbed-crypto/html/index.html).
+For more information about the PSA Crypto API, please see the
+[PSA Cryptography API Specification](https://arm-software.github.io/psa-api/crypto/).
diff --git a/library/bignum_mod.c b/library/bignum_mod.c
index e701a68..e986865 100644
--- a/library/bignum_mod.c
+++ b/library/bignum_mod.c
@@ -35,15 +35,15 @@
#include "constant_time_internal.h"
int mbedtls_mpi_mod_residue_setup(mbedtls_mpi_mod_residue *r,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
mbedtls_mpi_uint *p,
size_t p_limbs)
{
- if (p_limbs != m->limbs || !mbedtls_mpi_core_lt_ct(p, m->p, m->limbs)) {
+ if (p_limbs != N->limbs || !mbedtls_mpi_core_lt_ct(p, N->p, N->limbs)) {
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
- r->limbs = m->limbs;
+ r->limbs = N->limbs;
r->p = p;
return 0;
@@ -59,45 +59,45 @@
r->p = NULL;
}
-void mbedtls_mpi_mod_modulus_init(mbedtls_mpi_mod_modulus *m)
+void mbedtls_mpi_mod_modulus_init(mbedtls_mpi_mod_modulus *N)
{
- if (m == NULL) {
+ if (N == NULL) {
return;
}
- m->p = NULL;
- m->limbs = 0;
- m->bits = 0;
- m->int_rep = MBEDTLS_MPI_MOD_REP_INVALID;
+ N->p = NULL;
+ N->limbs = 0;
+ N->bits = 0;
+ N->int_rep = MBEDTLS_MPI_MOD_REP_INVALID;
}
-void mbedtls_mpi_mod_modulus_free(mbedtls_mpi_mod_modulus *m)
+void mbedtls_mpi_mod_modulus_free(mbedtls_mpi_mod_modulus *N)
{
- if (m == NULL) {
+ if (N == NULL) {
return;
}
- switch (m->int_rep) {
+ switch (N->int_rep) {
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
- if (m->rep.mont.rr != NULL) {
- mbedtls_platform_zeroize((mbedtls_mpi_uint *) m->rep.mont.rr,
- m->limbs * sizeof(mbedtls_mpi_uint));
- mbedtls_free((mbedtls_mpi_uint *) m->rep.mont.rr);
- m->rep.mont.rr = NULL;
+ if (N->rep.mont.rr != NULL) {
+ mbedtls_platform_zeroize((mbedtls_mpi_uint *) N->rep.mont.rr,
+ N->limbs * sizeof(mbedtls_mpi_uint));
+ mbedtls_free((mbedtls_mpi_uint *) N->rep.mont.rr);
+ N->rep.mont.rr = NULL;
}
- m->rep.mont.mm = 0;
+ N->rep.mont.mm = 0;
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
- mbedtls_free(m->rep.ored);
+ mbedtls_free(N->rep.ored);
break;
case MBEDTLS_MPI_MOD_REP_INVALID:
break;
}
- m->p = NULL;
- m->limbs = 0;
- m->bits = 0;
- m->int_rep = MBEDTLS_MPI_MOD_REP_INVALID;
+ N->p = NULL;
+ N->limbs = 0;
+ N->bits = 0;
+ N->int_rep = MBEDTLS_MPI_MOD_REP_INVALID;
}
static int set_mont_const_square(const mbedtls_mpi_uint **X,
@@ -136,26 +136,26 @@
return ret;
}
-int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *m,
+int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_mpi_uint *p,
size_t p_limbs,
mbedtls_mpi_mod_rep_selector int_rep)
{
int ret = 0;
- m->p = p;
- m->limbs = p_limbs;
- m->bits = mbedtls_mpi_core_bitlen(p, p_limbs);
+ N->p = p;
+ N->limbs = p_limbs;
+ N->bits = mbedtls_mpi_core_bitlen(p, p_limbs);
switch (int_rep) {
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
- m->int_rep = int_rep;
- m->rep.mont.mm = mbedtls_mpi_core_montmul_init(m->p);
- ret = set_mont_const_square(&m->rep.mont.rr, m->p, m->limbs);
+ N->int_rep = int_rep;
+ N->rep.mont.mm = mbedtls_mpi_core_montmul_init(N->p);
+ ret = set_mont_const_square(&N->rep.mont.rr, N->p, N->limbs);
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
- m->int_rep = int_rep;
- m->rep.ored = NULL;
+ N->int_rep = int_rep;
+ N->rep.ored = NULL;
break;
default:
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
@@ -165,7 +165,7 @@
exit:
if (ret != 0) {
- mbedtls_mpi_mod_modulus_free(m);
+ mbedtls_mpi_mod_modulus_free(N);
}
return ret;
@@ -349,7 +349,7 @@
/* BEGIN MERGE SLOT 7 */
int mbedtls_mpi_mod_read(mbedtls_mpi_mod_residue *r,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
const unsigned char *buf,
size_t buflen,
mbedtls_mpi_mod_ext_rep ext_rep)
@@ -357,28 +357,28 @@
int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
/* Do our best to check if r and m have been set up */
- if (r->limbs == 0 || m->limbs == 0) {
