mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-24 17:41:00 +00:00
Merge remote-tracking branch 'origin/pr/644' into baremetal
This commit is contained in:
commit
e501c8d308
|
@ -42,22 +42,11 @@
|
|||
#define MBEDTLS_CCM_C
|
||||
|
||||
/* Asymmetric crypto: Single-curve ECC only. */
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_PK_C
|
||||
#define MBEDTLS_PK_PARSE_C
|
||||
#define MBEDTLS_PK_WRITE_C
|
||||
#define MBEDTLS_ECDSA_C
|
||||
#define MBEDTLS_ECP_C
|
||||
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
#define MBEDTLS_ECP_NIST_OPTIM
|
||||
#define MBEDTLS_ECDSA_DETERMINISTIC
|
||||
#define MBEDTLS_ECP_WINDOW_SIZE 2
|
||||
#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0
|
||||
#define MBEDTLS_ECP_MAX_BITS 256
|
||||
#define MBEDTLS_MPI_MAX_SIZE 32 // 256 bits is 32 bytes
|
||||
|
||||
#define MBEDTLS_SSL_CONF_SINGLE_EC
|
||||
#define MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_ECP_DP_SECP256R1
|
||||
#define MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID MBEDTLS_UECC_DP_SECP256R1
|
||||
#define MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
|
||||
#define MBEDTLS_SSL_CONF_SINGLE_SIG_HASH
|
||||
#define MBEDTLS_SSL_CONF_SINGLE_SIG_HASH_MD_ID MBEDTLS_MD_SHA256
|
||||
|
@ -130,11 +119,6 @@
|
|||
#define MBEDTLS_ASN1_PARSE_C
|
||||
#define MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
|
||||
|
||||
/* X.509 CSR writing */
|
||||
#define MBEDTLS_X509_CSR_WRITE_C
|
||||
#define MBEDTLS_X509_CREATE_C
|
||||
#define MBEDTLS_ASN1_WRITE_C
|
||||
|
||||
/* RNG and PRNG */
|
||||
#define MBEDTLS_NO_PLATFORM_ENTROPY
|
||||
#define MBEDTLS_ENTROPY_C
|
||||
|
|
|
@ -31,6 +31,7 @@
|
|||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
#include "bignum.h"
|
||||
|
|
|
@ -89,7 +89,10 @@
|
|||
|
||||
#if defined(MBEDTLS_SSL_CONF_SINGLE_EC) && \
|
||||
( !defined(MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID) || \
|
||||
!defined(MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID) )
|
||||
( defined(MBEDTLS_USE_TINYCRYPT) && \
|
||||
!defined(MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID) ) || \
|
||||
( defined(MBEDTLS_ECP_C) && \
|
||||
!defined(MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID) ) )
|
||||
#error "MBEDTLS_SSL_CONF_SINGLE_EC defined, but not all prerequesites"
|
||||
#endif
|
||||
|
||||
|
@ -106,8 +109,12 @@
|
|||
#if defined(MBEDTLS_USE_TINYCRYPT) && \
|
||||
!( defined(MBEDTLS_SSL_CONF_SINGLE_EC) && \
|
||||
MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID == 23 && \
|
||||
MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID == MBEDTLS_ECP_DP_SECP256R1 )
|
||||
#error "MBEDTLS_USE_TINYCRYPT requires the use of MBEDTLS_SSL_CONF_SINGLE_EC to hardcode the choice of Secp256r1"
|
||||
MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID == MBEDTLS_UECC_DP_SECP256R1 )
|
||||
#error "MBEDTLS_USE_TINYCRYPT requires the use of MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID to hardcode the choice of Secp256r1"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT) && defined(MBEDTLS_ECP_C)
|
||||
#error "MBEDTLS_USE_TINYCRYPT and MBEDTLS_ECP_C cannot be used simultaneously"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT) && \
|
||||
|
@ -166,6 +173,21 @@
|
|||
#error "MBEDTLS_ECP_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if ( defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
|
||||
defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
|
||||
defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
|
||||
defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
|
||||
defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
|
||||
defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
|
||||
defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
|
||||
defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \
|
||||
defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
|
||||
defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
|
||||
defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) ) && \
|
||||
!defined(MBEDTLS_ECP_C)
|
||||
#error "At least one ECP curve enabled, but not all prerequesites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
|
||||
#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
|
||||
#endif
|
||||
|
@ -248,12 +270,14 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
|
||||
( !( defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_USE_TINYCRYPT) ) || \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
|
||||
( !( defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_USE_TINYCRYPT) ) || \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
|
@ -262,7 +286,7 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \
|
||||
!defined(MBEDTLS_ECDH_C)
|
||||
!(defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_USE_TINYCRYPT) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
|
@ -282,7 +306,7 @@
|
|||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
|
||||
( !( defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_USE_TINYCRYPT) ) || \
|
||||
!defined(MBEDTLS_ECDSA_C) || \
|
||||
!( defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT) ) || \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
@ -331,7 +355,9 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_C) && \
|
||||
( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) )
|
||||
( !defined(MBEDTLS_RSA_C) && \
|
||||
!defined(MBEDTLS_ECP_C) && \
|
||||
!defined(MBEDTLS_USE_TINYCRYPT) )
|
||||
#error "MBEDTLS_PK_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
|
@ -776,8 +802,9 @@
|
|||
#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
|
||||
!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \
|
||||
#if defined(MBEDTLS_X509_USE_C) && \
|
||||
( !defined(MBEDTLS_OID_C) || \
|
||||
!defined(MBEDTLS_ASN1_PARSE_C) || \
|
||||
!defined(MBEDTLS_PK_PARSE_C) )
|
||||
#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
|
|
@ -2577,7 +2577,7 @@
|
|||
* Requires: MBEDTLS_SSL_CONF_RNG
|
||||
* MBEDTLS_SSL_CONF_SINGLE_EC
|
||||
* MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID == 23
|
||||
* MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID == MBEDTLS_ECP_DP_SECP256R1
|
||||
* MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID == MBEDTLS_UECC_DP_SECP256R1
|
||||
*
|
||||
* \see MBEDTLS_SSL_CONF_RNG
|
||||
*
|
||||
|
@ -3755,11 +3755,13 @@
|
|||
* curve operations during the handshake.
|
||||
*
|
||||
* If this is set, you must also define the following:
|
||||
* - MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID
|
||||
* - MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID (if MBEDTLS_ECP_C is set)
|
||||
* This must resolve to the Mbed TLS group ID for the elliptic
|
||||
* curve to use (e.g. MBEDTLS_ECP_DP_SECP256R1); see
|
||||
* ::mbedtls_ecp_group_id in mbedtls/ecp.h for a complete list
|
||||
* of curve identifiers.
|
||||
* - MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID (if MBEDTLS_USE_TINYCRYPT is set)
|
||||
* This must resolve to MBEDTLS_UECC_DP_SECP256R1.
|
||||
* - MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID
|
||||
* This must resolve to the identifier for the elliptic curve
|
||||
* to use according to the IANA NamedCurve registry:
|
||||
|
@ -3771,6 +3773,7 @@
|
|||
//#define MBEDTLS_SSL_CONF_SINGLE_EC
|
||||
//#define MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
|
||||
//#define MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_ECP_DP_SECP256R1
|
||||
//#define MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID MBEDTLS_UECC_DP_SECP256R1
|
||||
|
||||
/* Enable support a single signature hash algorithm
|
||||
* at compile-time, at the benefit of code-size.
|
||||
|
|
|
@ -36,6 +36,10 @@
|
|||
#include "ecp.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
#include "ecdh.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DEBUG_C)
|
||||
|
||||
#define MBEDTLS_DEBUG_STRIP_PARENS( ... ) __VA_ARGS__
|
||||
|
|
|
@ -471,6 +471,18 @@ int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_a
|
|||
int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg,
|
||||
const char **oid, size_t *olen );
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
typedef enum
|
||||
{
|
||||
MBEDTLS_UECC_DP_NONE = 0, /*!< Curve not defined. */
|
||||
MBEDTLS_UECC_DP_SECP256R1, /*!< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1. */
|
||||
} mbedtls_uecc_group_id;
|
||||
|
||||
int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_uecc_group_id *grp_id );
|
||||
|
||||
int mbedtls_oid_get_oid_by_ec_grp( mbedtls_uecc_group_id grp_id,
|
||||
const char **oid, size_t *olen);
|
||||
#else
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
/**
|
||||
* \brief Translate NamedCurve OID into an EC group identifier
|
||||
|
@ -494,6 +506,7 @@ int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *g
|
|||
int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id,
|
||||
const char **oid, size_t *olen );
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
/**
|
||||
|
|
|
@ -45,6 +45,10 @@
|
|||
#include "ecdsa.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
#include "tinycrypt/ecc.h"
|
||||
#endif
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
|
@ -133,6 +137,14 @@ typedef struct mbedtls_pk_context
|
|||
void * pk_ctx; /**< Underlying public key context */
|
||||
} mbedtls_pk_context;
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
typedef struct
|
||||
{
|
||||
uint8_t private_key[NUM_ECC_BYTES];
|
||||
uint8_t public_key[2*NUM_ECC_BYTES];
|
||||
} mbedtls_uecc_keypair;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
/**
|
||||
* \brief Context for resuming operations
|
||||
|
@ -160,6 +172,13 @@ static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
|
|||
}
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
static inline mbedtls_uecc_keypair *mbedtls_pk_uecc( const mbedtls_pk_context pk )
|
||||
{
|
||||
return( (mbedtls_uecc_keypair *) (pk).pk_ctx );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
/**
|
||||
* Quick access to an EC context inside a PK context.
