Merge pull request #9613 from gilles-peskine-arm/remove-rsa-psk-key-exchange
Remove RSA-PSK key exchange
diff --git a/ChangeLog.d/psa_util-bits-0.txt b/ChangeLog.d/psa_util-bits-0.txt
new file mode 100644
index 0000000..9aa70ad
--- /dev/null
+++ b/ChangeLog.d/psa_util-bits-0.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix undefined behavior in some cases when mbedtls_psa_raw_to_der() or
+ mbedtls_psa_der_to_raw() is called with bits=0.
diff --git a/framework b/framework
index d68446c..5560984 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit d68446c9da02e536279a7aaa5a3c9850742ba30c
+Subproject commit 55609845504ce77f3714795785282456444967c8
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 9b36507..1bd18c1 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -357,8 +357,6 @@
goto exit;
}
- exit_code = MBEDTLS_EXIT_SUCCESS;
-
exit:
mbedtls_net_free(&client_fd);
mbedtls_net_free(&listen_fd);
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 7213f8a..43d2e8c 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -938,8 +938,6 @@
}
- exit_code = MBEDTLS_EXIT_SUCCESS;
-
exit:
#ifdef MBEDTLS_ERROR_C
diff --git a/tests/scripts/all-core.sh b/tests/scripts/all-core.sh
index 926ee45..5cb1da8 100644
--- a/tests/scripts/all-core.sh
+++ b/tests/scripts/all-core.sh
@@ -109,11 +109,12 @@
# means that components can assume that the working directory is in a
# cleaned-up state, and don't need to perform the cleanup themselves.
# * Run `make clean`.
-# * Restore `include/mbedtls/mbedtls_config.h` from a backup made before running
-# the component.
-# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`,
-# `tests/Makefile` and `programs/fuzz/Makefile` from git.
-# This cleans up after an in-tree use of CMake.
+# * Restore the various config files (potentially modified by config.py) from
+# a backup made when starting the script.
+# * If in Mbed TLS, restore the various `Makefile`s (potentially modified by
+# in-tree use of CMake) from a backup made when starting the script. (Note:
+# if the files look generated when starting the script, they will be
+# restored from the git index before making the backup.)
################################################################
@@ -156,8 +157,8 @@
# Must be called before pre_initialize_variables which sets ALL_COMPONENTS.
pre_load_components () {
# Include the components from components.sh
- test_script_dir="${0%/*}"
- for file in "$test_script_dir"/components-*.sh; do
+ # Use a path relative to the current directory, aka project's root.
+ for file in tests/scripts/components-*.sh; do
source $file
done
}
@@ -165,6 +166,7 @@
pre_initialize_variables () {
if in_mbedtls_repo; then
CONFIG_H='include/mbedtls/mbedtls_config.h'
+ CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
if [ -d tf-psa-crypto ]; then
CRYPTO_CONFIG_H='tf-psa-crypto/include/psa/crypto_config.h'
PSA_CORE_PATH='tf-psa-crypto/core'
@@ -176,20 +178,21 @@
PSA_CORE_PATH=''
BUILTIN_SRC_PATH=''
fi
+ config_files="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H"
else
- CONFIG_H='drivers/builtin/include/mbedtls/mbedtls_config.h'
CRYPTO_CONFIG_H='include/psa/crypto_config.h'
PSA_CORE_PATH='core'
BUILTIN_SRC_PATH='drivers/builtin/src'
+
+ config_files="$CRYPTO_CONFIG_H"
fi
- CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
# Files that are clobbered by some jobs will be backed up. Use a different
# suffix from auxiliary scripts so that all.sh and auxiliary scripts can
# independently decide when to remove the backup file.
backup_suffix='.all.bak'
# Files clobbered by config.py
- files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H"
+ files_to_back_up="$config_files"
if in_mbedtls_repo; then
# Files clobbered by in-tree cmake
files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
@@ -623,7 +626,7 @@
pre_check_git () {
if [ $FORCE -eq 1 ]; then
rm -rf "$OUT_OF_SOURCE_DIR"
- git checkout-index -f -q $CONFIG_H
+ git checkout-index -f -q $config_files
cleanup
else
@@ -634,12 +637,14 @@
exit 1
fi
- if ! git diff --quiet "$CONFIG_H"; then
- err_msg "Warning - the configuration file '$CONFIG_H' has been edited. "
- echo "You can either delete or preserve your work, or force the test by rerunning the"
- echo "script as: $0 --force"
- exit 1
- fi
+ for config in $config_files; do
+ if ! git diff --quiet "$config"; then
+ err_msg "Warning - the configuration file '$config' has been edited. "
+ echo "You can either delete or preserve your work, or force the test by rerunning the"
+ echo "script as: $0 --force"
+ exit 1
+ fi
+ done
fi
}
@@ -866,7 +871,8 @@
set "$@" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;;
*) set "$@" RUN_ARMCC=0;;
esac
- "$@" scripts/output_env.sh
+ # Use a path relative to the currently-sourced file.
+ "$@" "${BASH_SOURCE%/*}"/../../scripts/output_env.sh
}
pre_generate_files() {
@@ -881,8 +887,8 @@
}
pre_load_helpers () {
- # The path is going to change when this is moved to the framework
- test_script_dir="${0%/*}"
+ # Use a path relative to the currently-sourced file.
+ test_script_dir="${BASH_SOURCE%/*}"
source "$test_script_dir"/all-helpers.sh
}
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 6708de1..b1261bf 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1,15 +1,112 @@
#! /usr/bin/env bash
-# all.sh
+# all.sh (transitional wrapper)
#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-# This file is executable; it is the entry point for users and the CI.
-# See "Files structure" in all-core.sh for other files used.
+# This is a transitional wrapper that's only meant for the CI.
+# Developers should directly invoke on or two of:
+# - tests/scripts/mbedtls-all.sh ...
+# - (cd tf-psa-crypto && tests/scripts/all.sh ...)
+#
+# During the transition, it's illegal for a tf-psa-crypto component to have
+# the same name as an mbedtls components; since this wrapper handles both
+# sides at once, component names need to be globally unique. Once the
+# transition period is over, unicity on each side will be enough.
+#
+# For context, here are the steps of the transition:
+# 1. We have an all.sh in tf-psa-crypto but for now we don't invoke it directly
+# on the CI, only through this transitional wrapper in mbedtls. (tf-psa-crypto
+# doesn't have its own CI initially and runs Mbed TLS's instead.)
+# 2. We move all relevant components to tf-psa-crypto so that it gets the level of
+# coverage we want. We need to make sure the new names are unique.
+# 3. We change the CI job on tf-psa-crypto to stop checking out mbedtls and running
+# its all.sh - instead we do the normal thing of checking out tf-psa-crypto and
+# running its all.sh. (In two steps: (a) add the new job, (b) remove the old
+# one.)
+# 4. We remove the transitional wrapper in mbedtls and we're now free to rename
+# tf-psa-crypto components as we want. If we followed a consistent naming
+# pattern, this can be as simple as s/_tf_psa_crypto// in components-*.sh.
-# The path is going to change when this is moved to the framework
-test_script_dir="${0%/*}"
-source "$test_script_dir"/all-core.sh
+# This script must be invoked from the project's root.
-main "$@"
+# There are exactly 4 ways this is invoked in the CI:
+# 1. tests/scripts/all.sh --help
+# 2. tests/scripts/all.sh --list-all-components
+# 3. tests/scripts/all.sh --list-components
+# 4. tests/scripts/all.sh --seed 4 --keep-going single_component_name
+# This wrapper does not support other invocations.