+ if (r->limbs == 0 || N->limbs == 0) {
goto cleanup;
}
- if (r->limbs != m->limbs) {
+ if (r->limbs != N->limbs) {
goto cleanup;
}
- ret = mbedtls_mpi_mod_raw_read(r->p, m, buf, buflen, ext_rep);
+ ret = mbedtls_mpi_mod_raw_read(r->p, N, buf, buflen, ext_rep);
if (ret != 0) {
goto cleanup;
}
- r->limbs = m->limbs;
+ r->limbs = N->limbs;
- ret = mbedtls_mpi_mod_raw_canonical_to_modulus_rep(r->p, m);
+ ret = mbedtls_mpi_mod_raw_canonical_to_modulus_rep(r->p, N);
cleanup:
return ret;
}
int mbedtls_mpi_mod_write(const mbedtls_mpi_mod_residue *r,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
unsigned char *buf,
size_t buflen,
mbedtls_mpi_mod_ext_rep ext_rep)
@@ -386,28 +386,28 @@
int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
/* Do our best to check if r and m have been set up */
- if (r->limbs == 0 || m->limbs == 0) {
+ if (r->limbs == 0 || N->limbs == 0) {
goto cleanup;
}
- if (r->limbs != m->limbs) {
+ if (r->limbs != N->limbs) {
goto cleanup;
}
- if (m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
- ret = mbedtls_mpi_mod_raw_from_mont_rep(r->p, m);
+ if (N->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
+ ret = mbedtls_mpi_mod_raw_from_mont_rep(r->p, N);
if (ret != 0) {
goto cleanup;
}
}
- ret = mbedtls_mpi_mod_raw_write(r->p, m, buf, buflen, ext_rep);
+ ret = mbedtls_mpi_mod_raw_write(r->p, N, buf, buflen, ext_rep);
- if (m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
+ if (N->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
/* If this fails, the value of r is corrupted and we want to return
* this error (as opposed to the error code from the write above) to
* let the caller know. If it succeeds, we want to return the error
* code from write above. */
- int conv_ret = mbedtls_mpi_mod_raw_to_mont_rep(r->p, m);
+ int conv_ret = mbedtls_mpi_mod_raw_to_mont_rep(r->p, N);
if (ret == 0) {
ret = conv_ret;
}
diff --git a/library/bignum_mod.h b/library/bignum_mod.h
index 0a22e71..d8c8b7d 100644
--- a/library/bignum_mod.h
+++ b/library/bignum_mod.h
@@ -140,34 +140,34 @@
/** Setup a residue structure.
*
- * The residue will be set up with the buffer \p p and modulus \p m.
+ * The residue will be set up with the buffer \p p and modulus \p N.
*
* The memory pointed to by \p p will be used by the resulting residue structure.
* The value at the pointed-to memory will be the initial value of \p r and must
* hold a value that is less than the modulus. This value will be used as-is
- * and interpreted according to the value of the `m->int_rep` field.
+ * and interpreted according to the value of the `N->int_rep` field.
*
- * The modulus \p m will be the modulus associated with \p r. The residue \p r
- * should only be used in operations where the modulus is \p m.
+ * The modulus \p N will be the modulus associated with \p r. The residue \p r
+ * should only be used in operations where the modulus is \p N.
*
* \param[out] r The address of the residue to setup.
- * \param[in] m The address of the modulus related to \p r.
+ * \param[in] N The address of the modulus related to \p r.
* \param[in] p The address of the limb array containing the value of \p r.
* The memory pointed to by \p p will be used by \p r and must
* not be modified in any way until after
* mbedtls_mpi_mod_residue_release() is called. The data
* pointed to by \p p must be less than the modulus (the value
- * pointed to by `m->p`) and already in the representation
- * indicated by `m->int_rep`.
+ * pointed to by `N->p`) and already in the representation
+ * indicated by `N->int_rep`.
* \param p_limbs The number of limbs of \p p. Must be the same as the number
- * of limbs in the modulus \p m.
+ * of limbs in the modulus \p N.
*
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p p_limbs is less than the
- * limbs in \p m or if \p p is not less than \p m.
+ * limbs in \p N or if \p p is not less than \p N.