|
||||
|
|
|
@ -131,6 +131,10 @@ extern const mbedtls_pk_info_t mbedtls_eckeydh_info;
|
|||
extern const mbedtls_pk_info_t mbedtls_ecdsa_info;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
extern const mbedtls_pk_info_t mbedtls_uecc_eckey_info;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
||||
extern const mbedtls_pk_info_t mbedtls_rsa_alt_info;
|
||||
#endif
|
||||
|
|
|
@ -31,7 +31,6 @@
|
|||
#endif
|
||||
|
||||
#include "bignum.h"
|
||||
#include "ecp.h"
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#include "x509_crt.h"
|
||||
|
@ -42,8 +41,12 @@
|
|||
#include "dhm.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
#include "ecdh.h"
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#include "ecp.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
#include "tinycrypt/ecc.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||
|
@ -510,8 +513,13 @@ union mbedtls_ssl_premaster_secret
|
|||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]; /* RFC 4492 5.10 */
|
||||
#endif
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
unsigned char _pms_ecdh_uecc[ NUM_ECC_BYTES ];
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
|
||||
unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 2 */
|
||||
#endif
|
||||
|
@ -523,9 +531,15 @@ union mbedtls_ssl_premaster_secret
|
|||
unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 4 */
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
unsigned char _pms_ecdhe_psk_uecc[4 + NUM_ECC_BYTES +
|
||||
+ MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
|
||||
+ MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */
|
||||
#endif
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
unsigned char _pms_ecjpake[32]; /* Thread spec: SHA-256 output */
|
||||
#endif
|
||||
|
|
|
@ -626,7 +626,8 @@ static inline mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg_internal(
|
|||
|
||||
#endif /* MBEDTLS_PK_C */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT) || \
|
||||
defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
static inline int mbedtls_ssl_ciphersuite_uses_ec_internal(
|
||||
mbedtls_ssl_ciphersuite_handle_t info )
|
||||
|
@ -645,7 +646,10 @@ static inline int mbedtls_ssl_ciphersuite_uses_ec_internal(
|
|||
return( 0 );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT ||
|
||||
MBEDTLS_ECDH_C ||
|
||||
MBEDTLS_ECDSA_C ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
static inline int mbedtls_ssl_ciphersuite_uses_psk_internal(
|
||||
|
@ -684,10 +688,13 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(
|
|||
mbedtls_ssl_ciphersuite_handle_t info );
|
||||
#endif /* MBEDTLS_PK_C */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT) || \
|
||||
defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
int mbedtls_ssl_ciphersuite_uses_ec( mbedtls_ssl_ciphersuite_handle_t info );
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT ||
|
||||
MBEDTLS_ECDH_C ||
|
||||
MBEDTLS_ECDSA_C ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
|
@ -710,14 +717,17 @@ static inline mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(
|
|||
}
|
||||
#endif /* MBEDTLS_PK_C */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT) || \
|
||||
defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
static inline int mbedtls_ssl_ciphersuite_uses_ec(
|
||||
mbedtls_ssl_ciphersuite_handle_t info )
|
||||
{
|
||||
return( mbedtls_ssl_ciphersuite_uses_ec_internal( info ) );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT ||
|
||||
MBEDTLS_ECDH_C ||
|
||||
MBEDTLS_ECDSA_C ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
|
||||
#include "ssl.h"
|
||||
#include "cipher.h"
|
||||
#include "oid.h"
|
||||
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
#include "md5.h"
|
||||
|
@ -53,6 +54,14 @@
|
|||
#include "ecjpake.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#include "ecp.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
#include "ecdh.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
#include "tinycrypt/ecc.h"
|
||||
#include "tinycrypt/ecc_dh.h"
|
||||
|
@ -1013,8 +1022,14 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
|
|||
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
|
||||
unsigned char mbedtls_ssl_hash_from_md_alg( int md );
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
int mbedtls_ssl_check_curve_uecc( const mbedtls_ssl_context *ssl,
|
||||
mbedtls_uecc_group_id grp_id );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
|
||||
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl,
|
||||
mbedtls_ecp_group_id grp_id );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
|
@ -1743,6 +1758,17 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced(
|
|||
#define MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID \
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
#define MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_UECC_GRP_ID( EC_ID_VAR ) \
|
||||
{ \
|
||||
mbedtls_uecc_group_id EC_ID_VAR = MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID; \
|
||||
((void) ssl);
|
||||
|
||||
#define MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_UECC_GRP_ID \
|
||||
}
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#define MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_GRP_ID( EC_ID_VAR ) \
|
||||
{ \
|
||||
mbedtls_ecp_group_id EC_ID_VAR = MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID; \
|
||||
|
@ -1750,6 +1776,7 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced(
|
|||
|
||||
#define MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_GRP_ID \
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#endif /* MBEDTLS_SSL_CONF_SINGLE_EC */
|
||||
|
||||
|
@ -1866,4 +1893,16 @@ int mbedtls_ssl_ecdh_read_peerkey( mbedtls_ssl_context *ssl,
|
|||
unsigned char **p, unsigned char *end );
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
|
||||
/*
|
||||
* Point formats, from RFC 4492's enum ECPointFormat
|
||||
*/
|
||||
#define MBEDTLS_SSL_EC_PF_UNCOMPRESSED 0 /**< Uncompressed point format. */
|
||||
#define MBEDTLS_SSL_EC_PF_COMPRESSED 1 /**< Compressed point format. */
|
||||
|
||||
/*
|
||||
* Some other constants from RFC 4492
|
||||
*/
|
||||
#define MBEDTLS_SSL_EC_TLS_NAMED_CURVE 3 /**< The named_curve of ECCurveType. */
|
||||
|
||||
#endif /* ssl_internal.h */
|
||||
|
|
|
@ -194,6 +194,7 @@ mbedtls_x509_crt_profile;
|
|||
#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_WRITE_C)
|
||||
/**
|
||||
* Container for writing a certificate (CRT)
|
||||
*/
|
||||
|
@ -211,6 +212,7 @@ typedef struct mbedtls_x509write_cert
|
|||
mbedtls_asn1_named_data *extensions;
|
||||
}
|
||||
mbedtls_x509write_cert;
|
||||
#endif /* MBEDTLS_X509_CRT_WRITE_C */
|
||||
|
||||
/**
|
||||
* Item in a verification chain: cert and flags for it
|
||||
|
|
|
@ -1975,9 +1975,9 @@ const char * mbedtls_test_cas[] = {
|
|||
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
|
||||
mbedtls_test_ca_crt_rsa_sha256,
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
mbedtls_test_ca_crt_ec,
|
||||
#endif
|
||||
#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */
|
||||
NULL
|
||||
};
|
||||
const size_t mbedtls_test_cas_len[] = {
|
||||
|
@ -1987,9 +1987,9 @@ const size_t mbedtls_test_cas_len[] = {
|
|||
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
|
||||
sizeof( mbedtls_test_ca_crt_rsa_sha256 ),
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
sizeof( mbedtls_test_ca_crt_ec ),
|
||||
#endif
|
||||
#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */
|
||||
0
|
||||
};
|
||||
|
||||
|
@ -2003,9 +2003,9 @@ const unsigned char * mbedtls_test_cas_der[] = {
|
|||
mbedtls_test_ca_crt_rsa_sha1_der,
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
mbedtls_test_ca_crt_ec_der,
|
||||
#endif /* MBEDTLS_ECDSA_C */
|
||||
#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */
|
||||
NULL
|
||||
};
|
||||
|
||||
|
@ -2018,9 +2018,9 @@ const size_t mbedtls_test_cas_der_len[] = {
|
|||
sizeof( mbedtls_test_ca_crt_rsa_sha1_der ),
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
sizeof( mbedtls_test_ca_crt_ec_der ),
|
||||
#endif /* MBEDTLS_ECDSA_C */
|
||||
#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */
|
||||
0
|
||||
};
|
||||
|
||||
|
@ -2035,9 +2035,9 @@ const char mbedtls_test_cas_pem[] =
|
|||
TEST_CA_CRT_RSA_SHA1_PEM
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
TEST_CA_CRT_EC_PEM
|
||||
#endif /* MBEDTLS_ECDSA_C */
|
||||
#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */
|
||||
"";
|
||||
const size_t mbedtls_test_cas_pem_len = sizeof( mbedtls_test_cas_pem );
|
||||
#endif /* MBEDTLS_PEM_PARSE_C */
|
||||
|
|
|
@ -385,7 +385,7 @@ static const oid_sig_alg_t oid_sig_alg[] =
|
|||
},
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
{
|
||||
OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA1, "ecdsa-with-SHA1", "ECDSA with SHA1" ),
|
||||
|
@ -412,7 +412,7 @@ static const oid_sig_alg_t oid_sig_alg[] =
|
|||
MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA,
|
||||
},
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
#endif /* MBEDTLS_ECDSA_C */
|
||||
#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
{
|
||||
OID_DESCRIPTOR( MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS" ),
|
||||
|
@ -467,6 +467,12 @@ FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg)
|
|||
FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg)
|
||||
FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, oid_pk_alg_t, oid_pk_alg, mbedtls_pk_type_t, pk_alg)
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
typedef struct {
|
||||
mbedtls_oid_descriptor_t descriptor;
|
||||
mbedtls_uecc_group_id grp_id;
|
||||
} oid_ecp_grp_t;
|
||||
#else
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
/*
|
||||
* For namedCurve (RFC 5480)
|
||||
|
@ -475,7 +481,26 @@ typedef struct {
|
|||
mbedtls_oid_descriptor_t descriptor;
|
||||
mbedtls_ecp_group_id grp_id;
|
||||
} oid_ecp_grp_t;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
static const oid_ecp_grp_t oid_ecp_grp[] =
|
||||
{
|
||||
{
|
||||
OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP256R1 , "secp256r1", "secp256r1" ),
|
||||
MBEDTLS_UECC_DP_SECP256R1,
|
||||
},
|
||||
{
|
||||
NULL_OID_DESCRIPTOR,
|
||||
MBEDTLS_UECC_DP_NONE,
|
||||
},
|
||||
};
|
||||
FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp)
|
||||
FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_uecc_group_id, grp_id)
|
||||
FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, oid_ecp_grp_t, oid_ecp_grp, mbedtls_uecc_group_id, grp_id)
|
||||
#else
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
static const oid_ecp_grp_t oid_ecp_grp[] =
|
||||
{
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
|
||||
|
@ -554,6 +579,7 @@ FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp)
|
|||
FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id)
|
||||
FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, oid_ecp_grp_t, oid_ecp_grp, mbedtls_ecp_group_id, grp_id)
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_C)
|
||||
/*
|
||||
|
|
11
library/pk.c
11
library/pk.c
|
@ -115,8 +115,6 @@ const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
|
|||
return( &mbedtls_rsa_info );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
case MBEDTLS_PK_ECKEY:
|
||||
return( &mbedtls_eckey_info );
|
||||
case MBEDTLS_PK_ECKEY_DH:
|
||||
return( &mbedtls_eckeydh_info );
|
||||
#endif
|
||||
|
@ -124,6 +122,15 @@ const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
|
|||
case MBEDTLS_PK_ECDSA:
|
||||
return( &mbedtls_ecdsa_info );
|
||||
#endif
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
case MBEDTLS_PK_ECKEY:
|
||||
return( &mbedtls_uecc_eckey_info );
|
||||
#else /* MBEDTLS_USE_TINYCRYPT */
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
case MBEDTLS_PK_ECKEY:
|
||||
return( &mbedtls_eckey_info );
|
||||
#endif
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
/* MBEDTLS_PK_RSA_ALT omitted on purpose */
|
||||
default:
|
||||
return( NULL );
|
||||
|
|
|
@ -33,6 +33,13 @@
|
|||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
#include "tinycrypt/ecc.h"
|
||||
#include "tinycrypt/ecc_dsa.h"
|
||||
#include "mbedtls/asn1.h"
|
||||
#include "mbedtls/asn1write.h"
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#include "mbedtls/ecp.h"
|
||||
#endif
|
||||
|
@ -41,7 +48,8 @@
|
|||
#include "mbedtls/ecdsa.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
||||
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) || \
|
||||
defined(MBEDTLS_USE_TINYCRYPT)
|
||||
#include "mbedtls/platform_util.h"
|
||||
#endif
|
||||
|
||||
|
@ -466,6 +474,284 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = {
|
|||
};
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
|
||||
/*
|
||||
* An ASN.1 encoded signature is a sequence of two ASN.1 integers. Parse one of
|
||||
* those integers and convert it to the fixed-length encoding.
|
||||
*/
|
||||
static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end,
|
||||
unsigned char *to, size_t to_len )
|
||||
{
|
||||
int ret;
|
||||
size_t unpadded_len, padding_len;
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_tag( from, end, &unpadded_len,
|
||||
MBEDTLS_ASN1_INTEGER ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
while( unpadded_len > 0 && **from == 0x00 )
|
||||
{
|
||||
( *from )++;
|
||||
unpadded_len--;
|
||||
}
|
||||
|
||||
if( unpadded_len > to_len || unpadded_len == 0 )
|
||||
return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
||||
|
||||
padding_len = to_len - unpadded_len;
|
||||
memset( to, 0x00, padding_len );
|
||||
memcpy( to + padding_len, *from, unpadded_len );
|
||||
( *from ) += unpadded_len;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Convert a signature from an ASN.1 sequence of two integers
|
||||
* to a raw {r,s} buffer. Note: the provided sig buffer must be at least
|
||||
* twice as big as int_size.
|
||||
*/
|
||||
static int extract_ecdsa_sig( unsigned char **p, const unsigned char *end,
|
||||
unsigned char *sig, size_t int_size )
|
||||
{
|
||||
int ret;
|
||||
size_t tmp_size;
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_tag( p, end, &tmp_size,
|
||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
/* Extract r */
|
||||
if( ( ret = extract_ecdsa_sig_int( p, end, sig, int_size ) ) != 0 )
|
||||
return( ret );
|
||||
/* Extract s */
|
||||
if( ( ret = extract_ecdsa_sig_int( p, end, sig + int_size, int_size ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
static size_t uecc_eckey_get_bitlen( const void *ctx )
|
||||
{
|
||||
(void) ctx;
|
||||
return( (size_t) ( NUM_ECC_BYTES * 8 ) );
|
||||
}
|
||||
|
||||
static int uecc_eckey_check_pair( const void *pub, const void *prv )
|
||||
{
|
||||
const mbedtls_uecc_keypair *uecc_pub =
|
||||
(const mbedtls_uecc_keypair *) pub;
|
||||
const mbedtls_uecc_keypair *uecc_prv =
|
||||
(const mbedtls_uecc_keypair *) prv;
|
||||
|
||||
if( memcmp( uecc_pub->public_key,
|
||||
uecc_prv->public_key,
|
||||
2 * NUM_ECC_BYTES ) == 0 )
|
||||
{
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
static int uecc_eckey_can_do( mbedtls_pk_type_t type )
|
||||
{
|
||||
return( type == MBEDTLS_PK_ECDSA ||
|
||||
type == MBEDTLS_PK_ECKEY );
|
||||
}
|
||||
|
||||
static int uecc_eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
const unsigned char *sig, size_t sig_len )
|
||||
{
|
||||
int ret;
|
||||
uint8_t signature[2*NUM_ECC_BYTES];
|
||||
unsigned char *p;
|
||||
const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
|
||||
const mbedtls_uecc_keypair *keypair = (const mbedtls_uecc_keypair *) ctx;
|
||||
|
||||
((void) md_alg);
|
||||
p = (unsigned char*) sig;
|
||||
|
||||
ret = extract_ecdsa_sig( &p, sig + sig_len, signature, NUM_ECC_BYTES );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = uECC_verify( keypair->public_key, hash,
|
||||
(unsigned) hash_len, signature, uecc_curve );
|
||||
if( ret == 0 )
|
||||
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Simultaneously convert and move raw MPI from the beginning of a buffer
|
||||
* to an ASN.1 MPI at the end of the buffer.
|
||||
* See also mbedtls_asn1_write_mpi().
|
||||
*
|
||||
* p: pointer to the end of the output buffer
|
||||
* start: start of the output buffer, and also of the mpi to write at the end
|
||||
* n_len: length of the mpi to read from start
|
||||
*
|
||||
* Warning:
|
||||
* The total length of the output buffer must be smaller than 128 Bytes.
|
||||
*/
|
||||
static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
|
||||
size_t n_len )
|
||||
{
|
||||
size_t len = 0;
|
||||
|
||||
if( (size_t)( *p - start ) < n_len )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
len = n_len;
|
||||
*p -= len;
|
||||
memmove( *p, start, len );
|
||||
|
||||
/* ASN.1 DER encoding requires minimal length, so skip leading 0s.
|
||||
* Neither r nor s should be 0, but as a failsafe measure, still detect
|
||||
* that rather than overflowing the buffer in case of an error. */
|
||||
while( len > 0 && **p == 0x00 )
|
||||
{
|
||||
++(*p);
|
||||
--len;
|
||||
}
|
||||
|
||||
/* this is only reached if the signature was invalid */
|
||||
if( len == 0 )
|
||||
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
|
||||
|
||||
/* if the msb is 1, ASN.1 requires that we prepend a 0.