+
+set -eu
+
+# Cases 1-3
+if [ "$#" -eq 1 ]; then
+ if [ "$1" = '--help' ]; then
+ # It doesn't matter which one we use, they're the same
+ tests/scripts/mbedtls-all.sh "$1"
+ exit 0
+ fi
+ if [ "$1" = '--list-all-components' -o "$1" = '--list-components' ]; then
+ # Invoke both
+ tests/scripts/mbedtls-all.sh "$1"
+ (cd tf-psa-crypto && tests/scripts/all.sh "$1")
+ exit 0
+ fi
+fi
+
+if [ "$#" -ne 4 -o "${1:-unset}" != '--seed' -o "${3:-unset}" != '--keep-going' ]; then
+ echo "This invocation is not supported by the transitional wrapper." >&2
+ echo "See the comments at the top of $0." >&2
+ exit 1
+fi
+
+# Case 4: invoke the right all.sh for this component
+comp_name=$4
+
+# Get the list of components available on each side.
+COMP_MBEDTLS=$(tests/scripts/mbedtls-all.sh --list-all-components | tr '\n' ' ')
+COMP_CRYPTO=$(cd tf-psa-crypto && tests/scripts/all.sh --list-all-components | tr '\n' ' ')
+
+# tell if $1 is in space-separated list $2
+is_in() {
+ needle=$1
+ haystack=$2
+ case " $haystack " in
+ *" $needle "*) echo 1;;
+ *) echo 0;;
+ esac
+}
+
+is_crypto=$(is_in "$comp_name" "$COMP_CRYPTO")
+is_mbedtls=$(is_in "$comp_name" "$COMP_MBEDTLS")
+
+# Component should be on exactly one side (see comment near the top).
+if [ "$is_crypto" -eq 1 -a "$is_mbedtls" -eq 1 ]; then
+ echo "Component '$comp_name' is both in crypto and Mbed TLS". >&2
+ echo "See the comments at the top of $0." >&2
+ exit 1
+fi
+if [ "$is_crypto" -eq 0 -a "$is_mbedtls" -eq 0 ]; then
+ echo "Component '$comp_name' is neither in crypto nor in Mbed TLS". >&2
+ echo "See the comments at the top of $0." >&2
+ exit 1
+fi
+
+
+# Invoke the real thing
+if [ "$is_crypto" -eq 1 ]; then
+ # Make sure the path to the outcomes file is absolute. This is done by
+ # pre_prepare_outcome_file() however by the time it runs we've already
+ # changed the working directory, so do it now.
+ if [ -n "${MBEDTLS_TEST_OUTCOME_FILE+set}" ]; then
+ case "$MBEDTLS_TEST_OUTCOME_FILE" in
+ [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";;
+ esac
+ export MBEDTLS_TEST_OUTCOME_FILE
+ fi
+ cd tf-psa-crypto
+ exec tests/scripts/all.sh "$@"
+else
+ exec tests/scripts/mbedtls-all.sh "$@"
+fi
diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh
index 3047e76..f2b74a9 100644
--- a/tests/scripts/components-build-system.sh
+++ b/tests/scripts/components-build-system.sh
@@ -85,26 +85,6 @@
rm -rf "$OUT_OF_SOURCE_DIR"
}
-component_test_cmake_tf_psa_crypto_out_of_source () {
- # Remove existing generated files so that we use the ones cmake
- # generates
- make neat
- msg "build: cmake tf-psa-crypto 'out-of-source' build"
- MBEDTLS_ROOT_DIR="$PWD"
- cd tf-psa-crypto
- TF_PSA_CRYPTO_ROOT_DIR="$PWD"
- mkdir "$OUT_OF_SOURCE_DIR"
- cd "$OUT_OF_SOURCE_DIR"
- # Note: Explicitly generate files as these are turned off in releases
- cmake -D CMAKE_BUILD_TYPE:String=Check -D GEN_FILES=ON "$TF_PSA_CRYPTO_ROOT_DIR"
- make
- msg "test: cmake tf-psa-crypto 'out-of-source' build"
- make test
- cd "$TF_PSA_CRYPTO_ROOT_DIR"
- rm -rf "$OUT_OF_SOURCE_DIR"
- cd "$MBEDTLS_ROOT_DIR"
-}
-
component_test_cmake_as_subdirectory () {
# Remove existing generated files so that we use the ones CMake
# generates
diff --git a/tests/scripts/mbedtls-all.sh b/tests/scripts/mbedtls-all.sh
new file mode 100755
index 0000000..cdf296d
--- /dev/null
+++ b/tests/scripts/mbedtls-all.sh
@@ -0,0 +1,16 @@
+#! /usr/bin/env bash
+
+# all.sh (mbedtls part)
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+# This file is executable; it is the entry point for users and the CI.
+# See "Files structure" in all-core.sh for other files used.
+
+# This script must be invoked from the project's root.
+
+# The path is going to change when this is moved to the framework
+source tests/scripts/all-core.sh
+
+main "$@"
diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c
index edecbec..e1e0eab 100644
--- a/tf-psa-crypto/core/psa_crypto.c
+++ b/tf-psa-crypto/core/psa_crypto.c
@@ -8097,6 +8097,112 @@
key);
}
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+static psa_status_t psa_generate_key_iop_abort_internal(
+ psa_generate_key_iop_t *operation)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ if (operation->id == 0) {
+ return PSA_SUCCESS;
+ }
+
+ status = mbedtls_psa_generate_key_iop_abort(&operation->ctx);
+
+ operation->id = 0;
+
+ return status;
+}
+#endif
+
+uint32_t psa_generate_key_iop_get_num_ops(
+ psa_generate_key_iop_t *operation)
+{
+ (void) operation;
+ return 0;
+}
+
+psa_status_t psa_generate_key_iop_setup(
+ psa_generate_key_iop_t *operation,
+ const psa_key_attributes_t *attributes)
+{
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_type_t type;
+
+ if (operation->id != 0 || operation->error_occurred) {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
+
+ type = psa_get_key_type(attributes);
+
+ if (!PSA_KEY_TYPE_IS_ECC(type)) {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto exit;
+ }
+
+ if (psa_get_key_bits(attributes) == 0) {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+
+ if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+
+ operation->attributes = *attributes;
+
+ operation->num_ops = 0;
+
+ /* We only support the builtin/Mbed TLS driver for now. */
+ operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+
+ status = mbedtls_psa_generate_key_iop_setup(&operation->ctx, attributes);
+
+exit:
+ if (status != PSA_SUCCESS) {
+ operation->error_occurred = 1;
+ psa_generate_key_iop_abort_internal(operation);
+ }
+
+ return status;
+#else
+ (void) operation;
+ (void) attributes;
+ return PSA_ERROR_NOT_SUPPORTED;
+#endif
+}
+
+psa_status_t psa_generate_key_iop_complete(
+ psa_generate_key_iop_t *operation,
+ psa_key_id_t *key)
+{
+ (void) operation;
+ (void) key;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+psa_status_t psa_generate_key_iop_abort(
+ psa_generate_key_iop_t *operation)
+{
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ psa_status_t status;
+
+ status = psa_generate_key_iop_abort_internal(operation);
+
+ operation->error_occurred = 0;
+ operation->num_ops = 0;
+ return status;
+#else
+ (void) operation;
+ return PSA_SUCCESS;
+#endif
+}
+
+
/****************************************************************/
/* Module setup */
/****************************************************************/
diff --git a/tf-psa-crypto/core/psa_crypto_core.h b/tf-psa-crypto/core/psa_crypto_core.h
index df0ee50..1753554 100644
--- a/tf-psa-crypto/core/psa_crypto_core.h
+++ b/tf-psa-crypto/core/psa_crypto_core.h
@@ -435,6 +435,40 @@
size_t key_buffer_size,
size_t *key_buffer_length);
+/**
+ * \brief Setup a new interruptible key generation operation.
+ *
+ * \param[in] operation The \c mbedtls_psa_generate_key_iop_t to use.
+ * This must be initialized first.
+ * \param[in] attributes The desired attributes of the generated key.
+ *
+ * \retval #PSA_SUCCESS
+ * The operation started successfully - call \c mbedtls_psa_generate_key_complete()
+ * with the same operation to complete the operation.
