Merge pull request #6233 from tom-cosgrove-arm/issue-6226-core-mul
Bignum: extract core_mul from the prototype
diff --git a/ChangeLog.d/add-directoryname-san.txt b/ChangeLog.d/add-directoryname-san.txt
new file mode 100644
index 0000000..e116298
--- /dev/null
+++ b/ChangeLog.d/add-directoryname-san.txt
@@ -0,0 +1,3 @@
+Features
+ * Add parsing of directoryName subtype for subjectAltName extension in
+ x509 certificates.
diff --git a/ChangeLog.d/add-milliseconds-time-api.txt b/ChangeLog.d/add-milliseconds-time-api.txt
new file mode 100644
index 0000000..d9e939f
--- /dev/null
+++ b/ChangeLog.d/add-milliseconds-time-api.txt
@@ -0,0 +1,5 @@
+API changes
+ * Add new millisecond time type `mbedtls_ms_time_t` and `mbedtls_ms_time()`
+ function, needed for TLS 1.3 ticket lifetimes. Alternative implementations
+ can be created using an ALT interface.
+
diff --git a/ChangeLog.d/some-max-size-macro-are-too-small-when-psa-ecc-is-accelerated.txt b/ChangeLog.d/some-max-size-macro-are-too-small-when-psa-ecc-is-accelerated.txt
new file mode 100644
index 0000000..8cc6e5e
--- /dev/null
+++ b/ChangeLog.d/some-max-size-macro-are-too-small-when-psa-ecc-is-accelerated.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix proper sizing for PSA_EXPORT_[KEY_PAIR/PUBLIC_KEY]_MAX_SIZE and
+ PSA_SIGNATURE_MAX_SIZE buffers when at least one accelerated EC is bigger
+ than all built-in ones and RSA is disabled.
+ Resolves #6622.
diff --git a/docs/architecture/mbed-crypto-storage-specification.md b/docs/architecture/mbed-crypto-storage-specification.md
index 60203a0..d461394 100644
--- a/docs/architecture/mbed-crypto-storage-specification.md
+++ b/docs/architecture/mbed-crypto-storage-specification.md
@@ -354,7 +354,7 @@
* [Persistent keys](#key-file-format-for-mbed-tls-2.25.0) designated by a [key identifier and owner](#key-names-for-mbed-tls-2.25.0). Keys can be:
* Transparent, stored in the export format.
- * Opaque, using the unified driver interface with statically registered drivers (`MBEDTLS_PSA_CRYPTO_DRIVERS`). The driver determines the content of the opaque key blob.
+ * Opaque, using the PSA driver interface with statically registered drivers. The driver determines the content of the opaque key blob.
* Opaque, using the deprecated secure element interface with dynamically registered drivers (`MBEDTLS_PSA_CRYPTO_SE_C`). The driver picks a slot number which is stored in the place of the key material.
* [Nonvolatile random seed](#nonvolatile-random-seed-file-format-for-mbed-tls-2.25.0) on ITS only.
diff --git a/docs/architecture/psa-migration/psa-limitations.md b/docs/architecture/psa-migration/psa-limitations.md
index b81aeb4..29d7c53 100644
--- a/docs/architecture/psa-migration/psa-limitations.md
+++ b/docs/architecture/psa-migration/psa-limitations.md
@@ -15,7 +15,7 @@
----------------------------------------------
Support for interruptible ECDSA sign/verify was added to PSA in Mbed TLS 3.4.
-However support for interruptible ECDH is not present yet. Also, PK, X.509 and
+However, support for interruptible ECDH is not present yet. Also, PK, X.509 and
TLS have not yet been adapted to take advantage of the new PSA APIs. See:
- <https://github.com/Mbed-TLS/mbedtls/issues/7292>;
- <https://github.com/Mbed-TLS/mbedtls/issues/7293>;
diff --git a/docs/proposed/psa-driver-developer-guide.md b/docs/proposed/psa-driver-developer-guide.md
index b39f559..d004483 100644
--- a/docs/proposed/psa-driver-developer-guide.md
+++ b/docs/proposed/psa-driver-developer-guide.md
@@ -7,7 +7,7 @@
This document focuses on behavior that is specific to Mbed TLS. For a reference of the interface between Mbed TLS and drivers, refer to the [PSA Cryptoprocessor Driver Interface specification](psa-driver-interface.html).
-The interface is not fully implemented in Mbed TLS yet and is disabled by default. You can enable the experimental work in progress by setting `MBEDTLS_PSA_CRYPTO_DRIVERS` in the compile-time configuration. Please note that the interface may still change: until further notice, we do not guarantee backward compatibility with existing driver code when `MBEDTLS_PSA_CRYPTO_DRIVERS` is enabled.
+The interface is not fully implemented in Mbed TLS yet. Please note that the interface may still change: until further notice, we do not guarantee backward compatibility with existing driver code.
## Introduction
diff --git a/docs/proposed/psa-driver-integration-guide.md b/docs/proposed/psa-driver-integration-guide.md
index bfd765e..3d12ec6 100644
--- a/docs/proposed/psa-driver-integration-guide.md
+++ b/docs/proposed/psa-driver-integration-guide.md
@@ -5,7 +5,7 @@
This document describes how to build Mbed TLS with additional cryptoprocessor drivers that follow the PSA cryptoprocessor driver interface.
-The interface is not fully implemented in Mbed TLS yet and is disabled by default. You can enable the experimental work in progress by setting `MBEDTLS_PSA_CRYPTO_DRIVERS` in the compile-time configuration. Please note that the interface may still change: until further notice, we do not guarantee backward compatibility with existing driver code when `MBEDTLS_PSA_CRYPTO_DRIVERS` is enabled.
+The interface is not fully implemented in Mbed TLS yet. Please note that the interface may still change: until further notice, we do not guarantee backward compatibility with existing driver code.
## Introduction
@@ -19,21 +19,14 @@
To build Mbed TLS with drivers:
-1. Activate `MBEDTLS_PSA_CRYPTO_DRIVERS` in the library configuration.
-
- ```
- cd /path/to/mbedtls
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
- ```
-
-2. Pass the driver description files through the Make variable `PSA_DRIVERS` when building the library.
+1. Pass the driver description files through the Make variable `PSA_DRIVERS` when building the library.
```
cd /path/to/mbedtls
make PSA_DRIVERS="/path/to/acme/driver.json /path/to/nadir/driver.json" lib
```
-3. Link your application with the implementation of the driver functions.
+2. Link your application with the implementation of the driver functions.
```
cd /path/to/application
diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md
index 4d72f99..9d783d5 100644
--- a/docs/use-psa-crypto.md
+++ b/docs/use-psa-crypto.md
@@ -15,6 +15,13 @@
`psa_crypto_init()` before calling any function from the SSL/TLS, X.509 or PK
module.
+**Why enable this option:** to fully take advantage of PSA drivers in PK,
+X.509 and TLS. For example, enabling this option is what allows use of drivers
+for ECDSA, ECDH and EC J-PAKE in those modules. However, note that even with
+this option disabled, some code in PK, X.509, TLS or the crypto library might
+still use PSA drivers, if it can determine it's safe to do so; currently
+that's the case for hashes.
+
**Relationship with other options:** This option depends on
`MBEDTLS_PSA_CRYPTO_C`. These two options differ in the following way:
- `MBEDTLS_PSA_CRYPTO_C` enables the implementation of the PSA Crypto API.
@@ -22,7 +29,7 @@
`psa_crypto_init()` before you call any other `psa_xxx()` function. Other
modules in the library (non-PSA crypto APIs, X.509, TLS) may or may not use
PSA Crypto but you're not required to call `psa_crypto_init()` before calling
-non-PSA functions, unless when explicitly documented (TLS 1.3).
+non-PSA functions, unless explicitly documented (TLS 1.3).
- `MBEDTLS_USE_PSA_CRYPTO` means that X.509 and TLS will use PSA Crypto as
much as possible (that is, everywhere except for features that are not
supported by PSA Crypto, see "Internal Changes" below for a complete list of
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 8ffa51a..12a8544 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -1,5 +1,5 @@
/**
- * \file build_info.h
+ * \file mbedtls/build_info.h
*
* \brief Build-time configuration info
*
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 5eadc0c..8e1accd 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -315,6 +315,17 @@
#endif
#endif /* MBEDTLS_USE_PSA_CRYPTO */
+/* Helper for curve SECP256R1 */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(PSA_WANT_ECC_SECP_R1_256)
+#define MBEDTLS_PK_HAVE_CURVE_SECP256R1
+#endif
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#define MBEDTLS_PK_HAVE_CURVE_SECP256R1
+#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
( !defined(MBEDTLS_PK_HAVE_ECDH) || \
!defined(MBEDTLS_PK_HAVE_ECDSA) || \
@@ -369,8 +380,8 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
- ( !defined(MBEDTLS_PK_HAVE_JPAKE) || \
- !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
+ ( !defined(MBEDTLS_PK_HAVE_JPAKE) || \
+ !defined(MBEDTLS_PK_HAVE_CURVE_SECP256R1) )
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
#endif
@@ -495,6 +506,16 @@
#error "MBEDTLS_PLATFORM_TIME_MACRO defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO) &&\
+ ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_HAVE_TIME) )
+#error "MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_MS_TIME_ALT) && \
+ ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_HAVE_TIME) )
+#error "MBEDTLS_PLATFORM_MS_TIME_ALT defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
( !defined(MBEDTLS_PLATFORM_C) ||\
!defined(MBEDTLS_HAVE_TIME) )
@@ -798,14 +819,14 @@
#endif
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
-#if !( defined(MBEDTLS_PK_HAVE_ECDH) && defined(MBEDTLS_X509_CRT_PARSE_C) && \
+#if !( defined(PSA_WANT_ALG_ECDH) && defined(MBEDTLS_X509_CRT_PARSE_C) && \
( defined(MBEDTLS_PK_HAVE_ECDSA) || defined(MBEDTLS_PKCS1_V21) ) )
#error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites"
#endif
#endif
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
-#if !( defined(MBEDTLS_PK_HAVE_ECDH) )
+#if !( defined(PSA_WANT_ALG_ECDH) )
#error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED defined, but not all prerequisites"
#endif
#endif
@@ -1119,6 +1140,7 @@
#undef MBEDTLS_MD_HAVE_SHA256
#undef MBEDTLS_MD_HAVE_SHA384
#undef MBEDTLS_MD_HAVE_SHA512
+#undef MBEDTLS_PK_HAVE_CURVE_SECP256R1
/*
* Avoid warning from -pedantic. This is a convenient place for this
diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index 2b0d00e..74f5d55 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -131,6 +131,10 @@
#endif \
/* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
+#if !defined(MBEDTLS_PRINTF_MS_TIME)
+#define MBEDTLS_PRINTF_MS_TIME PRId64
+#endif /* MBEDTLS_PRINTF_MS_TIME */
+
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index ef3cf24..89d5659 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -238,6 +238,7 @@
//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
//#define MBEDTLS_PLATFORM_NV_SEED_ALT
//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
+//#define MBEDTLS_PLATFORM_MS_TIME_ALT
/**
* \def MBEDTLS_DEPRECATED_WARNING
@@ -801,7 +802,7 @@
*
* Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
*
- * Requires: MBEDTLS_ECDH_C
+ * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@@ -899,7 +900,9 @@
*
* Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
*
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
+ * MBEDTLS_RSA_C
+ * MBEDTLS_PKCS1_V15
* MBEDTLS_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
@@ -922,7 +925,9 @@
*
* Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
*
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
+ * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
+ * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA)
+ * MBEDTLS_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@@ -944,7 +949,9 @@
*
* Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
*
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C
+ * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
+ * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA)
+ * MBEDTLS_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@@ -966,7 +973,9 @@
*
* Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
*
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_X509_CRT_PARSE_C
+ * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
+ * MBEDTLS_RSA_C
+ * MBEDTLS_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@@ -992,7 +1001,7 @@
* Thread v1.0.0 specification; incompatible changes to the specification
* might still happen. For this reason, this is disabled by default.
