yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-24 05:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5089 from ronald-cron-arm/psa-test-driver

Browse source 
Introduce PSA test driver library to test PSA configuration
This commit is contained in:
Gilles Peskine 2021-12-01 16:45:53 +01:00 committed by GitHub
parent dbfc6510b0 9ecdd970d0
commit ebe6caa869
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
44 changed files with 1661 additions and 1930 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
include/mbedtls/config_psa.h
View file

@ -93,6 +93,10 @@ extern "C" {
#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
#define MBEDTLS_ECDSA_C
#define MBEDTLS_ECP_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
#endif /* PSA_WANT_ALG_ECDSA */
@ -235,6 +239,8 @@ extern "C" {
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_PK_WRITE_C
#define MBEDTLS_PK_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR */
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
@ -247,6 +253,8 @@ extern "C" {
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_PK_WRITE_C
#define MBEDTLS_PK_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */
#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
@ -435,10 +443,12 @@ extern "C" {
#endif /* PSA_WANT_ALG_GCM */
#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305)
#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
#define MBEDTLS_CHACHAPOLY_C
#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
#endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */
#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)

13
include/psa/crypto_builtin_composites.h
View file

@ -76,17 +76,4 @@ typedef struct
#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}}
/*
* BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.
*/
#if defined(PSA_CRYPTO_DRIVER_TEST)
typedef mbedtls_psa_mac_operation_t mbedtls_transparent_test_driver_mac_operation_t;
typedef mbedtls_psa_mac_operation_t mbedtls_opaque_test_driver_mac_operation_t;
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT
#define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */

41
include/psa/crypto_builtin_primitives.h
View file

@ -65,25 +65,27 @@ typedef struct
union
{
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
#if defined(MBEDTLS_MD2_C)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
mbedtls_md2_context md2;
#endif
#if defined(MBEDTLS_MD4_C)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
mbedtls_md4_context md4;
#endif
#if defined(MBEDTLS_MD5_C)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
mbedtls_md5_context md5;
#endif
#if defined(MBEDTLS_RIPEMD160_C)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
mbedtls_ripemd160_context ripemd160;
#endif
#if defined(MBEDTLS_SHA1_C)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
mbedtls_sha1_context sha1;
#endif
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
mbedtls_sha256_context sha256;
#endif
#if defined(MBEDTLS_SHA512_C)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
mbedtls_sha512_context sha512;
#endif
} ctx;
@ -121,29 +123,4 @@ typedef struct {
#define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}}
/*
* BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.
*/
#if defined(PSA_CRYPTO_DRIVER_TEST)
typedef mbedtls_psa_hash_operation_t mbedtls_transparent_test_driver_hash_operation_t;
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_HASH_OPERATION_INIT MBEDTLS_PSA_HASH_OPERATION_INIT
typedef mbedtls_psa_cipher_operation_t
mbedtls_transparent_test_driver_cipher_operation_t;
typedef struct {
unsigned int initialised : 1;
mbedtls_transparent_test_driver_cipher_operation_t ctx;
} mbedtls_opaque_test_driver_cipher_operation_t;
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT \
MBEDTLS_PSA_CIPHER_OPERATION_INIT
#define MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT \
{ 0, MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT }
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_BUILTIN_PRIMITIVES_H */

35
include/psa/crypto_driver_contexts_composites.h
View file

@ -36,11 +36,42 @@
#include "psa/crypto_driver_common.h"
/* Include the context structure definitions for the Mbed TLS software drivers */
#include "psa/crypto_builtin_composites.h"
/* Include the context structure definitions for those drivers that were
* declared during the autogeneration process. */
/* Include the context structure definitions for the Mbed TLS software drivers */
#include "psa/crypto_builtin_composites.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include <libtestdriver1/include/psa/crypto.h>
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
typedef libtestdriver1_mbedtls_psa_mac_operation_t
mbedtls_transparent_test_driver_mac_operation_t;
typedef libtestdriver1_mbedtls_psa_mac_operation_t
mbedtls_opaque_test_driver_mac_operation_t;
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT \
LIBTESTDRIVER1_MBEDTLS_PSA_MAC_OPERATION_INIT
#define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT \
LIBTESTDRIVER1_MBEDTLS_PSA_MAC_OPERATION_INIT
#else
typedef mbedtls_psa_mac_operation_t
mbedtls_transparent_test_driver_mac_operation_t;
typedef mbedtls_psa_mac_operation_t
mbedtls_opaque_test_driver_mac_operation_t;
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT \
MBEDTLS_PSA_MAC_OPERATION_INIT
#define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT \
MBEDTLS_PSA_MAC_OPERATION_INIT
#endif /* MBEDTLS_TEST_LIBTESTDRIVER1 */
#endif /* PSA_CRYPTO_DRIVER_TEST */
/* Define the context to be used for an operation that is executed through the
* PSA Driver wrapper layer as the union of all possible driver's contexts.

52
include/psa/crypto_driver_contexts_primitives.h
View file

@ -35,11 +35,59 @@
#include "psa/crypto_driver_common.h"
/* Include the context structure definitions for the Mbed TLS software drivers */
#include "psa/crypto_builtin_primitives.h"
/* Include the context structure definitions for those drivers that were
* declared during the autogeneration process. */
/* Include the context structure definitions for the Mbed TLS software drivers */
#include "psa/crypto_builtin_primitives.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include <libtestdriver1/include/psa/crypto.h>
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
typedef libtestdriver1_mbedtls_psa_cipher_operation_t
mbedtls_transparent_test_driver_cipher_operation_t;
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT \
LIBTESTDRIVER1_MBEDTLS_PSA_CIPHER_OPERATION_INIT
#else
typedef mbedtls_psa_cipher_operation_t
mbedtls_transparent_test_driver_cipher_operation_t;
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT \
MBEDTLS_PSA_CIPHER_OPERATION_INIT
#endif /* MBEDTLS_TEST_LIBTESTDRIVER1 &&
LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER */
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
typedef libtestdriver1_mbedtls_psa_hash_operation_t
mbedtls_transparent_test_driver_hash_operation_t;
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_HASH_OPERATION_INIT \
LIBTESTDRIVER1_MBEDTLS_PSA_HASH_OPERATION_INIT
#else
typedef mbedtls_psa_hash_operation_t
mbedtls_transparent_test_driver_hash_operation_t;
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_HASH_OPERATION_INIT \
MBEDTLS_PSA_HASH_OPERATION_INIT
#endif /* MBEDTLS_TEST_LIBTESTDRIVER1 &&
LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH */
typedef struct {
unsigned int initialised : 1;
mbedtls_transparent_test_driver_cipher_operation_t ctx;
} mbedtls_opaque_test_driver_cipher_operation_t;
#define MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT \
{ 0, MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT }
#endif /* PSA_CRYPTO_DRIVER_TEST */
/* Define the context to be used for an operation that is executed through the
* PSA Driver wrapper layer as the union of all possible driver's contexts.

2
include/psa/crypto_sizes.h
View file

@ -129,7 +129,7 @@
/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
* 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
* HMAC-SHA3-512. */
#if defined(MBEDTLS_SHA512_C)
#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_384)
#define PSA_HASH_MAX_SIZE 64
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
#else

89
library/psa_crypto.c
View file

@ -385,15 +385,11 @@ psa_status_t mbedtls_to_psa_error( int ret )
/* Key management */
/****************************************************************/
/* For now the MBEDTLS_PSA_ACCEL_ guards are also used here since the
* current test driver in key_management.c is using this function
* when accelerators are used for ECC key pair and public key.
* Once that dependency is resolved these guards can be removed.
*/
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
size_t bits,
int bits_is_sloppy )
@ -489,9 +485,10 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
return( MBEDTLS_ECP_DP_NONE );
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) ||
* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) */
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type,
size_t bits )
@ -2232,7 +2229,7 @@ psa_status_t psa_hash_verify( psa_hash_operation_t *operation,
const uint8_t *hash,
size_t hash_length )
{
uint8_t actual_hash[MBEDTLS_MD_MAX_SIZE];
uint8_t actual_hash[PSA_HASH_MAX_SIZE];
size_t actual_hash_length;
psa_status_t status = psa_hash_finish(
operation,
@ -2275,7 +2272,7 @@ psa_status_t psa_hash_compare( psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
const uint8_t *hash, size_t hash_length )
{
uint8_t actual_hash[MBEDTLS_MD_MAX_SIZE];
uint8_t actual_hash[PSA_HASH_MAX_SIZE];
size_t actual_hash_length;
if( !PSA_ALG_IS_HASH( alg ) )
@ -2948,8 +2945,7 @@ psa_status_t psa_sign_hash_builtin(
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
else
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
{
if( PSA_ALG_IS_ECDSA( alg ) )
{
@ -3019,8 +3015,7 @@ psa_status_t psa_verify_hash_builtin(
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
else
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
{
if( PSA_ALG_IS_ECDSA( alg ) )
{
@ -3109,10 +3104,10 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
goto exit;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
mbedtls_rsa_context *rsa = NULL;
status = mbedtls_psa_rsa_load_representation( slot->attr.type,
slot->key.data,
@ -3126,9 +3121,11 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto rsa_exit;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
status = mbedtls_to_psa_error(
mbedtls_rsa_pkcs1_encrypt( rsa,
mbedtls_psa_get_random,
@ -3137,12 +3134,14 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
input_length,
input,
output ) );
#else
status = PSA_ERROR_NOT_SUPPORTED;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */
}
else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
if( PSA_ALG_IS_RSA_OAEP( alg ) )
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
psa_rsa_oaep_set_padding_mode( alg, rsa );
status = mbedtls_to_psa_error(
mbedtls_rsa_rsaes_oaep_encrypt( rsa,
@ -3153,23 +3152,26 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
input_length,
input,
output ) );
#else
status = PSA_ERROR_NOT_SUPPORTED;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */
}
else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto rsa_exit;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
rsa_exit:
if( status == PSA_SUCCESS )
*output_length = mbedtls_rsa_get_len( rsa );
mbedtls_rsa_free( rsa );
mbedtls_free( rsa );
}
else
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
}
else
{
status = PSA_ERROR_NOT_SUPPORTED;
}
@ -3215,10 +3217,10 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key,
goto exit;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
mbedtls_rsa_context *rsa = NULL;
status = mbedtls_psa_rsa_load_representation( slot->attr.type,
slot->key.data,
@ -3232,10 +3234,12 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key,
status = PSA_ERROR_INVALID_ARGUMENT;
goto rsa_exit;
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
status = mbedtls_to_psa_error(
mbedtls_rsa_pkcs1_decrypt( rsa,
mbedtls_psa_get_random,
@ -3245,12 +3249,14 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key,
input,
output,
output_size ) );
#else
status = PSA_ERROR_NOT_SUPPORTED;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */
}
else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
if( PSA_ALG_IS_RSA_OAEP( alg ) )
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
psa_rsa_oaep_set_padding_mode( alg, rsa );
status = mbedtls_to_psa_error(
mbedtls_rsa_rsaes_oaep_decrypt( rsa,
@ -3262,20 +3268,24 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key,
input,
output,
output_size ) );
#else
status = PSA_ERROR_NOT_SUPPORTED;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */
}
else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */
{
status = PSA_ERROR_INVALID_ARGUMENT;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
rsa_exit:
mbedtls_rsa_free( rsa );
mbedtls_free( rsa );
}
else
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
}
else
{
status = PSA_ERROR_NOT_SUPPORTED;
}
@ -5307,11 +5317,9 @@ void mbedtls_psa_crypto_free( void )
* In particular, this sets all state indicator to the value
* indicating "uninitialized". */
mbedtls_platform_zeroize( &global_data, sizeof( global_data ) );
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* Unregister all secure element drivers, so that we restart from
* a pristine state. */
psa_unregister_all_se_drivers( );
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
/* Terminate drivers */
psa_driver_wrapper_free( );
}
#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
@ -5360,11 +5368,10 @@ psa_status_t psa_crypto_init( void )
if( status != PSA_SUCCESS )
goto exit;
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
status = psa_init_all_se_drivers( );
/* Init drivers */
status = psa_driver_wrapper_init( );
if( status != PSA_SUCCESS )
goto exit;
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
status = psa_crypto_load_transaction( );