+ * * \retval #PSA_ERROR_NOT_SUPPORTED
+ * Either no internal interruptible operations are
+ * currently supported, or the key attributes are not unsupported.
+ * * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * There was insufficient memory to load the key representation.
+ *
+ */
+psa_status_t mbedtls_psa_generate_key_iop_setup(
+ mbedtls_psa_generate_key_iop_t *operation,
+ const psa_key_attributes_t *attributes);
+
+/**
+ * \brief Abort a key generation operation.
+ *
+ * \param[in] operation The \c mbedtls_psa_generate_key_iop_t to abort.
+ *
+ * \retval #PSA_SUCCESS
+ * The operation was aborted successfully.
+ *
+ */
+psa_status_t mbedtls_psa_generate_key_iop_abort(
+ mbedtls_psa_generate_key_iop_t *operation);
+
+
/** Sign a message with a private key. For hash-and-sign algorithms,
* this includes the hashing step.
*
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h
index 8367cd3..22d5d84 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h
@@ -238,6 +238,8 @@
}
mbedtls_mpi;
+#define MBEDTLS_MPI_INIT { 0, 0, 0 }
+
/**
* \brief Initialize an MPI context.
*
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h
index 7b0a80d..b340614 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h
@@ -162,6 +162,8 @@
}
mbedtls_ecp_point;
+#define MBEDTLS_ECP_POINT_INIT { MBEDTLS_MPI_INIT, MBEDTLS_MPI_INIT, MBEDTLS_MPI_INIT }
+
/**
* \brief The ECP group structure.
*
@@ -250,6 +252,9 @@
}
mbedtls_ecp_group;
+#define MBEDTLS_ECP_GROUP_INIT { MBEDTLS_ECP_DP_NONE, MBEDTLS_MPI_INIT, MBEDTLS_MPI_INIT, \
+ MBEDTLS_MPI_INIT, MBEDTLS_ECP_POINT_INIT, MBEDTLS_MPI_INIT, \
+ 0, 0, 0, NULL, NULL, NULL, NULL, NULL, 0 }
/**
* \name SECTION: Module settings
*
@@ -419,6 +424,9 @@
}
mbedtls_ecp_keypair;
+#define MBEDTLS_ECP_KEYPAIR_INIT { MBEDTLS_ECP_GROUP_INIT, MBEDTLS_MPI_INIT, \
+ MBEDTLS_ECP_POINT_INIT }
+
/**
* The uncompressed point format for Short Weierstrass curves
* (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX).
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/psa_util.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/psa_util.h
index 08fa5b3..bf2748a 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/psa_util.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/psa_util.h
@@ -161,6 +161,16 @@
* \param[out] der_len On success it contains the amount of valid data
* (in bytes) written to \p der. It's undefined
* in case of failure.
+ *
+ * \note The behavior is undefined if \p der is null,
+ * even if \p der_size is 0.
+ *
+ * \return 0 if successful.
+ * \return #MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if \p der_size
+ * is too small or if \p bits is larger than the
+ * largest supported curve.
+ * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if one of the
+ * numbers in the signature is 0.
*/
int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_len,
unsigned char *der, size_t der_size, size_t *der_len);
@@ -177,6 +187,15 @@
* \param[out] raw_len On success it is updated with the amount of valid
* data (in bytes) written to \p raw. It's undefined
* in case of failure.
+ *
+ * \return 0 if successful.
+ * \return #MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if \p raw_size
+ * is too small or if \p bits is larger than the
+ * largest supported curve.
+ * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if the data in
+ * \p der is inconsistent with \p bits.
+ * \return An \c MBEDTLS_ERR_ASN1_xxx error code if
+ * \p der is malformed.
*/
int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_len,
unsigned char *raw, size_t raw_size, size_t *raw_len);
diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c
index 6a697bc..acb2482 100644
--- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c
+++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c
@@ -594,41 +594,38 @@
/* Interruptible ECC Key Generation */
/****************************************************************/
-uint32_t psa_generate_key_iop_get_num_ops(
- psa_generate_key_iop_t *operation)
-{
- (void) operation;
- return 0;
-}
+#if defined(MBEDTLS_ECP_RESTARTABLE)
-psa_status_t psa_generate_key_iop_setup(
- psa_generate_key_iop_t *operation,
+psa_status_t mbedtls_psa_generate_key_iop_setup(
+ mbedtls_psa_generate_key_iop_t *operation,
const psa_key_attributes_t *attributes)
{
- (void) operation;
- (void) attributes;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- return PSA_ERROR_NOT_SUPPORTED;
+ mbedtls_ecp_keypair_init(&operation->ecp);
+
+ psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(
+ psa_get_key_type(attributes));
+ mbedtls_ecp_group_id grp_id =
+ mbedtls_ecc_group_from_psa(curve, psa_get_key_bits(attributes));
+ if (grp_id == MBEDTLS_ECP_DP_NONE) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ status = mbedtls_ecp_group_load(&operation->ecp.grp, grp_id);
+
+ return mbedtls_to_psa_error(status);
}
-psa_status_t psa_generate_key_iop_complete(
- psa_generate_key_iop_t *operation,
- psa_key_id_t *key)
+psa_status_t mbedtls_psa_generate_key_iop_abort(
+ mbedtls_psa_generate_key_iop_t *operation)
{
- (void) operation;
- (void) key;
-
- return PSA_ERROR_NOT_SUPPORTED;
+ mbedtls_ecp_keypair_free(&operation->ecp);
+ operation->num_ops = 0;
+ return PSA_SUCCESS;
}
-psa_status_t psa_generate_key_iop_abort(
- psa_generate_key_iop_t *operation)
-{
- (void) operation;
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
+#endif
/****************************************************************/
/* Interruptible ECC Key Agreement */
/****************************************************************/
diff --git a/tf-psa-crypto/drivers/builtin/src/psa_util.c b/tf-psa-crypto/drivers/builtin/src/psa_util.c
index 55803ea..b2d2cd9 100644
--- a/tf-psa-crypto/drivers/builtin/src/psa_util.c
+++ b/tf-psa-crypto/drivers/builtin/src/psa_util.c
@@ -440,6 +440,9 @@
unsigned char *p = der + der_size;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ if (bits == 0) {
+ return MBEDTLS_ERR_ASN1_INVALID_DATA;
+ }
if (raw_len != (2 * coordinate_len)) {
return MBEDTLS_ERR_ASN1_INVALID_DATA;
}
@@ -559,6 +562,9 @@
size_t coordinate_size = PSA_BITS_TO_BYTES(bits);
int ret;
+ if (bits == 0) {
+ return MBEDTLS_ERR_ASN1_INVALID_DATA;
+ }
/* The output raw buffer should be at least twice the size of a raw
* coordinate in order to store r and s. */
if (raw_size < coordinate_size * 2) {
diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h
index aa58033..58b6887 100644
--- a/tf-psa-crypto/include/psa/crypto.h
+++ b/tf-psa-crypto/include/psa/crypto.h
@@ -4360,8 +4360,9 @@
* time. The only guarantee is that lower values
* for \p max_ops means functions will block for a
* lesser maximum amount of time. The functions
- * \c psa_sign_interruptible_get_num_ops() and
- * \c psa_verify_interruptible_get_num_ops() are
+ * \c psa_sign_interruptible_get_num_ops(),
+ * \c psa_verify_interruptible_get_num_ops() and
+ * \c psa_generate_key_iop_get_num_ops() are
* provided to help with tuning this value.