*
- * Requires: MBEDTLS_ECJPAKE_C
+ * Requires: MBEDTLS_ECJPAKE_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_JPAKE)
* SHA-256 (via MBEDTLS_SHA256_C or a PSA driver)
* MBEDTLS_ECP_DP_SECP256R1_ENABLED
*
@@ -1221,18 +1230,6 @@
*/
//#define MBEDTLS_PSA_CRYPTO_CLIENT
-/** \def MBEDTLS_PSA_CRYPTO_DRIVERS
- *
- * Enable support for the experimental PSA crypto driver interface.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C
- *
- * \warning This interface is experimental. We intend to maintain backward
- * compatibility with application code that relies on drivers,
- * but the driver interfaces may change without notice.
- */
-//#define MBEDTLS_PSA_CRYPTO_DRIVERS
-
/** \def MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
*
* Make the PSA Crypto module use an external random generator provided
@@ -1645,8 +1642,11 @@
*
* Enable TLS 1.3 ephemeral key exchange mode.
*
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C, MBEDTLS_ECDSA_C or
- * MBEDTLS_PKCS1_V21
+ * Requires: PSA_WANT_ALG_ECDH
+ * MBEDTLS_X509_CRT_PARSE_C
+ * and at least one of:
+ * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA)
+ * MBEDTLS_PKCS1_V21
*
* Comment to disable support for the ephemeral key exchange mode in TLS 1.3.
* If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
@@ -1660,7 +1660,7 @@
*
* Enable TLS 1.3 PSK ephemeral key exchange mode.
*
- * Requires: MBEDTLS_ECDH_C
+ * Requires: PSA_WANT_ALG_ECDH
*
* Comment to disable support for the PSK ephemeral key exchange mode in
* TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not
@@ -1933,9 +1933,12 @@
* \warning If you enable this option, you need to call `psa_crypto_init()`
* before calling any function from the SSL/TLS, X.509 or PK modules.
*
- * \note Even with this option disabled, some code in PK, X.509, TLS or the
- * crypto library might still use PSA drivers, if it can determine it's safe
- * to do so.
+ * \note An important and desirable effect of this option is that it allows
+ * PK, X.509 and TLS to take advantage of PSA drivers. For example, enabling
+ * this option is what allows use of drivers for ECDSA, ECDH and EC J-PAKE in
+ * those modules. However, note that even with this option disabled, some code
+ * in PK, X.509, TLS or the crypto library might still use PSA drivers, if it
+ * can determine it's safe to do so; currently that's the case for hashes.
*
* \note See docs/use-psa-crypto.md for a complete description this option.
*
@@ -2967,8 +2970,8 @@
* Enable dynamic secure element support in the Platform Security Architecture
* cryptography API.
*
- * \deprecated This feature is deprecated. Please switch to the driver
- * interface enabled by #MBEDTLS_PSA_CRYPTO_DRIVERS.
+ * \deprecated This feature is deprecated. Please switch to the PSA driver
+ * interface.
*
* Module: library/psa_crypto_se.c
*
@@ -3661,6 +3664,8 @@
//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO int64_t //#define MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO int64_t /**< Default milliseconds time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled. It must be signed, and at least 64 bits. If it is changed from the default, MBEDTLS_PRINTF_MS_TIME must be updated to match.*/
+//#define MBEDTLS_PRINTF_MS_TIME PRId64 /**< Default fmt for printf. That's avoid compiler warning if mbedtls_ms_time_t is redefined */
/** \def MBEDTLS_CHECK_RETURN
*
diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h
index eae6f5f..c7973d9 100644
--- a/include/mbedtls/platform_time.h
+++ b/include/mbedtls/platform_time.h
@@ -39,6 +39,29 @@
typedef time_t mbedtls_time_t;
#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
+#if defined(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO)
+typedef MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO mbedtls_ms_time_t;
+#else
+#include <stdint.h>
+#include <inttypes.h>
+typedef int64_t mbedtls_ms_time_t;
+#endif /* MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO */
+
+/**
+ * \brief Get time in milliseconds.
+ *
+ * \return Monotonically-increasing current time in milliseconds.
+ *
+ * \note Define MBEDTLS_PLATFORM_MS_TIME_ALT to be able to provide an
+ * alternative implementation
+ *
+ * \warning This function returns a monotonically-increasing time value from a
+ * start time that will differ from platform to platform, and possibly
+ * from run to run of the process.
+ *
+ */
+mbedtls_ms_time_t mbedtls_ms_time(void);
+
/*
* The function pointers for time
*/
diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h
index 2d4a19c..830dcee 100644
--- a/include/mbedtls/timing.h
+++ b/include/mbedtls/timing.h
@@ -39,7 +39,7 @@
* \brief timer structure
*/
struct mbedtls_timing_hr_time {
- unsigned char MBEDTLS_PRIVATE(opaque)[32];
+ uint64_t MBEDTLS_PRIVATE(opaque)[4];
};
/**
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index bd1947e..8dfd1f3 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -294,7 +294,8 @@
int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
union {
mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
- mbedtls_x509_buf unstructured_name; /**< The buffer for the unconstructed types. Only rfc822Name, dnsName and uniformResourceIdentifier are currently supported */
+ mbedtls_x509_name directory_name;
+ mbedtls_x509_buf unstructured_name; /**< The buffer for the unstructured types. rfc822Name, dnsName and uniformResourceIdentifier are currently supported. */
}
san; /**< A union of the supported SAN types */
}
@@ -378,7 +379,10 @@
/**
* \brief This function parses an item in the SubjectAlternativeNames
- * extension.
+ * extension. Please note that this function might allocate
+ * additional memory for a subject alternative name, thus
+ * mbedtls_x509_free_subject_alt_name has to be called
+ * to dispose of this additional memory afterwards.
*
* \param san_buf The buffer holding the raw data item of the subject
* alternative name.
@@ -406,6 +410,12 @@
*/
int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf,
mbedtls_x509_subject_alternative_name *san);
+/**
+ * \brief Unallocate all data related to subject alternative name
+ *
+ * \param san SAN structure - extra memory owned by this structure will be freed
+ */
+void mbedtls_x509_free_subject_alt_name(mbedtls_x509_subject_alternative_name *san);
/** \} addtogroup x509_module */
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index d739237..6c86a66 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -75,7 +75,7 @@
mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */
- mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName, uniformResourceIdentifier and OtherName are listed). */
+ mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName, uniformResourceIdentifier, DirectoryName and OtherName are listed). */
mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
diff --git a/include/psa/build_info.h b/include/psa/build_info.h
new file mode 100644
index 0000000..34a138d
--- /dev/null
+++ b/include/psa/build_info.h
@@ -0,0 +1,32 @@
+/**
+ * \file psa/build_info.h
+ *
+ * \brief Build-time PSA configuration info
+ *
+ * Include this file if you need to depend on the
+ * configuration options defined in mbedtls_config.h or MBEDTLS_CONFIG_FILE
+ * in PSA cryptography core specific files.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_BUILD_INFO_H
+#define PSA_CRYPTO_BUILD_INFO_H
+
+#include "mbedtls/build_info.h"
+
+#endif /* PSA_CRYPTO_BUILD_INFO_H */
diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h
index 932c503..c280360 100644
--- a/include/psa/crypto_builtin_composites.h
+++ b/include/psa/crypto_builtin_composites.h
@@ -7,10 +7,10 @@
* \note This file may not be included directly. Applications must
* include psa/crypto.h.
*
- * \note This header and its content is not part of the Mbed TLS API and
+ * \note This header and its content are not part of the Mbed TLS API and
* applications must not depend on it. Its main purpose is to define the
* multi-part state objects of the Mbed TLS software-based PSA drivers. The
- * definition of these objects are then used by crypto_struct.h to define the
+ * definitions of these objects are then used by crypto_struct.h to define the
* implementation-defined types of PSA multi-part state objects.
*/
/*
@@ -36,6 +36,11 @@
#include <psa/crypto_driver_common.h>
+#include "mbedtls/cmac.h"
+#include "mbedtls/gcm.h"
+#include "mbedtls/ccm.h"
+#include "mbedtls/chachapoly.h"
+
/*
* MAC multi-part operation definitions.
*/
@@ -57,8 +62,6 @@
#define MBEDTLS_PSA_HMAC_OPERATION_INIT { 0, PSA_HASH_OPERATION_INIT, { 0 } }
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
-#include "mbedtls/cmac.h"
-
typedef struct {
psa_algorithm_t MBEDTLS_PRIVATE(alg);
union {
diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h
new file mode 100644
index 0000000..1913a9b
--- /dev/null
+++ b/include/psa/crypto_builtin_key_derivation.h
@@ -0,0 +1,109 @@
+/*
+ * Context structure declaration of the Mbed TLS software-based PSA drivers
+ * called through the PSA Crypto driver dispatch layer.
+ * This file contains the context structures of key derivation algorithms
+ * which need to rely on other algorithms.
+ *
+ * \note This file may not be included directly. Applications must
+ * include psa/crypto.h.