|
||||
* Neither r nor s can be 0, so we can assume len > 0 at all times. */
|
||||
if( **p & 0x80 )
|
||||
{
|
||||
if( *p - start < 1 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*--(*p) = 0x00;
|
||||
len += 1;
|
||||
}
|
||||
|
||||
/* The ASN.1 length encoding is just a single Byte containing the length,
|
||||
* as we assume that the total buffer length is smaller than 128 Bytes. */
|
||||
*--(*p) = len;
|
||||
*--(*p) = MBEDTLS_ASN1_INTEGER;
|
||||
len += 2;
|
||||
|
||||
return( (int) len );
|
||||
}
|
||||
|
||||
/* Transcode signature from uECC format to ASN.1 sequence.
|
||||
* See ecdsa_signature_to_asn1 in ecdsa.c, but with byte buffers instead of
|
||||
* MPIs, and in-place.
|
||||
*
|
||||
* [in/out] sig: the signature pre- and post-transcoding
|
||||
* [in/out] sig_len: signature length pre- and post-transcoding
|
||||
* [int] buf_len: the available size the in/out buffer
|
||||
*
|
||||
* Warning: buf_len must be smaller than 128 Bytes.
|
||||
*/
|
||||
static int pk_ecdsa_sig_asn1_from_uecc( unsigned char *sig, size_t *sig_len,
|
||||
size_t buf_len )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
const size_t rs_len = *sig_len / 2;
|
||||
unsigned char *p = sig + buf_len;
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) );
|
||||
|
||||
/* The ASN.1 length encoding is just a single Byte containing the length,
|
||||
* as we assume that the total buffer length is smaller than 128 Bytes. */
|
||||
*--p = len;
|
||||
*--p = MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE;
|
||||
len += 2;
|
||||
|
||||
memmove( sig, p, len );
|
||||
*sig_len = len;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
static int uecc_eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
unsigned char *sig, size_t *sig_len,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
const mbedtls_uecc_keypair *keypair = (const mbedtls_uecc_keypair *) ctx;
|
||||
const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
|
||||
int ret;
|
||||
|
||||
/*
|
||||
* RFC-4492 page 20:
|
||||
*
|
||||
* Ecdsa-Sig-Value ::= SEQUENCE {
|
||||
* r INTEGER,
|
||||
* s INTEGER
|
||||
* }
|
||||
*
|
||||
* Size is at most
|
||||
* 1 (tag) + 1 (len) + 1 (initial 0) + NUM_ECC_BYTES for each of r and s,
|
||||
* twice that + 1 (tag) + 2 (len) for the sequence
|
||||
*
|
||||
* (The ASN.1 length encodings are all 1-Byte encodings because
|
||||
* the total size is smaller than 128 Bytes).
|
||||
*/
|
||||
#define MAX_SECP256R1_ECDSA_SIG_LEN ( 3 + 2 * ( 3 + NUM_ECC_BYTES ) )
|
||||
|
||||
ret = uECC_sign( keypair->private_key, hash, hash_len, sig, uecc_curve );
|
||||
/* TinyCrypt uses 0 to signal errors. */
|
||||
if( ret == 0 )
|
||||
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
|
||||
|
||||
*sig_len = 2 * NUM_ECC_BYTES;
|
||||
|
||||
/* uECC owns its rng function pointer */
|
||||
(void) f_rng;
|
||||
(void) p_rng;
|
||||
(void) md_alg;
|
||||
|
||||
return( pk_ecdsa_sig_asn1_from_uecc( sig, sig_len,
|
||||
MAX_SECP256R1_ECDSA_SIG_LEN ) );
|
||||
|
||||
#undef MAX_SECP256R1_ECDSA_SIG_LEN
|
||||
}
|
||||
|
||||
static void *uecc_eckey_alloc_wrap( void )
|
||||
{
|
||||
return( mbedtls_calloc( 1, sizeof( mbedtls_uecc_keypair ) ) );
|
||||
}
|
||||
|
||||
static void uecc_eckey_free_wrap( void *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_uecc_keypair ) );
|
||||
mbedtls_free( ctx );
|
||||
}
|
||||
|
||||
const mbedtls_pk_info_t mbedtls_uecc_eckey_info = {
|
||||
MBEDTLS_PK_ECKEY,
|
||||
"EC",
|
||||
uecc_eckey_get_bitlen,
|
||||
uecc_eckey_can_do,
|
||||
uecc_eckey_verify_wrap,
|
||||
uecc_eckey_sign_wrap,
|
||||
NULL,
|
||||
NULL,
|
||||
uecc_eckey_check_pair,
|
||||
uecc_eckey_alloc_wrap,
|
||||
uecc_eckey_free_wrap,
|
||||
NULL,
|
||||
};
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
static int ecdsa_can_do( mbedtls_pk_type_t type )
|
||||
{
|
||||
|
|
|
@ -52,6 +52,9 @@
|
|||
#if defined(MBEDTLS_PKCS12_C)
|
||||
#include "mbedtls/pkcs12.h"
|
||||
#endif
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
#include "tinycrypt/ecc.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
|
@ -176,7 +179,28 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
|
|||
}
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
static int pk_use_ecparams( const mbedtls_asn1_buf *params )
|
||||
{
|
||||
mbedtls_uecc_group_id grp_id;
|
||||
|
||||
if( params->tag == MBEDTLS_ASN1_OID )
|
||||
{
|
||||
if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 )
|
||||
return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE );
|
||||
}
|
||||
else
|
||||
{
|
||||
// Only P-256 is supported
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C) || \
|
||||
defined(MBEDTLS_USE_TINYCRYPT)
|
||||
/* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
|
||||
*
|
||||
* ECParameters ::= CHOICE {
|
||||
|
@ -220,7 +244,11 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
#if !defined(MBEDTLS_USE_TINYCRYPT)
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
|
||||
/*
|
||||
* Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
|
||||
|
@ -516,6 +544,46 @@ static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
|
|||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
#endif /* !MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
/*
|
||||
* Import a point from unsigned binary data (SEC1 2.3.4)
|
||||
*/
|
||||
static int uecc_public_key_read_binary( mbedtls_uecc_keypair *uecc_keypair,
|
||||
const unsigned char *buf, size_t ilen )
|
||||
{
|
||||
if( ilen != 2 * NUM_ECC_BYTES + 1 )
|
||||
return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
|
||||
|
||||
/* We are not handling the point at infinity. */
|
||||
|
||||
if( buf[0] != 0x04 )
|
||||
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
||||
|
||||
memcpy( uecc_keypair->public_key, buf + 1, 2 * NUM_ECC_BYTES );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
static int pk_get_ueccpubkey( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
uint8_t *pk_context)
|
||||
{
|
||||
mbedtls_uecc_keypair *uecc_keypair = (mbedtls_uecc_keypair *) pk_context;
|
||||
int ret;
|
||||
|
||||
ret = uecc_public_key_read_binary( uecc_keypair,
|
||||
(const unsigned char *) *p, end - *p );
|
||||
|
||||
/*
|
||||
* We know uecc_public_key_read_binary consumed all bytes or failed
|
||||
*/
|
||||
*p = (unsigned char *) end;
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
/*
|
||||
|
@ -656,6 +724,12 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
|
|||
ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) );
|
||||
} else
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
if( pk_alg == MBEDTLS_PK_ECKEY )
|
||||
{
|
||||
ret = pk_get_ueccpubkey( p, end, (uint8_t*) pk->pk_ctx );
|
||||
} else
|
||||
#else /* MBEDTLS_USE_TINYCRYPT */
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY )
|
||||
{
|
||||
|
@ -664,6 +738,7 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
|
|||
ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) );
|
||||
} else
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
|
||||
|
||||
if( ret == 0 && *p != end )
|
||||
|
@ -803,6 +878,124 @@ cleanup:
|
|||
}
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
static int pk_parse_key_sec1_der( mbedtls_uecc_keypair *keypair,
|
||||
const unsigned char *key,
|
||||
size_t keylen)
|
||||
{
|
||||
int ret;
|
||||
int version, pubkey_done;
|
||||
size_t len;
|
||||
mbedtls_asn1_buf params;
|
||||
unsigned char *p = (unsigned char *) key;
|
||||
unsigned char *end = p + keylen;
|
||||
unsigned char *end2;
|
||||
|
||||
/*
|
||||
* RFC 5915, or SEC1 Appendix C.4
|
||||
*
|
||||
* ECPrivateKey ::= SEQUENCE {
|
||||
* version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
|
||||
* privateKey OCTET STRING,
|
||||
* parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
|
||||
* publicKey [1] BIT STRING OPTIONAL
|
||||
* }
|
||||
*/
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
||||
}
|
||||
|
||||
end = p + len;
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
||||
|
||||
if( version != 1 )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
||||
|
||||
memcpy( keypair->private_key, p, len );
|
||||
|
||||
p += len;
|
||||
|
||||
pubkey_done = 0;
|
||||
if( p != end )
|
||||
{
|
||||
/*
|
||||
* Is 'parameters' present?
|
||||
*/
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
|
||||
{
|
||||
if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 ||
|
||||
( ret = pk_use_ecparams( ¶ms ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
|
||||
{
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
||||
}
|
||||
}
|
||||
|
||||
if( p != end )
|
||||
{
|
||||
/*
|
||||
* Is 'publickey' present? If not, or if we can't read it (eg because it
|
||||
* is compressed), create it from the private key.
|
||||
*/
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
|
||||
{
|
||||
end2 = p + len;
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
||||
|
||||
if( p + len != end2 )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
||||
|
||||
if( ( ret = uecc_public_key_read_binary( keypair,
|
||||
(const unsigned char *) p, end2 - p ) ) == 0 )
|
||||
{
|
||||
pubkey_done = 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
/*
|
||||
* The only acceptable failure mode of
|
||||
* uecc_public_key_read_binary() above
|
||||
* is if the point format is not recognized.