*
* \note This value defaults to
diff --git a/tf-psa-crypto/include/psa/crypto_builtin_composites.h b/tf-psa-crypto/include/psa/crypto_builtin_composites.h
index c14f5dd..c9c0c6b 100644
--- a/tf-psa-crypto/include/psa/crypto_builtin_composites.h
+++ b/tf-psa-crypto/include/psa/crypto_builtin_composites.h
@@ -211,4 +211,20 @@
#define MBEDTLS_PSA_PAKE_OPERATION_INIT { { 0 } }
+typedef struct {
+#if defined(MBEDTLS_ECP_C)
+ mbedtls_ecp_keypair MBEDTLS_PRIVATE(ecp);
+ uint32_t num_ops;
+#else
+ /* Make the struct non-empty if algs not supported. */
+ unsigned MBEDTLS_PRIVATE(dummy);
+#endif
+} mbedtls_psa_generate_key_iop_t;
+
+#if defined(MBEDTLS_ECP_C)
+#define MBEDTLS_PSA_GENERATE_KEY_IOP_INIT { MBEDTLS_ECP_KEYPAIR_INIT, 0 }
+#else
+#define MBEDTLS_PSA_GENERATE_KEY_IOP_INIT { 0 }
+#endif
+
#endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */
diff --git a/tf-psa-crypto/include/psa/crypto_struct.h b/tf-psa-crypto/include/psa/crypto_struct.h
index 2eec948..76ef5c4 100644
--- a/tf-psa-crypto/include/psa/crypto_struct.h
+++ b/tf-psa-crypto/include/psa/crypto_struct.h
@@ -542,14 +542,18 @@
* any driver (i.e. none of the driver contexts are active).
*/
unsigned int MBEDTLS_PRIVATE(id);
-
+ mbedtls_psa_generate_key_iop_t MBEDTLS_PRIVATE(ctx);
+ psa_key_attributes_t MBEDTLS_PRIVATE(attributes);
+ unsigned int MBEDTLS_PRIVATE(error_occurred) : 1;
+ uint32_t MBEDTLS_PRIVATE(num_ops);
#endif
};
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
#define PSA_GENERATE_KEY_IOP_INIT { 0 }
#else
-#define PSA_GENERATE_KEY_IOP_INIT { 0 }
+#define PSA_GENERATE_KEY_IOP_INIT { 0, MBEDTLS_PSA_GENERATE_KEY_IOP_INIT, PSA_KEY_ATTRIBUTES_INIT, \
+ 0, 0 }
#endif
static inline struct psa_generate_key_iop_s
diff --git a/tf-psa-crypto/tests/scripts/all.sh b/tf-psa-crypto/tests/scripts/all.sh
new file mode 100755
index 0000000..e26abd8
--- /dev/null
+++ b/tf-psa-crypto/tests/scripts/all.sh
@@ -0,0 +1,23 @@
+#! /usr/bin/env bash
+
+# all.sh
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+# This file is executable; it is the entry point for users and the CI.
+# See "Files structure" in all-core.sh for other files used.
+
+# This script must be invoked from the project's root.
+
+# Prevent silly mistakes when people would invoke this from mbedtls
+if [ -d tf-psa-crypto -a -d library ]; then
+ echo "When invoking this script from an mbedtls checkout," >&2
+ echo "you must change the working directory to tf-psa-crypto." >&2
+ exit 255
+fi
+
+# The path is going to change when this is moved to the framework
+source ../tests/scripts/all-core.sh
+
+main "$@"
diff --git a/tf-psa-crypto/tests/scripts/components-build-system.sh b/tf-psa-crypto/tests/scripts/components-build-system.sh
new file mode 100644
index 0000000..957e23a
--- /dev/null
+++ b/tf-psa-crypto/tests/scripts/components-build-system.sh
@@ -0,0 +1,24 @@
+# components-build-system.sh
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+# This file contains test components that are executed by all.sh
+
+################################################################
+#### Build System Testing
+################################################################
+
+component_test_cmake_tf_psa_crypto_out_of_source () {
+ msg "build: cmake tf-psa-crypto 'out-of-source' build"
+ TF_PSA_CRYPTO_ROOT_DIR="$PWD"
+ mkdir "$OUT_OF_SOURCE_DIR"
+ cd "$OUT_OF_SOURCE_DIR"
+ # Note: Explicitly generate files as these are turned off in releases
+ cmake -D CMAKE_BUILD_TYPE:String=Check -D GEN_FILES=ON "$TF_PSA_CRYPTO_ROOT_DIR"
+ make
+ msg "test: cmake tf-psa-crypto 'out-of-source' build"
+ make test
+ cd "$TF_PSA_CRYPTO_ROOT_DIR"
+ rm -rf "$OUT_OF_SOURCE_DIR"
+}
diff --git a/tf-psa-crypto/tests/suites/test_suite_bignum.function b/tf-psa-crypto/tests/suites/test_suite_bignum.function
index 3d2b8a1..36f1476 100644
--- a/tf-psa-crypto/tests/suites/test_suite_bignum.function
+++ b/tf-psa-crypto/tests/suites/test_suite_bignum.function
@@ -212,28 +212,22 @@
int output_size, int result)
{
mbedtls_mpi X;
- unsigned char buf[1000];
- size_t buflen;
-
- memset(buf, 0x00, 1000);
-
mbedtls_mpi_init(&X);
+ unsigned char *buf = NULL;
- TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
- buflen = mbedtls_mpi_size(&X);
- if (buflen > (size_t) output_size) {
- buflen = (size_t) output_size;
- }
+ TEST_CALLOC(buf, output_size);
- TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, buflen) == result);
+ TEST_EQUAL(mbedtls_mpi_write_binary(&X, buf, output_size), result);
+
if (result == 0) {
-
- TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x,
- buflen, input_A->len) == 0);
+ TEST_EQUAL(mbedtls_test_hexcmp(buf, input_A->x,
+ output_size, input_A->len), 0);
}
exit:
+ mbedtls_free(buf);
mbedtls_mpi_free(&X);
}
/* END_CASE */
@@ -243,28 +237,22 @@
int output_size, int result)
{
mbedtls_mpi X;
- unsigned char buf[1000];
- size_t buflen;
-
- memset(buf, 0x00, 1000);
-
mbedtls_mpi_init(&X);
+ unsigned char *buf = NULL;
- TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
- buflen = mbedtls_mpi_size(&X);
- if (buflen > (size_t) output_size) {
- buflen = (size_t) output_size;
- }
+ TEST_CALLOC(buf, output_size);
- TEST_ASSERT(mbedtls_mpi_write_binary_le(&X, buf, buflen) == result);
+ TEST_EQUAL(mbedtls_mpi_write_binary_le(&X, buf, output_size), result);
+
if (result == 0) {
-
- TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x,
- buflen, input_A->len) == 0);
+ TEST_EQUAL(mbedtls_test_hexcmp(buf, input_A->x,
+ output_size, input_A->len), 0);
}
exit:
+ mbedtls_free(buf);
mbedtls_mpi_free(&X);
}
/* END_CASE */
diff --git a/tf-psa-crypto/tests/suites/test_suite_bignum.misc.data b/tf-psa-crypto/tests/suites/test_suite_bignum.misc.data
index de2ea87..1228a4d 100644
--- a/tf-psa-crypto/tests/suites/test_suite_bignum.misc.data
+++ b/tf-psa-crypto/tests/suites/test_suite_bignum.misc.data
@@ -92,7 +92,10 @@
mpi_read_binary_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"24448B952FBBEF93F89286BA330E62528B151EAC265CC8CE3038519D09E148AF89288E91F48B41ACAD55D9DC5E2B18097C106BE4CE132721BF6359EAF403E7FF90623E8866EE5C192320418DAA682F144ADEDF84F25DE11F49D1FE009D374109"
Base test mbedtls_mpi_write_binary #1
-mpi_write_binary:"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":200:0
+mpi_write_binary:"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"000000000941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":100:0
+
+Test mbedtls_mpi_write_binary #1 (Buffer is larger)
+mpi_write_binary:"123123123123123123123123123":"000123123123123123123123123123":15:0
Test mbedtls_mpi_write_binary #1 (Buffer just fits)
mpi_write_binary:"123123123123123123123123123":"0123123123123123123123123123":14:0
@@ -100,8 +103,17 @@
Test mbedtls_mpi_write_binary #2 (Buffer too small)
mpi_write_binary:"123123123123123123123123123":"23123123123123123123123123":13:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+Test mbedtls_mpi_write_binary: nonzero to NULL
+mpi_write_binary:"01":"":0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+
+Test mbedtls_mpi_write_binary: 0 to NULL
+mpi_write_binary:"00":"":0:0
+
Base test mbedtls_mpi_write_binary_le #1
-mpi_write_binary_le:"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"24448b952fbbef93f89286ba330e62528b151eac265cc8ce3038519d09e148af89288e91f48b41acad55d9dc5e2b18097c106be4ce132721bf6359eaf403e7ff90623e8866ee5c192320418daa682f144adedf84f25de11f49d1fe009d374109":200:0