+ *
+ * \note This header and its content are not part of the Mbed TLS API and
+ * applications must not depend on it. Its main purpose is to define the
+ * multi-part state objects of the Mbed TLS software-based PSA drivers. The
+ * definitions of these objects are then used by crypto_struct.h to define the
+ * implementation-defined types of PSA multi-part state objects.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H
+#define PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H
+#include "mbedtls/private_access.h"
+
+#include <psa/crypto_driver_common.h>
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
+typedef struct {
+ uint8_t *MBEDTLS_PRIVATE(info);
+ size_t MBEDTLS_PRIVATE(info_length);
+#if PSA_HASH_MAX_SIZE > 0xff
+#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
+#endif
+ uint8_t MBEDTLS_PRIVATE(offset_in_block);
+ uint8_t MBEDTLS_PRIVATE(block_number);
+ unsigned int MBEDTLS_PRIVATE(state) : 2;
+ unsigned int MBEDTLS_PRIVATE(info_set) : 1;
+ uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE];
+ uint8_t MBEDTLS_PRIVATE(prk)[PSA_HASH_MAX_SIZE];
+ struct psa_mac_operation_s MBEDTLS_PRIVATE(hmac);
+} psa_hkdf_key_derivation_t;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF ||
+ MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT ||
+ MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
+typedef struct {
+ uint8_t MBEDTLS_PRIVATE(data)[PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE];
+} psa_tls12_ecjpake_to_pms_t;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
+typedef enum {
+ PSA_TLS12_PRF_STATE_INIT, /* no input provided */
+ PSA_TLS12_PRF_STATE_SEED_SET, /* seed has been set */
+ PSA_TLS12_PRF_STATE_OTHER_KEY_SET, /* other key has been set - optional */
+ PSA_TLS12_PRF_STATE_KEY_SET, /* key has been set */
+ PSA_TLS12_PRF_STATE_LABEL_SET, /* label has been set */
+ PSA_TLS12_PRF_STATE_OUTPUT /* output has been started */
+} psa_tls12_prf_key_derivation_state_t;
+
+typedef struct psa_tls12_prf_key_derivation_s {
+#if PSA_HASH_MAX_SIZE > 0xff
+#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
+#endif
+
+ /* Indicates how many bytes in the current HMAC block have
+ * not yet been read by the user. */
+ uint8_t MBEDTLS_PRIVATE(left_in_block);
+
+ /* The 1-based number of the block. */
+ uint8_t MBEDTLS_PRIVATE(block_number);
+
+ psa_tls12_prf_key_derivation_state_t MBEDTLS_PRIVATE(state);
+
+ uint8_t *MBEDTLS_PRIVATE(secret);
+ size_t MBEDTLS_PRIVATE(secret_length);
+ uint8_t *MBEDTLS_PRIVATE(seed);
+ size_t MBEDTLS_PRIVATE(seed_length);
+ uint8_t *MBEDTLS_PRIVATE(label);
+ size_t MBEDTLS_PRIVATE(label_length);
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
+ uint8_t *MBEDTLS_PRIVATE(other_secret);
+ size_t MBEDTLS_PRIVATE(other_secret_length);
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
+
+ uint8_t MBEDTLS_PRIVATE(Ai)[PSA_HASH_MAX_SIZE];
+
+ /* `HMAC_hash( prk, A( i ) + seed )` in the notation of RFC 5246, Sect. 5. */
+ uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE];
+} psa_tls12_prf_key_derivation_t;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
+ * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
+
+#endif /* PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H */
diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h
index c76bc78..f3e438d 100644
--- a/include/psa/crypto_builtin_primitives.h
+++ b/include/psa/crypto_builtin_primitives.h
@@ -7,10 +7,10 @@
* \note This file may not be included directly. Applications must
* include psa/crypto.h.
*
- * \note This header and its content is not part of the Mbed TLS API and
+ * \note This header and its content are not part of the Mbed TLS API and
* applications must not depend on it. Its main purpose is to define the
* multi-part state objects of the Mbed TLS software-based PSA drivers. The
- * definition of these objects are then used by crypto_struct.h to define the
+ * definitions of these objects are then used by crypto_struct.h to define the
* implementation-defined types of PSA multi-part state objects.
*/
/*
diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h
index 6c56a51..068a193 100644
--- a/include/psa/crypto_driver_contexts_composites.h
+++ b/include/psa/crypto_driver_contexts_composites.h
@@ -9,10 +9,10 @@
* \note This file may not be included directly. Applications must
* include psa/crypto.h.
*
- * \note This header and its content is not part of the Mbed TLS API and
+ * \note This header and its content are not part of the Mbed TLS API and
* applications must not depend on it. Its main purpose is to define the
* multi-part state objects of the PSA drivers included in the cryptographic
- * library. The definition of these objects are then used by crypto_struct.h
+ * library. The definitions of these objects are then used by crypto_struct.h
* to define the implementation-defined types of PSA multi-part state objects.
*/
/* Copyright The Mbed TLS Contributors
diff --git a/include/psa/crypto_driver_contexts_key_derivation.h b/include/psa/crypto_driver_contexts_key_derivation.h
new file mode 100644
index 0000000..39754cc
--- /dev/null
+++ b/include/psa/crypto_driver_contexts_key_derivation.h
@@ -0,0 +1,61 @@
+/*
+ * Declaration of context structures for use with the PSA driver wrapper
+ * interface. This file contains the context structures for key derivation
+ * operations.
+ *
+ * Warning: This file will be auto-generated in the future.
+ *
+ * \note This file may not be included directly. Applications must
+ * include psa/crypto.h.
+ *
+ * \note This header and its content are not part of the Mbed TLS API and
+ * applications must not depend on it. Its main purpose is to define the
+ * multi-part state objects of the PSA drivers included in the cryptographic
+ * library. The definitions of these objects are then used by crypto_struct.h
+ * to define the implementation-defined types of PSA multi-part state objects.
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_DRIVER_CONTEXTS_KEY_DERIVATION_H
+#define PSA_CRYPTO_DRIVER_CONTEXTS_KEY_DERIVATION_H
+
+#include "psa/crypto_driver_common.h"
+
+/* Include the context structure definitions for the Mbed TLS software drivers */
+#include "psa/crypto_builtin_key_derivation.h"
+
+/* Include the context structure definitions for those drivers that were
+ * declared during the autogeneration process. */
+
+typedef union {
+ unsigned dummy; /* Make sure this union is always non-empty */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
+ psa_hkdf_key_derivation_t MBEDTLS_PRIVATE(hkdf);
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
+ psa_tls12_prf_key_derivation_t MBEDTLS_PRIVATE(tls12_prf);
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
+ psa_tls12_ecjpake_to_pms_t MBEDTLS_PRIVATE(tls12_ecjpake_to_pms);
+#endif
+} psa_driver_key_derivation_context_t;
+
+#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_KEY_DERIVATION_H */
+/* End of automatically generated file. */
diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h
index 620a4b3..7f81f62 100644
--- a/include/psa/crypto_driver_contexts_primitives.h
+++ b/include/psa/crypto_driver_contexts_primitives.h
@@ -8,10 +8,10 @@
* \note This file may not be included directly. Applications must
* include psa/crypto.h.
*
- * \note This header and its content is not part of the Mbed TLS API and
+ * \note This header and its content are not part of the Mbed TLS API and
* applications must not depend on it. Its main purpose is to define the
* multi-part state objects of the PSA drivers included in the cryptographic
- * library. The definition of these objects are then used by crypto_struct.h
+ * library. The definitions of these objects are then used by crypto_struct.h
* to define the implementation-defined types of PSA multi-part state objects.
*/
/* Copyright The Mbed TLS Contributors
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index 4920508..7ff90eb 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -29,8 +29,6 @@
#define PSA_CRYPTO_EXTRA_H
#include "mbedtls/private_access.h"
-#include "mbedtls/platform_util.h"
-
#include "crypto_types.h"
#include "crypto_compat.h"
diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h
index e8d241b..ee41c89 100644
--- a/include/psa/crypto_platform.h
+++ b/include/psa/crypto_platform.h
@@ -34,13 +34,14 @@
#define PSA_CRYPTO_PLATFORM_H
#include "mbedtls/private_access.h"
-/* Include the Mbed TLS configuration file, the way Mbed TLS does it
- * in each of its header files. */
-#include "mbedtls/build_info.h"
-
-/* Translate between classic MBEDTLS_xxx feature symbols and PSA_xxx
- * feature symbols. */
-#include "mbedtls/config_psa.h"
+/*
+ * Include the build-time configuration information file. Here, we do not
+ * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
+ * is basically just an alias to it. This is to ease the maintenance of the
+ * PSA cryptography repository which has a different build system and
+ * configuration.
+ */
+#include "psa/build_info.h"
/* PSA requires several types which C99 provides in stdint.h. */
#include <stdint.h>
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 3d6bb2c..37f7205 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -40,9 +40,14 @@
#ifndef PSA_CRYPTO_SIZES_H
#define PSA_CRYPTO_SIZES_H
-/* Include the Mbed TLS configuration file, the way Mbed TLS does it
- * in each of its header files. */
-#include "mbedtls/build_info.h"
+/*
+ * Include the build-time configuration information file. Here, we do not
+ * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
+ * is basically just an alias to it. This is to ease the maintenance of the
+ * PSA cryptography repository which has a different build system and
+ * configuration.
+ */
+#include "psa/build_info.h"
#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
@@ -192,31 +197,31 @@
/* The maximum size of an ECC key on this implementation, in bits.
* This is a vendor-specific macro. */
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+#if defined(PSA_WANT_ECC_SECP_R1_521)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
-#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
-#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+#elif defined(PSA_WANT_ECC_MONTGOMERY_448)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
-#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#elif defined(PSA_WANT_ECC_SECP_R1_384)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
-#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
-#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#elif defined(PSA_WANT_ECC_SECP_R1_256)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
-#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+#elif defined(PSA_WANT_ECC_SECP_K1_256)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
-#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
-#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+#elif defined(PSA_WANT_ECC_MONTGOMERY_255)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
-#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+#elif defined(PSA_WANT_ECC_SECP_R1_224)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
-#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+#elif defined(PSA_WANT_ECC_SECP_K1_224)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
-#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+#elif defined(PSA_WANT_ECC_SECP_R1_192)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
-#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+#elif defined(PSA_WANT_ECC_SECP_K1_192)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
#else
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 934bc17..125a73d 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -70,11 +70,6 @@
* in each of its header files. */
#include "mbedtls/build_info.h"
-#include "mbedtls/cmac.h"
-#include "mbedtls/gcm.h"
-#include "mbedtls/ccm.h"
-#include "mbedtls/chachapoly.h"
-
/* Include the context definition for the compiled-in drivers for the primitive
* algorithms. */
#include "psa/crypto_driver_contexts_primitives.h"
@@ -177,96 +172,15 @@
return v;
}
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
-typedef struct {
- uint8_t *MBEDTLS_PRIVATE(info);
- size_t MBEDTLS_PRIVATE(info_length);
-#if PSA_HASH_MAX_SIZE > 0xff
-#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
-#endif
- uint8_t MBEDTLS_PRIVATE(offset_in_block);
- uint8_t MBEDTLS_PRIVATE(block_number);
- unsigned int MBEDTLS_PRIVATE(state) : 2;
- unsigned int MBEDTLS_PRIVATE(info_set) : 1;
- uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE];
- uint8_t MBEDTLS_PRIVATE(prk)[PSA_HASH_MAX_SIZE];
- struct psa_mac_operation_s MBEDTLS_PRIVATE(hmac);
-} psa_hkdf_key_derivation_t;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF ||
- MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT ||
- MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
-typedef struct {
- uint8_t MBEDTLS_PRIVATE(data)[PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE];
-} psa_tls12_ecjpake_to_pms_t;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-typedef enum {
- PSA_TLS12_PRF_STATE_INIT, /* no input provided */
- PSA_TLS12_PRF_STATE_SEED_SET, /* seed has been set */
- PSA_TLS12_PRF_STATE_OTHER_KEY_SET, /* other key has been set - optional */
- PSA_TLS12_PRF_STATE_KEY_SET, /* key has been set */
- PSA_TLS12_PRF_STATE_LABEL_SET, /* label has been set */
- PSA_TLS12_PRF_STATE_OUTPUT /* output has been started */
-} psa_tls12_prf_key_derivation_state_t;
-
-typedef struct psa_tls12_prf_key_derivation_s {
-#if PSA_HASH_MAX_SIZE > 0xff
-#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
-#endif
-
- /* Indicates how many bytes in the current HMAC block have
- * not yet been read by the user. */
- uint8_t MBEDTLS_PRIVATE(left_in_block);
-
- /* The 1-based number of the block. */
- uint8_t MBEDTLS_PRIVATE(block_number);
-
- psa_tls12_prf_key_derivation_state_t MBEDTLS_PRIVATE(state);
-
- uint8_t *MBEDTLS_PRIVATE(secret);
- size_t MBEDTLS_PRIVATE(secret_length);
- uint8_t *MBEDTLS_PRIVATE(seed);
- size_t MBEDTLS_PRIVATE(seed_length);
- uint8_t *MBEDTLS_PRIVATE(label);
- size_t MBEDTLS_PRIVATE(label_length);
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
- uint8_t *MBEDTLS_PRIVATE(other_secret);
- size_t MBEDTLS_PRIVATE(other_secret_length);
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
-
- uint8_t MBEDTLS_PRIVATE(Ai)[PSA_HASH_MAX_SIZE];
-
- /* `HMAC_hash( prk, A( i ) + seed )` in the notation of RFC 5246, Sect. 5. */
- uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE];
-} psa_tls12_prf_key_derivation_t;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
- * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
+/* Include the context definition for the compiled-in drivers for the key
+ * derivation algorithms. */
+#include "psa/crypto_driver_contexts_key_derivation.h"
struct psa_key_derivation_s {
psa_algorithm_t MBEDTLS_PRIVATE(alg);
unsigned int MBEDTLS_PRIVATE(can_output_key) : 1;
size_t MBEDTLS_PRIVATE(capacity);
- union {
- /* Make the union non-empty even with no supported algorithms. */
- uint8_t MBEDTLS_PRIVATE(dummy);
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
- psa_hkdf_key_derivation_t MBEDTLS_PRIVATE(hkdf);
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
- psa_tls12_prf_key_derivation_t MBEDTLS_PRIVATE(tls12_prf);
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
- psa_tls12_ecjpake_to_pms_t MBEDTLS_PRIVATE(tls12_ecjpake_to_pms);
-#endif
- } MBEDTLS_PRIVATE(ctx);
+ psa_driver_key_derivation_context_t MBEDTLS_PRIVATE(ctx);
};
/* This only zeroes out the first byte in the union, the rest is unspecified. */
diff --git a/library/alignment.h b/library/alignment.h
index a518a8a..4182348 100644
--- a/library/alignment.h
+++ b/library/alignment.h
@@ -27,8 +27,6 @@
#include <string.h>
#include <stdlib.h>
-#include "mbedtls/build_info.h"
-
/*
* Define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS for architectures where unaligned memory
* accesses are known to be efficient.