|
||||
*/
|
||||
if( ret != MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
||||
}
|
||||
}
|
||||
else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
|
||||
{
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
||||
}
|
||||
}
|
||||
|
||||
if( !pubkey_done )
|
||||
{
|
||||
ret = uECC_compute_public_key( keypair->private_key,
|
||||
keypair->public_key,
|
||||
uECC_secp256r1() );
|
||||
if( ret == 0 )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#else /* MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
/*
|
||||
* Parse a SEC1 encoded private EC key
|
||||
|
@ -931,6 +1124,7 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
|
|||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
/*
|
||||
* Parse an unencrypted PKCS#8 encoded private key
|
||||
|
@ -1014,6 +1208,16 @@ static int pk_parse_key_pkcs8_unencrypted_der(
|
|||
}
|
||||
} else
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
if( pk_alg == MBEDTLS_PK_ECKEY )
|
||||
{
|
||||
if( ( ret = pk_use_ecparams( ¶ms ) ) != 0 ||
|
||||
( ret = pk_parse_key_sec1_der( mbedtls_pk_uecc( *pk ), p, len ) ) != 0)
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
} else
|
||||
#else /* MBEDTLS_USE_TINYCRYPT */
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
|
||||
{
|
||||
|
@ -1025,6 +1229,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
|
|||
}
|
||||
} else
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
||||
|
||||
return( 0 );
|
||||
|
@ -1214,7 +1419,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||
return( ret );
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
||||
if( key[keylen - 1] != '\0' )
|
||||
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
||||
|
@ -1227,9 +1432,15 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||
{
|
||||
pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
||||
( ret = pk_parse_key_sec1_der( mbedtls_pk_uecc( *pk ),
|
||||
pem.buf, pem.buflen ) ) != 0 )
|
||||
#else /* MBEDTLS_USE_TINYCRYPT */
|
||||
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
||||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
|
||||
pem.buf, pem.buflen ) ) != 0 )
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
{
|
||||
mbedtls_pk_free( pk );
|
||||
}
|
||||
|
@ -1243,7 +1454,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||
return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
|
||||
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||
return( ret );
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
#endif /* MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
||||
if( key[keylen - 1] != '\0' )
|
||||
|
@ -1350,6 +1561,15 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||
mbedtls_pk_init( pk );
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
|
||||
if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
|
||||
pk_parse_key_sec1_der( mbedtls_pk_uecc( *pk),
|
||||
key, keylen) == 0)
|
||||
{
|
||||
return( 0 );
|
||||
}
|
||||
#else /* MBEDTLS_USE_TINYCRYPT */
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
|
||||
if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
|
||||
|
@ -1360,6 +1580,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||
}
|
||||
mbedtls_pk_free( pk );
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
/* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_C isn't,
|
||||
* it is ok to leave the PK context initialized but not
|
||||
|
|
|
@ -103,16 +103,67 @@ end_of_export:
|
|||
}
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
|
||||
mbedtls_pk_context const *key )
|
||||
{
|
||||
size_t const len = 1 + 2 * NUM_ECC_BYTES;
|
||||
mbedtls_uecc_keypair const * const uecc = mbedtls_pk_uecc( *key );
|
||||
|
||||
if( *p < start || (size_t)( *p - start ) < len )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*p -= len;
|
||||
(*p)[0] = 0x04;
|
||||
memcpy( *p + 1, uecc->public_key, 2 * NUM_ECC_BYTES );
|
||||
|
||||
return( (int) len );
|
||||
}
|
||||
|
||||
static int pk_write_ec_privkey( unsigned char **p, unsigned char *start,
|
||||
mbedtls_pk_context const *key )
|
||||
{
|
||||
mbedtls_uecc_keypair const * const uecc = mbedtls_pk_uecc( *key );
|
||||
return( mbedtls_asn1_write_octet_string(
|
||||
p, start,
|
||||
uecc->private_key,
|
||||
NUM_ECC_BYTES ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* ECParameters ::= CHOICE {
|
||||
* namedCurve OBJECT IDENTIFIER
|
||||
* }
|
||||
*/
|
||||
static int pk_write_ec_param( unsigned char **p, unsigned char *start,
|
||||
mbedtls_pk_context const *key )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
const char *oid;
|
||||
size_t oid_len;
|
||||
((void) key);
|
||||
|
||||
if( ( ret = mbedtls_oid_get_oid_by_ec_grp( MBEDTLS_UECC_DP_SECP256R1,
|
||||
&oid, &oid_len ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
|
||||
|
||||
return( (int) len );
|
||||
}
|
||||
#else /* MBEDTLS_USE_TINYCRYPT */
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
/*
|
||||
* EC public key is an EC point
|
||||
*/
|
||||
static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
|
||||
mbedtls_ecp_keypair *ec )
|
||||
mbedtls_pk_context const *key )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
|
||||
mbedtls_ecp_keypair const * const ec = mbedtls_pk_ec( *key );
|
||||
|
||||
if( ( ret = mbedtls_ecp_point_write_binary( &ec->grp, &ec->Q,
|
||||
MBEDTLS_ECP_PF_UNCOMPRESSED,
|
||||
|
@ -130,18 +181,26 @@ static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
|
|||
return( (int) len );
|
||||
}
|
||||
|
||||
static int pk_write_ec_privkey( unsigned char **p, unsigned char *start,
|
||||
mbedtls_pk_context const *key )
|
||||
{
|
||||
mbedtls_ecp_keypair const * const ec = mbedtls_pk_ec( *key );
|
||||
return( mbedtls_asn1_write_mpi( p, start, &ec->d ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* ECParameters ::= CHOICE {
|
||||
* namedCurve OBJECT IDENTIFIER
|
||||
* }
|
||||
*/
|
||||
static int pk_write_ec_param( unsigned char **p, unsigned char *start,
|
||||
mbedtls_ecp_keypair *ec )
|
||||
mbedtls_pk_context const *key )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
const char *oid;
|
||||
size_t oid_len;
|
||||
mbedtls_ecp_keypair const * const ec = mbedtls_pk_ec( *key );
|
||||
|
||||
if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 )
|
||||
return( ret );
|
||||
|
@ -151,6 +210,7 @@ static int pk_write_ec_param( unsigned char **p, unsigned char *start,
|
|||
return( (int) len );
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
|
||||
const mbedtls_pk_context *key )
|
||||
|
@ -168,11 +228,11 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
|
|||
MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) );
|
||||
else
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
|
||||
MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, mbedtls_pk_ec( *key ) ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, key ) );
|
||||
else
|
||||
#endif
|
||||
#endif /* MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT */
|
||||
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
||||
|
||||
return( (int) len );
|
||||
|
@ -214,12 +274,12 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
|
||||
{
|
||||
MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, mbedtls_pk_ec( *key ) ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, key ) );
|
||||
}
|
||||
#endif
|
||||
#endif /* MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, buf, oid, oid_len,
|
||||
par_len ) );
|
||||
|
@ -323,10 +383,9 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
|
|||
}
|
||||
else
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
|
||||
{
|
||||
mbedtls_ecp_keypair *ec = mbedtls_pk_ec( *key );
|
||||
size_t pub_len = 0, par_len = 0;
|
||||
|
||||
/*
|
||||
|
@ -341,7 +400,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
|
|||
*/
|
||||
|
||||
/* publicKey */
|
||||
MBEDTLS_ASN1_CHK_ADD( pub_len, pk_write_ec_pubkey( &c, buf, ec ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( pub_len, pk_write_ec_pubkey( &c, buf, key ) );
|
||||
|
||||
if( c - buf < 1 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
@ -357,7 +416,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
|
|||
len += pub_len;
|
||||
|
||||
/* parameters */
|
||||
MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, ec ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, key ) );
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_len( &c, buf, par_len ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_tag( &c, buf,
|
||||
|
@ -365,7 +424,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
|
|||
len += par_len;
|
||||
|
||||
/* privateKey: write as MPI then fix tag */
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &ec->d ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_privkey( &c, buf, key ) );
|
||||
*c = MBEDTLS_ASN1_OCTET_STRING;
|
||||
|
||||
/* version */
|
||||
|
@ -376,7 +435,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
|
|||
MBEDTLS_ASN1_SEQUENCE ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
#endif /* MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT */
|
||||
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
||||
|
||||
return( (int) len );
|
||||
|
@ -520,15 +579,15 @@ int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_
|
|||
end = PEM_END_PRIVATE_KEY_RSA;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
|
||||
{
|
||||
begin = PEM_BEGIN_PRIVATE_KEY_EC;
|
||||
end = PEM_END_PRIVATE_KEY_EC;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#endif /* MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT */
|
||||
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
||||
|
||||
if( ( ret = mbedtls_pem_write_buffer( begin, end,
|
||||
|
|
|
@ -2307,14 +2307,17 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(
|
|||
}
|
||||
#endif /* MBEDTLS_PK_C */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT) || \
|
||||
defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
int mbedtls_ssl_ciphersuite_uses_ec(
|
||||
mbedtls_ssl_ciphersuite_handle_t info )
|
||||
{
|
||||
return( mbedtls_ssl_ciphersuite_uses_ec_internal( info ) );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT ||
|
||||
MBEDTLS_ECDH_C ||
|
||||
MBEDTLS_ECDSA_C ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
|
|
|
@ -173,7 +173,8 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
|||
unsigned char *p = buf;
|
||||
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
|
||||
size_t sig_alg_len = 0;
|
||||
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_USE_TINYCRYPT)
|
||||
unsigned char *sig_alg_list = buf + 6;
|
||||
#endif
|
||||
|
||||
|
@ -189,7 +190,7 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH_TLS( hash )
|
||||
((void) hash);
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
sig_alg_len += 2;
|
||||
#endif
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
|
@ -209,7 +210,7 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
|||
sig_alg_len = 0;
|
||||
|
||||
MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH_TLS( hash )
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
sig_alg_list[sig_alg_len++] = hash;
|
||||
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
|
||||
#endif
|
||||
|
@ -330,7 +331,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
|||
*p++ = 2;
|
||||
|
||||
*p++ = 1;
|
||||
*p++ = MBEDTLS_ECP_PF_UNCOMPRESSED;
|
||||
*p++ = MBEDTLS_SSL_EC_PF_UNCOMPRESSED;
|
||||
|
||||
*olen = 6;
|
||||
}
|
||||
|
@ -814,7 +815,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
unsigned char *buf;
|
||||
unsigned char *p, *q;
|
||||
unsigned char offer_compress;
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT) || \
|
||||
defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
int uses_ec = 0;
|
||||
#endif
|
||||
|
@ -978,7 +980,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x",
|
||||
mbedtls_ssl_suite_get_id( ciphersuite_info ) ) );
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT) || \
|
||||
defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
uses_ec |= mbedtls_ssl_ciphersuite_uses_ec( ciphersuite_info );
|
||||
#endif
|
||||
|
@ -1075,7 +1078,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
ext_len += olen;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || \
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT) || \
|
||||
defined(MBEDTLS_ECDH_C) || \
|
||||
defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_USE_TINYCRYPT) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
|
@ -1401,8 +1405,8 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
|||
p = buf + 1;
|
||||
while( list_size > 0 )
|
||||
{
|
||||
if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
|
||||
p[0] == MBEDTLS_ECP_PF_COMPRESSED )
|
||||
if( p[0] == MBEDTLS_SSL_EC_PF_UNCOMPRESSED ||
|
||||
p[0] == MBEDTLS_SSL_EC_PF_COMPRESSED )
|
||||
{
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
ssl->handshake->ecdh_ctx.point_format = p[0];
|
||||
|
@ -2057,7 +2061,8 @@ server_picked_valid_suite:
|
|||
break;
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT) || \
|
||||
defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported_point_formats extension" ) );
|
||||
|
@ -2546,9 +2551,13 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
|
|||
static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret;
|
||||
const mbedtls_ecp_keypair *peer_key;
|
||||
mbedtls_pk_context * peer_pk;
|
||||
|
||||
/* Acquire peer's PK context: In case we store peer's entire
|
||||
* certificate, we extract the context from it. Otherwise,
|
||||
* we can use a temporary copy we've made for the purpose of
|
||||
* signature verification. */
|
||||
|
||||
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||
peer_pk = &ssl->handshake->peer_pubkey;
|
||||
#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||
|
@ -2575,6 +2584,18 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
|
|||
goto cleanup;
|
||||
}
|
||||
|
||||
/* Extract ECDH parameters from peer's PK context. */
|
||||
|
||||
{
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
mbedtls_uecc_keypair *peer_key =
|
||||
mbedtls_pk_uecc( *peer_pk );
|
||||
|
||||
memcpy( ssl->handshake->ecdh_peerkey,
|
||||
peer_key->public_key,
|
||||
sizeof( ssl->handshake->ecdh_peerkey ) );
|
||||
#else /* MBEDTLS_USE_TINYCRYPT */
|
||||
const mbedtls_ecp_keypair *peer_key;
|
||||
peer_key = mbedtls_pk_ec( *peer_pk );
|
||||
|
||||
if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
|
||||
|
@ -2590,6 +2611,8 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
|
|||
ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
|
||||
goto cleanup;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