*/
int mbedtls_mpi_mod_residue_setup(mbedtls_mpi_mod_residue *r,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
mbedtls_mpi_uint *p,
size_t p_limbs);
@@ -185,25 +185,25 @@
/** Initialize a modulus structure.
*
- * \param[out] m The address of the modulus structure to initialize.
+ * \param[out] N The address of the modulus structure to initialize.
*/
-void mbedtls_mpi_mod_modulus_init(mbedtls_mpi_mod_modulus *m);
+void mbedtls_mpi_mod_modulus_init(mbedtls_mpi_mod_modulus *N);
/** Setup a modulus structure.
*
- * \param[out] m The address of the modulus structure to populate.
- * \param[in] p The address of the limb array storing the value of \p m.
- * The memory pointed to by \p p will be used by \p m and must
+ * \param[out] N The address of the modulus structure to populate.
+ * \param[in] p The address of the limb array storing the value of \p N.
+ * The memory pointed to by \p p will be used by \p N and must
* not be modified in any way until after
* mbedtls_mpi_mod_modulus_free() is called.
* \param p_limbs The number of limbs of \p p.
* \param int_rep The internal representation to be used for residues
- * associated with \p m (see #mbedtls_mpi_mod_rep_selector).
+ * associated with \p N (see #mbedtls_mpi_mod_rep_selector).
*
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p int_rep is invalid.
*/
-int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *m,
+int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_mpi_uint *p,
size_t p_limbs,
mbedtls_mpi_mod_rep_selector int_rep);
@@ -216,9 +216,9 @@
* mbedtls_mpi_mod_modulus_setup() only removes the reference to it,
* making it safe to free or to use it again.
*
- * \param[in,out] m The address of the modulus structure to free.
+ * \param[in,out] N The address of the modulus structure to free.
*/
-void mbedtls_mpi_mod_modulus_free(mbedtls_mpi_mod_modulus *m);
+void mbedtls_mpi_mod_modulus_free(mbedtls_mpi_mod_modulus *N);
/* BEGIN MERGE SLOT 1 */
@@ -401,16 +401,16 @@
/** Read a residue from a byte buffer.
*
* The residue will be automatically converted to the internal representation
- * based on the value of the `m->int_rep` field.
+ * based on the value of the `N->int_rep` field.
*
- * The modulus \p m will be the modulus associated with \p r. The residue \p r
- * should only be used in operations where the modulus is \p m or a modulus
- * equivalent to \p m (in the sense that all their fields or memory pointed by
+ * The modulus \p N will be the modulus associated with \p r. The residue \p r
+ * should only be used in operations where the modulus is \p N or a modulus
+ * equivalent to \p N (in the sense that all their fields or memory pointed by
* their fields hold the same value).
*
* \param[out] r The address of the residue. It must have exactly the same
- * number of limbs as the modulus \p m.
- * \param[in] m The address of the modulus.
+ * number of limbs as the modulus \p N.
+ * \param[in] N The address of the modulus.
* \param[in] buf The input buffer to import from.
* \param buflen The length in bytes of \p buf.
* \param ext_rep The endianness of the number in the input buffer.
@@ -419,32 +419,32 @@
* \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p r isn't
* large enough to hold the value in \p buf.
* \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p ext_rep
- * is invalid or the value in the buffer is not less than \p m.
+ * is invalid or the value in the buffer is not less than \p N.
*/
int mbedtls_mpi_mod_read(mbedtls_mpi_mod_residue *r,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
const unsigned char *buf,
size_t buflen,
mbedtls_mpi_mod_ext_rep ext_rep);
/** Write a residue into a byte buffer.
*
- * The modulus \p m must be the modulus associated with \p r (see
+ * The modulus \p N must be the modulus associated with \p r (see
* mbedtls_mpi_mod_residue_setup() and mbedtls_mpi_mod_read()).
*
* The residue will be automatically converted from the internal representation
- * based on the value of `m->int_rep` field.
+ * based on the value of `N->int_rep` field.
*
- * \warning If the buffer is smaller than `m->bits`, the number of
+ * \warning If the buffer is smaller than `N->bits`, the number of
* leading zeroes is leaked through timing. If \p r is
* secret, the caller must ensure that \p buflen is at least
- * (`m->bits`+7)/8.
+ * (`N->bits`+7)/8.
*
* \param[in] r The address of the residue. It must have the same number of
- * limbs as the modulus \p m. (\p r is an input parameter, but
+ * limbs as the modulus \p N. (\p r is an input parameter, but
* its value will be modified during execution and restored
* before the function returns.)
- * \param[in] m The address of the modulus associated with \r.
+ * \param[in] N The address of the modulus associated with \r.
* \param[out] buf The output buffer to export to.
* \param buflen The length in bytes of \p buf.