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 6ee3d6c..c23ff2c 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -5299,39 +5299,6 @@
MBEDTLS_ECP_DP_SECP256R1_ENABLED ||
MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_ECP_C)
-MBEDTLS_STATIC_TESTABLE
-void mbedtls_ecp_fix_negative(mbedtls_mpi *N, signed char c, size_t bits)
-{
- size_t i;
-
- /* Set N := 2^bits - 1 - N. We know that 0 <= N < 2^bits, so
- * set the absolute value to 0xfff...fff - N. There is no carry
- * since we're subtracting from all-bits-one. */
- for (i = 0; i <= bits / 8 / sizeof(mbedtls_mpi_uint); i++) {
- N->p[i] = ~(mbedtls_mpi_uint) 0 - N->p[i];
- }
- /* Add 1, taking care of the carry. */
- i = 0;
- do {
- ++N->p[i];
- } while (N->p[i++] == 0 && i <= bits / 8 / sizeof(mbedtls_mpi_uint));
- /* Invert the sign.
- * Now N = N0 - 2^bits where N0 is the initial value of N. */
- N->s = -1;
-
- /* Add |c| * 2^bits to the absolute value. Since c and N are
- * negative, this adds c * 2^bits. */
- mbedtls_mpi_uint msw = (mbedtls_mpi_uint) -c;
-#if defined(MBEDTLS_HAVE_INT64)
- if (bits == 224) {
- msw <<= 32;
- }
-#endif
- N->p[bits / 8 / sizeof(mbedtls_mpi_uint)] += msw;
-}
-#endif /* MBEDTLS_TEST_HOOKS & MBEDTLS_ECP_C */
-
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
/* Size of p521 in terms of mbedtls_mpi_uint */
#define P521_WIDTH (521 / 8 / sizeof(mbedtls_mpi_uint) + 1)
diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h
index 05522b6..8b8ac8a 100644
--- a/library/ecp_invasive.h
+++ b/library/ecp_invasive.h
@@ -33,19 +33,6 @@
#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_ECP_C)
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-/* Preconditions:
- * - bits is a multiple of 64 or is 224
- * - c is -1 or -2
- * - 0 <= N < 2^bits
- * - N has room for bits plus one limb
- *
- * Behavior:
- * Set N to c * 2^bits + old_value_of_N.
- */
-void mbedtls_ecp_fix_negative(mbedtls_mpi *N, signed char c, size_t bits);
-#endif
-
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
/** Generate a private key on a Montgomery curve (Curve25519 or Curve448).
*
diff --git a/library/platform_util.c b/library/platform_util.c
index f891cd4..e903f8e 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -219,3 +219,45 @@
extern inline uint64_t mbedtls_get_unaligned_uint64(const void *p);
extern inline void mbedtls_put_unaligned_uint64(void *p, uint64_t x);
+
+#if defined(MBEDTLS_HAVE_TIME) && !defined(MBEDTLS_PLATFORM_MS_TIME_ALT)
+
+#include <time.h>
+#if !defined(_WIN32) && \
+ (defined(unix) || defined(__unix) || defined(__unix__) || \
+ (defined(__APPLE__) && defined(__MACH__)))
+#include <unistd.h>
+#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */
+#if (defined(_POSIX_VERSION) && _POSIX_VERSION >= 199309L)
+mbedtls_ms_time_t mbedtls_ms_time(void)
+{
+ int ret;
+ struct timespec tv;
+ mbedtls_ms_time_t current_ms;
+
+ ret = clock_gettime(CLOCK_MONOTONIC, &tv);
+ if (ret) {
+ return time(NULL) * 1000;
+ }
+
+ current_ms = tv.tv_sec;
+
+ return current_ms*1000 + tv.tv_nsec / 1000000;
+}
+#elif defined(_WIN32) || defined(WIN32) || defined(__CYGWIN__) || \
+ defined(__MINGW32__) || defined(_WIN64)
+#include <windows.h>
+mbedtls_ms_time_t mbedtls_ms_time(void)
+{
+ FILETIME ct;
+ mbedtls_ms_time_t current_ms;
+
+ GetSystemTimeAsFileTime(&ct);
+ current_ms = ((mbedtls_ms_time_t) ct.dwLowDateTime +
+ ((mbedtls_ms_time_t) (ct.dwHighDateTime) << 32LL))/10000;
+ return current_ms;
+}
+#else
+#error "No mbedtls_ms_time available"
+#endif
+#endif /* MBEDTLS_HAVE_TIME && !MBEDTLS_PLATFORM_MS_TIME_ALT */
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 1609c74..9cccf53 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -19,6 +19,7 @@
*/
#include "common.h"
+#include "psa_crypto_core_common.h"
#if defined(MBEDTLS_PSA_CRYPTO_C)
@@ -4226,7 +4227,7 @@
status = psa_driver_wrapper_cipher_encrypt(
&attributes, slot->key.data, slot->key.bytes,
alg, local_iv, default_iv_length, input, input_length,
- mbedtls_buffer_offset(output, default_iv_length),
+ psa_crypto_buffer_offset(output, default_iv_length),
output_size - default_iv_length, output_length);
exit:
diff --git a/library/psa_crypto_core_common.h b/library/psa_crypto_core_common.h
new file mode 100644
index 0000000..dd72ab1
--- /dev/null
+++ b/library/psa_crypto_core_common.h
@@ -0,0 +1,64 @@
+/**
+ * \file psa_crypto_core_common.h
+ *
+ * \brief Utility macros for internal use in the PSA cryptography core.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_CORE_COMMON_H
+#define PSA_CRYPTO_CORE_COMMON_H
+
+/** Return an offset into a buffer.
+ *
+ * This is just the addition of an offset to a pointer, except that this
+ * function also accepts an offset of 0 into a buffer whose pointer is null.
+ * (`p + n` has undefined behavior when `p` is null, even when `n == 0`.
+ * A null pointer is a valid buffer pointer when the size is 0, for example
+ * as the result of `malloc(0)` on some platforms.)
+ *
+ * \param p Pointer to a buffer of at least n bytes.
+ * This may be \p NULL if \p n is zero.
+ * \param n An offset in bytes.
+ * \return Pointer to offset \p n in the buffer \p p.
+ * Note that this is only a valid pointer if the size of the
+ * buffer is at least \p n + 1.
+ */
+static inline unsigned char *psa_crypto_buffer_offset(
+ unsigned char *p, size_t n)
+{
+ return p == NULL ? NULL : p + n;
+}
+
+/** Return an offset into a read-only buffer.
+ *
+ * Similar to mbedtls_buffer_offset(), but for const pointers.
+ *
+ * \param p Pointer to a buffer of at least n bytes.
+ * This may be \p NULL if \p n is zero.
+ * \param n An offset in bytes.
+ * \return Pointer to offset \p n in the buffer \p p.
+ * Note that this is only a valid pointer if the size of the
+ * buffer is at least \p n + 1.
+ */
+static inline const unsigned char *psa_crypto_buffer_offset_const(
+ const unsigned char *p, size_t n)
+{
+ return p == NULL ? NULL : p + n;
+}
+
+#endif /* PSA_CRYPTO_CORE_COMMON_H */
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index cb7fa59..a7cb9b5 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -438,14 +438,8 @@
(void) p_drv;
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
/* Key location for external keys gets checked by the wrapper */
return PSA_SUCCESS;
-#else /* MBEDTLS_PSA_CRYPTO_DRIVERS */
- /* No support for external lifetimes at all, or dynamic interface
- * did not find driver for requested lifetime. */
- return PSA_ERROR_INVALID_ARGUMENT;
-#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
} else {
/* Local/internal keys are always valid */
return PSA_SUCCESS;
diff --git a/library/x509.c b/library/x509.c
index 6f88f3f..c9524c9 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -1283,6 +1283,7 @@
return ret;
}
+ mbedtls_x509_free_subject_alt_name(&dummy_san_buf);
/* Allocate and assign next pointer */
if (cur->buf.p != NULL) {
if (cur->next != NULL) {
@@ -1434,6 +1435,29 @@
break;
/*
+ * directoryName
+ */
+ case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DIRECTORY_NAME):
+ {
+ size_t name_len;
+ unsigned char *p = san_buf->p;
+ memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name));
+ san->type = MBEDTLS_X509_SAN_DIRECTORY_NAME;
+
+ ret = mbedtls_asn1_get_tag(&p, p + san_buf->len, &name_len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+
+ if (ret != 0) {
+ return ret;
+ }
+
+ if ((ret = mbedtls_x509_get_name(&p, p + name_len,
+ &san->san.directory_name)) != 0) {
+ return ret;
+ }
+ }
+ break;
+ /*
* Type not supported
*/
default:
@@ -1442,6 +1466,13 @@
return 0;
}
+void mbedtls_x509_free_subject_alt_name(mbedtls_x509_subject_alternative_name *san)
+{
+ if (san->type == MBEDTLS_X509_SAN_DIRECTORY_NAME) {
+ mbedtls_asn1_free_named_data_list_shallow(san->san.directory_name.next);
+ }
+}
+
#if !defined(MBEDTLS_X509_REMOVE_INFO)
int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size,
const mbedtls_x509_sequence
@@ -1554,6 +1585,28 @@
break;
/*
+ * directoryName
+ */
+ case MBEDTLS_X509_SAN_DIRECTORY_NAME:
+ {
+ ret = mbedtls_snprintf(p, n, "\n%s directoryName : ", prefix);
+ if (ret < 0 || (size_t) ret >= n) {
+ mbedtls_x509_free_subject_alt_name(&san);
+ }
+
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ ret = mbedtls_x509_dn_gets(p, n, &san.san.directory_name);
+
+ if (ret < 0) {
+ mbedtls_x509_free_subject_alt_name(&san);
+ return ret;
+ }
+
+ p += ret;
+ n -= ret;
+ }
+ break;
+ /*
* Type not supported, skip item.