}
|
||||
|
||||
cleanup:
|
||||
|
||||
|
@ -2807,12 +2830,14 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
|
||||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
|
||||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
|
||||
{
|
||||
static const unsigned char ecdh_group[] = {
|
||||
MBEDTLS_ECP_TLS_NAMED_CURVE,
|
||||
MBEDTLS_SSL_EC_TLS_NAMED_CURVE,
|
||||
0 /* high bits of secp256r1 TLS ID */,
|
||||
23 /* low bits of secp256r1 TLS ID */,
|
||||
};
|
||||
|
@ -3570,9 +3595,14 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
|
||||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
|
||||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
|
||||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
|
||||
|
||||
{
|
||||
const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
|
||||
((void) n);
|
||||
|
@ -3728,6 +3758,24 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
|
|||
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
|
||||
{
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
|
||||
((void) n);
|
||||
((void) ret);
|
||||
|
||||
if( (size_t)( end - p ) < 2 * NUM_ECC_BYTES + 2 )
|
||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||
|
||||
*p++ = 2 * NUM_ECC_BYTES + 1;
|
||||
*p++ = 0x04; /* uncompressed point presentation */
|
||||
|
||||
if( !uECC_make_key( p, ssl->handshake->ecdh_privkey,
|
||||
uecc_curve ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||
}
|
||||
p += 2 * NUM_ECC_BYTES;
|
||||
#else /* MBEDTLS_USE_TINYCRYPT */
|
||||
/*
|
||||
* ClientECDiffieHellmanPublic public;
|
||||
*/
|
||||
|
@ -3743,6 +3791,7 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
|
||||
|
||||
p += n;
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||
|
|
|
@ -347,8 +347,8 @@ static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl,
|
|||
p = buf + 1;
|
||||
while( list_size > 0 )
|
||||
{
|
||||
if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
|
||||
p[0] == MBEDTLS_ECP_PF_COMPRESSED )
|
||||
if( p[0] == MBEDTLS_SSL_EC_PF_UNCOMPRESSED ||
|
||||
p[0] == MBEDTLS_SSL_EC_PF_COMPRESSED )
|
||||
{
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
ssl->handshake->ecdh_ctx.point_format = p[0];
|
||||
|
@ -725,11 +725,17 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
|||
/*
|
||||
* Return 0 if the given key uses one of the acceptable curves, -1 otherwise
|
||||
*/
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
static int ssl_check_key_curve( mbedtls_pk_context *pk,
|
||||
unsigned char const *acceptable_ec_tls_ids,
|
||||
size_t ec_tls_ids_len )
|
||||
{
|
||||
uint16_t tls_id;
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
((void) pk);
|
||||
tls_id = 23; /* TLS ID for Secp256r1. */
|
||||
#else
|
||||
mbedtls_ecp_curve_info const *info;
|
||||
mbedtls_ecp_group_id grp_id = mbedtls_pk_ec( *pk )->grp.id;
|
||||
|
||||
|
@ -737,6 +743,9 @@ static int ssl_check_key_curve( mbedtls_pk_context *pk,
|
|||
if( info == NULL )
|
||||
return( -1 );
|
||||
|
||||
tls_id = info->tls_id;
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
if( acceptable_ec_tls_ids == NULL )
|
||||
return( -1 );
|
||||
|
||||
|
@ -745,7 +754,7 @@ static int ssl_check_key_curve( mbedtls_pk_context *pk,
|
|||
uint16_t const cur_tls_id =
|
||||
( acceptable_ec_tls_ids[0] << 8 ) | acceptable_ec_tls_ids[1];
|
||||
|
||||
if( cur_tls_id == info->tls_id )
|
||||
if( cur_tls_id == tls_id )
|
||||
return( 0 );
|
||||
|
||||
acceptable_ec_tls_ids += 2;
|
||||
|
@ -825,7 +834,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
|
|||
match = 0;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
if( pk_alg == MBEDTLS_PK_ECDSA &&
|
||||
ssl_check_key_curve( pk,
|
||||
acceptable_ec_tls_ids,
|
||||
|
@ -2570,7 +2579,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
|||
*p++ = 2;
|
||||
|
||||
*p++ = 1;
|
||||
*p++ = MBEDTLS_ECP_PF_UNCOMPRESSED;
|
||||
*p++ = MBEDTLS_SSL_EC_PF_UNCOMPRESSED;
|
||||
|
||||
*olen = 6;
|
||||
}
|
||||
|
@ -3064,7 +3073,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
|||
#if defined(MBEDTLS_RSA_C)
|
||||
p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN;
|
||||
#endif
|
||||
|
||||
|
@ -3105,7 +3114,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
|||
p[2 + sa_len++] = hash;
|
||||
p[2 + sa_len++] = MBEDTLS_SSL_SIG_RSA;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
p[2 + sa_len++] = hash;
|
||||
p[2 + sa_len++] = MBEDTLS_SSL_SIG_ECDSA;
|
||||
#endif
|
||||
|
@ -3189,6 +3198,26 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
|||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
mbedtls_uecc_keypair *own_key =
|
||||
mbedtls_pk_uecc( *mbedtls_ssl_own_key( ssl ) );
|
||||
|
||||
if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECKEY ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
|
||||
return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
|
||||
}
|
||||
|
||||
memcpy( ssl->handshake->ecdh_privkey,
|
||||
own_key->private_key,
|
||||
sizeof( ssl->handshake->ecdh_privkey ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#else /* MBEDTLS_USE_TINYCRYPT */
|
||||
static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret;
|
||||
|
@ -3209,6 +3238,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||
|
||||
|
@ -3385,13 +3415,9 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
|
|||
*/
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
|
||||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
|
||||
{
|
||||
static const unsigned char ecdh_param_hdr[] = {
|
||||
MBEDTLS_ECP_TLS_NAMED_CURVE,
|
||||
MBEDTLS_SSL_EC_TLS_NAMED_CURVE,
|
||||
0 /* high bits of secp256r1 TLS ID */,
|
||||
23 /* low bits of secp256r1 TLS ID */,
|
||||
2 * NUM_ECC_BYTES + 1,
|
||||
|
@ -3416,14 +3442,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
|
|||
|
||||
ssl->out_msglen += 2*NUM_ECC_BYTES;
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
#if !defined(MBEDTLS_ECDH_C)
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
#else
|
||||
#else /* MBEDTLS_USE_TINYCRYPT */
|
||||
{
|
||||
const mbedtls_ecp_curve_info *curve =
|
||||
mbedtls_ecp_curve_info_from_tls_id( ssl->handshake->curve_tls_id );
|
||||
|
@ -3464,7 +3483,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
|
||||
MBEDTLS_DEBUG_ECDH_Q );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED */
|
||||
|
||||
|
@ -4200,9 +4219,13 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
|
||||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
|
||||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
|
||||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
|
||||
{
|
||||
((void) ret);
|
||||
if( mbedtls_ssl_ecdh_read_peerkey( ssl, &p, end ) != 0 )
|
||||
|
@ -4322,6 +4345,10 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl,
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
if( mbedtls_ssl_ecdh_read_peerkey( ssl, &p, end ) != 0 )
|
||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||
#else /* MBEDTLS_USE_TINYCRYPT */
|
||||
if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx,
|
||||
p, end - p ) ) != 0 )
|
||||
{
|
||||
|
@ -4330,6 +4357,7 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl,
|
|||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||
|
|
|
@ -75,7 +75,7 @@ int mbedtls_ssl_ecdh_read_peerkey( mbedtls_ssl_context *ssl,
|
|||
if( (size_t)( end - *p ) < secp256r1_uncompressed_point_length )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Bad ECDH peer pubkey (too short)" ) );
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
if( (*p)[0] != 2 * NUM_ECC_BYTES + 1 ||
|
||||
|
@ -86,7 +86,7 @@ int mbedtls_ssl_ecdh_read_peerkey( mbedtls_ssl_context *ssl,
|
|||
0x04,
|
||||
(unsigned) (*p)[0],
|
||||
(unsigned) (*p)[1] ) );
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
memcpy( ssl->handshake->ecdh_peerkey, *p + 2, 2 * NUM_ECC_BYTES );
|
||||
|
@ -1952,9 +1952,13 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl )
|
|||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
|
||||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
|
||||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
|
||||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
||||
== MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
|
||||
{
|
||||
const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
|
||||
((void) ret);
|
||||
|
@ -2154,6 +2158,20 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
|||
int ret;
|
||||
size_t zlen;
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
|
||||
((void) ret);
|
||||
|
||||
if( !uECC_shared_secret( ssl->handshake->ecdh_peerkey,
|
||||
ssl->handshake->ecdh_privkey,
|
||||
p + 2,
|
||||
uecc_curve ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||
}
|
||||
|
||||
zlen = NUM_ECC_BYTES;
|
||||
#else /* MBEDTLS_USE_TINYCRYPT */
|
||||
if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen,
|
||||
p + 2, end - ( p + 2 ),
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
|
@ -2163,12 +2181,14 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
|||
return( ret );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
|
||||
MBEDTLS_DEBUG_ECDH_Z );
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
*(p++) = (unsigned char)( zlen >> 8 );
|
||||
*(p++) = (unsigned char)( zlen );
|
||||
p += zlen;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
|
||||
MBEDTLS_DEBUG_ECDH_Z );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||
|
@ -7177,9 +7197,12 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
|
|||
* Secondary checks: always done, but change 'ret' only if it was 0
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
{
|
||||
int ret;
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
ret = mbedtls_ssl_check_curve_uecc( ssl, MBEDTLS_UECC_DP_SECP256R1 );
|
||||
#else /* MBEDTLS_USE_TINYCRYPT */
|
||||
mbedtls_pk_context *pk;
|
||||
ret = mbedtls_x509_crt_pk_acquire( chain, &pk );
|
||||
if( ret != 0 )
|
||||
|
@ -7190,9 +7213,12 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
|
|||
|
||||
/* If certificate uses an EC key, make sure the curve is OK */
|
||||
if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) )
|
||||
{
|
||||
ret = mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id );
|
||||
}
|
||||
|
||||
mbedtls_x509_crt_pk_release( chain );
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
|
@ -7203,7 +7229,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
|
|||
verify_ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
#endif /* MBEDTLS_ECP_C || MEDTLS_USE_TINYCRYPT */
|
||||
|
||||
if( mbedtls_ssl_check_cert_usage( chain,
|
||||
ciphersuite_info,
|
||||
|
@ -12057,7 +12083,8 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_PK_C) && \
|
||||
( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) )
|
||||
( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) ) || \
|
||||
( defined(MBEDTLS_USE_TINYCRYPT) )
|
||||
/*
|
||||
* Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX
|
||||
*/
|
||||
|
@ -12067,7 +12094,7 @@ unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk )
|
|||
if( mbedtls_pk_can_do( pk, MBEDTLS_PK_RSA ) )
|
||||
return( MBEDTLS_SSL_SIG_RSA );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECDSA ) )
|
||||
return( MBEDTLS_SSL_SIG_ECDSA );
|
||||
#endif
|
||||
|
@ -12095,7 +12122,7 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig )
|
|||
case MBEDTLS_SSL_SIG_RSA:
|
||||
return( MBEDTLS_PK_RSA );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
case MBEDTLS_SSL_SIG_ECDSA:
|
||||
return( MBEDTLS_PK_ECDSA );
|
||||
#endif
|
||||
|
@ -12220,12 +12247,30 @@ unsigned char mbedtls_ssl_hash_from_md_alg( int md )
|
|||
}
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
/*
|
||||
* Check if a curve proposed by the peer is in our list.
|
||||
* Return 0 if we're willing to use it, -1 otherwise.
|
||||
*/
|
||||
int mbedtls_ssl_check_curve_uecc( const mbedtls_ssl_context *ssl,
|
||||
mbedtls_uecc_group_id grp_id )
|
||||
{
|
||||
MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_UECC_GRP_ID( own_ec_id )
|
||||
if( own_ec_id == grp_id )
|
||||
return( 0 );
|
||||
MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_UECC_GRP_ID
|
||||
|
||||
return( -1 );
|
||||
}
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
/*
|
||||
* Check if a curve proposed by the peer is in our list.
|
||||
* Return 0 if we're willing to use it, -1 otherwise.
|
||||
*/
|
||||
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
|
||||
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl,
|
||||
mbedtls_ecp_group_id grp_id )
|
||||
{
|
||||
MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_GRP_ID( own_ec_id )
|
||||
if( own_ec_id == grp_id )
|
||||
|
|
|
@ -510,7 +510,9 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next =
|
|||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
|
||||
0xFFFFFFF, /* Any PK alg */
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_UECC_DP_SECP256R1 ),
|
||||
#elif defined(MBEDTLS_ECP_C)
|
||||
/* Curves at or above 128-bit security level */
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) |
|
||||
|
@ -536,7 +538,9 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
|
|||
/* Only ECDSA */
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) |
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ),
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_UECC_DP_SECP256R1 ),
|
||||
#elif defined(MBEDTLS_ECP_C)
|
||||
/* Only NIST P-256 and P-384 */
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ),
|
||||
|
@ -597,6 +601,16 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
|
|||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
if( pk_alg == MBEDTLS_PK_ECKEY )
|
||||
{
|
||||
if( ( profile->allowed_curves & MBEDTLS_UECC_DP_SECP256R1 ) != 0 )
|
||||
return( 0 );
|
||||
|
||||
return( -1 );
|
||||
}
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
if( pk_alg == MBEDTLS_PK_ECDSA ||
|
||||
pk_alg == MBEDTLS_PK_ECKEY ||
|
||||
|
|
|
@ -2866,6 +2866,14 @@ int query_config( const char *config )
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID)
|
||||
if( strcmp( "MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CONF_SINGLE_SIG_HASH)
|
||||
if( strcmp( "MBEDTLS_SSL_CONF_SINGLE_SIG_HASH", config ) == 0 )
|
||||
{
|
||||
|
|
|
@ -2610,7 +2610,7 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
key_cert_init = 2;
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
|
||||
if( ( ret = mbedtls_x509_crt_parse( &srvcert2,
|
||||
(const unsigned char *) mbedtls_test_srv_crt_ec,
|
||||
mbedtls_test_srv_crt_ec_len ) ) != 0 )
|
||||
|
@ -2628,7 +2628,7 @@ int main( int argc, char *argv[] )
|
|||
goto exit;
|
||||
}
|
||||
key_cert_init2 = 2;