* \param ext_rep The endianness in which the number should be written into
@@ -460,7 +460,7 @@
* MBEDTLS_MPI_MOD_REP_MONTGOMERY.
*/
int mbedtls_mpi_mod_write(const mbedtls_mpi_mod_residue *r,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
unsigned char *buf,
size_t buflen,
mbedtls_mpi_mod_ext_rep ext_rep);
diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c
index aa2bd46..826dd07 100644
--- a/library/bignum_mod_raw.c
+++ b/library/bignum_mod_raw.c
@@ -50,7 +50,7 @@
}
int mbedtls_mpi_mod_raw_read(mbedtls_mpi_uint *X,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
const unsigned char *input,
size_t input_length,
mbedtls_mpi_mod_ext_rep ext_rep)
@@ -59,11 +59,11 @@
switch (ext_rep) {
case MBEDTLS_MPI_MOD_EXT_REP_LE:
- ret = mbedtls_mpi_core_read_le(X, m->limbs,
+ ret = mbedtls_mpi_core_read_le(X, N->limbs,
input, input_length);
break;
case MBEDTLS_MPI_MOD_EXT_REP_BE:
- ret = mbedtls_mpi_core_read_be(X, m->limbs,
+ ret = mbedtls_mpi_core_read_be(X, N->limbs,
input, input_length);
break;
default:
@@ -74,7 +74,7 @@
goto cleanup;
}
- if (!mbedtls_mpi_core_lt_ct(X, m->p, m->limbs)) {
+ if (!mbedtls_mpi_core_lt_ct(X, N->p, N->limbs)) {
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
goto cleanup;
}
@@ -85,17 +85,17 @@
}
int mbedtls_mpi_mod_raw_write(const mbedtls_mpi_uint *A,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
unsigned char *output,
size_t output_length,
mbedtls_mpi_mod_ext_rep ext_rep)
{
switch (ext_rep) {
case MBEDTLS_MPI_MOD_EXT_REP_LE:
- return mbedtls_mpi_core_write_le(A, m->limbs,
+ return mbedtls_mpi_core_write_le(A, N->limbs,
output, output_length);
case MBEDTLS_MPI_MOD_EXT_REP_BE:
- return mbedtls_mpi_core_write_be(A, m->limbs,
+ return mbedtls_mpi_core_write_be(A, N->limbs,
output, output_length);
default:
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
@@ -229,17 +229,17 @@
/* BEGIN MERGE SLOT 7 */
int mbedtls_mpi_mod_raw_to_mont_rep(mbedtls_mpi_uint *X,
- const mbedtls_mpi_mod_modulus *m)
+ const mbedtls_mpi_mod_modulus *N)
{
mbedtls_mpi_uint *T;
- const size_t t_limbs = mbedtls_mpi_core_montmul_working_limbs(m->limbs);
+ const size_t t_limbs = mbedtls_mpi_core_montmul_working_limbs(N->limbs);
if ((T = (mbedtls_mpi_uint *) mbedtls_calloc(t_limbs, ciL)) == NULL) {
return MBEDTLS_ERR_MPI_ALLOC_FAILED;
}
- mbedtls_mpi_core_to_mont_rep(X, X, m->p, m->limbs,
- m->rep.mont.mm, m->rep.mont.rr, T);
+ mbedtls_mpi_core_to_mont_rep(X, X, N->p, N->limbs,
+ N->rep.mont.mm, N->rep.mont.rr, T);
mbedtls_platform_zeroize(T, t_limbs * ciL);
mbedtls_free(T);
@@ -247,16 +247,16 @@
}
int mbedtls_mpi_mod_raw_from_mont_rep(mbedtls_mpi_uint *X,
- const mbedtls_mpi_mod_modulus *m)
+ const mbedtls_mpi_mod_modulus *N)
{
- const size_t t_limbs = mbedtls_mpi_core_montmul_working_limbs(m->limbs);
+ const size_t t_limbs = mbedtls_mpi_core_montmul_working_limbs(N->limbs);
mbedtls_mpi_uint *T;
if ((T = (mbedtls_mpi_uint *) mbedtls_calloc(t_limbs, ciL)) == NULL) {
return MBEDTLS_ERR_MPI_ALLOC_FAILED;
}
- mbedtls_mpi_core_from_mont_rep(X, X, m->p, m->limbs, m->rep.mont.mm, T);
+ mbedtls_mpi_core_from_mont_rep(X, X, N->p, N->limbs, N->rep.mont.mm, T);
mbedtls_platform_zeroize(T, t_limbs * ciL);
mbedtls_free(T);
@@ -265,14 +265,14 @@
void mbedtls_mpi_mod_raw_neg(mbedtls_mpi_uint *X,
const mbedtls_mpi_uint *A,
- const mbedtls_mpi_mod_modulus *m)
+ const mbedtls_mpi_mod_modulus *N)
{
- mbedtls_mpi_core_sub(X, m->p, A, m->limbs);
+ mbedtls_mpi_core_sub(X, N->p, A, N->limbs);
/* If A=0 initially, then X=N now. Detect this by
* subtracting N and catching the carry. */
- mbedtls_mpi_uint borrow = mbedtls_mpi_core_sub(X, X, m->p, m->limbs);
- (void) mbedtls_mpi_core_add_if(X, m->p, m->limbs, (unsigned) borrow);
+ mbedtls_mpi_uint borrow = mbedtls_mpi_core_sub(X, X, N->p, N->limbs);
+ (void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) borrow);
}
/* END MERGE SLOT 7 */
diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h
index 94f8503..a32500f 100644
--- a/library/bignum_mod_raw.h
+++ b/library/bignum_mod_raw.h
@@ -145,10 +145,10 @@
* The MPI needs to have enough limbs to store the full value (including any
* most significant zero bytes in the input).