*/
default:
@@ -1562,6 +1615,9 @@
break;
}
+ /* So far memory is freed only in the case of directoryName
+ * parsing succeeding, as mbedtls_x509_get_name allocates memory. */
+ mbedtls_x509_free_subject_alt_name(&san);
cur = cur->next;
}
diff --git a/scripts/config.py b/scripts/config.py
index 404a5ef..ac5f77c 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -230,7 +230,7 @@
Exclude alternative implementations of library functions since they require
an implementation of the relevant functions and an xxx_alt.h header.
"""
- if name == 'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT':
+ if name in ('MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT', 'MBEDTLS_PLATFORM_MS_TIME_ALT'):
# Similar to non-platform xxx_ALT, requires platform_alt.h
return False
return name.startswith('MBEDTLS_PLATFORM_')
diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
index 08da774..32e6bfe 100644
--- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
+++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
@@ -37,7 +37,6 @@
#if defined(MBEDTLS_PSA_CRYPTO_C)
/* BEGIN-driver headers */
-#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
{% for driver in drivers -%}
/* Headers for {{driver.prefix}} {{driver.type}} driver */
{% if driver['mbedtls/h_condition'] is defined -%}
@@ -50,7 +49,6 @@
#endif
{% endif -%}
{% endfor %}
-#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
/* END-driver headers */
/* Auto-generated values depending on which drivers are registered.
diff --git a/tests/.gitignore b/tests/.gitignore
index b85d66a..40ad061 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -18,6 +18,7 @@
include/test/instrument_record_status.h
src/*.o
+src/test_helpers/*.o
src/drivers/*.o
src/libmbed*
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 7cdbd24..4228f45 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -337,6 +337,21 @@
server5-tricky-ip-san.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -out $@
+
+server5-directoryname.crt.der: server5.key
+ $(OPENSSL) req -x509 -outform der -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions directory_name_san -days 3650 -sha256 -key server5.key -out $@
+
+server5-two-directorynames.crt.der: server5.key
+ $(OPENSSL) req -x509 -outform der -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions two_directorynames -days 3650 -sha256 -key server5.key -out $@
+
+# directoryname sequence tag malformed
+server5-directoryname-seq-malformed.crt.der: server5-two-directorynames.crt.der
+ hexdump -ve '1/1 "%.2X"' $< | sed "s/62A4473045310B/62A4473145310B/" | xxd -r -p > $@
+
+# Second directoryname OID length malformed 03 -> 15
+server5-second-directoryname-oid-malformed.crt.der: server5-two-directorynames.crt.der
+ hexdump -ve '1/1 "%.2X"' $< | sed "s/0355040A0C0A4D414C464F524D5F4D45/1555040A0C0A4D414C464F524D5F4D45/" | xxd -r -p > $@
+
all_final += server5-tricky-ip-san.crt
rsa_single_san_uri.crt.der: rsa_single_san_uri.key
diff --git a/tests/data_files/server5-directoryname-seq-malformed.crt.der b/tests/data_files/server5-directoryname-seq-malformed.crt.der
new file mode 100644
index 0000000..4b0c325
--- /dev/null
+++ b/tests/data_files/server5-directoryname-seq-malformed.crt.der
Binary files differ
diff --git a/tests/data_files/server5-directoryname.crt.der b/tests/data_files/server5-directoryname.crt.der
new file mode 100644
index 0000000..4badea1
--- /dev/null
+++ b/tests/data_files/server5-directoryname.crt.der
Binary files differ
diff --git a/tests/data_files/server5-second-directoryname-oid-malformed.crt.der b/tests/data_files/server5-second-directoryname-oid-malformed.crt.der
new file mode 100644
index 0000000..7074fd8
--- /dev/null
+++ b/tests/data_files/server5-second-directoryname-oid-malformed.crt.der
Binary files differ
diff --git a/tests/data_files/server5-two-directorynames.crt.der b/tests/data_files/server5-two-directorynames.crt.der
new file mode 100644
index 0000000..c98a018
--- /dev/null
+++ b/tests/data_files/server5-two-directorynames.crt.der
Binary files differ
diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf
index 8f8385a..a642b73 100644
--- a/tests/data_files/test-ca.opensslconf
+++ b/tests/data_files/test-ca.opensslconf
@@ -99,3 +99,17 @@
keyUsage = cRLSign
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name
nsCertType=client
+
+[directory_name_san]
+subjectAltName=dirName:dirname_sect
+
+[bad_second_directory_name_san]
+subjectAltName=dirName:dirname_sect, dirName:dirname_sect_bad
+
+[dirname_sect]
+C=UK
+O=Mbed TLS
+CN=Mbed TLS directoryName SAN
+
+[two_directorynames]
+O=MALFORM_ME
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 23ad16e..465f9bb 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2053,7 +2053,7 @@
}
component_test_psa_crypto_config_accel_ecdsa () {
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
+ msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
# Algorithms and key types to accelerate
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
@@ -2078,7 +2078,6 @@
# --------------------------------------
# Start from default config (no USE_PSA) + driver support + TLS 1.3
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
@@ -2104,7 +2103,7 @@
}
component_test_psa_crypto_config_accel_ecdh () {
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
+ msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
# Algorithms and key types to accelerate
loc_accel_list="ALG_ECDH KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
@@ -2123,8 +2122,7 @@
# Configure and build the main libraries
# --------------------------------------
- # Start from default config (no USE_PSA or TLS 1.3) + driver support
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
+ # Start from default config (no USE_PSA or TLS 1.3)
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
# Disable the module that's accelerated
@@ -2152,7 +2150,7 @@
}
component_test_psa_crypto_config_accel_pake() {
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
+ msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
# Start with full
scripts/config.py full
@@ -2166,10 +2164,9 @@
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- # Make build-in fallback not available
+ # Make built-in fallback not available
scripts/config.py unset MBEDTLS_ECJPAKE_C
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
@@ -2188,6 +2185,9 @@
# Auxiliary function to build config for all EC based algorithms (EC-JPAKE,
# ECDH, ECDSA) with and without drivers.
+# The input parameter is a boolean value which indicates:
+# - 0 keep built-in EC algs,
+# - 1 exclude built-in EC algs (driver only).
#
# This is used by the two following components to ensure they always use the
# same config, except for the use of driver or built-in EC algorithms:
@@ -2200,7 +2200,6 @@
scripts/config.py full
# enable support for drivers and configuring PSA-only algorithms
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
if [ "$DRIVER_ONLY" -eq 1 ]; then
# Disable modules that are accelerated
scripts/config.py unset MBEDTLS_ECDSA_C
@@ -2285,6 +2284,130 @@
tests/ssl-opt.sh
}
+# Helper function used in:
+# - component_test_psa_crypto_config_accel_all_curves_except_p192
+# - component_test_psa_crypto_config_accel_all_curves_except_x25519
+# to build and test with all accelerated curves a part from the specified one.
+psa_crypto_config_accel_all_curves_except_one () {
+ BUILTIN_CURVE=$1
+
+ msg "build: PSA_CRYPTO_CONFIG + all accelerated EC algs (excl $BUILTIN_CURVE) + USE_PSA_CRYPTO"
+
+ # Accelerate all EC algs (all EC curves are automatically accelerated as
+ # well in the built-in version due to the "PSA_WANT_xxx" symbols in
+ # "crypto_config.h")
+ loc_accel_list="ALG_ECDH \
+ ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
+ ALG_JPAKE \
+ KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
+
+ # Configure and build the test driver library
+ # --------------------------------------------
+
+ # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
+ # partial support for cipher operations in the driver test library.
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
+
+ # RSA support is intentionally disabled on this test (see below for
+ # explanation) so lets disable it also on the driver side
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
+ for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
+ echo $ALG
+ scripts/config.py -f include/psa/crypto_config.h unset $ALG
+ done
+
+ loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
+ # These hashes are needed for some ECDSA signature tests.
+ loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_224"
+ loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_256"
+ loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_384"
+ loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_512"
+ make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
+
+ # Configure and build the main libraries
+ # ---------------------------------------
+
+ # full config (includes USE_PSA, TLS 1.3 and driver support)
+ scripts/config.py full
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+
+ # Dynamic secure element support is a deprecated feature and needs to be disabled here.
+ # This is done to have the same form of psa_key_attributes_s for libdriver and library.
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
+
+ # restartable is not yet supported in PSA
+ scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
+
+ # disable modules for which we have drivers
+ scripts/config.py unset MBEDTLS_ECDSA_C
+ scripts/config.py unset MBEDTLS_ECDH_C
+ scripts/config.py unset MBEDTLS_ECJPAKE_C
+
+ # Ensure also RSA and asssociated algs are disabled so that the size of
+ # the public/private keys cannot be taken from there
+ scripts/config.py unset MBEDTLS_RSA_C
+ scripts/config.py unset MBEDTLS_PKCS1_V15
+ scripts/config.py unset MBEDTLS_PKCS1_V21
+ scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ # Also disable key exchanges that depend on RSA
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+
+ # Explicitly disable all SW implementation for elliptic curves
+ for CURVE in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do
+ scripts/config.py unset "$CURVE"
+ done
+ # Just leave SW implementation for the specified curve for allowing to
+ # build with ECP_C.
+ scripts/config.py set $BUILTIN_CURVE
+ # Accelerate all curves listed in "crypto_config.h" (skipping the ones that
+ # are commented out)
+ for CURVE in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
+ loc_accel_list="$loc_accel_list $CURVE"
+ done
+
+ # build and link with test drivers
+ loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
+ make CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+
+ # make sure excluded modules were not auto-re-enabled by accident
+ not grep mbedtls_ecdh_ library/ecdh.o
+ not grep mbedtls_ecdsa_ library/ecdsa.o
+ not grep mbedtls_ecjpake_ library/ecjpake.o
+ if [ $BUILTIN_CURVE == "MBEDTLS_ECP_DP_SECP192R1_ENABLED" ]; then
+ # The only built-in curve is Short Weierstrass, so ECP shouldn't have
+ # support for Montgomery curves. Functions with mxz in their name
+ # are specific to Montgomery curves.