12
library/psa_crypto_aead.c
View file

@ -151,6 +151,8 @@ static psa_status_t psa_aead_setup(
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
default:
(void) status;
(void) key_buffer;
return( PSA_ERROR_NOT_SUPPORTED );
}
@ -252,6 +254,11 @@ psa_status_t mbedtls_psa_aead_encrypt(
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
{
(void) tag;
(void) nonce;
(void) nonce_length;
(void) additional_data;
(void) additional_data_length;
(void) plaintext;
return( PSA_ERROR_NOT_SUPPORTED );
}
@ -367,6 +374,11 @@ psa_status_t mbedtls_psa_aead_decrypt(
else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
{
(void) nonce;
(void) nonce_length;
(void) additional_data;
(void) additional_data_length;
(void) plaintext;
return( PSA_ERROR_NOT_SUPPORTED );
}

336
library/psa_crypto_cipher.c
View file

@ -31,30 +31,6 @@
#include <string.h>
#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES) ) )
#define BUILTIN_KEY_TYPE_DES 1
#endif
#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && \
defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) ) )
#define BUILTIN_ALG_CBC_NO_PADDING 1
#endif
#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && \
defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) ) )
#define BUILTIN_ALG_CBC_PKCS7 1
#endif
#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) ) )
#define BUILTIN_KEY_TYPE_CHACHA20 1
#endif
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
psa_algorithm_t alg,
psa_key_type_t key_type,
@ -150,9 +126,9 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
(int) key_bits, mode ) );
}
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) || defined(PSA_CRYPTO_DRIVER_TEST)
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
static psa_status_t cipher_setup(
static psa_status_t psa_cipher_setup(
mbedtls_psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
@ -179,7 +155,7 @@ static psa_status_t cipher_setup(
if( ret != 0 )
goto exit;
#if defined(BUILTIN_KEY_TYPE_DES)
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 )
{
/* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */
@ -199,8 +175,8 @@ static psa_status_t cipher_setup(
if( ret != 0 )
goto exit;
#if defined(BUILTIN_ALG_CBC_NO_PADDING) || \
defined(BUILTIN_ALG_CBC_PKCS7)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
switch( alg )
{
case PSA_ALG_CBC_NO_PADDING:
@ -218,7 +194,8 @@ static psa_status_t cipher_setup(
}
if( ret != 0 )
goto exit;
#endif /* BUILTIN_ALG_CBC_NO_PADDING || BUILTIN_ALG_CBC_PKCS7 */
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING ||
MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 */
operation->block_length = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 :
PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
@ -228,30 +205,31 @@ exit:
return( mbedtls_to_psa_error( ret ) );
}
static psa_status_t cipher_encrypt_setup(
psa_status_t mbedtls_psa_cipher_encrypt_setup(
mbedtls_psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg )
{
return( cipher_setup( operation, attributes,
key_buffer, key_buffer_size,
alg, MBEDTLS_ENCRYPT ) );
return( psa_cipher_setup( operation, attributes,
key_buffer, key_buffer_size,
alg, MBEDTLS_ENCRYPT ) );
}
static psa_status_t cipher_decrypt_setup(
psa_status_t mbedtls_psa_cipher_decrypt_setup(
mbedtls_psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg )
{
return( cipher_setup( operation, attributes,
key_buffer, key_buffer_size,
alg, MBEDTLS_DECRYPT ) );
return( psa_cipher_setup( operation, attributes,
key_buffer, key_buffer_size,
alg, MBEDTLS_DECRYPT ) );
}
static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
const uint8_t *iv, size_t iv_length )
psa_status_t mbedtls_psa_cipher_set_iv(
mbedtls_psa_cipher_operation_t *operation,
const uint8_t *iv, size_t iv_length )
{
if( iv_length != operation->iv_length )
return( PSA_ERROR_INVALID_ARGUMENT );
@ -365,12 +343,10 @@ exit:
return( status );
}
static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
psa_status_t mbedtls_psa_cipher_update(
mbedtls_psa_cipher_operation_t *operation,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t expected_output_size;
@ -417,10 +393,9 @@ static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation,
return( status );
}
static psa_status_t cipher_finish( mbedtls_psa_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
size_t *output_length )
psa_status_t mbedtls_psa_cipher_finish(
mbedtls_psa_cipher_operation_t *operation,
uint8_t *output, size_t output_size, size_t *output_length )
{
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
@ -456,7 +431,8 @@ exit:
return( status );
}
static psa_status_t cipher_abort( mbedtls_psa_cipher_operation_t *operation )
psa_status_t mbedtls_psa_cipher_abort(
mbedtls_psa_cipher_operation_t *operation )
{
/* Sanity check (shouldn't happen: operation->alg should
* always have been initialized to a valid value). */
@ -468,46 +444,50 @@ static psa_status_t cipher_abort( mbedtls_psa_cipher_operation_t *operation )
return( PSA_SUCCESS );
}
static psa_status_t cipher_encrypt( const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
psa_status_t mbedtls_psa_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
size_t olength, accumulated_length;
status = cipher_encrypt_setup( &operation, attributes,
key_buffer, key_buffer_size, alg );
status = mbedtls_psa_cipher_encrypt_setup( &operation, attributes,
key_buffer, key_buffer_size,
alg );
if( status != PSA_SUCCESS )
goto exit;
accumulated_length = 0;
if( operation.iv_length > 0 )
{
status = cipher_set_iv( &operation, output, operation.iv_length );
status = mbedtls_psa_cipher_set_iv( &operation,
output, operation.iv_length );
if( status != PSA_SUCCESS )
goto exit;
accumulated_length = operation.iv_length;
}
status = cipher_update( &operation, input, input_length,
output + operation.iv_length,
output_size - operation.iv_length,
&olength );
status = mbedtls_psa_cipher_update( &operation, input, input_length,
output + operation.iv_length,
output_size - operation.iv_length,
&olength );
if( status != PSA_SUCCESS )
goto exit;
accumulated_length += olength;
status = cipher_finish( &operation, output + accumulated_length,
output_size - accumulated_length, &olength );
status = mbedtls_psa_cipher_finish( &operation, output + accumulated_length,
output_size - accumulated_length,
&olength );
if( status != PSA_SUCCESS )
goto exit;
@ -515,48 +495,53 @@ static psa_status_t cipher_encrypt( const psa_key_attributes_t *attributes,
exit:
if( status == PSA_SUCCESS )
status = cipher_abort( &operation );
status = mbedtls_psa_cipher_abort( &operation );
else
cipher_abort( &operation );
mbedtls_psa_cipher_abort( &operation );
return( status );
}
static psa_status_t cipher_decrypt( const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
psa_status_t mbedtls_psa_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
size_t olength, accumulated_length;
status = cipher_decrypt_setup( &operation, attributes,
key_buffer, key_buffer_size, alg );
status = mbedtls_psa_cipher_decrypt_setup( &operation, attributes,
key_buffer, key_buffer_size,
alg );
if( status != PSA_SUCCESS )
goto exit;
if( operation.iv_length > 0 )
{
status = cipher_set_iv( &operation, input, operation.iv_length );
status = mbedtls_psa_cipher_set_iv( &operation,
input, operation.iv_length );
if( status != PSA_SUCCESS )
goto exit;
}
status = cipher_update( &operation, input + operation.iv_length,
input_length - operation.iv_length,
output, output_size, &olength );
status = mbedtls_psa_cipher_update( &operation, input + operation.iv_length,
input_length - operation.iv_length,
output, output_size, &olength );
if( status != PSA_SUCCESS )
goto exit;
accumulated_length = olength;
status = cipher_finish( &operation, output + accumulated_length,
output_size - accumulated_length, &olength );
status = mbedtls_psa_cipher_finish( &operation, output + accumulated_length,
output_size - accumulated_length,
&olength );
if( status != PSA_SUCCESS )
goto exit;
@ -564,181 +549,12 @@ static psa_status_t cipher_decrypt( const psa_key_attributes_t *attributes,
exit:
if ( status == PSA_SUCCESS )
status = cipher_abort( &operation );
status = mbedtls_psa_cipher_abort( &operation );
else
cipher_abort( &operation );
mbedtls_psa_cipher_abort( &operation );
return( status );
}
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER || PSA_CRYPTO_DRIVER_TEST */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
psa_status_t mbedtls_psa_cipher_encrypt_setup(
mbedtls_psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg )
{
return( cipher_encrypt_setup(
operation, attributes, key_buffer, key_buffer_size, alg ) );
}
psa_status_t mbedtls_psa_cipher_decrypt_setup(
mbedtls_psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg )
{
return( cipher_decrypt_setup(
operation, attributes, key_buffer, key_buffer_size, alg ) );
}
psa_status_t mbedtls_psa_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
const uint8_t *iv,
size_t iv_length )
{
return( cipher_set_iv( operation, iv, iv_length ) );
}
psa_status_t mbedtls_psa_cipher_update( mbedtls_psa_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
return( cipher_update( operation, input, input_length,
output, output_size, output_length ) );
}
psa_status_t mbedtls_psa_cipher_finish( mbedtls_psa_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
return( cipher_finish( operation, output, output_size, output_length ) );
}
psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation )
{
return( cipher_abort( operation ) );
}
psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
alg, input, input_length,
output, output_size, output_length ) );
}
psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
alg, input, input_length,
output, output_size, output_length ) );
}
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/
#if defined(PSA_CRYPTO_DRIVER_TEST)
psa_status_t mbedtls_transparent_test_driver_cipher_encrypt_setup(
mbedtls_psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg )
{
return( cipher_encrypt_setup(
operation, attributes, key_buffer, key_buffer_size, alg ) );
}
psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup(
mbedtls_psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg )
{
return( cipher_decrypt_setup(
operation, attributes, key_buffer, key_buffer_size, alg ) );
}
psa_status_t mbedtls_transparent_test_driver_cipher_set_iv(
mbedtls_psa_cipher_operation_t *operation,
const uint8_t *iv, size_t iv_length )
{
return( cipher_set_iv( operation, iv, iv_length ) );
}
psa_status_t mbedtls_transparent_test_driver_cipher_update(
mbedtls_psa_cipher_operation_t *operation,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length )
{
return( cipher_update( operation, input, input_length,
output, output_size, output_length ) );
}
psa_status_t mbedtls_transparent_test_driver_cipher_finish(
mbedtls_psa_cipher_operation_t *operation,
uint8_t *output, size_t output_size, size_t *output_length )
{
return( cipher_finish( operation, output, output_size, output_length ) );
}
psa_status_t mbedtls_transparent_test_driver_cipher_abort(
mbedtls_psa_cipher_operation_t *operation )
{
return( cipher_abort( operation ) );
}
psa_status_t mbedtls_transparent_test_driver_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
alg, input, input_length,
output, output_size, output_length ) );
}
psa_status_t mbedtls_transparent_test_driver_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
alg, input, input_length,
output, output_size, output_length ) );
}
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* MBEDTLS_PSA_CRYPTO_C */