*
- * \param[out] X The address of the MPI. The size is determined by \p m.
+ * \param[out] X The address of the MPI. The size is determined by \p N.
* (In particular, it must have at least as many limbs as
- * the modulus \p m.)
- * \param[in] m The address of the modulus related to \p X.
+ * the modulus \p N.)
+ * \param[in] N The address of the modulus related to \p X.
* \param[in] input The input buffer to import from.
* \param input_length The length in bytes of \p input.
* \param ext_rep The endianness of the number in the input buffer.
@@ -157,20 +157,20 @@
* \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't
* large enough to hold the value in \p input.
* \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external representation
- * of \p m is invalid or \p X is not less than \p m.
+ * of \p N is invalid or \p X is not less than \p N.
*/
int mbedtls_mpi_mod_raw_read(mbedtls_mpi_uint *X,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
const unsigned char *input,
size_t input_length,
mbedtls_mpi_mod_ext_rep ext_rep);
/** Export A into unsigned binary data.
*
- * \param[in] A The address of the MPI. The size is determined by \p m.
+ * \param[in] A The address of the MPI. The size is determined by \p N.
* (In particular, it must have at least as many limbs as
- * the modulus \p m.)
- * \param[in] m The address of the modulus related to \p A.
+ * the modulus \p N.)
+ * \param[in] N The address of the modulus related to \p A.
* \param[out] output The output buffer to export to.
* \param output_length The length in bytes of \p output.
* \param ext_rep The endianness in which the number should be written into the output buffer.
@@ -179,10 +179,10 @@
* \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p output isn't
* large enough to hold the value of \p A.
* \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external representation
- * of \p m is invalid.
+ * of \p N is invalid.
*/
int mbedtls_mpi_mod_raw_write(const mbedtls_mpi_uint *A,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
unsigned char *output,
size_t output_length,
mbedtls_mpi_mod_ext_rep ext_rep);
@@ -410,43 +410,43 @@
/** Convert an MPI into Montgomery form.
*
* \param X The address of the MPI.
- * Must have the same number of limbs as \p m.
- * \param m The address of the modulus, which gives the size of
- * the base `R` = 2^(biL*m->limbs).
+ * Must have the same number of limbs as \p N.
+ * \param N The address of the modulus, which gives the size of
+ * the base `R` = 2^(biL*N->limbs).
*
* \return \c 0 if successful.
*/
int mbedtls_mpi_mod_raw_to_mont_rep(mbedtls_mpi_uint *X,
- const mbedtls_mpi_mod_modulus *m);
+ const mbedtls_mpi_mod_modulus *N);
/** Convert an MPI back from Montgomery representation.
*
* \param X The address of the MPI.
- * Must have the same number of limbs as \p m.
- * \param m The address of the modulus, which gives the size of
- * the base `R`= 2^(biL*m->limbs).
+ * Must have the same number of limbs as \p N.
+ * \param N The address of the modulus, which gives the size of
+ * the base `R`= 2^(biL*N->limbs).
*
* \return \c 0 if successful.
*/
int mbedtls_mpi_mod_raw_from_mont_rep(mbedtls_mpi_uint *X,
- const mbedtls_mpi_mod_modulus *m);
+ const mbedtls_mpi_mod_modulus *N);
/** \brief Perform fixed width modular negation.
*
- * The size of the operation is determined by \p m. \p A must have
- * the same number of limbs as \p m.
+ * The size of the operation is determined by \p N. \p A must have
+ * the same number of limbs as \p N.
*
* \p X may be aliased to \p A.
*
* \param[out] X The result of the modular negation.
* This must be initialized.
* \param[in] A Little-endian presentation of the input operand. This
- * must be less than or equal to \p m.