+ not grep mxz library/ecp.o
+ elif [ $BUILTIN_CURVE == "MBEDTLS_ECP_DP_CURVE25519_ENABLED" ]; then
+ # The only built-in curve is Montgomery, so ECP shouldn't have
+ # support for Short Weierstrass curves. Functions with mbedtls_ecp_muladd
+ # in their name are specific to Short Weierstrass curves.
+ not grep mbedtls_ecp_muladd library/ecp.o
+ else
+ err_msg "Error: $BUILTIN_CURVE is not supported in psa_crypto_config_accel_all_curves_except_one()"
+ exit 1
+ fi
+
+ # Run the tests
+ # -------------
+ msg "test: PSA_CRYPTO_CONFIG + all accelerated EC algs (excl $BUILTIN_CURVE) + USE_PSA_CRYPTO"
+ make test
+}
+
+component_test_psa_crypto_config_accel_all_curves_except_p192 () {
+ psa_crypto_config_accel_all_curves_except_one MBEDTLS_ECP_DP_SECP192R1_ENABLED
+}
+
+component_test_psa_crypto_config_accel_all_curves_except_x25519 () {
+ psa_crypto_config_accel_all_curves_except_one MBEDTLS_ECP_DP_CURVE25519_ENABLED
+}
+
component_test_psa_crypto_config_accel_rsa_signature () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
@@ -2333,7 +2456,6 @@
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
# Mbed TLS library build
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
# Remove RSA support and its dependencies
@@ -2375,7 +2497,6 @@
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_MD5_C
scripts/config.py unset MBEDTLS_RIPEMD160_C
@@ -2413,7 +2534,6 @@
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
@@ -2429,7 +2549,6 @@
scripts/config.py full
# enable support for drivers and configuring PSA-only algorithms
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
if [ "$DRIVER_ONLY" -eq 1 ]; then
# disable the built-in implementation of hashes
scripts/config.py unset MBEDTLS_MD5_C
@@ -2519,7 +2638,6 @@
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
# There is no intended accelerator support for ALG STREAM_CIPHER and
@@ -2560,7 +2678,6 @@
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_GCM_C
@@ -2583,17 +2700,37 @@
make test
}
-component_test_psa_crypto_config_no_driver() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS"
- scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_DRIVERS
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
+component_test_psa_crypto_config_accel_pake() {
+ msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
- msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS"
+ # Start with full
+ scripts/config.py full
+
+ # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
+ # partial support for cipher operations in the driver test library.
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
+
+ loc_accel_list="ALG_JPAKE"
+ loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
+ make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
+
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+
+ # Make build-in fallback not available
+ scripts/config.py unset MBEDTLS_ECJPAKE_C
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+
+ # Dynamic secure element support is a deprecated feature and needs to be disabled here.
+ # This is done to have the same form of psa_key_attributes_s for libdriver and library.
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
+
+ loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
+ make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+
+ not grep mbedtls_ecjpake_init library/ecjpake.o
+
+ msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
make test
}
@@ -2617,7 +2754,6 @@
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py unset MBEDTLS_ECDH_C
@@ -2636,7 +2772,6 @@
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
@@ -2651,7 +2786,6 @@
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
@@ -2666,7 +2800,6 @@
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
@@ -2680,7 +2813,6 @@
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py unset MBEDTLS_HKDF_C
@@ -2696,7 +2828,6 @@
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD5 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
@@ -2718,7 +2849,6 @@
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RIPEMD160 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
@@ -2740,7 +2870,6 @@
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_1 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
@@ -2762,7 +2891,6 @@
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_224 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
@@ -2781,7 +2909,6 @@
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_256 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
@@ -2800,7 +2927,6 @@
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_384 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
@@ -2821,7 +2947,6 @@
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_512 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
@@ -2843,7 +2968,6 @@
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
@@ -2860,7 +2984,6 @@
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
@@ -2877,7 +3000,6 @@
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_OAEP 1
@@ -2894,7 +3016,6 @@
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1
@@ -2911,7 +3032,6 @@
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR + PSA_WANT_ALG_RSA_PSS"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1
@@ -2926,7 +3046,6 @@
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1
@@ -3254,9 +3373,8 @@
}
component_test_psa_crypto_drivers () {
- msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks"
+ msg "build: full + MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + test drivers"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
@@ -3264,7 +3382,7 @@
make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
- msg "test: full + MBEDTLS_PSA_CRYPTO_DRIVERS"
+ msg "test: full + MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + test drivers"
make test
}
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 80b3d54..60cf654 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -10,6 +10,8 @@
import sys
import traceback
import re
+import subprocess
+import os
import check_test_cases
@@ -51,6 +53,26 @@
"""
return len(self.successes) + len(self.failures)
+def execute_reference_driver_tests(ref_component, driver_component, outcome_file):
+ """Run the tests specified in ref_component and driver_component. Results
+ are stored in the output_file and they will be used for the following
+ coverage analysis"""
+ # If the outcome file already exists, we assume that the user wants to
+ # perform the comparison analysis again without repeating the tests.
+ if os.path.exists(outcome_file):
+ Results.log("Outcome file (" + outcome_file + ") already exists. " + \
+ "Tests will be skipped.")
+ return
+
+ shell_command = "tests/scripts/all.sh --outcome-file " + outcome_file + \
+ " " + ref_component + " " + driver_component
+ Results.log("Running: " + shell_command)
+ ret_val = subprocess.run(shell_command.split(), check=False).returncode
+
+ if ret_val != 0:
+ Results.log("Error: failed to run reference/driver components")
+ sys.exit(ret_val)
+
def analyze_coverage(results, outcomes):
"""Check that all available test cases are executed at least once."""
available = check_test_cases.collect_available_test_cases()
@@ -137,6 +159,9 @@
def do_analyze_driver_vs_reference(outcome_file, args):
"""Perform driver vs reference analyze."""
+ execute_reference_driver_tests(args['component_ref'], \
+ args['component_driver'], outcome_file)
+
ignored_suites = ['test_suite_' + x for x in args['ignored_suites']]
outcomes = read_outcome_file(outcome_file)
@@ -152,9 +177,12 @@
'test_function': do_analyze_coverage,
'args': {}
},
- # How to use analyze_driver_vs_reference_xxx locally:
- # 1. tests/scripts/all.sh --outcome-file "$PWD/out.csv" <component_ref> <component_driver>
- # 2. tests/scripts/analyze_outcomes.py out.csv analyze_driver_vs_reference_xxx
+ # There are 2 options to use analyze_driver_vs_reference_xxx locally:
+ # 1. Run tests and then analysis:
+ # - tests/scripts/all.sh --outcome-file "$PWD/out.csv" <component_ref> <component_driver>
+ # - tests/scripts/analyze_outcomes.py out.csv analyze_driver_vs_reference_xxx
+ # 2. Let this script run both automatically:
+ # - tests/scripts/analyze_outcomes.py out.csv analyze_driver_vs_reference_xxx
'analyze_driver_vs_reference_hash': {
'test_function': do_analyze_driver_vs_reference,
'args': {
diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c
index 7487e84..8fb1982 100644
--- a/tests/src/drivers/hash.c
+++ b/tests/src/drivers/hash.c
@@ -19,7 +19,7 @@
#include <test/helpers.h>
-#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa_crypto_hash.h"
#include "test/drivers/hash.h"
@@ -208,4 +208,4 @@
return mbedtls_test_driver_hash_hooks.driver_status;
}
-#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index 4bf2a86..8eb5547 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -19,7 +19,7 @@
#include <test/helpers.h>
-#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa_crypto_aead.h"
#include "psa_crypto_core.h"
@@ -469,4 +469,4 @@
return mbedtls_test_driver_aead_hooks.driver_status;
}
-#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_asymmetric_encryption.c b/tests/src/drivers/test_driver_asymmetric_encryption.c
index 8c5e207..cf0e90c 100644
--- a/tests/src/drivers/test_driver_asymmetric_encryption.c
+++ b/tests/src/drivers/test_driver_asymmetric_encryption.c
@@ -19,7 +19,7 @@
#include <test/helpers.h>
-#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
#include "mbedtls/rsa.h"
#include "psa_crypto_rsa.h"
@@ -160,4 +160,4 @@
return PSA_ERROR_NOT_SUPPORTED;
}
-#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c
index f0cb6b2..42e79c4 100644
--- a/tests/src/drivers/test_driver_cipher.c
+++ b/tests/src/drivers/test_driver_cipher.c
@@ -20,7 +20,7 @@
#include <test/helpers.h>
-#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
#include "psa_crypto_cipher.h"
#include "psa_crypto_core.h"
@@ -433,4 +433,4 @@
(void) output_length;
return PSA_ERROR_NOT_SUPPORTED;
}
-#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c
index d1fd891..b60c412 100644
--- a/tests/src/drivers/test_driver_key_agreement.c
+++ b/tests/src/drivers/test_driver_key_agreement.c
@@ -19,7 +19,7 @@
#include <test/helpers.h>
-#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
#include "psa_crypto_core.h"
@@ -123,4 +123,4 @@
return PSA_ERROR_NOT_SUPPORTED;
}
-#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
index 4e340aa..a3ff2dd 100644
--- a/tests/src/drivers/test_driver_key_management.c
+++ b/tests/src/drivers/test_driver_key_management.c
@@ -20,7 +20,7 @@
#include <test/helpers.h>
-#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
#include "psa_crypto_core.h"
#include "psa_crypto_ecp.h"
@@ -748,4 +748,4 @@
return PSA_SUCCESS;
}
-#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c
index ea09cf4..96c1685 100644
--- a/tests/src/drivers/test_driver_mac.c
+++ b/tests/src/drivers/test_driver_mac.c
@@ -19,7 +19,7 @@
#include <test/helpers.h>
-#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa_crypto_mac.h"
#include "test/drivers/mac.h"
@@ -431,4 +431,4 @@
return mbedtls_test_driver_mac_hooks.driver_status;
}
-#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c
index 9c72483..a8cf0d8 100644
--- a/tests/src/drivers/test_driver_pake.c
+++ b/tests/src/drivers/test_driver_pake.c
@@ -19,7 +19,7 @@