56
library/psa_crypto_cipher.h
View file

@ -304,60 +304,4 @@ psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes,
size_t output_size,
size_t *output_length );
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/
#if defined(PSA_CRYPTO_DRIVER_TEST)
psa_status_t mbedtls_transparent_test_driver_cipher_encrypt_setup(
mbedtls_psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg );
psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup(
mbedtls_psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg );
psa_status_t mbedtls_transparent_test_driver_cipher_set_iv(
mbedtls_psa_cipher_operation_t *operation,
const uint8_t *iv, size_t iv_length );
psa_status_t mbedtls_transparent_test_driver_cipher_update(
mbedtls_psa_cipher_operation_t *operation,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length );
psa_status_t mbedtls_transparent_test_driver_cipher_finish(
mbedtls_psa_cipher_operation_t *operation,
uint8_t *output, size_t output_size, size_t *output_length );
psa_status_t mbedtls_transparent_test_driver_cipher_abort(
mbedtls_psa_cipher_operation_t *operation );
psa_status_t mbedtls_transparent_test_driver_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length );
psa_status_t mbedtls_transparent_test_driver_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_CIPHER_H */

42
library/psa_crypto_driver_wrappers.c
View file

@ -66,6 +66,44 @@
#include "psa_crypto_se.h"
#endif
psa_status_t psa_driver_wrapper_init( void )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
status = psa_init_all_se_drivers( );
if( status != PSA_SUCCESS )
return( status );
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_init( );
if( status != PSA_SUCCESS )
return( status );
status = mbedtls_test_opaque_init( );
if( status != PSA_SUCCESS )
return( status );
#endif
(void) status;
return( PSA_SUCCESS );
}
void psa_driver_wrapper_free( void )
{
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* Unregister all secure element drivers, so that we restart from
* a pristine state. */
psa_unregister_all_se_drivers( );
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
#if defined(PSA_CRYPTO_DRIVER_TEST)
mbedtls_test_transparent_free( );
mbedtls_test_opaque_free( );
#endif
}
/* Start delegation functions */
psa_status_t psa_driver_wrapper_sign_message(
const psa_key_attributes_t *attributes,
@ -964,6 +1002,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
default:
/* Key is declared with a lifetime not known to us */
(void)status;
(void)operation;
(void)key_buffer;
(void)key_buffer_size;
(void)alg;
@ -1035,6 +1074,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
default:
/* Key is declared with a lifetime not known to us */
(void)status;
(void)operation;
(void)key_buffer;
(void)key_buffer_size;
(void)alg;
@ -1606,6 +1646,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
default:
/* Key is declared with a lifetime not known to us */
(void) status;
(void) operation;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
@ -1677,6 +1718,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
default:
/* Key is declared with a lifetime not known to us */
(void) status;
(void) operation;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;

6
library/psa_crypto_driver_wrappers.h
View file

@ -25,6 +25,12 @@
#include "psa/crypto.h"
#include "psa/crypto_driver_common.h"
/*
* Initialization and termination functions
*/
psa_status_t psa_driver_wrapper_init( void );
void psa_driver_wrapper_free( void );
/*
* Signature functions
*/

244
library/psa_crypto_ecp.c
View file

@ -40,36 +40,10 @@
#include <mbedtls/ecp.h>
#include <mbedtls/error.h>
#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) ) )
#define BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
#endif
#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) )
#define BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
#endif
#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && \
defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) && \
defined(MBEDTLS_ECDSA_C) ) )
#define BUILTIN_ALG_ECDSA 1
#endif
#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && \
defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) && \
defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) ) )
#define BUILTIN_ALG_DETERMINISTIC_ECDSA 1
#endif
#if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
defined(BUILTIN_ALG_ECDSA) || \
defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
psa_status_t mbedtls_psa_ecp_load_representation(
psa_key_type_t type, size_t curve_bits,
@ -181,16 +155,16 @@ exit:
return( status );
}
#endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
* defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
* defined(BUILTIN_ALG_ECDSA) ||
* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
#if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
static psa_status_t ecp_import_key(
psa_status_t mbedtls_psa_ecp_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
@ -281,7 +255,7 @@ psa_status_t mbedtls_psa_ecp_export_key( psa_key_type_t type,
}
}
static psa_status_t ecp_export_public_key(
psa_status_t mbedtls_psa_ecp_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
@ -305,11 +279,11 @@ static psa_status_t ecp_export_public_key(
return( status );
}
#endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
* defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */
#if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
static psa_status_t ecp_generate_key(
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
psa_status_t mbedtls_psa_ecp_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
@ -351,15 +325,15 @@ static psa_status_t ecp_generate_key(
return( status );
}
#endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
/****************************************************************/
/* ECDSA sign/verify */
/****************************************************************/
#if defined(BUILTIN_ALG_ECDSA) || \
defined(BUILTIN_ALG_DETERMINISTIC_ECDSA)
static psa_status_t ecdsa_sign_hash(
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
psa_status_t mbedtls_psa_ecdsa_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
@ -391,7 +365,7 @@ static psa_status_t ecdsa_sign_hash(
if( PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) )
{
#if defined(BUILTIN_ALG_DETERMINISTIC_ECDSA)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
@ -404,7 +378,7 @@ static psa_status_t ecdsa_sign_hash(
#else
ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
goto cleanup;
#endif /* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
}
else
{
@ -433,7 +407,7 @@ cleanup:
return( mbedtls_to_psa_error( ret ) );
}
static psa_status_t ecdsa_verify_hash(
psa_status_t mbedtls_psa_ecdsa_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
@ -492,177 +466,7 @@ cleanup:
return( mbedtls_to_psa_error( ret ) );
}
#endif /* defined(BUILTIN_ALG_ECDSA) || \
* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
psa_status_t mbedtls_psa_ecp_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
size_t *key_buffer_length, size_t *bits )
{
return( ecp_import_key( attributes, data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits ) );
}
psa_status_t mbedtls_psa_ecp_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
{
return( ecp_export_public_key( attributes, key_buffer, key_buffer_size,
data, data_size, data_length ) );
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
psa_status_t mbedtls_psa_ecp_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
return( ecp_generate_key( attributes, key_buffer, key_buffer_size,
key_buffer_length ) );
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
psa_status_t mbedtls_psa_ecdsa_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length )
{
return( ecdsa_sign_hash( attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_size, signature_length ) );
}
psa_status_t mbedtls_psa_ecdsa_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length )
{
return( ecdsa_verify_hash( attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_length ) );
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/
#if defined(PSA_CRYPTO_DRIVER_TEST)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
psa_status_t mbedtls_transparent_test_driver_ecp_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
size_t *key_buffer_length, size_t *bits )
{
return( ecp_import_key( attributes, data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits ) );
}
psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
{
return( ecp_export_public_key( attributes, key_buffer, key_buffer_size,
data, data_size, data_length ) );
}
#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) ||
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) */
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && \
defined(MBEDTLS_GENPRIME)
psa_status_t mbedtls_transparent_test_driver_ecp_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
return( ecp_generate_key( attributes, key_buffer, key_buffer_size,
key_buffer_length ) );
}
#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) &&
defined(MBEDTLS_GENPRIME) */
#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \
defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length )
{
#if defined(MBEDTLS_ECDSA_C)
return( ecdsa_sign_hash( attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_size, signature_length ) );
#else
(void)attributes;
(void)key_buffer;
(void)key_buffer_size;
(void)alg;
(void)hash;
(void)hash_length;
(void)signature;
(void)signature_size;
(void)signature_length;
return( PSA_ERROR_NOT_SUPPORTED );
#endif
}
psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length )
{
#if defined(MBEDTLS_ECDSA_C)
return( ecdsa_verify_hash( attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_length ) );
#else
(void)attributes;
(void)key_buffer;
(void)key_buffer_size;
(void)alg;
(void)hash;
(void)hash_length;
(void)signature;
(void)signature_length;
return( PSA_ERROR_NOT_SUPPORTED );
#endif
}
#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) ||
* defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* MBEDTLS_PSA_CRYPTO_C */