- * \param[in] m The modulus to use.
+ * must be less than or equal to \p N.
+ * \param[in] N The modulus to use.
*/
void mbedtls_mpi_mod_raw_neg(mbedtls_mpi_uint *X,
const mbedtls_mpi_uint *A,
- const mbedtls_mpi_mod_modulus *m);
+ const mbedtls_mpi_mod_modulus *N);
/* END MERGE SLOT 7 */
/* BEGIN MERGE SLOT 8 */
diff --git a/tests/Makefile b/tests/Makefile
index f037338..312607e 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -203,6 +203,7 @@
rm -f src/*.o src/drivers/*.o src/libmbed*
rm -f include/test/instrument_record_status.h
rm -rf libtestdriver1
+ rm -f ../library/libtestdriver1.a
else
if exist *.c del /Q /F *.c
if exist *.exe del /Q /F *.exe
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index bf40764..2221d59 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -133,13 +133,14 @@
pre_initialize_variables () {
CONFIG_H='include/mbedtls/mbedtls_config.h'
CRYPTO_CONFIG_H='include/psa/crypto_config.h'
+ CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
# Files that are clobbered by some jobs will be backed up. Use a different
# suffix from auxiliary scripts so that all.sh and auxiliary scripts can
# independently decide when to remove the backup file.
backup_suffix='.all.bak'
# Files clobbered by config.py
- files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H"
+ files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H"
# Files clobbered by in-tree cmake
files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
@@ -2040,6 +2041,12 @@
component_test_psa_crypto_config_accel_ecdsa () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
+ # Algorithms and key types to accelerate
+ loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
+
+ # Configure and build the test driver library
+ # -------------------------------------------
+
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
# partial support for cipher operations in the driver test library.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
@@ -2050,32 +2057,121 @@
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA384_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C
- loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
- # Restore test driver base configuration
- scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA224_C
- scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA384_C
- scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C
+ # Configure and build the test driver library
+ # -------------------------------------------
+ # Start from default config (no USE_PSA) + driver support + TLS 1.3
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
+
+ # Disable the module that's accelerated
scripts/config.py unset MBEDTLS_ECDSA_C
+
+ # Disable things that depend on it
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+ # Build the library
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+ # Make sure ECDSA was not re-enabled by accident (additive config)
not grep mbedtls_ecdsa_ library/ecdsa.o
+ # Run the tests
+ # -------------
+
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
make test
}
+# Auxiliary function to build config for hashes with and without drivers
+config_psa_crypto_config_ecdsa_use_psa () {
+ DRIVER_ONLY="$1"
+ # start with config full for maximum coverage (also enables USE_PSA)
+ scripts/config.py full
+ # enable support for drivers and configuring PSA-only algorithms
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
+ if [ "$DRIVER_ONLY" -eq 1 ]; then
+ # Disable the module that's accelerated
+ scripts/config.py unset MBEDTLS_ECDSA_C
+ fi
+ # Disable things that depend on it
+ # TODO: make these work - #6862
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+}
+
+# Keep in sync with component_test_psa_crypto_config_reference_ecdsa_use_psa
+component_test_psa_crypto_config_accel_ecdsa_use_psa () {
+ msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA + USE_PSA"
+
+ # Algorithms and key types to accelerate
+ loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
+
+ # Configure and build the test driver library
+ # -------------------------------------------
+
+ # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
+ # partial support for cipher operations in the driver test library.
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
+
+ # All SHA-2 variants are needed for ECDSA signature tests,
+ # but only SHA-256 is enabled by default, so enable the others.
+ scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA224_C
+ scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA384_C
+ scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C
+
+ loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
+ make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
+
+ # Configure and build the main libraries with drivers enabled
+ # -----------------------------------------------------------
+
+ # Use the same config as reference, only without built-in ECDSA
+ config_psa_crypto_config_ecdsa_use_psa 1
+
+ # Build the library
+ loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
+ make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+
+ # Make sure ECDSA was not re-enabled by accident (additive config)
+ not grep mbedtls_ecdsa_ library/ecdsa.o
+
+ # Run the tests
+ # -------------
+
+ msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA + USE_PSA"
+ make test
+
+ # TODO: ssl-opt.sh (currently doesn't pass) - #6861
+}
+
+# Keep in sync with component_test_psa_crypto_config_accel_ecdsa_use_psa.
+# Used by tests/scripts/analyze_outcomes.py for comparison purposes.