|
||||
#endif /* MBEDTLS_ECDSA_C */
|
||||
#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */
|
||||
#endif /* MBEDTLS_CERTS_C */
|
||||
}
|
||||
|
||||
|
|
|
@ -35,6 +35,7 @@
|
|||
# MBEDTLS_SSL_NO_SESSION_CACHE
|
||||
# MBEDTLS_SSL_NO_SESSION_RESUMPTION
|
||||
# MBEDTLS_RSA_NO_CRT
|
||||
# MBEDTLS_USE_TINYCRYPT
|
||||
# MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
|
||||
# MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
|
||||
# - this could be enabled if the respective tests were adapted
|
||||
|
@ -102,6 +103,7 @@ MBEDTLS_SSL_HW_RECORD_ACCEL
|
|||
MBEDTLS_SSL_PROTO_NO_TLS
|
||||
MBEDTLS_SSL_NO_SESSION_CACHE
|
||||
MBEDTLS_SSL_NO_SESSION_RESUMPTION
|
||||
MBEDTLS_USE_TINYCRYPT
|
||||
MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
|
||||
MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
|
||||
MBEDTLS_X509_REMOVE_INFO
|
||||
|
|
|
@ -32,6 +32,16 @@ SRVMEM=0
|
|||
: ${GNUTLS_CLI:=gnutls-cli}
|
||||
: ${GNUTLS_SERV:=gnutls-serv}
|
||||
|
||||
: ${SRV_ECDSA_CRT:="data_files/server5.crt"}
|
||||
: ${SRV_ECDSA_KEY:="data_files/server5.key"}
|
||||
: ${CLI_ECDSA_CRT:="data_files/server6.crt"}
|
||||
: ${CLI_ECDSA_KEY:="data_files/server6.key"}
|
||||
: ${SRV_RSA_CRT:="data_files/server2.crt"}
|
||||
: ${SRV_RSA_KEY:="data_files/server2.key"}
|
||||
: ${CLI_RSA_CRT:="data_files/server1.crt"}
|
||||
: ${CLI_RSA_KEY:="data_files/server1.key"}
|
||||
: ${CA_FILE:="data_files/test-ca_cat12.crt"}
|
||||
|
||||
# do we have a recent enough GnuTLS?
|
||||
if ( which $GNUTLS_CLI && which $GNUTLS_SERV ) >/dev/null 2>&1; then
|
||||
G_VER="$( $GNUTLS_CLI --version | head -n1 )"
|
||||
|
@ -912,13 +922,13 @@ setup_arguments()
|
|||
|
||||
if [ "X$VERIFY" = "XYES" ];
|
||||
then
|
||||
M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
|
||||
O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
|
||||
G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile data_files/test-ca_cat12.crt --require-client-cert"
|
||||
M_SERVER_ARGS="$M_SERVER_ARGS ca_file=$CA_FILE auth_mode=required"
|
||||
O_SERVER_ARGS="$O_SERVER_ARGS -CAfile $CA_FILE -Verify 10"
|
||||
G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile $CA_FILE --require-client-cert"
|
||||
|
||||
M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
|
||||
O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
|
||||
G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/test-ca_cat12.crt"
|
||||
M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=$CA_FILE auth_mode=required"
|
||||
O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile $CA_FILE -verify 10"
|
||||
G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile $CA_FILE"
|
||||
else
|
||||
# don't request a client cert at all
|
||||
M_SERVER_ARGS="$M_SERVER_ARGS ca_file=none auth_mode=none"
|
||||
|
@ -931,28 +941,28 @@ setup_arguments()
|
|||
|
||||
case $TYPE in
|
||||
"ECDSA")
|
||||
M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
|
||||
O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
|
||||
G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
|
||||
M_SERVER_ARGS="$M_SERVER_ARGS crt_file=$SRV_ECDSA_CRT key_file=$SRV_ECDSA_KEY"
|
||||
O_SERVER_ARGS="$O_SERVER_ARGS -cert $SRV_ECDSA_CRT -key $SRV_ECDSA_KEY"
|
||||
G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile $SRV_ECDSA_CRT --x509keyfile $SRV_ECDSA_KEY"
|
||||
|
||||
if [ "X$VERIFY" = "XYES" ]; then
|
||||
M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
|
||||
O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
|
||||
G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server6.crt --x509keyfile data_files/server6.key"
|
||||
M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=$CLI_ECDSA_CRT key_file=$CLI_ECDSA_KEY"
|
||||
O_CLIENT_ARGS="$O_CLIENT_ARGS -cert $CLI_ECDSA_CRT -key $CLI_ECDSA_KEY"
|
||||
G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile $CLI_ECDSA_CRT --x509keyfile $CLI_ECDSA_KEY"
|
||||
else
|
||||
M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none"
|
||||
fi
|
||||
;;
|
||||
|
||||
"RSA")
|
||||
M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
|
||||
O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
|
||||
G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key"
|
||||
M_SERVER_ARGS="$M_SERVER_ARGS crt_file=$SRV_RSA_CRT key_file=$SRV_RSA_KEY"
|
||||
O_SERVER_ARGS="$O_SERVER_ARGS -cert $SRV_RSA_CRT -key $SRV_RSA_KEY"
|
||||
G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile $SRV_RSA_CRT --x509keyfile $SRV_RSA_KEY"
|
||||
|
||||
if [ "X$VERIFY" = "XYES" ]; then
|
||||
M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
|
||||
O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
|
||||
G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key"
|
||||
M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=$CLI_RSA_CRT key_file=$CLI_RSA_KEY"
|
||||
O_CLIENT_ARGS="$O_CLIENT_ARGS -cert $CLI_RSA_CRT -key $CLI_RSA_KEY"
|
||||
G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile $CLI_RSA_CRT --x509keyfile $CLI_RSA_KEY"
|
||||
else
|
||||
M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none"
|
||||
fi
|
||||
|
|
|
@ -1399,41 +1399,43 @@ component_build_baremetal_raw_armcc () {
|
|||
scripts/baremetal.sh --rom --gcc --armc5 --armc6 --check
|
||||
}
|
||||
|
||||
component_test_default_tinycrypt () {
|
||||
msg "test default config with tinycrypt enabled"
|
||||
component_test_default_tinycrypt_without_legacy_ecc () {
|
||||
msg "test default config with tinycrypt enabled and legacy ECC disabled"
|
||||
|
||||
scripts/config.pl set MBEDTLS_USE_TINYCRYPT
|
||||
scripts/config.pl set MBEDTLS_SSL_CONF_RNG rng_wrap
|
||||
scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC
|
||||
scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
|
||||
scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_ECP_DP_SECP256R1
|
||||
|
||||
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
|
||||
|
||||
msg "test: default config with tinycrypt enabled"
|
||||
make test
|
||||
if_build_succeeded tests/ssl-opt.sh -f "^Default, DTLS$"
|
||||
if_build_succeeded tests/compat.sh -m 'dtls1_2' -f 'ECDHE-ECDSA\|ECDH-ECDSA\|ECDHE-PSK'
|
||||
}
|
||||
|
||||
component_test_default_tinycrypt_without_legacy_ecdh () {
|
||||
msg "test default config with tinycrypt enabled and ecdh_c disabled"
|
||||
|
||||
scripts/config.pl set MBEDTLS_USE_TINYCRYPT
|
||||
scripts/config.pl set MBEDTLS_SSL_CONF_RNG rng_wrap
|
||||
scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC
|
||||
scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
|
||||
scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_ECP_DP_SECP256R1
|
||||
scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID MBEDTLS_UECC_DP_SECP256R1
|
||||
scripts/config.pl unset MBEDTLS_ECP_C
|
||||
scripts/config.pl unset MBEDTLS_ECDH_C
|
||||
scripts/config.pl unset MBEDTLS_ECDSA_C
|
||||
scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||
scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
||||
scripts/config.pl unset MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
scripts/config.pl unset MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
||||
scripts/config.pl unset MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
scripts/config.pl unset MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
scripts/config.pl unset MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
scripts/config.pl unset MBEDTLS_ECP_DP_BP256R1_ENABLED
|
||||
scripts/config.pl unset MBEDTLS_ECP_DP_BP384R1_ENABLED
|
||||
scripts/config.pl unset MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
scripts/config.pl unset MBEDTLS_ECP_DP_SECP192K1_ENABLED
|
||||
scripts/config.pl unset MBEDTLS_ECP_DP_SECP224K1_ENABLED
|
||||
scripts/config.pl unset MBEDTLS_ECP_DP_SECP256K1_ENABLED
|
||||
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
|
||||
|
||||
msg "test: default config with tinycrypt enabled and ecdh_c disabled"
|
||||
msg "test: default config with tinycrypt enabled and legacy ECC disabled"
|
||||
make test
|
||||
if_build_succeeded tests/ssl-opt.sh -f "^Default, DTLS$"
|
||||
if_build_succeeded tests/compat.sh -m 'dtls1_2' -f 'TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA\|+ECDHE-ECDSA:+AES-256-CBC:+SHA1\|ECDHE-ECDSA-AES256-SHA' -e 'SHA384'
|
||||
if_build_succeeded tests/ssl-opt.sh
|
||||
|
||||
export SRV_ECDSA_CRT=data_files/server11.crt.pem
|
||||
export SRV_ECDSA_KEY=data_files/server11.key.pem
|
||||
export CLI_ECDSA_CRT=data_files/cli3.crt.pem
|
||||
export CLI_ECDSA_KEY=data_files/cli3.key.pem
|
||||
export CA_FILE=data_files/test-ca3.crt.pem
|
||||
if_build_succeeded tests/compat.sh -f 'ECDHE-ECDSA\|ECDHE-PSK\|ECDH-ECDSA'
|
||||
}
|
||||
|
||||
component_test_baremetal () {
|
||||
|
|
|
@ -39,6 +39,17 @@ my %algs = (
|
|||
'MBEDTLS_ECP_C' => ['MBEDTLS_ECDSA_C',
|
||||
'MBEDTLS_ECDH_C',
|
||||
'MBEDTLS_ECJPAKE_C',
|
||||
'MBEDTLS_ECP_DP_SECP192R1_ENABLED',
|
||||
'MBEDTLS_ECP_DP_SECP224R1_ENABLED',
|
||||
'MBEDTLS_ECP_DP_SECP256R1_ENABLED',
|
||||
'MBEDTLS_ECP_DP_SECP384R1_ENABLED',
|
||||
'MBEDTLS_ECP_DP_SECP521R1_ENABLED',
|
||||
'MBEDTLS_ECP_DP_BP256R1_ENABLED',
|
||||
'MBEDTLS_ECP_DP_BP384R1_ENABLED',
|
||||
'MBEDTLS_ECP_DP_BP512R1_ENABLED',
|
||||
'MBEDTLS_ECP_DP_SECP192K1_ENABLED',
|
||||
'MBEDTLS_ECP_DP_SECP224K1_ENABLED',
|
||||
'MBEDTLS_ECP_DP_SECP256K1_ENABLED',
|
||||
'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
|
||||
'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED',
|
||||
'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED',
|
||||
|
|
|
@ -645,6 +645,25 @@ check_cmdline_force_version_compat() {
|
|||
fi
|
||||
}
|
||||
|
||||
check_cmdline_crt_key_files_compat() {
|
||||
|
||||
# test-ca2.crt
|
||||
if echo "$CMD" | grep -e "test-ca2" > /dev/null; then
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
fi
|
||||
|
||||
# Variants of server5.key and server5.crt
|
||||
if echo "$CMD" | grep -e "server5" > /dev/null; then
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
fi
|
||||
|
||||
# Variants of server6.key and server6.crt
|
||||
if echo "$CMD" | grep -e "server6" > /dev/null; then
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
# Go through all options that can be hardcoded at compile-time and
|
||||
# detect whether the command line configures them in a conflicting
|
||||
# way. If so, skip the test. Otherwise, remove the corresponding
|
||||
|
@ -655,6 +674,10 @@ check_cmdline_force_version_compat() {
|
|||
check_cmdline_compat() {
|
||||
CMD="$1"