34
library/psa_crypto_ecp.h
View file

@ -218,39 +218,5 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash(
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length );
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/
#if defined(PSA_CRYPTO_DRIVER_TEST)
psa_status_t mbedtls_transparent_test_driver_ecp_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
size_t *key_buffer_length, size_t *bits );
psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length );
psa_status_t mbedtls_transparent_test_driver_ecp_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length );
psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ECP_H */

322
library/psa_crypto_hash.c
View file

@ -29,45 +29,6 @@
#include <mbedtls/error.h>
#include <string.h>
/* Use builtin defines specific to this compilation unit, since the test driver
* relies on the software driver. */
#if( defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_MD2) ) )
#define BUILTIN_ALG_MD2 1
#endif
#if( defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_MD4) ) )
#define BUILTIN_ALG_MD4 1
#endif
#if( defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_MD5) ) )
#define BUILTIN_ALG_MD5 1
#endif
#if( defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) ) )
#define BUILTIN_ALG_RIPEMD160 1
#endif
#if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) ) )
#define BUILTIN_ALG_SHA_1 1
#endif
#if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) ) )
#define BUILTIN_ALG_SHA_224 1
#endif
#if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) ) )
#define BUILTIN_ALG_SHA_256 1
#endif
#if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) ) )
#define BUILTIN_ALG_SHA_384 1
#endif
#if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) ) )
#define BUILTIN_ALG_SHA_512 1
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
@ -121,10 +82,8 @@ const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
/* Implement the PSA driver hash interface on top of mbed TLS if either the
* software driver or the test driver requires it. */
#if defined(MBEDTLS_PSA_BUILTIN_HASH) || defined(PSA_CRYPTO_DRIVER_TEST)
static psa_status_t hash_abort(
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
psa_status_t mbedtls_psa_hash_abort(
mbedtls_psa_hash_operation_t *operation )
{
switch( operation->alg )
@ -134,47 +93,47 @@ static psa_status_t hash_abort(
* in use. It's ok to call abort on such an object, and there's
* nothing to do. */
break;
#if defined(BUILTIN_ALG_MD2)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
case PSA_ALG_MD2:
mbedtls_md2_free( &operation->ctx.md2 );
break;
#endif
#if defined(BUILTIN_ALG_MD4)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
case PSA_ALG_MD4:
mbedtls_md4_free( &operation->ctx.md4 );
break;
#endif
#if defined(BUILTIN_ALG_MD5)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
case PSA_ALG_MD5:
mbedtls_md5_free( &operation->ctx.md5 );
break;
#endif
#if defined(BUILTIN_ALG_RIPEMD160)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
case PSA_ALG_RIPEMD160:
mbedtls_ripemd160_free( &operation->ctx.ripemd160 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_1)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
case PSA_ALG_SHA_1:
mbedtls_sha1_free( &operation->ctx.sha1 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_224)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
case PSA_ALG_SHA_224:
mbedtls_sha256_free( &operation->ctx.sha256 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_256)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
case PSA_ALG_SHA_256:
mbedtls_sha256_free( &operation->ctx.sha256 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_384)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
case PSA_ALG_SHA_384:
mbedtls_sha512_free( &operation->ctx.sha512 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_512)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
case PSA_ALG_SHA_512:
mbedtls_sha512_free( &operation->ctx.sha512 );
break;
@ -186,7 +145,7 @@ static psa_status_t hash_abort(
return( PSA_SUCCESS );
}
static psa_status_t hash_setup(
psa_status_t mbedtls_psa_hash_setup(
mbedtls_psa_hash_operation_t *operation,
psa_algorithm_t alg )
{
@ -200,55 +159,55 @@ static psa_status_t hash_setup(
switch( alg )
{
#if defined(BUILTIN_ALG_MD2)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
case PSA_ALG_MD2:
mbedtls_md2_init( &operation->ctx.md2 );
ret = mbedtls_md2_starts_ret( &operation->ctx.md2 );
break;
#endif
#if defined(BUILTIN_ALG_MD4)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
case PSA_ALG_MD4:
mbedtls_md4_init( &operation->ctx.md4 );
ret = mbedtls_md4_starts_ret( &operation->ctx.md4 );
break;
#endif
#if defined(BUILTIN_ALG_MD5)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
case PSA_ALG_MD5:
mbedtls_md5_init( &operation->ctx.md5 );
ret = mbedtls_md5_starts_ret( &operation->ctx.md5 );
break;
#endif
#if defined(BUILTIN_ALG_RIPEMD160)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
case PSA_ALG_RIPEMD160:
mbedtls_ripemd160_init( &operation->ctx.ripemd160 );
ret = mbedtls_ripemd160_starts_ret( &operation->ctx.ripemd160 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_1)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
case PSA_ALG_SHA_1:
mbedtls_sha1_init( &operation->ctx.sha1 );
ret = mbedtls_sha1_starts_ret( &operation->ctx.sha1 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_224)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
case PSA_ALG_SHA_224:
mbedtls_sha256_init( &operation->ctx.sha256 );
ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 1 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_256)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
case PSA_ALG_SHA_256:
mbedtls_sha256_init( &operation->ctx.sha256 );
ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 0 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_384)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
case PSA_ALG_SHA_384:
mbedtls_sha512_init( &operation->ctx.sha512 );
ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 1 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_512)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
case PSA_ALG_SHA_512:
mbedtls_sha512_init( &operation->ctx.sha512 );
ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 0 );
@ -262,11 +221,11 @@ static psa_status_t hash_setup(
if( ret == 0 )
operation->alg = alg;
else
hash_abort( operation );
mbedtls_psa_hash_abort( operation );
return( mbedtls_to_psa_error( ret ) );
}
static psa_status_t hash_clone(
psa_status_t mbedtls_psa_hash_clone(
const mbedtls_psa_hash_operation_t *source_operation,
mbedtls_psa_hash_operation_t *target_operation )
{
@ -274,55 +233,55 @@ static psa_status_t hash_clone(
{
case 0:
return( PSA_ERROR_BAD_STATE );
#if defined(BUILTIN_ALG_MD2)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
case PSA_ALG_MD2:
mbedtls_md2_clone( &target_operation->ctx.md2,
&source_operation->ctx.md2 );
break;
#endif
#if defined(BUILTIN_ALG_MD4)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
case PSA_ALG_MD4:
mbedtls_md4_clone( &target_operation->ctx.md4,
&source_operation->ctx.md4 );
break;
#endif
#if defined(BUILTIN_ALG_MD5)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
case PSA_ALG_MD5:
mbedtls_md5_clone( &target_operation->ctx.md5,
&source_operation->ctx.md5 );
break;
#endif
#if defined(BUILTIN_ALG_RIPEMD160)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
case PSA_ALG_RIPEMD160:
mbedtls_ripemd160_clone( &target_operation->ctx.ripemd160,
&source_operation->ctx.ripemd160 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_1)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
case PSA_ALG_SHA_1:
mbedtls_sha1_clone( &target_operation->ctx.sha1,
&source_operation->ctx.sha1 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_224)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
case PSA_ALG_SHA_224:
mbedtls_sha256_clone( &target_operation->ctx.sha256,
&source_operation->ctx.sha256 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_256)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
case PSA_ALG_SHA_256:
mbedtls_sha256_clone( &target_operation->ctx.sha256,
&source_operation->ctx.sha256 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_384)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
case PSA_ALG_SHA_384:
mbedtls_sha512_clone( &target_operation->ctx.sha512,
&source_operation->ctx.sha512 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_512)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
case PSA_ALG_SHA_512:
mbedtls_sha512_clone( &target_operation->ctx.sha512,
&source_operation->ctx.sha512 );
@ -338,7 +297,7 @@ static psa_status_t hash_clone(
return( PSA_SUCCESS );
}
static psa_status_t hash_update(
psa_status_t mbedtls_psa_hash_update(
mbedtls_psa_hash_operation_t *operation,
const uint8_t *input,
size_t input_length )
@ -347,55 +306,55 @@ static psa_status_t hash_update(
switch( operation->alg )
{
#if defined(BUILTIN_ALG_MD2)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
case PSA_ALG_MD2:
ret = mbedtls_md2_update_ret( &operation->ctx.md2,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_MD4)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
case PSA_ALG_MD4:
ret = mbedtls_md4_update_ret( &operation->ctx.md4,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_MD5)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
case PSA_ALG_MD5:
ret = mbedtls_md5_update_ret( &operation->ctx.md5,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_RIPEMD160)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
case PSA_ALG_RIPEMD160:
ret = mbedtls_ripemd160_update_ret( &operation->ctx.ripemd160,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_SHA_1)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
case PSA_ALG_SHA_1:
ret = mbedtls_sha1_update_ret( &operation->ctx.sha1,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_SHA_224)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
case PSA_ALG_SHA_224:
ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_SHA_256)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
case PSA_ALG_SHA_256:
ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_SHA_384)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
case PSA_ALG_SHA_384:
ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_SHA_512)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
case PSA_ALG_SHA_512:
ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
input, input_length );
@ -410,7 +369,7 @@ static psa_status_t hash_update(
return( mbedtls_to_psa_error( ret ) );
}
static psa_status_t hash_finish(
psa_status_t mbedtls_psa_hash_finish(
mbedtls_psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
@ -437,47 +396,47 @@ static psa_status_t hash_finish(
switch( operation->alg )
{
#if defined(BUILTIN_ALG_MD2)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
case PSA_ALG_MD2:
ret = mbedtls_md2_finish_ret( &operation->ctx.md2, hash );
break;
#endif
#if defined(BUILTIN_ALG_MD4)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
case PSA_ALG_MD4:
ret = mbedtls_md4_finish_ret( &operation->ctx.md4, hash );
break;
#endif
#if defined(BUILTIN_ALG_MD5)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
case PSA_ALG_MD5:
ret = mbedtls_md5_finish_ret( &operation->ctx.md5, hash );
break;
#endif
#if defined(BUILTIN_ALG_RIPEMD160)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
case PSA_ALG_RIPEMD160:
ret = mbedtls_ripemd160_finish_ret( &operation->ctx.ripemd160, hash );
break;
#endif
#if defined(BUILTIN_ALG_SHA_1)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
case PSA_ALG_SHA_1:
ret = mbedtls_sha1_finish_ret( &operation->ctx.sha1, hash );
break;
#endif
#if defined(BUILTIN_ALG_SHA_224)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
case PSA_ALG_SHA_224:
ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
break;
#endif
#if defined(BUILTIN_ALG_SHA_256)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
case PSA_ALG_SHA_256:
ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
break;
#endif
#if defined(BUILTIN_ALG_SHA_384)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
case PSA_ALG_SHA_384:
ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
break;
#endif
#if defined(BUILTIN_ALG_SHA_512)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
case PSA_ALG_SHA_512:
ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
break;
@ -494,7 +453,7 @@ exit:
return( status );
}
static psa_status_t hash_compute(
psa_status_t mbedtls_psa_hash_compute(
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@ -507,191 +466,24 @@ static psa_status_t hash_compute(
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
*hash_length = hash_size;
status = hash_setup( &operation, alg );
status = mbedtls_psa_hash_setup( &operation, alg );
if( status != PSA_SUCCESS )
goto exit;
status = hash_update( &operation, input, input_length );
status = mbedtls_psa_hash_update( &operation, input, input_length );
if( status != PSA_SUCCESS )
goto exit;
status = hash_finish( &operation, hash, hash_size, hash_length );
status = mbedtls_psa_hash_finish( &operation, hash, hash_size, hash_length );
if( status != PSA_SUCCESS )
goto exit;
exit:
abort_status = hash_abort( &operation );
abort_status = mbedtls_psa_hash_abort( &operation );
if( status == PSA_SUCCESS )
return( abort_status );
else
return( status );
}
#endif /* MBEDTLS_PSA_BUILTIN_HASH || PSA_CRYPTO_DRIVER_TEST */
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
psa_status_t mbedtls_psa_hash_compute(
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *hash,
size_t hash_size,
size_t *hash_length)
{
return( hash_compute( alg, input, input_length,
hash, hash_size, hash_length ) );
}
psa_status_t mbedtls_psa_hash_setup(
mbedtls_psa_hash_operation_t *operation,
psa_algorithm_t alg )
{
return( hash_setup( operation, alg ) );
}
psa_status_t mbedtls_psa_hash_clone(
const mbedtls_psa_hash_operation_t *source_operation,
mbedtls_psa_hash_operation_t *target_operation )
{
return( hash_clone( source_operation, target_operation ) );
}
psa_status_t mbedtls_psa_hash_update(
mbedtls_psa_hash_operation_t *operation,
const uint8_t *input,
size_t input_length )
{
return( hash_update( operation, input, input_length ) );
}
psa_status_t mbedtls_psa_hash_finish(
mbedtls_psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
size_t *hash_length )
{
return( hash_finish( operation, hash, hash_size, hash_length ) );
}
psa_status_t mbedtls_psa_hash_abort(
mbedtls_psa_hash_operation_t *operation )
{
return( hash_abort( operation ) );
}
#endif /* MBEDTLS_PSA_BUILTIN_HASH */
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/
#if defined(PSA_CRYPTO_DRIVER_TEST)
static int is_hash_accelerated( psa_algorithm_t alg )
{
switch( alg )
{
#if defined(MBEDTLS_PSA_ACCEL_ALG_MD2)
case PSA_ALG_MD2:
return( 1 );
#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_MD4)
case PSA_ALG_MD4:
return( 1 );
#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
case PSA_ALG_MD5:
return( 1 );
#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
case PSA_ALG_RIPEMD160:
return( 1 );
#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
case PSA_ALG_SHA_1:
return( 1 );
#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
case PSA_ALG_SHA_224:
return( 1 );
#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
case PSA_ALG_SHA_256:
return( 1 );
#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
case PSA_ALG_SHA_384:
return( 1 );
#endif
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
case PSA_ALG_SHA_512:
return( 1 );
#endif
default:
return( 0 );
}
}
psa_status_t mbedtls_transparent_test_driver_hash_compute(
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *hash,
size_t hash_size,
size_t *hash_length)
{
if( is_hash_accelerated( alg ) )
return( hash_compute( alg, input, input_length,
hash, hash_size, hash_length ) );
else
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_transparent_test_driver_hash_setup(
mbedtls_transparent_test_driver_hash_operation_t *operation,
psa_algorithm_t alg )
{
if( is_hash_accelerated( alg ) )
return( hash_setup( operation, alg ) );
else
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_transparent_test_driver_hash_clone(
const mbedtls_transparent_test_driver_hash_operation_t *source_operation,
mbedtls_transparent_test_driver_hash_operation_t *target_operation )
{
if( is_hash_accelerated( source_operation->alg ) )
return( hash_clone( source_operation, target_operation ) );
else
return( PSA_ERROR_BAD_STATE );
}
psa_status_t mbedtls_transparent_test_driver_hash_update(
mbedtls_transparent_test_driver_hash_operation_t *operation,
const uint8_t *input,
size_t input_length )
{
if( is_hash_accelerated( operation->alg ) )
return( hash_update( operation, input, input_length ) );
else
return( PSA_ERROR_BAD_STATE );
}
psa_status_t mbedtls_transparent_test_driver_hash_finish(
mbedtls_transparent_test_driver_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
size_t *hash_length )
{
if( is_hash_accelerated( operation->alg ) )
return( hash_finish( operation, hash, hash_size, hash_length ) );
else
return( PSA_ERROR_BAD_STATE );
}
psa_status_t mbedtls_transparent_test_driver_hash_abort(
mbedtls_transparent_test_driver_hash_operation_t *operation )
{
return( hash_abort( operation ) );
}
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* MBEDTLS_PSA_CRYPTO_C */