+component_test_psa_crypto_config_reference_ecdsa_use_psa () {
+ msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA + USE_PSA"
+
+ # To be aligned with the accel component that needs this
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
+
+ config_psa_crypto_config_ecdsa_use_psa 0
+
+ make
+
+ msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA + USE_PSA"
+ make test
+
+ # TODO: ssl-opt.sh (when the accel component is ready) - #6861
+}
+
component_test_psa_crypto_config_accel_ecdh () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
@@ -2153,15 +2249,6 @@
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
- # Restore test driver base configuration
- scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA1_C
- scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA224_C
- scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C
- scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_MD_C
- scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_PEM_PARSE_C
- scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_BASE64_C
-
-
# Mbed TLS library build
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index bb44396..eeded5f 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -87,8 +87,8 @@
driver_test_passed = True
if component_ref in entry:
reference_test_passed = True
- if(driver_test_passed is False and reference_test_passed is True):
- print('{}: driver: skipped/failed; reference: passed'.format(key))
+ if(reference_test_passed and not driver_test_passed):
+ print(key)
result = False
return result
@@ -123,6 +123,7 @@
"""Perform coverage analysis."""
del args # unused
outcomes = read_outcome_file(outcome_file)
+ print("\n*** Analyze coverage ***\n")
results = analyze_outcomes(outcomes)
return results.error_count == 0
@@ -131,6 +132,8 @@
ignored_tests = ['test_suite_' + x for x in args['ignored_suites']]
outcomes = read_outcome_file(outcome_file)
+ print("\n*** Analyze driver {} vs reference {} ***\n".format(
+ args['component_driver'], args['component_ref']))
return analyze_driver_vs_reference(outcomes, args['component_ref'],
args['component_driver'], ignored_tests)
@@ -138,15 +141,38 @@
TASKS = {
'analyze_coverage': {
'test_function': do_analyze_coverage,
- 'args': {}},
+ 'args': {}
+ },
+ # How to use analyze_driver_vs_reference_xxx locally:
+ # 1. tests/scripts/all.sh --outcome-file "$PWD/out.csv" <component_ref> <component_driver>
+ # 2. tests/scripts/analyze_outcomes.py out.csv analyze_driver_vs_reference_xxx
'analyze_driver_vs_reference_hash': {
'test_function': do_analyze_driver_vs_reference,
'args': {
'component_ref': 'test_psa_crypto_config_reference_hash_use_psa',
'component_driver': 'test_psa_crypto_config_accel_hash_use_psa',
- 'ignored_suites': ['shax', 'mdx', # the software implementations that are being excluded
- 'md', # the legacy abstraction layer that's being excluded
- ]}}
+ 'ignored_suites': [
+ 'shax', 'mdx', # the software implementations that are being excluded
+ 'md', # the legacy abstraction layer that's being excluded
+ ]}},
+ 'analyze_driver_vs_reference_ecdsa': {
+ 'test_function': do_analyze_driver_vs_reference,
+ 'args': {
+ 'component_ref': 'test_psa_crypto_config_reference_ecdsa_use_psa',
+ 'component_driver': 'test_psa_crypto_config_accel_ecdsa_use_psa',
+ 'ignored_suites': [
+ 'ecdsa', # the software implementation that's excluded
+ # the following lines should not be needed,
+ # they will be removed by upcoming work
+ 'psa_crypto_se_driver_hal', # #6856
+ 'random', # #6856
+ 'ecp', # #6856
+ 'pk', # #6857
+ 'x509parse', # #6858
+ 'x509write', # #6858
+ 'debug', # #6860
+ 'ssl', # #6860
+ ]}},
}
def main():
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index d4fe4fd..52ca412 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -419,11 +419,8 @@
exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)' \
'|MBEDTLS_SHA224_' \
'|MBEDTLS_SHA384_'),
- # Key exchange types. Only build the library and the sample
- # programs.
- 'kex': ExclusiveDomain(key_exchange_symbols,
- [build_command + ['lib'],
- build_command + ['-C', 'programs']]),
+ # Key exchange types.