+mpi_write_binary_le:"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"24448b952fbbef93f89286ba330e62528b151eac265cc8ce3038519d09e148af89288e91f48b41acad55d9dc5e2b18097c106be4ce132721bf6359eaf403e7ff90623e8866ee5c192320418daa682f144adedf84f25de11f49d1fe009d37410900000000":100:0
+
+Test mbedtls_mpi_write_binary_le #1 (Buffer is larger)
+mpi_write_binary_le:"123123123123123123123123123":"233112233112233112233112230100":15:0
Test mbedtls_mpi_write_binary_le #1 (Buffer just fits)
mpi_write_binary_le:"123123123123123123123123123":"2331122331122331122331122301":14:0
@@ -109,6 +121,12 @@
Test mbedtls_mpi_write_binary_le #2 (Buffer too small)
mpi_write_binary_le:"123123123123123123123123123":"23311223311223311223311223":13:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+Test mbedtls_mpi_write_binary_le: nonzero to NULL
+mpi_write_binary_le:"01":"":0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+
+Test mbedtls_mpi_write_binary_le: 0 to NULL
+mpi_write_binary_le:"00":"":0:0
+
Base test mbedtls_mpi_read_file #1
mpi_read_file:"../../framework/data_files/mpi_16":"01f55332c3a48b910f9942f6c914e58bef37a47ee45cb164a5b6b8d1006bf59a059c21449939ebebfdf517d2e1dbac88010d7b1f141e997bd6801ddaec9d05910f4f2de2b2c4d714e2c14a72fc7f17aa428d59c531627f09":0
diff --git a/tf-psa-crypto/tests/suites/test_suite_ccm.function b/tf-psa-crypto/tests/suites/test_suite_ccm.function
index dbb313b..798be77 100644
--- a/tf-psa-crypto/tests/suites/test_suite_ccm.function
+++ b/tf-psa-crypto/tests/suites/test_suite_ccm.function
@@ -79,11 +79,11 @@
void mbedtls_ccm_setkey(int cipher_id, int key_size, int result)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
unsigned char key[32];
int ret;
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
memset(key, 0x2A, sizeof(key));
TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key));
@@ -101,6 +101,7 @@
void ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
unsigned char key[16];
unsigned char msg[10];
unsigned char iv[14];
@@ -110,7 +111,6 @@
int decrypt_ret;
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_CALLOC_OR_SKIP(add, add_len);
memset(key, 0, sizeof(key));
@@ -146,6 +146,7 @@
int res)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
unsigned char key[16];
unsigned char msg[10];
unsigned char iv[14];
@@ -155,7 +156,6 @@
int decrypt_ret;
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
memset(key, 0, sizeof(key));
memset(msg, 0, sizeof(msg));
@@ -191,6 +191,7 @@
data_t *add, data_t *result)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
size_t n1, n1_add;
uint8_t *io_msg_buf = NULL;
uint8_t *tag_buf = NULL;
@@ -207,7 +208,6 @@
TEST_CALLOC(tag_buf, expected_tag_len);
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
/* Test with input == output */
TEST_EQUAL(mbedtls_ccm_encrypt_and_tag(&ctx, msg->len, iv->x, iv->len, add->x, add->len,
@@ -248,11 +248,11 @@
data_t *msg, data_t *iv, data_t *result)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, 0));
@@ -277,6 +277,7 @@
data_t *expected_msg)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
size_t n1, n1_add;
const size_t expected_msg_len = msg->len - expected_tag_len;
@@ -290,7 +291,6 @@
}
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
/* Test with input == output */
TEST_EQUAL(mbedtls_ccm_auth_decrypt(&ctx, expected_msg_len, iv->x, iv->len, add->x, add->len,
@@ -343,6 +343,7 @@
{
unsigned char iv[13];
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
size_t iv_len, expected_tag_len;
size_t n1, n1_add;
uint8_t *io_msg_buf = NULL;
@@ -379,7 +380,6 @@
iv_len = sizeof(iv);
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id,
key->x, key->len * 8), 0);
/* Test with input == output */
@@ -430,6 +430,7 @@
{
unsigned char iv[13];
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
size_t iv_len, expected_tag_len;
size_t n1, n1_add;
@@ -460,7 +461,6 @@
iv_len = sizeof(iv);
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_ASSERT(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8) == 0);
/* Test with input == output */
TEST_EQUAL(mbedtls_ccm_star_auth_decrypt(&ctx, expected_msg_len, iv, iv_len,
@@ -507,6 +507,7 @@
data_t *result, data_t *tag)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
@@ -514,7 +515,6 @@
TEST_EQUAL(msg->len, result->len);
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, tag->len));
@@ -547,10 +547,10 @@
data_t *tag)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, tag->len));
@@ -577,9 +577,12 @@
data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
+
+ /* This test can't be run with empty additional data */
+ TEST_LE_U(1, add->len);
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded values for msg length and tag length. They are not a part of this test
@@ -600,9 +603,9 @@
data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded values for msg length and tag length. They are not a part of this test
@@ -622,11 +625,11 @@
data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded value for tag length. It is not a part of this test
@@ -651,10 +654,13 @@
data_t *key, data_t *iv, data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
+ /* This test can't be run with empty additional data */
+ TEST_LE_U(1, add->len);
+
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded values for msg length and tag length. They are not a part of this test
@@ -680,9 +686,9 @@
data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded values for msg length and tag length. They are not a part of this test
@@ -706,13 +712,16 @@
data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t add_second_buffer[2];
+ /* This test can't be run with empty additional data */
+ TEST_LE_U(1, add->len);
+
add_second_buffer[0] = add->x[add->len - 1];
add_second_buffer[1] = 0xAB; // some magic value
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded values for msg length and tag length. They are not a part of this test
@@ -735,11 +744,14 @@
data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
+ /* This test can't be run with an empty message */
+ TEST_LE_U(1, msg->len);
+
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded value for tag length. It is a not a part of this test
@@ -765,11 +777,14 @@
data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
+ /* This test can't be run with an empty message */
+ TEST_LE_U(1, msg->len);
+
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded value for tag length. It is not a part of this test
@@ -801,11 +816,11 @@
data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded value for tag length. It is a not a part of this test
@@ -834,15 +849,18 @@
data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
uint8_t msg_second_buffer[2];
+ /* This test can't be run with an empty message */
+ TEST_LE_U(1, msg->len);
+
msg_second_buffer[0] = msg->x[msg->len - 1];
msg_second_buffer[1] = 0xAB; // some magic value
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded value for tag length. It is a not a part of this test
@@ -869,10 +887,10 @@
data_t *key, data_t *iv)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded values for add length, msg length and tag length.