38
library/psa_crypto_hash.h
View file

@ -231,42 +231,4 @@ psa_status_t mbedtls_psa_hash_finish(
psa_status_t mbedtls_psa_hash_abort(
mbedtls_psa_hash_operation_t *operation );
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/
#if defined(PSA_CRYPTO_DRIVER_TEST)
psa_status_t mbedtls_transparent_test_driver_hash_compute(
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *hash,
size_t hash_size,
size_t *hash_length);
psa_status_t mbedtls_transparent_test_driver_hash_setup(
mbedtls_transparent_test_driver_hash_operation_t *operation,
psa_algorithm_t alg );
psa_status_t mbedtls_transparent_test_driver_hash_clone(
const mbedtls_transparent_test_driver_hash_operation_t *source_operation,
mbedtls_transparent_test_driver_hash_operation_t *target_operation );
psa_status_t mbedtls_transparent_test_driver_hash_update(
mbedtls_transparent_test_driver_hash_operation_t *operation,
const uint8_t *input,
size_t input_length );
psa_status_t mbedtls_transparent_test_driver_hash_finish(
mbedtls_transparent_test_driver_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
size_t *hash_length );
psa_status_t mbedtls_transparent_test_driver_hash_abort(
mbedtls_transparent_test_driver_hash_operation_t *operation );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_HASH_H */