+ 'kex': ExclusiveDomain(key_exchange_symbols, build_and_test),
'pkalgs': ComplementaryDomain(['MBEDTLS_ECDSA_C',
'MBEDTLS_ECP_C',
'MBEDTLS_PKCS1_V21',
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 3059e7f..1848c17 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -114,58 +114,59 @@
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO:1
Test moving clients handshake to state: SERVER_CERTIFICATE
+depends_on:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CERTIFICATE:1
Test moving clients handshake to state: SERVER_KEY_EXCHANGE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1
Test moving clients handshake to state: CERTIFICATE_REQUEST
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_REQUEST:1
Test moving clients handshake to state: SERVER_HELLO_DONE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_DONE:1
Test moving clients handshake to state: CLIENT_CERTIFICATE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE:1
Test moving clients handshake to state: CLIENT_KEY_EXCHANGE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1
Test moving clients handshake to state: CERTIFICATE_VERIFY
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_VERIFY:1
Test moving clients handshake to state: CLIENT_CHANGE_CIPHER_SPEC
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1
Test moving clients handshake to state: CLIENT_FINISHED
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_FINISHED:1
Test moving clients handshake to state: SERVER_CHANGE_CIPHER_SPEC
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1
Test moving clients handshake to state: SERVER_FINISHED
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_FINISHED:1
Test moving clients handshake to state: FLUSH_BUFFERS
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_FLUSH_BUFFERS:1
Test moving clients handshake to state: HANDSHAKE_WRAPUP
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1
Test moving clients handshake to state: HANDSHAKE_OVER
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_OVER:1
Test moving servers handshake to state: HELLO_REQUEST
@@ -175,61 +176,63 @@
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_HELLO:1
Test moving servers handshake to state: SERVER_HELLO
+depends_on:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO:1
Test moving servers handshake to state: SERVER_CERTIFICATE
+depends_on:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CERTIFICATE:1
Test moving servers handshake to state: SERVER_KEY_EXCHANGE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1
Test moving servers handshake to state: CERTIFICATE_REQUEST
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:1
Test moving servers handshake to state: SERVER_HELLO_DONE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO_DONE:1
Test moving servers handshake to state: CLIENT_CERTIFICATE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE:1
Test moving servers handshake to state: CLIENT_KEY_EXCHANGE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1
Test moving servers handshake to state: CERTIFICATE_VERIFY
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_VERIFY:1
Test moving servers handshake to state: CLIENT_CHANGE_CIPHER_SPEC
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1
Test moving servers handshake to state: CLIENT_FINISHED
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_FINISHED:1
Test moving servers handshake to state: SERVER_CHANGE_CIPHER_SPEC
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1
Test moving servers handshake to state: SERVER_FINISHED
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_FINISHED:1
Test moving servers handshake to state: FLUSH_BUFFERS
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_FLUSH_BUFFERS:1
Test moving servers handshake to state: HANDSHAKE_WRAPUP
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1
Test moving servers handshake to state: HANDSHAKE_OVER
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_OVER:1
Negative test moving clients ssl to state: VERIFY_REQUEST_SENT
@@ -257,7 +260,7 @@
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:1
Handshake, tls1_2
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2
Handshake, tls1_3
@@ -289,7 +292,7 @@
handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0
DTLS Handshake, tls1_2
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
handshake_version:1:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2
DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
@@ -329,7 +332,7 @@
handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1
Handshake min/max version check, all -> 1.2
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_2
Handshake, select RSA-WITH-AES-256-CBC-SHA256, non-opaque
@@ -654,99 +657,99 @@
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS no legacy renegotiation with MFL=512, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS no legacy renegotiation with MFL=1024, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS no legacy renegotiation with MFL=2048, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS no legacy renegotiation with MFL=4096, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy allow renegotiation with MFL=512, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy allow renegotiation with MFL=1024, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy allow renegotiation with MFL=2048, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy allow renegotiation with MFL=4096, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy break handshake renegotiation with MFL=512, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy break handshake renegotiation with MFL=1024, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy break handshake renegotiation with MFL=2048, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy break handshake renegotiation with MFL=4096, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
DTLS no legacy renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS no legacy renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS no legacy renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS no legacy renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy allow renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy allow renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy allow renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy allow renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy break handshake renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy break handshake renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy break handshake renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy break handshake renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
SSL DTLS replay: initial state, seqnum 0
@@ -3509,11 +3512,11 @@
cid_sanity:
Raw key agreement: nominal
-depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
raw_key_agreement_fail:0
Raw key agreement: bad server key
-depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
raw_key_agreement_fail:1
Force a bad session id length
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 15ec5be..1d182e0 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -17,6 +17,11 @@
#include <constant_time_internal.h>
#include <test/constant_flow.h>
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+#define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
+#endif
enum {
#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
tls13_label_ ## name,
@@ -5018,7 +5023,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void handshake_version(int dtls, int client_min_version, int client_max_version,
int server_min_version, int server_max_version,
int expected_negotiated_version)
@@ -5129,7 +5134,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments)
@@ -5141,7 +5146,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments)
@@ -5153,7 +5158,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void handshake_serialization()
{
handshake_test_options options;
@@ -5169,7 +5174,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
void handshake_fragmentation(int mfl,
int expected_srv_hs_fragmentation,
int expected_cli_hs_fragmentation)
@@ -5208,7 +5213,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void renegotiation(int legacy_renegotiation)
{
handshake_test_options options;
@@ -5251,7 +5256,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void resize_buffers_serialize_mfl(int mfl)
{
test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
@@ -5262,7 +5267,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation,
char *cipher)
{