diff --git a/tf-psa-crypto/tests/suites/test_suite_ecdsa.function b/tf-psa-crypto/tests/suites/test_suite_ecdsa.function
index 78c9875..23f83b0 100644
--- a/tf-psa-crypto/tests/suites/test_suite_ecdsa.function
+++ b/tf-psa-crypto/tests/suites/test_suite_ecdsa.function
@@ -196,13 +196,12 @@
{
mbedtls_ecp_group grp;
mbedtls_mpi d, r, s, r_check, s_check;
-
- MD_PSA_INIT();
-
mbedtls_ecp_group_init(&grp);
mbedtls_mpi_init(&d); mbedtls_mpi_init(&r); mbedtls_mpi_init(&s);
mbedtls_mpi_init(&r_check); mbedtls_mpi_init(&s_check);
+ MD_PSA_INIT();
+
TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
TEST_ASSERT(mbedtls_test_read_mpi(&d, d_str) == 0);
TEST_ASSERT(mbedtls_test_read_mpi(&r_check, r_str) == 0);
@@ -235,13 +234,13 @@
unsigned char sig[200];
size_t sig_len, i;
- MD_PSA_INIT();
-
mbedtls_ecdsa_init(&ctx);
memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
memset(hash, 0, sizeof(hash));
memset(sig, 0x2a, sizeof(sig));
+ MD_PSA_INIT();
+
/* generate signing key */
TEST_ASSERT(mbedtls_ecdsa_genkey(&ctx, id,
&mbedtls_test_rnd_pseudo_rand,
@@ -300,13 +299,13 @@
unsigned char sig[200];
size_t sig_len, i;
- MD_PSA_INIT();
-
mbedtls_ecdsa_init(&ctx);
memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
memset(hash, 0, sizeof(hash));
memset(sig, 0x2a, sizeof(sig));
+ MD_PSA_INIT();
+
/* prepare material for signature */
TEST_ASSERT(mbedtls_test_rnd_pseudo_rand(&rnd_info,
hash, sizeof(hash)) == 0);
@@ -436,12 +435,12 @@
unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
size_t slen;
- MD_PSA_INIT();
-
mbedtls_ecdsa_restart_init(&rs_ctx);
mbedtls_ecdsa_init(&ctx);
memset(sig, 0, sizeof(sig));
+ MD_PSA_INIT();
+
TEST_ASSERT(mbedtls_ecp_group_load(&ctx.grp, id) == 0);
TEST_ASSERT(mbedtls_test_read_mpi(&ctx.d, d_str) == 0);
diff --git a/tf-psa-crypto/tests/suites/test_suite_ecjpake.function b/tf-psa-crypto/tests/suites/test_suite_ecjpake.function
index 534c7ba..1723010 100644
--- a/tf-psa-crypto/tests/suites/test_suite_ecjpake.function
+++ b/tf-psa-crypto/tests/suites/test_suite_ecjpake.function
@@ -102,6 +102,7 @@
void ecjpake_invalid_param()
{
mbedtls_ecjpake_context ctx;
+ mbedtls_ecjpake_init(&ctx);
unsigned char buf[42] = { 0 };
size_t const len = sizeof(buf);
mbedtls_ecjpake_role invalid_role = (mbedtls_ecjpake_role) 42;
@@ -110,8 +111,6 @@
MD_PSA_INIT();
- mbedtls_ecjpake_init(&ctx);
-
TEST_EQUAL(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecjpake_setup(&ctx,
invalid_role,
@@ -139,13 +138,13 @@
void read_bad_md(data_t *msg)
{
mbedtls_ecjpake_context corrupt_ctx;
+ mbedtls_ecjpake_init(&corrupt_ctx);
const unsigned char *pw = NULL;
const size_t pw_len = 0;
int any_role = MBEDTLS_ECJPAKE_CLIENT;
MD_PSA_INIT();
- mbedtls_ecjpake_init(&corrupt_ctx);
TEST_ASSERT(mbedtls_ecjpake_setup(&corrupt_ctx, any_role,
MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw,
pw_len) == 0);
@@ -164,13 +163,12 @@
void read_round_one(int role, data_t *msg, int ref_ret)
{
mbedtls_ecjpake_context ctx;
+ mbedtls_ecjpake_init(&ctx);
const unsigned char *pw = NULL;
const size_t pw_len = 0;
MD_PSA_INIT();
- mbedtls_ecjpake_init(&ctx);
-
TEST_ASSERT(mbedtls_ecjpake_setup(&ctx, role,
MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw,
pw_len) == 0);
@@ -187,13 +185,12 @@
void read_round_two_cli(data_t *msg, int ref_ret)
{
mbedtls_ecjpake_context ctx;
+ mbedtls_ecjpake_init(&ctx);
const unsigned char *pw = NULL;
const size_t pw_len = 0;
MD_PSA_INIT();
- mbedtls_ecjpake_init(&ctx);
-
TEST_ASSERT(mbedtls_ecjpake_setup(&ctx, MBEDTLS_ECJPAKE_CLIENT,
MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw,
pw_len) == 0);
@@ -216,13 +213,12 @@
void read_round_two_srv(data_t *msg, int ref_ret)
{
mbedtls_ecjpake_context ctx;
+ mbedtls_ecjpake_init(&ctx);
const unsigned char *pw = NULL;
const size_t pw_len = 0;
MD_PSA_INIT();
- mbedtls_ecjpake_init(&ctx);
-
TEST_ASSERT(mbedtls_ecjpake_setup(&ctx, MBEDTLS_ECJPAKE_SERVER,
MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw,
pw_len) == 0);
diff --git a/tf-psa-crypto/tests/suites/test_suite_hmac_drbg.function b/tf-psa-crypto/tests/suites/test_suite_hmac_drbg.function
index 0a50c6c..fbe1b03 100644
--- a/tf-psa-crypto/tests/suites/test_suite_hmac_drbg.function
+++ b/tf-psa-crypto/tests/suites/test_suite_hmac_drbg.function
@@ -41,8 +41,6 @@
size_t default_entropy_len;
size_t expected_consumed_entropy = 0;
- MD_PSA_INIT();
-
mbedtls_hmac_drbg_init(&ctx);
memset(buf, 0, sizeof(buf));
memset(out, 0, sizeof(out));
@@ -50,6 +48,8 @@
entropy.len = sizeof(buf);
entropy.p = buf;
+ MD_PSA_INIT();
+
md_info = mbedtls_md_info_from_type(md_alg);
TEST_ASSERT(md_info != NULL);
if (mbedtls_md_get_size(md_info) <= 20) {
@@ -129,11 +129,10 @@
{
const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx;
+ mbedtls_hmac_drbg_init(&ctx);
MD_PSA_INIT();
- mbedtls_hmac_drbg_init(&ctx);
-
md_info = mbedtls_md_info_from_type(md_alg);
TEST_ASSERT(md_info != NULL);
@@ -159,12 +158,12 @@
mbedtls_hmac_drbg_context ctx;
size_t i;
- MD_PSA_INIT();
-
mbedtls_hmac_drbg_init(&ctx);
memset(buf, 0, sizeof(buf));
memset(out, 0, sizeof(out));
+ MD_PSA_INIT();
+
md_info = mbedtls_md_info_from_type(md_alg);
TEST_ASSERT(md_info != NULL);
TEST_ASSERT(mbedtls_hmac_drbg_seed_buf(&ctx, md_info, buf, sizeof(buf)) == 0);
@@ -194,13 +193,13 @@
const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx;
- MD_PSA_INIT();
-
mbedtls_hmac_drbg_init(&ctx);
p_entropy.p = entropy->x;
p_entropy.len = entropy->len;
+ MD_PSA_INIT();
+
md_info = mbedtls_md_info_from_type(md_alg);
TEST_ASSERT(md_info != NULL);
@@ -244,13 +243,13 @@
const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx;
- MD_PSA_INIT();
-
mbedtls_hmac_drbg_init(&ctx);
p_entropy.p = entropy->x;
p_entropy.len = entropy->len;
+ MD_PSA_INIT();
+
md_info = mbedtls_md_info_from_type(md_alg);
TEST_ASSERT(md_info != NULL);
@@ -279,13 +278,13 @@
const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx;
- MD_PSA_INIT();
-
mbedtls_hmac_drbg_init(&ctx);
p_entropy.p = entropy->x;
p_entropy.len = entropy->len;
+ MD_PSA_INIT();
+
md_info = mbedtls_md_info_from_type(md_alg);
TEST_ASSERT(md_info != NULL);
diff --git a/tf-psa-crypto/tests/suites/test_suite_md.function b/tf-psa-crypto/tests/suites/test_suite_md.function
index 2a885e2..4e62154 100644
--- a/tf-psa-crypto/tests/suites/test_suite_md.function
+++ b/tf-psa-crypto/tests/suites/test_suite_md.function
@@ -21,10 +21,10 @@
const int *md_type_ptr;
const mbedtls_md_info_t *info;
mbedtls_md_context_t ctx;
+ mbedtls_md_init(&ctx);
unsigned char out[MBEDTLS_MD_MAX_SIZE] = { 0 };
MD_PSA_INIT();
- mbedtls_md_init(&ctx);
/*
* Test that mbedtls_md_list() only returns valid MDs.