#include <test/helpers.h>
-#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa_crypto_pake.h"
#include "test/drivers/pake.h"
@@ -209,4 +209,4 @@
return mbedtls_test_driver_pake_hooks.driver_status;
}
-#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c
index 11815b0..c312477 100644
--- a/tests/src/drivers/test_driver_signature.c
+++ b/tests/src/drivers/test_driver_signature.c
@@ -21,7 +21,7 @@
#include <test/helpers.h>
-#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
#include "psa_crypto_core.h"
#include "psa_crypto_ecp.h"
@@ -414,4 +414,4 @@
return PSA_ERROR_NOT_SUPPORTED;
}
-#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 3fbad92..1f6dfc1 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -855,130 +855,6 @@
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":250:4:64
-ECP fix_negative: 0, -1, 224
-fix_negative:"00":-1:224
-
-ECP fix_negative: 1, -1, 224
-fix_negative:"01":-1:224
-
-ECP fix_negative: 2^32-1, -1, 224
-fix_negative:"ffffffff":-1:224
-
-ECP fix_negative: 2^32, -1, 224
-fix_negative:"0100000000":-1:224
-
-ECP fix_negative: 2^64-1, -1, 224
-fix_negative:"ffffffffffffffff":-1:224
-
-ECP fix_negative: 2^64, -1, 224
-fix_negative:"010000000000000000":-1:224
-
-ECP fix_negative: 2^128-1, -1, 224
-fix_negative:"ffffffffffffffffffffffffffffffff":-1:224
-
-ECP fix_negative: 2^128, -1, 224
-fix_negative:"0100000000000000000000000000000000":-1:224
-
-ECP fix_negative: 2^128+1, -1, 224
-fix_negative:"0100000000000000000000000000000001":-1:224
-
-ECP fix_negative: 2^224-1, -1, 224
-fix_negative:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffff":-1:224
-
-ECP fix_negative: 0, -2, 224
-fix_negative:"00":-2:224
-
-ECP fix_negative: 1, -2, 224
-fix_negative:"01":-2:224
-
-ECP fix_negative: 2^32-1, -2, 224
-fix_negative:"ffffffff":-2:224
-
-ECP fix_negative: 2^32, -2, 224
-fix_negative:"0100000000":-2:224
-
-ECP fix_negative: 2^64-1, -2, 224
-fix_negative:"ffffffffffffffff":-2:224
-
-ECP fix_negative: 2^64, -2, 224
-fix_negative:"010000000000000000":-2:224
-
-ECP fix_negative: 2^128-1, -2, 224
-fix_negative:"ffffffffffffffffffffffffffffffff":-2:224
-
-ECP fix_negative: 2^128, -2, 224
-fix_negative:"0100000000000000000000000000000000":-2:224
-
-ECP fix_negative: 2^128+1, -2, 224
-fix_negative:"0100000000000000000000000000000001":-2:224
-
-ECP fix_negative: 2^224-1, -2, 224
-fix_negative:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffff":-2:224
-
-ECP fix_negative: 0, -1, 256
-fix_negative:"00":-1:256
-
-ECP fix_negative: 1, -1, 256
-fix_negative:"01":-1:256
-
-ECP fix_negative: 2^32-1, -1, 256
-fix_negative:"ffffffff":-1:256
-
-ECP fix_negative: 2^32, -1, 256
-fix_negative:"0100000000":-1:256
-
-ECP fix_negative: 2^64-1, -1, 256
-fix_negative:"ffffffffffffffff":-1:256
-
-ECP fix_negative: 2^64, -1, 256
-fix_negative:"010000000000000000":-1:256
-
-ECP fix_negative: 2^128-1, -1, 256
-fix_negative:"ffffffffffffffffffffffffffffffff":-1:256
-
-ECP fix_negative: 2^128, -1, 256
-fix_negative:"0100000000000000000000000000000000":-1:256
-
-ECP fix_negative: 2^128+1, -1, 256
-fix_negative:"0100000000000000000000000000000001":-1:256
-
-ECP fix_negative: 2^256-1, -1, 256
-fix_negative:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":-1:256
-
-ECP fix_negative: 0, -2, 256
-fix_negative:"00":-2:256
-
-ECP fix_negative: 1, -2, 256
-fix_negative:"01":-2:256
-
-ECP fix_negative: 2^32-1, -2, 256
-fix_negative:"ffffffff":-2:256
-
-ECP fix_negative: 2^32, -2, 256
-fix_negative:"0100000000":-2:256
-
-ECP fix_negative: 2^64-1, -2, 256
-fix_negative:"ffffffffffffffff":-2:256
-
-ECP fix_negative: 2^64, -2, 256
-fix_negative:"010000000000000000":-2:256
-
-ECP fix_negative: 2^128-1, -2, 256
-fix_negative:"ffffffffffffffffffffffffffffffff":-2:256
-
-ECP fix_negative: 2^128, -2, 256
-fix_negative:"0100000000000000000000000000000000":-2:256
-
-ECP fix_negative: 2^128+1, -2, 256
-fix_negative:"0100000000000000000000000000000001":-2:256
-
-ECP fix_negative: 2^256-1, -2, 256
-fix_negative:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":-2:256
-
-# The first call to fix_negative in the test case of issue #4296.
-ECP fix_negative: #4296.1
-fix_negative:"8A4DD4C8B42C5EAED15FE4F4579F4CE513EC90A94010BF000000000000000000":-1:256
-
ECP export key parameters #1 (OK)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_export:MBEDTLS_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":0:0
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 71fd4e1..4b51a9f 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -8,11 +8,6 @@
#include "ecp_invasive.h"
#include "bignum_mod_raw_invasive.h"
-#if defined(MBEDTLS_TEST_HOOKS) && \
- defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#define HAVE_FIX_NEGATIVE
-#endif
-
#define ECP_PF_UNKNOWN -1
#define ECP_PT_RESET(x) \
@@ -1091,36 +1086,6 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:HAVE_FIX_NEGATIVE */
-void fix_negative(data_t *N_bin, int c, int bits)
-{
- mbedtls_mpi C, M, N;
-
- mbedtls_mpi_init(&C);
- mbedtls_mpi_init(&M);
- mbedtls_mpi_init(&N);
-
- /* C = - c * 2^bits (positive since c is negative) */
- TEST_EQUAL(0, mbedtls_mpi_lset(&C, -c));
- TEST_EQUAL(0, mbedtls_mpi_shift_l(&C, bits));
-
- TEST_EQUAL(0, mbedtls_mpi_read_binary(&N, N_bin->x, N_bin->len));
- TEST_EQUAL(0, mbedtls_mpi_grow(&N, C.n));
-
- /* M = N - C = - ( C - N ) (expected result of fix_negative) */
- TEST_EQUAL(0, mbedtls_mpi_sub_mpi(&M, &N, &C));
-
- mbedtls_ecp_fix_negative(&N, c, bits);
-
- TEST_EQUAL(0, mbedtls_mpi_cmp_mpi(&N, &M));
-
-exit:
- mbedtls_mpi_free(&C);
- mbedtls_mpi_free(&M);
- mbedtls_mpi_free(&N);
-}
-/* END_CASE */
-
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_MONTGOMERY_ENABLED */
void genkey_mx_known_answer(int bits, data_t *seed, data_t *expected)
{
@@ -1301,7 +1266,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP192R1_ENABLED */
void ecp_mod_p192_raw(char *input_N,
char *input_X,
char *result)
@@ -1344,7 +1309,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP224R1_ENABLED */
void ecp_mod_p224_raw(char *input_N,
char *input_X,
char *result)
@@ -1387,7 +1352,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
void ecp_mod_p256_raw(char *input_N,
char *input_X,
char *result)
@@ -1473,7 +1438,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP521R1_ENABLED */
void ecp_mod_p521_raw(char *input_N,
char *input_X,
char *result)
diff --git a/tests/suites/test_suite_platform.data b/tests/suites/test_suite_platform.data
new file mode 100644
index 0000000..557b586
--- /dev/null
+++ b/tests/suites/test_suite_platform.data
@@ -0,0 +1,12 @@
+
+Time: get milliseconds
+time_get_milliseconds:
+
+Time: get seconds
+time_get_seconds:
+
+Time: delay milliseconds
+time_delay_milliseconds:1000
+
+Time: delay seconds
+time_delay_seconds:1
diff --git a/tests/suites/test_suite_platform.function b/tests/suites/test_suite_platform.function
new file mode 100644
index 0000000..54ddd42
--- /dev/null
+++ b/tests/suites/test_suite_platform.function
@@ -0,0 +1,91 @@
+/* BEGIN_HEADER */
+
+/* This test module exercises the platform_* module. Since, depending on the
+ * underlying operating system, the time routines are not always reliable,
+ * this suite only performs very basic sanity checks of the timing API.
+ */
+
+#include <limits.h>
+
+#if defined(MBEDTLS_HAVE_TIME)
+#include "mbedtls/platform_time.h"
+
+#ifdef WIN32
+#include <windows.h>
+#elif _POSIX_C_SOURCE >= 199309L
+#include <time.h>
+#else
+#include <unistd.h>
+#endif
+void sleep_ms(int milliseconds)
+{
+#ifdef WIN32
+ Sleep(milliseconds);
+#elif _POSIX_C_SOURCE >= 199309L
+ struct timespec ts;
+ ts.tv_sec = milliseconds / 1000;
+ ts.tv_nsec = (milliseconds % 1000) * 1000000;
+ nanosleep(&ts, NULL);
+#else
+ usleep(milliseconds * 1000);
+#endif
+}
+#endif
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES */
+
+/* END_DEPENDENCIES */
+
+
+
+/* BEGIN_CASE depends_on:MBEDTLS_HAVE_TIME */
+void time_get_milliseconds()
+{
+ mbedtls_ms_time_t current = mbedtls_ms_time();
+ (void) current;
+ /* This goto is added to avoid warnings from the generated code. */
+ goto exit;
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_HAVE_TIME */
+void time_get_seconds()
+{
+ mbedtls_time_t current = mbedtls_time(NULL);
+ (void) current;
+ /* This goto is added to avoid warnings from the generated code. */
+ goto exit;
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_HAVE_TIME */
+void time_delay_milliseconds(int delay_ms)
+{
+ mbedtls_ms_time_t current = mbedtls_ms_time();
+ mbedtls_ms_time_t elapsed_ms;
+
+ sleep_ms(delay_ms);
+
+ elapsed_ms = mbedtls_ms_time() - current;
+ TEST_ASSERT(elapsed_ms >= delay_ms && elapsed_ms < 4000 + delay_ms);
+ /* This goto is added to avoid warnings from the generated code. */
+ goto exit;
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_HAVE_TIME */
+void time_delay_seconds(int delay_secs)
+{
+ mbedtls_time_t current = mbedtls_time(NULL);
+ mbedtls_time_t elapsed_secs;
+
+ sleep_ms(delay_secs * 1000);
+
+ elapsed_secs = mbedtls_time(NULL) - current;
+ TEST_ASSERT(elapsed_secs >= delay_secs && elapsed_secs < 4 + delay_secs);
+ /* This goto is added to avoid warnings from the generated code. */
+ goto exit;
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index c1d2667..3fab500 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -1436,10 +1436,6 @@
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C
copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_LIFETIME_PERSISTENT:PSA_ERROR_INVALID_ARGUMENT
-Copy fail: AES, invalid lifetime (unknown location) in attributes
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C:!MBEDTLS_PSA_CRYPTO_DRIVERS
-copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:1:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, 11):PSA_ERROR_INVALID_ARGUMENT
-
Copy fail: AES, copy to a readonly lifetime in attributes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C
copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:1:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_READ_ONLY, 0 ):PSA_ERROR_INVALID_ARGUMENT
@@ -6118,7 +6114,7 @@
derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DERIVE:400:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256)
PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256
derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY
PSA key derivation: HKDF-SHA-256 -> ECC curve25519, exercise ECDH
@@ -6150,11 +6146,11 @@
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:256:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf"
PSA key derivation: HKDF-SHA-256 -> ECC secp256r1
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5c0"
PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"4869212049276d20612074657374206b65792120486f772061726520796f753f":"":"e1ab5d0000000000":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:"46a5850b60ba10b0fd8e0feb8790e2819d46ea26fede564ff6dea94ef1945660"
PSA key derivation: HKDF-SHA-256 -> raw (same input as secp256r1+redraw)
@@ -6162,17 +6158,17 @@
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"4869212049276d20612074657374206b65792120486f772061726520796f753f":"":"e1ab5d0000000000":PSA_KEY_TYPE_RAW_DATA:256:"ffffffff55f60cea989fe02543c81b28aff09b5b51fdc43f91fe5c2511b0b9d9"
PSA key derivation: HKDF-SHA-256 -> ECC secp384r1
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865b4b0a85a993c"