421
library/psa_crypto_mac.c
View file

@ -30,18 +30,7 @@
#include <mbedtls/error.h>
#include <string.h>
/* Use builtin defines specific to this compilation unit, since the test driver
* relies on the software driver. */
#if( defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) ) )
#define BUILTIN_ALG_CMAC 1
#endif
#if( defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) ) )
#define BUILTIN_ALG_HMAC 1
#endif
#if defined(BUILTIN_ALG_HMAC)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
static psa_status_t psa_hmac_abort_internal(
mbedtls_psa_hmac_operation_t *hmac )
{
@ -127,7 +116,7 @@ static psa_status_t psa_hmac_finish_internal(
uint8_t *mac,
size_t mac_size )
{
uint8_t tmp[MBEDTLS_MD_MAX_SIZE];
uint8_t tmp[PSA_HASH_MAX_SIZE];
psa_algorithm_t hash_alg = hmac->alg;
size_t hash_size = 0;
size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );
@ -160,9 +149,9 @@ exit:
mbedtls_platform_zeroize( tmp, hash_size );
return( status );
}
#endif /* BUILTIN_ALG_HMAC */
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
#if defined(BUILTIN_ALG_CMAC)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer )
@ -198,11 +187,10 @@ static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation,
exit:
return( mbedtls_to_psa_error( ret ) );
}
#endif /* BUILTIN_ALG_CMAC */
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
/* Implement the PSA driver MAC interface on top of mbed TLS if either the
* software driver or the test driver requires it. */
#if defined(BUILTIN_ALG_HMAC) || defined(BUILTIN_ALG_CMAC)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
/* Initialize this driver's MAC operation structure. Once this function has been
* called, mbedtls_psa_mac_abort can run and will do the right thing. */
@ -214,15 +202,15 @@ static psa_status_t mac_init(
operation->alg = alg;
#if defined(BUILTIN_ALG_CMAC)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
{
mbedtls_cipher_init( &operation->ctx.cmac );
status = PSA_SUCCESS;
}
else
#endif /* BUILTIN_ALG_CMAC */
#if defined(BUILTIN_ALG_HMAC)
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
if( PSA_ALG_IS_HMAC( operation->alg ) )
{
/* We'll set up the hash operation later in psa_hmac_setup_internal. */
@ -230,8 +218,9 @@ static psa_status_t mac_init(
status = PSA_SUCCESS;
}
else
#endif /* BUILTIN_ALG_HMAC */
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
{
(void) operation;
status = PSA_ERROR_NOT_SUPPORTED;
}
@ -240,7 +229,7 @@ static psa_status_t mac_init(
return( status );
}
static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation )
psa_status_t mbedtls_psa_mac_abort( mbedtls_psa_mac_operation_t *operation )
{
if( operation->alg == 0 )
{
@ -250,20 +239,20 @@ static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation )
return( PSA_SUCCESS );
}
else
#if defined(BUILTIN_ALG_CMAC)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
{
mbedtls_cipher_free( &operation->ctx.cmac );
}
else
#endif /* BUILTIN_ALG_CMAC */
#if defined(BUILTIN_ALG_HMAC)
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
if( PSA_ALG_IS_HMAC( operation->alg ) )
{
psa_hmac_abort_internal( &operation->ctx.hmac );
}
else
#endif /* BUILTIN_ALG_HMAC */
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
{
/* Sanity check (shouldn't happen: operation->alg should
* always have been initialized to a valid value). */
@ -283,11 +272,11 @@ bad_state:
return( PSA_ERROR_BAD_STATE );
}
static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg )
static psa_status_t psa_mac_setup( mbedtls_psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@ -299,7 +288,7 @@ static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation,
if( status != PSA_SUCCESS )
return( status );
#if defined(BUILTIN_ALG_CMAC)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC )
{
/* Key buffer size for CMAC is dictated by the key bits set on the
@ -308,8 +297,8 @@ static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation,
status = cmac_setup( operation, attributes, key_buffer );
}
else
#endif /* BUILTIN_ALG_CMAC */
#if defined(BUILTIN_ALG_HMAC)
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
if( PSA_ALG_IS_HMAC( alg ) )
{
status = psa_hmac_setup_internal( &operation->ctx.hmac,
@ -318,7 +307,7 @@ static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation,
PSA_ALG_HMAC_GET_HASH( alg ) );
}
else
#endif /* BUILTIN_ALG_HMAC */
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
{
(void) attributes;
(void) key_buffer;
@ -327,12 +316,34 @@ static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation,
}
if( status != PSA_SUCCESS )
mac_abort( operation );
mbedtls_psa_mac_abort( operation );
return( status );
}
static psa_status_t mac_update(
psa_status_t mbedtls_psa_mac_sign_setup(
mbedtls_psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg )
{
return( psa_mac_setup( operation, attributes,
key_buffer, key_buffer_size, alg ) );
}
psa_status_t mbedtls_psa_mac_verify_setup(
mbedtls_psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg )
{
return( psa_mac_setup( operation, attributes,
key_buffer, key_buffer_size, alg ) );
}
psa_status_t mbedtls_psa_mac_update(
mbedtls_psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length )
@ -340,7 +351,7 @@ static psa_status_t mac_update(
if( operation->alg == 0 )
return( PSA_ERROR_BAD_STATE );
#if defined(BUILTIN_ALG_CMAC)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
{
return( mbedtls_to_psa_error(
@ -348,15 +359,15 @@ static psa_status_t mac_update(
input, input_length ) ) );
}
else
#endif /* BUILTIN_ALG_CMAC */
#if defined(BUILTIN_ALG_HMAC)
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
if( PSA_ALG_IS_HMAC( operation->alg ) )
{
return( psa_hmac_update_internal( &operation->ctx.hmac,
input, input_length ) );
}
else
#endif /* BUILTIN_ALG_HMAC */
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
{
/* This shouldn't happen if `operation` was initialized by
* a setup function. */
@ -366,11 +377,11 @@ static psa_status_t mac_update(
}
}
static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size )
static psa_status_t psa_mac_finish_internal(
mbedtls_psa_mac_operation_t *operation,
uint8_t *mac, size_t mac_size )
{
#if defined(BUILTIN_ALG_CMAC)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
{
uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE];
@ -381,15 +392,15 @@ static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation,
return( mbedtls_to_psa_error( ret ) );
}
else
#endif /* BUILTIN_ALG_CMAC */
#if defined(BUILTIN_ALG_HMAC)
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
if( PSA_ALG_IS_HMAC( operation->alg ) )
{
return( psa_hmac_finish_internal( &operation->ctx.hmac,
mac, mac_size ) );
}
else
#endif /* BUILTIN_ALG_HMAC */
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
{
/* This shouldn't happen if `operation` was initialized by
* a setup function. */
@ -400,7 +411,7 @@ static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation,
}
}
static psa_status_t mac_sign_finish(
psa_status_t mbedtls_psa_mac_sign_finish(
mbedtls_psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
@ -411,15 +422,14 @@ static psa_status_t mac_sign_finish(
if( operation->alg == 0 )
return( PSA_ERROR_BAD_STATE );
status = mac_finish_internal( operation, mac, mac_size );
status = psa_mac_finish_internal( operation, mac, mac_size );
if( status == PSA_SUCCESS )
*mac_length = mac_size;
return( status );
}
static psa_status_t mac_verify_finish(
psa_status_t mbedtls_psa_mac_verify_finish(
mbedtls_psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length )
@ -434,7 +444,7 @@ static psa_status_t mac_verify_finish(
if( mac_length > sizeof( actual_mac ) )
return( PSA_ERROR_INVALID_ARGUMENT );
status = mac_finish_internal( operation, actual_mac, mac_length );
status = psa_mac_finish_internal( operation, actual_mac, mac_length );
if( status != PSA_SUCCESS )
goto cleanup;
@ -447,7 +457,7 @@ cleanup:
return( status );
}
static psa_status_t mac_compute(
psa_status_t mbedtls_psa_mac_compute(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
@ -461,314 +471,29 @@ static psa_status_t mac_compute(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_psa_mac_operation_t operation = MBEDTLS_PSA_MAC_OPERATION_INIT;
status = mac_setup( &operation,
attributes, key_buffer, key_buffer_size,
alg );
status = psa_mac_setup( &operation,
attributes, key_buffer, key_buffer_size,
alg );
if( status != PSA_SUCCESS )
goto exit;
if( input_length > 0 )
{
status = mac_update( &operation, input, input_length );
status = mbedtls_psa_mac_update( &operation, input, input_length );
if( status != PSA_SUCCESS )
goto exit;
}
status = mac_finish_internal( &operation, mac, mac_size );
status = psa_mac_finish_internal( &operation, mac, mac_size );
if( status == PSA_SUCCESS )
*mac_length = mac_size;
exit:
mac_abort( &operation );
mbedtls_psa_mac_abort( &operation );
return( status );
}
#endif /* BUILTIN_ALG_HMAC || BUILTIN_ALG_CMAC */
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
psa_status_t mbedtls_psa_mac_compute(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length )
{
return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
input, input_length,
mac, mac_size, mac_length ) );
}
psa_status_t mbedtls_psa_mac_sign_setup(
mbedtls_psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg )
{
return( mac_setup( operation, attributes,
key_buffer, key_buffer_size, alg ) );
}
psa_status_t mbedtls_psa_mac_verify_setup(
mbedtls_psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg )
{
return( mac_setup( operation, attributes,
key_buffer, key_buffer_size, alg ) );
}
psa_status_t mbedtls_psa_mac_update(
mbedtls_psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length )
{
return( mac_update( operation, input, input_length ) );
}
psa_status_t mbedtls_psa_mac_sign_finish(
mbedtls_psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length )
{
return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
}
psa_status_t mbedtls_psa_mac_verify_finish(
mbedtls_psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length )
{
return( mac_verify_finish( operation, mac, mac_length ) );
}
psa_status_t mbedtls_psa_mac_abort(
mbedtls_psa_mac_operation_t *operation )
{
return( mac_abort( operation ) );
}
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/
#if defined(PSA_CRYPTO_DRIVER_TEST)
static int is_mac_accelerated( psa_algorithm_t alg )
{
#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
if( PSA_ALG_IS_HMAC( alg ) )
return( 1 );
#endif
switch( PSA_ALG_FULL_LENGTH_MAC( alg ) )
{
#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)
case PSA_ALG_CMAC:
return( 1 );
#endif
default:
return( 0 );
}
}
psa_status_t mbedtls_transparent_test_driver_mac_compute(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length )
{
if( is_mac_accelerated( alg ) )
return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
input, input_length,
mac, mac_size, mac_length ) );
else
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_transparent_test_driver_mac_sign_setup(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg )
{
if( is_mac_accelerated( alg ) )
return( mac_setup( operation, attributes,
key_buffer, key_buffer_size, alg ) );
else
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_transparent_test_driver_mac_verify_setup(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg )
{
if( is_mac_accelerated( alg ) )
return( mac_setup( operation, attributes,
key_buffer, key_buffer_size, alg ) );
else
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_transparent_test_driver_mac_update(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const uint8_t *input,
size_t input_length )
{
if( is_mac_accelerated( operation->alg ) )
return( mac_update( operation, input, input_length ) );
else
return( PSA_ERROR_BAD_STATE );
}
psa_status_t mbedtls_transparent_test_driver_mac_sign_finish(
mbedtls_transparent_test_driver_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length )
{
if( is_mac_accelerated( operation->alg ) )
return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
else
return( PSA_ERROR_BAD_STATE );
}
psa_status_t mbedtls_transparent_test_driver_mac_verify_finish(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length )
{
if( is_mac_accelerated( operation->alg ) )
return( mac_verify_finish( operation, mac, mac_length ) );
else
return( PSA_ERROR_BAD_STATE );
}
psa_status_t mbedtls_transparent_test_driver_mac_abort(
mbedtls_transparent_test_driver_mac_operation_t *operation )
{
return( mac_abort( operation ) );
}
psa_status_t mbedtls_opaque_test_driver_mac_compute(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length )
{
/* Opaque driver testing is not implemented yet through this mechanism. */
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
(void) input;
(void) input_length;
(void) mac;
(void) mac_size;
(void) mac_length;
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_opaque_test_driver_mac_sign_setup(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg )
{
/* Opaque driver testing is not implemented yet through this mechanism. */
(void) operation;
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_opaque_test_driver_mac_verify_setup(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg )
{
/* Opaque driver testing is not implemented yet through this mechanism. */
(void) operation;
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_opaque_test_driver_mac_update(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const uint8_t *input,
size_t input_length )
{
/* Opaque driver testing is not implemented yet through this mechanism. */
(void) operation;
(void) input;
(void) input_length;
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_opaque_test_driver_mac_sign_finish(
mbedtls_opaque_test_driver_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length )
{
/* Opaque driver testing is not implemented yet through this mechanism. */
(void) operation;
(void) mac;
(void) mac_size;
(void) mac_length;
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_opaque_test_driver_mac_verify_finish(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length )
{
/* Opaque driver testing is not implemented yet through this mechanism. */
(void) operation;
(void) mac;
(void) mac_length;
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_opaque_test_driver_mac_abort(
mbedtls_opaque_test_driver_mac_operation_t *operation )
{
/* Opaque driver testing is not implemented yet through this mechanism. */
(void) operation;
return( PSA_ERROR_NOT_SUPPORTED );
}
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || MBEDTLS_PSA_BUILTIN_ALG_CMAC */
#endif /* MBEDTLS_PSA_CRYPTO_C */