|
||||
|
||||
# Check that if we're specifying particular certificate and/or
|
||||
# ECC key files, the corresponding curve is enabled.
|
||||
check_cmdline_crt_key_files_compat
|
||||
|
||||
# ExtendedMasterSecret configuration
|
||||
check_cmdline_param_compat "extended_ms" \
|
||||
"MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET"
|
||||
|
|
|
@ -28,6 +28,10 @@
|
|||
#include <setjmp.h>
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
#include "tinycrypt/ecc.h"
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
#ifdef _MSC_VER
|
||||
#include <basetsd.h>
|
||||
typedef UINT8 uint8_t;
|
||||
|
@ -545,6 +549,18 @@ static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
static int uecc_rng_wrapper( uint8_t *dest, unsigned int size )
|
||||
{
|
||||
int ret;
|
||||
ret = rnd_std_rand( NULL, dest, size );
|
||||
if( ret == 0 )
|
||||
return( (int) size );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
/**
|
||||
* This function only returns zeros
|
||||
*
|
||||
|
|
|
@ -410,6 +410,10 @@ int execute_tests( int argc , const char ** argv )
|
|||
mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof( alloc_buf ) );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
uECC_set_rng( &uecc_rng_wrapper );
|
||||
#endif
|
||||
|
||||
/*
|
||||
* The C standard doesn't guarantee that all-bits-0 is the representation
|
||||
* of a NULL pointer. We do however use that in our code for initializing
|
||||
|
|
|
@ -42,7 +42,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:!MB
|
|||
mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
|
||||
|
||||
Debug print certificate #2 (EC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
|
||||
|
||||
Debug print mbedtls_mpi #1
|
||||
|
|
|
@ -12,10 +12,14 @@ PK utils: RSA
|
|||
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
|
||||
pk_utils:MBEDTLS_PK_RSA:512:64:"RSA"
|
||||
|
||||
PK utils: ECKEY
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
PK utils: ECKEY (legacy)
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
pk_utils:MBEDTLS_PK_ECKEY:192:24:"EC"
|
||||
|
||||
PK utils: ECKEY (TinyCrypt)
|
||||
depends_on:MBEDTLS_USE_TINYCRYPT
|
||||
pk_utils:MBEDTLS_PK_ECKEY:256:32:"EC"
|
||||
|
||||
PK utils: ECKEY_DH
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
pk_utils:MBEDTLS_PK_ECKEY_DH:192:24:"EC_DH"
|
||||
|
@ -144,10 +148,14 @@ Check pair #1 (EC, OK)
|
|||
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0
|
||||
|
||||
Check pair #2 (EC, bad)
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
Check pair #2 (EC, bad, legacy ECC)
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
Check pair #2 (EC, bad, TinyCrypt)
|
||||
depends_on:MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_PK_BAD_INPUT_DATA
|
||||
|
||||
Check pair #3 (RSA, OK)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server1.key":0
|
||||
|
|
|
@ -7,6 +7,10 @@
|
|||
#include "mbedtls/ecp.h"
|
||||
#include "mbedtls/rsa.h"
|
||||
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
#include "tinycrypt/ecc_dh.h"
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
|
||||
#include <limits.h>
|
||||
#include <stdint.h>
|
||||
|
||||
|
@ -21,8 +25,24 @@ static int pk_genkey( mbedtls_pk_context *pk )
|
|||
|
||||
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
|
||||
if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA )
|
||||
{
|
||||
return mbedtls_rsa_gen_key( mbedtls_pk_rsa( *pk ), rnd_std_rand, NULL, RSA_KEY_SIZE, 3 );
|
||||
} else
|
||||
#endif
|
||||
#if defined(MBEDTLS_USE_TINYCRYPT)
|
||||
if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY )
|
||||
{
|
||||
int ret;
|
||||
|
||||
ret = uECC_make_key( mbedtls_pk_uecc( *pk )->public_key,
|
||||
mbedtls_pk_uecc( *pk )->private_key,
|
||||
uECC_secp256r1() );
|
||||
if( ret == 0 )
|
||||
return( -1 );
|
||||
|
||||
return( 0 );
|
||||
} else
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY ||
|
||||
mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY_DH ||
|
||||
|
@ -35,7 +55,7 @@ static int pk_genkey( mbedtls_pk_context *pk )
|
|||
|
||||
return mbedtls_ecp_gen_keypair( &mbedtls_pk_ec( *pk )->grp, &mbedtls_pk_ec( *pk )->d,
|
||||
&mbedtls_pk_ec( *pk )->Q, rnd_std_rand, NULL );
|
||||
}
|
||||
} else
|
||||
#endif
|
||||
return( -1 );
|
||||
}
|
||||
|
@ -649,7 +669,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:!MBEDTLS_USE_TINYCRYPT */
|
||||
void pk_ec_test_vec( int type, int id, data_t * key, data_t * hash,
|
||||
data_t * sig, int ret )
|
||||
{
|
||||
|
|
|
@ -964,10 +964,14 @@ Parse Public EC Key #3 (RFC 5480, secp224r1)
|
|||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
||||
pk_parse_public_keyfile_ec:"data_files/ec_224_pub.pem":0
|
||||
|
||||
Parse Public EC Key #4 (RFC 5480, secp256r1)
|
||||
Parse Public EC Key #4 (RFC 5480, secp256r1, legacy ECC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0
|
||||
|
||||
Parse Public EC Key #4 (RFC 5480, secp256r1, TinyCrypt)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
|
||||
pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0
|
||||
|
||||
Parse Public EC Key #5 (RFC 5480, secp384r1)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
pk_parse_public_keyfile_ec:"data_files/ec_384_pub.pem":0
|
||||
|
@ -1004,14 +1008,22 @@ Parse EC Key #4 (PKCS8 DER)
|
|||
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0
|
||||
|
||||
Parse EC Key #4a (PKCS8 DER, no public key)
|
||||
Parse EC Key #4a (PKCS8 DER, no public key, legacy ECC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0
|
||||
|
||||
Parse EC Key #4b (PKCS8 DER, no public key, with parameters)
|
||||
Parse EC Key #4a (PKCS8 DER, no public key, TinyCrypt)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0
|
||||
|
||||
Parse EC Key #4b (PKCS8 DER, no public key, with parameters, legacy ECC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0
|
||||
|
||||
Parse EC Key #4b (PKCS8 DER, no public key, with parameters, TinyCrypt)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0
|
||||
|
||||
Parse EC Key #4c (PKCS8 DER, with parameters)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0
|
||||
|
@ -1020,18 +1032,30 @@ Parse EC Key #5 (PKCS8 PEM)
|
|||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pem":"NULL":0
|
||||
|
||||
Parse EC Key #5a (PKCS8 PEM, no public key)
|
||||
Parse EC Key #5a (PKCS8 PEM, no public key, legacy ECC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0
|
||||
|
||||
Parse EC Key #5b (PKCS8 PEM, no public key, with parameters)
|
||||
Parse EC Key #5a (PKCS8 PEM, no public key, TinyCrypt)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0
|
||||
|
||||
Parse EC Key #5b (PKCS8 PEM, no public key, with parameters, legacy ECC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0
|
||||
|
||||
Parse EC Key #5c (PKCS8 PEM, with parameters)
|
||||
Parse EC Key #5b (PKCS8 PEM, no public key, with parameters, TinyCrypt)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0
|
||||
|
||||
Parse EC Key #5c (PKCS8 PEM, with parameters, legacy ECC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0
|
||||
|
||||
Parse EC Key #5c (PKCS8 PEM, with parameters, TinyCrypt)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0
|
||||
|
||||
Parse EC Key #6 (PKCS8 encrypted DER)
|
||||
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pw.der":"polar":0
|
||||
|
@ -1044,10 +1068,14 @@ Parse EC Key #8 (SEC1 PEM, secp224r1)
|
|||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
||||
pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0
|
||||
|
||||
Parse EC Key #9 (SEC1 PEM, secp256r1)
|
||||
Parse EC Key #9 (SEC1 PEM, secp256r1, legacy ECC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0
|
||||
|
||||
Parse EC Key #9 (SEC1 PEM, secp256r1, TinyCrypt)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
|
||||
pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0
|
||||
|
||||
Parse EC Key #10 (SEC1 PEM, secp384r1)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
pk_parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0
|
||||
|
|
|
@ -63,9 +63,13 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_C */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
|
||||
void pk_parse_public_keyfile_ec( char * key_file, int result )
|
||||
{
|
||||
#if !defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_USE_TINYCRYPT)
|
||||
((void) key_file);
|
||||
((void) result);
|
||||
#else
|
||||
mbedtls_pk_context ctx;
|
||||
int res;
|
||||
|
||||
|
@ -77,20 +81,37 @@ void pk_parse_public_keyfile_ec( char * key_file, int result )
|
|||
|
||||
if( res == 0 )
|
||||
{
|
||||
#if !defined(MBEDTLS_USE_TINYCRYPT)
|
||||
mbedtls_ecp_keypair *eckey;
|
||||
#else
|
||||
mbedtls_uecc_keypair *uecckey;
|
||||
#endif
|
||||
TEST_ASSERT( mbedtls_pk_can_do( &ctx, MBEDTLS_PK_ECKEY ) );
|
||||
|
||||
#if !defined(MBEDTLS_USE_TINYCRYPT)
|
||||
eckey = mbedtls_pk_ec( ctx );
|
||||
TEST_ASSERT( mbedtls_ecp_check_pubkey( &eckey->grp, &eckey->Q ) == 0 );
|
||||
#else
|
||||
uecckey = mbedtls_pk_uecc( ctx );
|
||||
TEST_ASSERT( uECC_valid_public_key( uecckey->public_key,
|
||||
uECC_secp256r1() ) == 0 );
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_pk_free( &ctx );
|
||||
#endif /* !MBEDTLS_ECP_C && !MBEDTLS_USE_TINYCRYPT */
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_C */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
|
||||
void pk_parse_keyfile_ec( char * key_file, char * password, int result )
|
||||
{
|
||||
#if !defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_USE_TINYCRYPT)
|
||||
((void) key_file);
|
||||
((void) password);
|
||||
((void) result);
|
||||
#else
|
||||
mbedtls_pk_context ctx;
|
||||
int res;
|
||||
|
||||
|
@ -102,14 +123,32 @@ void pk_parse_keyfile_ec( char * key_file, char * password, int result )
|
|||
|
||||
if( res == 0 )
|
||||
{
|
||||
#if !defined(MBEDTLS_USE_TINYCRYPT)
|
||||
mbedtls_ecp_keypair *eckey;
|
||||
#else
|
||||
mbedtls_uecc_keypair *uecckey;
|
||||
unsigned char tmp_pubkey[ 2 * NUM_ECC_BYTES ];
|
||||
#endif
|
||||
TEST_ASSERT( mbedtls_pk_can_do( &ctx, MBEDTLS_PK_ECKEY ) );
|
||||
|
||||
#if !defined(MBEDTLS_USE_TINYCRYPT)
|
||||
eckey = mbedtls_pk_ec( ctx );
|
||||
TEST_ASSERT( mbedtls_ecp_check_privkey( &eckey->grp, &eckey->d ) == 0 );
|
||||
#else
|
||||
uecckey = mbedtls_pk_uecc( ctx );
|
||||
TEST_ASSERT( uECC_valid_public_key( uecckey->public_key,
|
||||
uECC_secp256r1() ) == 0 );
|
||||
TEST_ASSERT( uECC_compute_public_key( uecckey->private_key,
|
||||
tmp_pubkey,
|
||||
uECC_secp256r1() ) != 0 );
|
||||
TEST_ASSERT( memcmp( tmp_pubkey, uecckey->public_key,
|
||||
sizeof( tmp_pubkey ) ) == 0 );
|
||||
#endif /* MBEDTLS_USE_TINYCRYPT */
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_pk_free( &ctx );
|
||||
#endif /* !MBEDTLS_ECP_C && !MBEDTLS_USE_TINYCRYPT */
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
|
|
@ -7,15 +7,15 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C
|
|||
pk_write_pubkey_check:"data_files/rsa4096_pub.pem"
|
||||
|
||||
Public key write check EC 192 bits
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
pk_write_pubkey_check:"data_files/ec_pub.pem"
|
||||
|
||||
Public key write check EC 521 bits
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
pk_write_pubkey_check:"data_files/ec_521_pub.pem"
|
||||
|
||||
Public key write check EC Brainpool 512 bits
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
pk_write_pubkey_check:"data_files/ec_bp512_pub.pem"
|
||||
|
||||
Private key write check RSA
|
||||
|
@ -27,13 +27,21 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C
|
|||
pk_write_key_check:"data_files/rsa4096_prv.pem"
|
||||
|
||||
Private key write check EC 192 bits
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
pk_write_key_check:"data_files/ec_prv.sec1.pem"
|
||||
|
||||
Private key write check EC 256 bits (legacy ECC)
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
pk_write_key_check:"data_files/ec_256_prv.pem"
|
||||
|
||||
Private key write check EC 256 bits (TinyCrypt)
|
||||
depends_on:MBEDTLS_BASE64_C:MBEDTLS_USE_TINYCRYPT
|
||||
pk_write_key_check:"data_files/ec_256_prv.pem"
|
||||
|
||||
Private key write check EC 521 bits
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
pk_write_key_check:"data_files/ec_521_prv.pem"
|
||||
|
||||
Private key write check EC Brainpool 512 bits
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
pk_write_key_check:"data_files/ec_bp512_prv.pem"
|
||||
|
|
|
@ -131,7 +131,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
|
|||
x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
|
||||
|
||||
X509 CRT information EC signed by RSA
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n"
|
||||
|
||||
X509 CRT information Bitstring in subject name
|
||||
|
@ -371,28 +371,44 @@ X509 Time Expired #6
|
|||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C
|
||||
mbedtls_x509_time_is_past:"data_files/test-ca.crt":"valid_to":0
|
||||
|
||||
X509 Time Future #1
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
|
||||
X509 Time Future #1 (legacy ECC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_from":0
|
||||
|
||||
X509 Time Future #2
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
|
||||
X509 Time Future #1 (TinyCrypt)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
|
||||
mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_from":0
|
||||
|
||||
X509 Time Future #2 (legacy ECC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_to":1
|
||||
|
||||
X509 Time Future #3
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
|
||||
X509 Time Future #2 (TinyCrypt)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
|
||||
mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_to":1
|
||||
|
||||
X509 Time Future #3 (legacy ECC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_from":1
|
||||
|
||||
X509 Time Future #4
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
|
||||
X509 Time Future #3 (TinyCrypt)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
|
||||
mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_from":1
|
||||
|
||||
X509 Time Future #4 (legacy ECC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_to":1
|
||||
|
||||
X509 Time Future #4 (TinyCrypt)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
|
||||
mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_to":1
|
||||
|
||||
X509 Time Future #5
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_from":0
|
||||
|
||||
X509 Time Future #6
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_to":1
|
||||
|
||||
X509 CRT verification #1 (Revoked Cert, Expired CRL, no CN)
|
||||
|
@ -400,7 +416,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MB
|
|||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #1a (Revoked Cert, Future CRL, no CN)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #2 (Revoked Cert, Expired CRL)
|
||||
|
@ -408,7 +424,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MB
|
|||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #2a (Revoked Cert, Future CRL)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #3 (Revoked Cert, Future CRL, CN Mismatch)
|
||||
|
@ -416,11 +432,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MB
|
|||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #3a (Revoked Cert, Future CRL, CN Discard)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #3b (Revoked Cert, Expired CRL, CN Mismatch)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #3c (Revoked Cert, Expired CRL, CN Discard)
|
||||
|
@ -432,7 +448,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MB
|
|||
x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #4a (Revoked Cert, Future CRL)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #5 (Revoked Cert)
|
||||
|
@ -464,23 +480,23 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MB
|
|||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #8 (Valid Cert)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #8a (Expired Cert)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #8b (Future Cert)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #8c (Expired Cert, longer chain)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #8d (Future Cert, longer chain)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server7-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #9 (Not trusted Cert)
|
||||
|
@ -632,35 +648,35 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MB
|
|||
x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #32 (Valid, EC cert, RSA CA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #33 (Valid, RSA cert, EC CA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #34 (Valid, EC cert, EC CA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #35 (Revoked, EC CA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #36 (Valid, EC CA, SHA1 Digest)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #37 (Valid, EC CA, SHA224 Digest)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #38 (Valid, EC CA, SHA384 Digest)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #39 (Valid, EC CA, SHA512 Digest)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5-sha512.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #40 (Valid, depth 0, RSA, CA)
|
||||
|
@ -668,19 +684,23 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:
|
|||
x509_verify:"data_files/test-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #41 (Valid, depth 0, EC, CA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/test-ca2.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #42 (Depth 0, not CA, RSA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
|
||||
x509_verify:"data_files/server2.crt":"data_files/server2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #43 (Depth 0, not CA, EC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
|
||||
X509 CRT verification #43 (Depth 0, not CA, EC, legacy ECC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #43 (Depth 0, not CA, EC, TinyCrypt)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_SHA256_C
|
||||
x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #44 (Corrupted signature, EC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #45 (Corrupted signature, RSA)
|
||||
|
@ -688,51 +708,59 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
|
|||