# For secp521r1, the leading byte of the representation of the private key can
# be either 0 or 1. Have one test case where it's 0 and one where it's 1.
PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:"00b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865b4b0a85a993b89b9b65683d60f0106d28fff039d0b6f3409"
PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8fa":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:"01122f37d10965c8455ecbd2bc73d5da5347d0ce772e54305d528295a64ffb7c567f5042e2d7e5803b407c08d1e110adcefc35564035d706582f723a2f76a32260da"
# For Curve25519, test a few different outputs to exercise masking (last byte of input_2 variation).
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
index 311ce08..b74e020 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
@@ -690,7 +690,7 @@
asymmetric_encrypt_decrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":"":PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS
PSA encrypt-decrypt transparent driver: fallback not available RSA PKCS#1 v1.5
-depends_on:!MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+depends_on:!MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
asymmetric_encrypt_decrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":"":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED::PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED
PSA encrypt-decrypt transparent driver: encryption error RSA PKCS#1 v1.5
@@ -722,7 +722,7 @@
asymmetric_encrypt_decrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":"":PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS
PSA encrypt-decrypt transparent driver: fallback not available RSA OAEP-SHA-256
-depends_on:!MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
+depends_on:!MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP:PSA_WANT_ALG_RSA_OAEP
asymmetric_encrypt_decrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":"":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED::PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED
PSA encrypt-decrypt transparent driver: encryption error RSA OAEP-SHA-256
@@ -746,7 +746,7 @@
asymmetric_decrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"2dfabbd0dd2cd9bd61f122615dae67d3952f6b6c169d924ae0ca452eb71bc2075875039b0bcf1781bbb42887e1d26b7727a294050ca3df9ea5b44c4b3052164f66a1ff8723393d64fb76afe86fc3dae97b1a86ddde6dd1aa697f20d81b5c559780c8f5c6b2919676203a52de10a5f6e76ac218642072f4868085555345f26a61":"":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
PSA decrypt transparent driver: fallback not available RSA PKCS#1 v1.5
-depends_on:!MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+depends_on:!MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
asymmetric_decrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"2dfabbd0dd2cd9bd61f122615dae67d3952f6b6c169d924ae0ca452eb71bc2075875039b0bcf1781bbb42887e1d26b7727a294050ca3df9ea5b44c4b3052164f66a1ff8723393d64fb76afe86fc3dae97b1a86ddde6dd1aa697f20d81b5c559780c8f5c6b2919676203a52de10a5f6e76ac218642072f4868085555345f26a61":"":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED
PSA decrypt transparent driver: in-driver RSA OAEP-SHA-256
@@ -762,7 +762,7 @@
asymmetric_decrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"13fd8220c266b34b894f916448d854f7438e075f55cc4df95edf7002bd88fd4b156305112f48362c1563a490ae56c29b546edb31dd5901db0c60197724d0a56ba1a33bfb0ed23bc806b0b2ca87ae9323ff86c7a06bf05108281a324b9f9af0bd50220aaf003606be1e5333fb53b97dff13261f8c6d2e4a5cefcd2b5589eb2a21":"":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
PSA decrypt transparent driver: fallback not available RSA OAEP-SHA-256
-depends_on:!MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
+depends_on:!MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP:PSA_WANT_ALG_RSA_OAEP
asymmetric_decrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"13fd8220c266b34b894f916448d854f7438e075f55cc4df95edf7002bd88fd4b156305112f48362c1563a490ae56c29b546edb31dd5901db0c60197724d0a56ba1a33bfb0ed23bc806b0b2ca87ae9323ff86c7a06bf05108281a324b9f9af0bd50220aaf003606be1e5333fb53b97dff13261f8c6d2e4a5cefcd2b5589eb2a21":"":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED
PSA encrypt transparent driver: in-driver RSA PKCS#1 v1.5
@@ -778,7 +778,7 @@
asymmetric_encrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3":"874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
PSA encrypt transparent driver: fallback not available RSA PKCS#1 v1.5
-depends_on:!MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+depends_on:!MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
asymmetric_encrypt:PSA_ALG_RSA_PKCS1V15_CRYPT:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3":"874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED
PSA encrypt transparent driver: in-driver RSA OAEP-SHA-256
@@ -794,7 +794,7 @@
asymmetric_encrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3":"874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
PSA encrypt transparent driver: fallback not available RSA OAEP-SHA-256
-depends_on:!MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
+depends_on:!MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP:PSA_WANT_ALG_RSA_OAEP
asymmetric_encrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3":"874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED
PSA AEAD encrypt setup, AES-GCM, 128 bytes #1
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index 5105ef5..00ea6a5 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -484,7 +484,7 @@
/* END_HEADER */
/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_DRIVERS:PSA_CRYPTO_DRIVER_TEST
+ * depends_on:MBEDTLS_PSA_CRYPTO_C:PSA_CRYPTO_DRIVER_TEST
* END_DEPENDENCIES
*/
@@ -2130,7 +2130,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
+/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
void builtin_key_export(int builtin_key_id_arg,
int builtin_key_type_arg,
int builtin_key_bits_arg,
@@ -2181,7 +2181,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
+/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
void builtin_pubkey_export(int builtin_key_id_arg,
int builtin_key_type_arg,
int builtin_key_bits_arg,
diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function
index 821ebd6..4143a1c 100644
--- a/tests/suites/test_suite_timing.function
+++ b/tests/suites/test_suite_timing.function
@@ -20,8 +20,20 @@
void timing_get_timer()
{
struct mbedtls_timing_hr_time time;
+
+ memset(&time, 0, sizeof(time));
+
(void) mbedtls_timing_get_timer(&time, 1);
+
+ /* Check that a non-zero time was written back */
+ int all_zero = 1;
+ for (size_t i = 0; i < sizeof(time); i++) {
+ all_zero &= ((unsigned char *) &time)[i] == 0;
+ }
+ TEST_ASSERT(!all_zero);
+
(void) mbedtls_timing_get_timer(&time, 0);
+
/* This goto is added to avoid warnings from the generated code. */
goto exit;
}
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index c025c3f..685b859 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -94,6 +94,14 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
x509_cert_info:"data_files/server5-nonprintable_othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nissued on \: 2022-09-06 15\:56\:47\nexpires on \: 2032-09-03 15\:56\:47\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\n"
+X509 CRT information EC, SHA256 Digest, directoryName SAN
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+x509_cert_info:"data_files/server5-directoryname.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nissued on \: 2023-01-10 16\:59\:29\nexpires on \: 2033-01-07 16\:59\:29\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n directoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n"
+
+X509 CRT information EC, SHA256 Digest, two directoryName SANs
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+x509_cert_info:"data_files/server5-two-directorynames.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nissued on \: 2023-01-12 10\:34\:11\nexpires on \: 2033-01-09 10\:34\:11\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n directoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n directoryName \: O=MALFORM_ME\n"
+
X509 CRT information EC, SHA256 Digest, Wisun Fan device
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
x509_cert_info:"data_files/server5-fan.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nissued on \: 2019-03-25 09\:03\:46\nexpires on \: 2029-03-22 09\:03\:46\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\next key usage \: Wi-SUN Alliance Field Area Network (FAN)\n"
@@ -184,31 +192,43 @@
X509 SAN parsing otherName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n"
+x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n":0
X509 SAN parsing binary otherName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_parse_san:"data_files/server5-nonprintable_othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 3132338081008180333231\n"
+x509_parse_san:"data_files/server5-nonprintable_othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 3132338081008180333231\n":0
+
+X509 SAN parsing directoryName
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+x509_parse_san:"data_files/server5-directoryname.crt.der":"type \: 4\ndirectoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n":0
+
+X509 SAN parsing directoryName, seq malformed
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+x509_parse_san:"data_files/server5-directoryname-seq-malformed.crt.der":"":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 SAN parsing two directoryNames, second DN OID malformed
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+x509_parse_san:"data_files/server5-second-directoryname-oid-malformed.crt.der":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 SAN parsing dNSName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
-x509_parse_san:"data_files/cert_example_multi.crt":"type \: 2\ndNSName \: example.com\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
+x509_parse_san:"data_files/cert_example_multi.crt":"type \: 2\ndNSName \: example.com\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n":0
X509 SAN parsing Multiple different types
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
+x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n":0
X509 SAN parsing, no subject alt name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME
-x509_parse_san:"data_files/server4.crt":""
+x509_parse_san:"data_files/server4.crt":"":0
X509 SAN parsing, unsupported otherName name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_parse_san:"data_files/server5-unsupported_othername.crt":""
+x509_parse_san:"data_files/server5-unsupported_othername.crt":"":0
X509 SAN parsing rfc822Name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
-x509_parse_san:"data_files/test_cert_rfc822name.crt.der":"type \: 1\nrfc822Name \: my@other.address\ntype \: 1\nrfc822Name \: second@other.address\n"
+x509_parse_san:"data_files/test_cert_rfc822name.crt.der":"type \: 1\nrfc822Name \: my@other.address\ntype \: 1\nrfc822Name \: second@other.address\n":0
X509 CRL information #1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index ed1dcaf..177bc97 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -289,6 +289,17 @@
*p++ = san->san.unstructured_name.p[i];
}
break;/* MBEDTLS_X509_SAN_RFC822_NAME */
+ case (MBEDTLS_X509_SAN_DIRECTORY_NAME):
+ ret = mbedtls_snprintf(p, n, "\ndirectoryName : ");
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ ret = mbedtls_x509_dn_gets(p, n, &san->san.directory_name);
+ if (ret < 0) {
+ return ret;
+ }
+
+ p += ret;
+ n -= ret;
+ break;/* MBEDTLS_X509_SAN_DIRECTORY_NAME */
default:
/*
* Should not happen.
@@ -426,7 +437,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void x509_parse_san(char *crt_file, char *result_str)
+void x509_parse_san(char *crt_file, char *result_str, int parse_result)
{
int ret;
mbedtls_x509_crt crt;
@@ -439,8 +450,11 @@
mbedtls_x509_crt_init(&crt);
memset(buf, 0, 2000);
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), parse_result);
+ if (parse_result != 0) {
+ goto exit;
+ }
if (crt.ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
cur = &crt.subject_alt_names;
while (cur != NULL) {
@@ -450,7 +464,9 @@
* If san type not supported, ignore.
*/
if (ret == 0) {
- TEST_ASSERT(verify_parse_san(&san, &p, &n) == 0);
+ ret = verify_parse_san(&san, &p, &n);
+ mbedtls_x509_free_subject_alt_name(&san);
+ TEST_EQUAL(ret, 0);
}
cur = cur->next;
}