@@ -87,13 +87,13 @@
void md_null_args()
{
mbedtls_md_context_t ctx;
+ mbedtls_md_init(&ctx);
#if defined(MBEDTLS_MD_C)
const mbedtls_md_info_t *info = mbedtls_md_info_from_type(*(mbedtls_md_list()));
#endif
unsigned char buf[1] = { 0 };
MD_PSA_INIT();
- mbedtls_md_init(&ctx);
TEST_EQUAL(0, mbedtls_md_get_size(NULL));
#if defined(MBEDTLS_MD_C)
@@ -245,12 +245,11 @@
const mbedtls_md_info_t *md_info = NULL;
mbedtls_md_context_t ctx, ctx_copy;
-
- MD_PSA_INIT();
-
mbedtls_md_init(&ctx);
mbedtls_md_init(&ctx_copy);
+ MD_PSA_INIT();
+
halfway = src_len / 2;
md_info = mbedtls_md_info_from_type(md_type);
@@ -291,13 +290,12 @@
unsigned char output[MBEDTLS_MD_MAX_SIZE] = { 0 };
const mbedtls_md_info_t *md_info = NULL;
mbedtls_md_context_t ctx, ctx_copy;
+ mbedtls_md_init(&ctx);
+ mbedtls_md_init(&ctx_copy);
int halfway;
MD_PSA_INIT();
- mbedtls_md_init(&ctx);
- mbedtls_md_init(&ctx_copy);
-
md_info = mbedtls_md_info_from_type(md_type);
TEST_ASSERT(md_info != NULL);
TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 0));
@@ -363,12 +361,11 @@
unsigned char output[MBEDTLS_MD_MAX_SIZE] = { 0 };
const mbedtls_md_info_t *md_info = NULL;
mbedtls_md_context_t ctx;
+ mbedtls_md_init(&ctx);
int halfway;
MD_PSA_INIT();
- mbedtls_md_init(&ctx);
-
md_info = mbedtls_md_info_from_type(md_type);
TEST_ASSERT(md_info != NULL);
TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 1));
diff --git a/tf-psa-crypto/tests/suites/test_suite_pem.function b/tf-psa-crypto/tests/suites/test_suite_pem.function
index 413dc55..091cbd1 100644
--- a/tf-psa-crypto/tests/suites/test_suite_pem.function
+++ b/tf-psa-crypto/tests/suites/test_suite_pem.function
@@ -66,6 +66,7 @@
char *pwd, int res, data_t *out)
{
mbedtls_pem_context ctx;
+ mbedtls_pem_init(&ctx);
int ret;
size_t use_len = 0;
size_t pwd_len = strlen(pwd);
@@ -73,8 +74,6 @@
MD_PSA_INIT();
- mbedtls_pem_init(&ctx);
-
ret = mbedtls_pem_read_buffer(&ctx, header, footer, (unsigned char *) data,
(unsigned char *) pwd, pwd_len, &use_len);
TEST_ASSERT(ret == res);
diff --git a/tf-psa-crypto/tests/suites/test_suite_pkcs1_v21.function b/tf-psa-crypto/tests/suites/test_suite_pkcs1_v21.function
index 6261979..a15d5d7 100644
--- a/tf-psa-crypto/tests/suites/test_suite_pkcs1_v21.function
+++ b/tf-psa-crypto/tests/suites/test_suite_pkcs1_v21.function
@@ -14,18 +14,18 @@
{
unsigned char output[256];
mbedtls_rsa_context ctx;
+ mbedtls_rsa_init(&ctx);
mbedtls_test_rnd_buf_info info;
mbedtls_mpi N, E;
-
- MD_PSA_INIT();
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
info.fallback_f_rng = mbedtls_test_rnd_std_rand;
info.fallback_p_rng = NULL;
info.buf = rnd_buf->x;
info.length = rnd_buf->len;
- mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
- mbedtls_rsa_init(&ctx);
+ MD_PSA_INIT();
+
TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
MBEDTLS_RSA_PKCS_V21, hash) == 0);
memset(output, 0x00, sizeof(output));
@@ -66,17 +66,16 @@
{
unsigned char output[64];
mbedtls_rsa_context ctx;
+ mbedtls_rsa_init(&ctx);
size_t output_len;
mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_mpi N, P, Q, E;
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
+ mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
((void) seed);
MD_PSA_INIT();
- mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
- mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
-
- mbedtls_rsa_init(&ctx);
TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
MBEDTLS_RSA_PKCS_V21, hash) == 0);
@@ -131,19 +130,19 @@
{
unsigned char output[512];
mbedtls_rsa_context ctx;
+ mbedtls_rsa_init(&ctx);
mbedtls_test_rnd_buf_info info;
mbedtls_mpi N, P, Q, E;
-
- MD_PSA_INIT();
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
+ mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
info.fallback_f_rng = mbedtls_test_rnd_std_rand;
info.fallback_p_rng = NULL;
info.buf = rnd_buf->x;
info.length = rnd_buf->len;
- mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
- mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
- mbedtls_rsa_init(&ctx);
+ MD_PSA_INIT();
+
TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
MBEDTLS_RSA_PKCS_V21, hash) == 0);
@@ -196,13 +195,13 @@
char *salt, data_t *result_str, int result)
{
mbedtls_rsa_context ctx;
+ mbedtls_rsa_init(&ctx);
mbedtls_mpi N, E;
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
((void) salt);
MD_PSA_INIT();
- mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
- mbedtls_rsa_init(&ctx);
TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
MBEDTLS_RSA_PKCS_V21, hash) == 0);
@@ -236,12 +235,12 @@
int result_full)
{
mbedtls_rsa_context ctx;
+ mbedtls_rsa_init(&ctx);
mbedtls_mpi N, E;
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
MD_PSA_INIT();
- mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
- mbedtls_rsa_init(&ctx);
TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
MBEDTLS_RSA_PKCS_V21, ctx_hash) == 0);
diff --git a/tf-psa-crypto/tests/suites/test_suite_pkparse.function b/tf-psa-crypto/tests/suites/test_suite_pkparse.function
index 15c6de0..6f4b36d 100644
--- a/tf-psa-crypto/tests/suites/test_suite_pkparse.function
+++ b/tf-psa-crypto/tests/suites/test_suite_pkparse.function
@@ -115,10 +115,10 @@
void pk_parse_keyfile_rsa(char *key_file, char *password, int result)
{
mbedtls_pk_context ctx;
+ mbedtls_pk_init(&ctx);
int res;
char *pwd = password;
- mbedtls_pk_init(&ctx);
MD_PSA_INIT();
if (strcmp(pwd, "NULL") == 0) {
@@ -162,9 +162,9 @@
void pk_parse_public_keyfile_rsa(char *key_file, int result)
{
mbedtls_pk_context ctx;
+ mbedtls_pk_init(&ctx);
int res;
- mbedtls_pk_init(&ctx);
MD_PSA_INIT();
res = mbedtls_pk_parse_public_keyfile(&ctx, key_file);