x509_verify:"data_files/server2-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #45b (Corrupted signature, intermediate CA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #46 (Valid, depth 2, EC-RSA-EC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #47 (Untrusted, depth 2, EC-RSA-EC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||
X509 CRT verification #47 (Untrusted, depth 2, EC-RSA-EC, legacy ECC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #48 (Missing intermediate CA, EC-RSA-EC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||
X509 CRT verification #47 (Untrusted, depth 2, EC-RSA-EC, TinyCrypt)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_RSA_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||
x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #48 (Missing intermediate CA, EC-RSA-EC, legacy ECC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #48 (Missing intermediate CA, EC-RSA-EC, TinyCrypt)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_RSA_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||
x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #49 (Valid, depth 2, RSA-EC-RSA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server8_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #50 (Valid, multiple CAs)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server2.crt":"data_files/test-ca_cat12.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #51 (Valid, multiple CAs, reverse order)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server2.crt":"data_files/test-ca_cat21.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #52 (CA keyUsage valid)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt_crl.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #53 (CA keyUsage missing cRLSign)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #54 (CA keyUsage missing cRLSign, no CRL)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #55 (CA keyUsage missing keyCertSign)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crl.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #56 (CA keyUsage plain wrong)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-ds.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #57 (Valid, RSASSA-PSS, SHA-1)
|
||||
|
@ -772,7 +800,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
|
|||
x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #66 (RSASSA-PSS, SHA1, no RSA CA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #67 (Valid, RSASSA-PSS, all defaults)
|
||||
|
@ -799,12 +827,20 @@ X509 CRT verification #72 (v1 chain)
|
|||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||
x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #73 (selfsigned trusted without CA bit)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
|
||||
X509 CRT verification #73 (selfsigned trusted without CA bit, legacy ECC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #74 (signed by selfsigned trusted without CA bit)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
|
||||
X509 CRT verification #73 (selfsigned trusted without CA bit, TinyCrypt)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
|
||||
x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #74 (signed by selfsigned trusted without CA bit, legacy ECC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #74 (signed by selfsigned trusted without CA bit, TinyCrypt)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
|
||||
x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #75 (encoding mismatch)
|
||||
|
@ -812,63 +848,67 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
|||
x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #76 (multiple CRLs, not revoked)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #77 (multiple CRLs, revoked)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #78 (multiple CRLs, revoked by second)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #79 (multiple CRLs, revoked by future)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #80 (multiple CRLs, first future, revoked by second)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #81 (multiple CRLs, none relevant)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #82 (Not yet valid CA and valid CA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #83 (valid CA and Not yet valid CA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #84 (valid CA and Not yet valid CA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #85 (Not yet valid CA and valid CA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #86 (Not yet valid CA and invalid CA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #87 (Expired CA and invalid CA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #88 (Spurious cert in the chain)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server7_spurious_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #89 (Spurious cert later in the chain)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server10_int3_spurious_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #90 (EE with same name as trusted root)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||
X509 CRT verification #90 (EE with same name as trusted root, legacy ECC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5-ss-forgeca.crt":"data_files/test-int-ca3.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"":"NULL"
|
||||
|
||||
X509 CRT verification #90 (EE with same name as trusted root, TinyCrypt)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||
x509_verify:"data_files/server5-ss-forgeca.crt":"data_files/test-int-ca3.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"":"NULL"
|
||||
|
||||
X509 CRT verification #91 (same CA with good then bad key)
|
||||
|
@ -880,19 +920,19 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MB
|
|||
x509_verify:"data_files/server1.crt":"data_files/test-ca-alt-good.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 CRT verification #92 (bad name, allowing callback)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all"
|
||||
|
||||
X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL"
|
||||
|
||||
X509 CRT verification #94 (Suite B invalid, RSA cert, EC CA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_PK:"suite_b":"NULL"
|
||||
|
||||
X509 CRT verification #95 (Suite B Valid, EC cert, EC CA)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL"
|
||||
|
||||
X509 CRT verification #96 (next profile Invalid Cert SHA224 Digest)
|
||||
|
@ -904,15 +944,19 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:
|
|||
x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL"
|
||||
|
||||
X509 CRT verification callback: bad name
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2.crt":"globalhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000004\n"
|
||||
|
||||
X509 CRT verification callback: bad name discard
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2.crt":"globalhost":0:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
|
||||
|
||||
X509 CRT verification callback: trusted EE cert
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
X509 CRT verification callback: trusted EE cert , legacy ECC
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"NULL":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x00000000\n"
|
||||
|
||||
X509 CRT verification callback: trusted EE cert , TinyCrypt
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPTu
|
||||
x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"NULL":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x00000000\n"
|
||||
|
||||
X509 CRT verification callback: trusted EE cert, expired
|
||||
|
@ -924,71 +968,71 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
|||
x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
|
||||
|
||||
X509 CRT verification callback: simple, EE expired
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 1E - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n"
|
||||
|
||||
X509 CRT verification callback: simple, root expired
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
|
||||
|
||||
X509 CRT verification callback: two trusted roots
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
|
||||
|
||||
X509 CRT verification callback: two trusted roots, reversed order
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
|
||||
|
||||
X509 CRT verification callback: root included
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
|
||||
|
||||
X509 CRT verification callback: intermediate ca
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
|
||||
|
||||
X509 CRT verification callback: intermediate ca, root included
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
|
||||
|
||||
X509 CRT verification callback: intermediate ca trusted
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":"NULL":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
|
||||
|
||||
X509 CRT verification callback: intermediate ca, EE expired
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n"
|
||||
|
||||
X509 CRT verification callback: intermediate ca, int expired
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server7_int-ca-exp.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
|
||||
|
||||
X509 CRT verification callback: intermediate ca, root expired
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
|
||||
|
||||
X509 CRT verification callback: two intermediates
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
|
||||
|
||||
X509 CRT verification callback: two intermediates, root included
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
|
||||
|
||||
X509 CRT verification callback: two intermediates, top int trusted
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":"NULL":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
|
||||
|
||||
X509 CRT verification callback: two intermediates, low int trusted
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":"NULL":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
|
||||
|
||||
X509 CRT verification callback: no intermediate, bad signature
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n"
|
||||
|
||||
X509 CRT verification callback: one intermediate, bad signature
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_verify_callback:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n"
|
||||
|
||||
X509 Parse Selftest
|
||||
|
@ -1878,11 +1922,11 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C
|
|||
x509parse_crt:"3081e630819e020103300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3133303731303039343631385a170d3233303730383039343631385a300f310d300b0603550403130454657374304c300d06092a864886f70d0101010500033b003038023100e8f546061d3b49bc2f6b7524b7ea4d73a8d5293ee8c64d9407b70b5d16baebc32b8205591eab4e1eb57e9241883701250203010001300906072a8648ce3d0401033800303502186e18209afbed14a0d9a796efcad68891e3ccd5f75815c833021900e92b4fd460b1994693243b9ffad54729de865381bda41d25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0
|
||||
|
||||
X509 CRT ASN1 (ECDSA signature, EC key)
|
||||
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C
|
||||
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509parse_crt:"3081eb3081a3020900f41534662ec7e912300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3133303731303039343031395a170d3233303730383039343031395a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d030101033200042137969fabd4e370624a0e1a33e379cab950cce00ef8c3c3e2adaeb7271c8f07659d65d3d777dcf21614363ae4b6e617300906072a8648ce3d04010338003035021858cc0f957946fe6a303d92885a456aa74c743c7b708cbd37021900fe293cac21af352d16b82eb8ea54e9410b3abaadd9f05dd6":"cert. version \: 1\nserial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:40\:19\nexpires on \: 2023-07-08 09\:40\:19\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n":0
|
||||
|
||||
X509 CRT ASN1 (RSA signature, EC key)
|
||||
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
|
||||
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_USE_TINYCRYPT
|
||||
x509parse_crt:"3081e430819f020104300d06092a864886f70d0101050500300f310d300b0603550403130454657374301e170d3133303731303135303233375a170d3233303730383135303233375a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d03010103320004e962551a325b21b50cf6b990e33d4318fd16677130726357a196e3efe7107bcb6bdc6d9db2a4df7c964acfe81798433d300d06092a864886f70d01010505000331001a6c18cd1e457474b2d3912743f44b571341a7859a0122774a8e19a671680878936949f904c9255bdd6fffdb33a7e6d8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0
|
||||
|
||||
X509 CRL ASN1 (Incorrect first tag)
|
||||
|
@ -1984,23 +2028,31 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
|
|||
mbedtls_x509_crt_parse_path:"data_files/dir1":0:1
|
||||
|
||||
X509 CRT parse path #3 (two certs)
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_parse_path:"data_files/dir2":0:2
|
||||
|
||||
X509 CRT parse path #4 (two certs, one non-cert)
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_parse_path:"data_files/dir3":1:2
|
||||
|
||||
X509 CRT verify long chain (max intermediate CA, trusted)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
X509 CRT verify long chain (max intermediate CA, trusted, legacy ECC)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA:0:0
|
||||
|
||||
X509 CRT verify long chain (max intermediate CA, trusted, TinyCrypt)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA:0:0
|
||||
|
||||
X509 CRT verify long chain (max intermediate CA, untrusted)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_max:"data_files/test-ca2.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA-1:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED
|
||||
|
||||
X509 CRT verify long chain (max intermediate CA + 1)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
X509 CRT verify long chain (max intermediate CA + 1, legacy ECC)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA+1:MBEDTLS_ERR_X509_FATAL_ERROR:-1
|
||||
|
||||
X509 CRT verify long chain (max intermediate CA + 1, TinyCrypt)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA+1:MBEDTLS_ERR_X509_FATAL_ERROR:-1
|
||||
|
||||
X509 CRT verify chain #1 (zero pathlen intermediate)
|
||||
|
@ -2048,15 +2100,19 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
|||
mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":-1:MBEDTLS_ERR_X509_BAD_INPUT_DATA:"nonesuch":0
|
||||
|
||||
X509 CRT verify chain #12 (suiteb profile, RSA root)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_chain:"data_files/server3.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0
|
||||
|
||||
X509 CRT verify chain #13 (RSA only profile, EC root)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_chain:"data_files/server4.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
|
||||
|
||||
X509 CRT verify chain #13 (RSA only profile, EC trusted EE)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
X509 CRT verify chain #13 (RSA only profile, EC trusted EE, legacy ECC)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_chain:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
|
||||
|
||||
X509 CRT verify chain #13 (RSA only profile, EC trusted EE, TinyCrypt)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_chain:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
|
||||
|
||||
X509 CRT verify chain #14 (RSA-3072 profile, root key too small)
|
||||
|
@ -2064,47 +2120,47 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
|
|||
mbedtls_x509_crt_verify_chain:"data_files/server1.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
|
||||
|
||||
X509 CRT verify chain #15 (suiteb profile, rsa intermediate)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0
|
||||
|
||||
X509 CRT verify chain #16 (RSA-only profile, EC intermediate)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_chain:"data_files/server8.crt data_files/test-int-ca2.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
|
||||
|
||||
X509 CRT verify chain #17 (SHA-512 profile)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_MD:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"sha512":0
|
||||
|
||||
X509 CRT verify chain #18 (len=1, vrfy fatal on depth 1)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca2.crt":-1:-2:"":2
|
||||
|
||||
X509 CRT verify chain #19 (len=0, vrfy fatal on depth 0)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca2.crt":-1:-1:"":1
|
||||
|
||||
X509 CRT verify chain #20 (len=1, vrfy fatal on depth 0)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca.crt":-1:-1:"":1
|
||||
|
||||
X509 CRT verify chain #21 (len=3, vrfy fatal on depth 3)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-4:"":8
|
||||
|
||||
X509 CRT verify chain #22 (len=3, vrfy fatal on depth 2)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-3:"":4
|
||||
|
||||
X509 CRT verify chain #23 (len=3, vrfy fatal on depth 1)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-2:"":2
|
||||
|
||||
X509 CRT verify chain #24 (len=3, vrfy fatal on depth 0)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-1:"":1
|
||||
|
||||
X509 CRT verify chain #25 (len=3, vrfy fatal on depth 3, untrusted)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca2.crt":-1:-4:"":8
|
||||
|
||||
X509 OID description #1
|
||||
|
|
|
@ -338,6 +338,11 @@ void x509_verify_restart( char *crt_file, char *ca_file,
|
|||
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
|
||||
|
||||
TEST_ASSERT( ret == result );
|
||||
if( flags != (uint32_t) flags_result )
|
||||
{
|
||||
fprintf( stderr, "Expected %#04x, got %#04x\n",
|
||||
(unsigned) flags_result, (unsigned) flags );
|
||||
}
|
||||
TEST_ASSERT( flags == (uint32_t) flags_result );
|
||||
|
||||
TEST_ASSERT( cnt_restart >= min_restart );
|
||||
|
@ -421,6 +426,12 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file,
|
|||
&flags, f_vrfy, NULL );
|
||||
|
||||
TEST_ASSERT( res == ( result ) );
|
||||
if( flags != (uint32_t) flags_result )
|
||||
{
|
||||
fprintf( stderr, "Expected %#04x, got %#04x\n",
|
||||
(unsigned) flags_result, (unsigned) flags );
|
||||
}
|
||||
|
||||
TEST_ASSERT( flags == (uint32_t)( flags_result ) );
|
||||
|
||||
exit:
|
||||
|
|
|
@ -47,7 +47,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
|||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1
|
||||
|
||||
Certificate Request check Server5 ECDSA, key_usage
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
|
||||
x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0
|
||||
|
||||
Certificate write check Server1 SHA1
|
||||
|
|
Loading…
Reference in a new issue