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
index 87fec19..dab2ee7 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
@@ -7496,12 +7496,44 @@
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0
+PSA generate key: ECC, SECP384R1, good
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_384
+generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0
+
+PSA generate key: ECC, SECP521R1, good
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_521
+generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0
+
+PSA generate key: ECC, SECP192K1, good
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_K1_192
+generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0
+
+PSA generate key: ECC, SECP256K1, good
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_K1_256
+generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0
+
+PSA generate key: ECC, brainpool256r1, good
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_BRAINPOOL_P_R1_256
+generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0
+
+PSA generate key: ECC, brainpool384r1, good
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_BRAINPOOL_P_R1_384
+generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0
+
PSA generate key: ECC, SECP256R1, incorrect bit size
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
# INVALID_ARGUMENT would make more sense, but our code as currently structured
# doesn't fully relate the curve with its size.
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_ERROR_NOT_SUPPORTED:0
+PSA generate key: ECC, SECP256R1, zero bit size
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
+generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA generate key: ECC, SECP256R1, public key
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
+generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT:0
+
PSA generate key: ECC, Curve25519, good
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_255
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0
@@ -7534,6 +7566,9 @@
depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_ERROR_NOT_SUPPORTED:0
+PSA generate key interruptible object initializers zero properly
+generate_key_iop_init:
+
PSA generate key custom: RSA, flags=1
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:1:"":PSA_ERROR_INVALID_ARGUMENT
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
index b1c662f..eaafd90 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
@@ -10096,6 +10096,7 @@
psa_status_t expected_status = expected_status_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_generate_key_iop_t operation = PSA_GENERATE_KEY_IOP_INIT;
PSA_ASSERT(psa_crypto_init());
@@ -10111,21 +10112,46 @@
TEST_ASSUME(status != PSA_ERROR_INSUFFICIENT_MEMORY);
}
TEST_EQUAL(status, expected_status);
- if (expected_status != PSA_SUCCESS) {
- goto exit;
+ if (expected_status == PSA_SUCCESS) {
+ /* Test the key information */
+ PSA_ASSERT(psa_get_key_attributes(key, &got_attributes));
+ TEST_EQUAL(psa_get_key_type(&got_attributes), type);
+ TEST_EQUAL(psa_get_key_bits(&got_attributes), bits);
+
+ /* Do something with the key according to its type and permitted usage. */
+ TEST_EQUAL(mbedtls_test_psa_exercise_key(key, usage, alg, 0), 1);
}
- /* Test the key information */
- PSA_ASSERT(psa_get_key_attributes(key, &got_attributes));
- TEST_EQUAL(psa_get_key_type(&got_attributes), type);
- TEST_EQUAL(psa_get_key_bits(&got_attributes), bits);
+ /* Adjust expected_status for interruptible key generation.
+ * Interruptible key generation is only supported for ECC key pairs and even
+ * for those only when MBEDTLS_ECP_RESTARTABLE is on.
+ */
- /* Do something with the key according to its type and permitted usage. */
- if (!mbedtls_test_psa_exercise_key(key, usage, alg, 0)) {
- goto exit;
+ if (!PSA_KEY_TYPE_IS_ECC(type)) {
+ expected_status = PSA_ERROR_NOT_SUPPORTED;
}
+#if !defined(MBEDTLS_ECP_RESTARTABLE)
+ expected_status = PSA_ERROR_NOT_SUPPORTED;
+#endif
+
+ status = psa_generate_key_iop_setup(&operation, &attributes);
+ TEST_EQUAL(status, expected_status);
+
+ /* Test that calling setup 2 time consecutively fails */
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ status = psa_generate_key_iop_setup(&operation, &attributes);
+ TEST_EQUAL(status, PSA_ERROR_BAD_STATE);
+#endif
+
+ PSA_ASSERT(psa_generate_key_iop_abort(&operation));
+
+ /* Test that after calling abort operation is reset to it's fresh state */
+ status = psa_generate_key_iop_setup(&operation, &attributes);
+ TEST_EQUAL(status, expected_status);
+
exit:
+ psa_generate_key_iop_abort(&operation);
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
@@ -10138,6 +10164,21 @@
/* END_CASE */
/* BEGIN_CASE */
+void generate_key_iop_init()
+{
+ psa_generate_key_iop_t init = PSA_GENERATE_KEY_IOP_INIT;
+ psa_generate_key_iop_t func = psa_generate_key_iop_init();
+ psa_generate_key_iop_t zero;
+
+ memset(&zero, 0, sizeof(zero));
+
+ PSA_ASSERT(psa_generate_key_iop_abort(&init));
+ PSA_ASSERT(psa_generate_key_iop_abort(&func));
+ PSA_ASSERT(psa_generate_key_iop_abort(&zero));
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void generate_key_custom(int type_arg,
int bits_arg,
int usage_arg,
diff --git a/tests/suites/test_suite_psa_crypto_ecp.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_ecp.data
similarity index 100%
rename from tests/suites/test_suite_psa_crypto_ecp.data
rename to tf-psa-crypto/tests/suites/test_suite_psa_crypto_ecp.data
diff --git a/tests/suites/test_suite_psa_crypto_ecp.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_ecp.function
similarity index 100%
rename from tests/suites/test_suite_psa_crypto_ecp.function
rename to tf-psa-crypto/tests/suites/test_suite_psa_crypto_ecp.function
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_util.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_util.data
index c84a836..a0ec9fd 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_util.data
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_util.data
@@ -1,3 +1,12 @@
+# mbedtls_ecdsa_der_to_raw() doesn't accept a null output buffer,
+# even with otherwise invalid paramters,
+# so we pass it a (non-null) buffer of length 1.
+ECDSA Raw -> DER, 0bit
+ecdsa_raw_to_der:0:"":"00":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA DER -> Raw, 0bit
+ecdsa_der_to_raw:0:"":"":MBEDTLS_ERR_ASN1_INVALID_DATA
+
ECDSA Raw -> DER, 256bit, Success
depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0
diff --git a/tf-psa-crypto/tests/suites/test_suite_random.function b/tf-psa-crypto/tests/suites/test_suite_random.function
index 155b8e7..b58b22f 100644
--- a/tf-psa-crypto/tests/suites/test_suite_random.function
+++ b/tf-psa-crypto/tests/suites/test_suite_random.function
@@ -22,7 +22,9 @@
void random_twice_with_ctr_drbg()
{
mbedtls_entropy_context entropy;
+ mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_context drbg;
+ mbedtls_ctr_drbg_init(&drbg);
unsigned char output1[OUTPUT_SIZE];
unsigned char output2[OUTPUT_SIZE];
@@ -34,8 +36,6 @@
/* First round */
- mbedtls_entropy_init(&entropy);
- mbedtls_ctr_drbg_init(&drbg);
TEST_EQUAL(0, mbedtls_ctr_drbg_seed(&drbg,
mbedtls_entropy_func, &entropy,
NULL, 0));
@@ -73,7 +73,9 @@
void random_twice_with_hmac_drbg(int md_type)
{
mbedtls_entropy_context entropy;
+ mbedtls_entropy_init(&entropy);
mbedtls_hmac_drbg_context drbg;
+ mbedtls_hmac_drbg_init(&drbg);
unsigned char output1[OUTPUT_SIZE];
unsigned char output2[OUTPUT_SIZE];
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
@@ -81,8 +83,6 @@
MD_PSA_INIT();
/* First round */
- mbedtls_entropy_init(&entropy);
- mbedtls_hmac_drbg_init(&drbg);
TEST_EQUAL(0, mbedtls_hmac_drbg_seed(&drbg, md_info,
mbedtls_entropy_func, &entropy,
NULL, 0));