96
library/psa_crypto_mac.h
View file

@ -273,100 +273,4 @@ psa_status_t mbedtls_psa_mac_verify_finish(
psa_status_t mbedtls_psa_mac_abort(
mbedtls_psa_mac_operation_t *operation );
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/
#if defined(PSA_CRYPTO_DRIVER_TEST)
psa_status_t mbedtls_transparent_test_driver_mac_compute(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length );
psa_status_t mbedtls_transparent_test_driver_mac_sign_setup(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg );
psa_status_t mbedtls_transparent_test_driver_mac_verify_setup(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg );
psa_status_t mbedtls_transparent_test_driver_mac_update(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const uint8_t *input,
size_t input_length );
psa_status_t mbedtls_transparent_test_driver_mac_sign_finish(
mbedtls_transparent_test_driver_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length );
psa_status_t mbedtls_transparent_test_driver_mac_verify_finish(
mbedtls_transparent_test_driver_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length );
psa_status_t mbedtls_transparent_test_driver_mac_abort(
mbedtls_transparent_test_driver_mac_operation_t *operation );
psa_status_t mbedtls_opaque_test_driver_mac_compute(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length );
psa_status_t mbedtls_opaque_test_driver_mac_sign_setup(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg );
psa_status_t mbedtls_opaque_test_driver_mac_verify_setup(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg );
psa_status_t mbedtls_opaque_test_driver_mac_update(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const uint8_t *input,
size_t input_length );
psa_status_t mbedtls_opaque_test_driver_mac_sign_finish(
mbedtls_opaque_test_driver_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length );
psa_status_t mbedtls_opaque_test_driver_mac_verify_finish(
mbedtls_opaque_test_driver_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length );
psa_status_t mbedtls_opaque_test_driver_mac_abort(
mbedtls_opaque_test_driver_mac_operation_t *operation );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_MAC_H */

256
library/psa_crypto_rsa.c
View file

@ -41,38 +41,12 @@
#include <mbedtls/pk.h>
#include <mbedtls/pk_internal.h>
#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) ) )
#define BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
#endif
#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) )
#define BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
#endif
#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && \
defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) && \
defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V15) ) )
#define BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
#endif
#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
( defined(PSA_CRYPTO_DRIVER_TEST) && \
defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) && \
defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) ) )
#define BUILTIN_ALG_RSA_PSS 1
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
defined(BUILTIN_ALG_RSA_PSS) || \
defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
/* Mbed TLS doesn't support non-byte-aligned key sizes (i.e. key sizes
* that are not a multiple of 8) well. For example, there is only
@ -147,15 +121,15 @@ exit:
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
* defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
* defined(BUILTIN_ALG_RSA_PSS) ||
* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
static psa_status_t rsa_import_key(
psa_status_t mbedtls_psa_rsa_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
@ -247,7 +221,7 @@ psa_status_t mbedtls_psa_rsa_export_key( psa_key_type_t type,
#endif /* MBEDTLS_PK_WRITE_C */
}
static psa_status_t rsa_export_public_key(
psa_status_t mbedtls_psa_rsa_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
@ -271,10 +245,10 @@ static psa_status_t rsa_export_public_key(
return( status );
}
#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
defined(MBEDTLS_GENPRIME)
static psa_status_t psa_rsa_read_exponent( const uint8_t *domain_parameters,
size_t domain_parameters_size,
@ -302,7 +276,7 @@ static psa_status_t psa_rsa_read_exponent( const uint8_t *domain_parameters,
return( PSA_SUCCESS );
}
static psa_status_t rsa_generate_key(
psa_status_t mbedtls_psa_rsa_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
@ -333,14 +307,15 @@ static psa_status_t rsa_generate_key(
return( status );
}
#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
* defined(MBEDTLS_GENPRIME) */
/****************************************************************/
/* Sign/verify hashes */
/****************************************************************/
#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || defined(BUILTIN_ALG_RSA_PSS)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
/* Decode the hash algorithm from alg and store the mbedtls encoding in
* md_alg. Verify that the hash length is acceptable. */
@ -372,7 +347,7 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
return( PSA_SUCCESS );
}
static psa_status_t rsa_sign_hash(
psa_status_t mbedtls_psa_rsa_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
@ -400,7 +375,7 @@ static psa_status_t rsa_sign_hash(
goto exit;
}
#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
{
mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
@ -415,8 +390,8 @@ static psa_status_t rsa_sign_hash(
signature );
}
else
#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
#if defined(BUILTIN_ALG_RSA_PSS)
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
if( PSA_ALG_IS_RSA_PSS( alg ) )
{
mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
@ -430,7 +405,7 @@ static psa_status_t rsa_sign_hash(
signature );
}
else
#endif /* BUILTIN_ALG_RSA_PSS */
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
@ -447,7 +422,7 @@ exit:
return( status );
}
#if defined(BUILTIN_ALG_RSA_PSS)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
static int rsa_pss_expected_salt_len( psa_algorithm_t alg,
const mbedtls_rsa_context *rsa,
size_t hash_length )
@ -466,9 +441,9 @@ static int rsa_pss_expected_salt_len( psa_algorithm_t alg,
else
return( room );
}
#endif
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
static psa_status_t rsa_verify_hash(
psa_status_t mbedtls_psa_rsa_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
@ -496,7 +471,7 @@ static psa_status_t rsa_verify_hash(
goto exit;
}
#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
{
mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
@ -511,8 +486,8 @@ static psa_status_t rsa_verify_hash(
signature );
}
else
#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
#if defined(BUILTIN_ALG_RSA_PSS)
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
if( PSA_ALG_IS_RSA_PSS( alg ) )
{
int slen = rsa_pss_expected_salt_len( alg, rsa, hash_length );
@ -529,7 +504,7 @@ static psa_status_t rsa_verify_hash(
signature );
}
else
#endif /* BUILTIN_ALG_RSA_PSS */
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
@ -549,176 +524,7 @@ exit:
return( status );
}
#endif /* defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
* defined(BUILTIN_ALG_RSA_PSS) */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
psa_status_t mbedtls_psa_rsa_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
size_t *key_buffer_length, size_t *bits )
{
return( rsa_import_key( attributes, data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits ) );
}
psa_status_t mbedtls_psa_rsa_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
{
return( rsa_export_public_key( attributes, key_buffer, key_buffer_size,
data, data_size, data_length ) );
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
defined(MBEDTLS_GENPRIME)
psa_status_t mbedtls_psa_rsa_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
return( rsa_generate_key( attributes, key_buffer, key_buffer_size,
key_buffer_length ) );
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
* defined(MBEDTLS_GENPRIME) */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
psa_status_t mbedtls_psa_rsa_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length )
{
return( rsa_sign_hash(
attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_size, signature_length ) );
}
psa_status_t mbedtls_psa_rsa_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length )
{
return( rsa_verify_hash(
attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_length ) );
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/
#if defined(PSA_CRYPTO_DRIVER_TEST)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
psa_status_t mbedtls_transparent_test_driver_rsa_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
size_t *key_buffer_length, size_t *bits )
{
return( rsa_import_key( attributes, data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits ) );
}
psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
{
return( rsa_export_public_key( attributes, key_buffer, key_buffer_size,
data, data_size, data_length ) );
}
#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) ||
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) */
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
psa_status_t mbedtls_transparent_test_driver_rsa_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
return( rsa_generate_key( attributes, key_buffer, key_buffer_size,
key_buffer_length ) );
}
#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) */
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length )
{
#if defined(MBEDTLS_RSA_C) && \
(defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21))
return( rsa_sign_hash(
attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_size, signature_length ) );
#else
(void)attributes;
(void)key_buffer;
(void)key_buffer_size;
(void)alg;
(void)hash;
(void)hash_length;
(void)signature;
(void)signature_size;
(void)signature_length;
return( PSA_ERROR_NOT_SUPPORTED );
#endif
}
psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length )
{
#if defined(MBEDTLS_RSA_C) && \
(defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21))
return( rsa_verify_hash(
attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_length ) );
#else
(void)attributes;
(void)key_buffer;
(void)key_buffer_size;
(void)alg;
(void)hash;
(void)hash_length;
(void)signature;
(void)signature_length;
return( PSA_ERROR_NOT_SUPPORTED );
#endif
}
#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) ||
* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* MBEDTLS_PSA_CRYPTO_C */

35
library/psa_crypto_rsa.h
View file

@ -212,39 +212,4 @@ psa_status_t mbedtls_psa_rsa_verify_hash(
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length );
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/
#if defined(PSA_CRYPTO_DRIVER_TEST)
psa_status_t mbedtls_transparent_test_driver_rsa_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
size_t *key_buffer_length, size_t *bits );
psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length );
psa_status_t mbedtls_transparent_test_driver_rsa_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length );
psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length );
psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_RSA_H */

7
library/ssl_cli.c
View file

@ -37,6 +37,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "mbedtls/psa_util.h"
#include "psa/crypto.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#include <string.h>
@ -3242,7 +3243,11 @@ start_processing:
if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) )
{
size_t sig_len, hashlen;
unsigned char hash[64];
#if defined(MBEDTLS_USE_PSA_CRYPTO)
unsigned char hash[PSA_HASH_MAX_SIZE];
#else
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
#endif
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );

4
library/ssl_srv.c
View file

@ -3467,7 +3467,11 @@ curve_matching_done:
{
size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed;
size_t hashlen = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
unsigned char hash[PSA_HASH_MAX_SIZE];
#else
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
#endif
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/*

2
library/ssl_tls.c
View file

@ -7529,7 +7529,7 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
goto exit;
}
if( ( status = psa_hash_finish( &hash_operation, hash, MBEDTLS_MD_MAX_SIZE,
if( ( status = psa_hash_finish( &hash_operation, hash, PSA_HASH_MAX_SIZE,
hashlen ) ) != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", status );

2
tests/.gitignore vendored
View file

@ -13,3 +13,5 @@ include/test/instrument_record_status.h
src/*.o
src/drivers/*.o
src/libmbed*
libtestdriver1/*

45
tests/Makefile
View file

@ -144,6 +144,7 @@ ifndef WINDOWS
rm -rf $(BINARIES) *.c *.datax
rm -f src/*.o src/drivers/*.o src/libmbed*
rm -f include/test/instrument_record_status.h
rm -rf libtestdriver1
else
if exist *.c del /Q /F *.c
if exist *.exe del /Q /F *.exe
@ -160,6 +161,50 @@ check: $(BINARIES)
test: check
# Generate test library
# Perl code that is executed to transform each original line from a library
# source file into the corresponding line in the test driver copy of the
# library. Add a LIBTESTDRIVER1_/libtestdriver1_ to mbedtls_xxx and psa_xxx
# symbols.
define libtestdriver1_rewrite :=
s!^(\s*#\s*include\s*[\"<])(mbedtls|psa)/!$${1}libtestdriver1/include/$${2}/!; \
next if /^\s*#\s*include/; \
s/\b(?=MBEDTLS_|PSA_)/LIBTESTDRIVER1_/g; \
s/\b(?=mbedtls_|psa_)/libtestdriver1_/g;
endef
libtestdriver1.a:
# Copy the library and fake a 3rdparty Makefile include.
rm -Rf ./libtestdriver1
mkdir ./libtestdriver1
cp -Rf ../library ./libtestdriver1
cp -Rf ../include ./libtestdriver1
mkdir ./libtestdriver1/3rdparty
touch ./libtestdriver1/3rdparty/Makefile.inc
# Set the test driver base (minimal) configuration.
cp ./include/test/drivers/config_test_driver.h ./libtestdriver1/include/mbedtls/config.h
# Set the PSA cryptography configuration for the test library.
# It is set from the copied include/psa/crypto_config.h of the Mbed TLS
# library the test library is intended to be linked with extended by
# ./include/test/drivers/crypto_config_test_driver_extension.h to
# mirror the PSA_ACCEL_* macros.
mv ./libtestdriver1/include/psa/crypto_config.h ./libtestdriver1/include/psa/crypto_config.h.bak
head -n -1 ./libtestdriver1/include/psa/crypto_config.h.bak > ./libtestdriver1/include/psa/crypto_config.h
cat ./include/test/drivers/crypto_config_test_driver_extension.h >> ./libtestdriver1/include/psa/crypto_config.h
echo "#endif /* PSA_CRYPTO_CONFIG_H */" >> ./libtestdriver1/include/psa/crypto_config.h
# Prefix MBEDTLS_* PSA_* symbols with LIBTESTDRIVER1_ as well as
# mbedtls_* psa_* symbols with libtestdriver1_ to avoid symbol clash
# when this test driver library is linked with the Mbed TLS library.
perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/library/*.[ch]
perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/include/*/*.h
$(MAKE) -C ./libtestdriver1/library CFLAGS="-I../../ $(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a
cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a
ifdef RECORD_PSA_STATUS_COVERAGE_LOG
include/test/instrument_record_status.h: ../include/psa/crypto.h Makefile
echo " Gen $@"

55
tests/include/test/drivers/config_test_driver.h Normal file
View file

@ -0,0 +1,55 @@
/*
* Mbed TLS configuration for PSA test driver libraries. It includes:
* . the minimum set of modules needed by the PSA core.
* . the Mbed TLS configuration options that may need to be additionally
* enabled for the purpose of a specific test.
* . the PSA configuration file for the Mbed TLS library and its test drivers.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef MBEDTLS_CONFIG_H
#define MBEDTLS_CONFIG_H
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#define MBEDTLS_PSA_CRYPTO_C
#define MBEDTLS_PSA_CRYPTO_CONFIG
/* PSA core mandatory configuration options */
#define MBEDTLS_CIPHER_C
#define MBEDTLS_AES_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ENTROPY_C
/*
* Configuration options that may need to be additionally enabled for the
* purpose of a specific set of tests.
*/
//#define MBEDTLS_SHA1_C
//#define MBEDTLS_SHA512_C
//#define MBEDTLS_PEM_PARSE_C
//#define MBEDTLS_BASE64_C
#include "mbedtls/config_psa.h"
#include "mbedtls/check_config.h"
#endif /* MBEDTLS_CONFIG_H */

231
tests/include/test/drivers/crypto_config_test_driver_extension.h Normal file
View file

@ -0,0 +1,231 @@
/**
* This file is intended to be used to build PSA test driver libraries. It is
* intended to be appended by the test build system to the crypto_config.h file
* of the Mbed TLS library the test library will be linked to. It mirrors the
* PSA_ACCEL_* macros defining the cryptographic operations the test library
* supports.
*/
#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)
#undef MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING
#else
#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING 1
#endif
#endif
#if defined(PSA_WANT_ALG_CBC_PKCS7)
#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)
#undef MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7
#else
#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 1
#endif
#endif
#if defined(PSA_WANT_ALG_CFB)
#if defined(MBEDTLS_PSA_ACCEL_ALG_CFB)
#undef MBEDTLS_PSA_ACCEL_ALG_CFB
#else
#define MBEDTLS_PSA_ACCEL_ALG_CFB 1
#endif
#endif
#if defined(PSA_WANT_ALG_CTR)
#if defined(MBEDTLS_PSA_ACCEL_ALG_CTR)
#undef MBEDTLS_PSA_ACCEL_ALG_CTR
#else
#define MBEDTLS_PSA_ACCEL_ALG_CTR 1
#endif
#endif
#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
#undef MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA
#else
#define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA 1
#endif
#endif
#if defined(PSA_WANT_ALG_ECDSA)
#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
#undef MBEDTLS_PSA_ACCEL_ALG_ECDSA
#else
#define MBEDTLS_PSA_ACCEL_ALG_ECDSA 1
#endif
#endif
#if defined(PSA_WANT_ALG_MD2)
#if defined(MBEDTLS_PSA_ACCEL_ALG_MD2)
#undef MBEDTLS_PSA_ACCEL_ALG_MD2
#else
#define MBEDTLS_PSA_ACCEL_ALG_MD2 1
#endif
#endif
#if defined(PSA_WANT_ALG_MD4)
#if defined(MBEDTLS_PSA_ACCEL_ALG_MD4)
#undef MBEDTLS_PSA_ACCEL_ALG_MD4
#else
#define MBEDTLS_PSA_ACCEL_ALG_MD4 1
#endif
#endif
#if defined(PSA_WANT_ALG_MD5)
#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
#undef MBEDTLS_PSA_ACCEL_ALG_MD5
#else
#define MBEDTLS_PSA_ACCEL_ALG_MD5 1
#endif
#endif
#if defined(PSA_WANT_ALG_OFB)
#if defined(MBEDTLS_PSA_ACCEL_ALG_OFB)
#undef MBEDTLS_PSA_ACCEL_ALG_OFB
#else
#define MBEDTLS_PSA_ACCEL_ALG_OFB 1
#endif
#endif
#if defined(PSA_WANT_ALG_RIPEMD160)
#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
#undef MBEDTLS_PSA_ACCEL_ALG_RIPEMD160
#else
#define MBEDTLS_PSA_ACCEL_ALG_RIPEMD160 1
#endif
#endif
#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN)
#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN
#else
#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN 1
#endif
#endif
#if defined(PSA_WANT_ALG_RSA_PSS)
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PSS
#else
#define MBEDTLS_PSA_ACCEL_ALG_RSA_PSS 1
#endif
#endif
#if defined(PSA_WANT_ALG_SHA_1)
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
#undef MBEDTLS_PSA_ACCEL_ALG_SHA_1
#else
#define MBEDTLS_PSA_ACCEL_ALG_SHA_1 1
#endif
#endif
#if defined(PSA_WANT_ALG_SHA_224)
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
#undef MBEDTLS_PSA_ACCEL_ALG_SHA_224
#else
#define MBEDTLS_PSA_ACCEL_ALG_SHA_224 1
#endif
#endif
#if defined(PSA_WANT_ALG_SHA_256)
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
#undef MBEDTLS_PSA_ACCEL_ALG_SHA_256
#else
#define MBEDTLS_PSA_ACCEL_ALG_SHA_256 1
#endif
#endif
#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
#undef MBEDTLS_PSA_ACCEL_ALG_SHA_384
#else
#define MBEDTLS_PSA_ACCEL_ALG_SHA_384 1
#endif
#endif
#if defined(PSA_WANT_ALG_SHA_512)
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
#undef MBEDTLS_PSA_ACCEL_ALG_SHA_512
#else
#define MBEDTLS_PSA_ACCEL_ALG_SHA_512 1
#endif
#endif
#if defined(PSA_WANT_ALG_XTS)
#if defined(MBEDTLS_PSA_ACCEL_ALG_XTS)
#undef MBEDTLS_PSA_ACCEL_ALG_XTS
#else
#define MBEDTLS_PSA_ACCEL_ALG_XTS 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_AES)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_AES
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR 1
#endif
#endif
#define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1
#define MBEDTLS_PSA_ACCEL_ALG_CCM 1
#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 1
#define MBEDTLS_PSA_ACCEL_ALG_CMAC 1
#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1
#define MBEDTLS_PSA_ACCEL_ALG_ECDH 1
#define MBEDTLS_PSA_ACCEL_ALG_GCM 1
#define MBEDTLS_PSA_ACCEL_ALG_HKDF 1
#define MBEDTLS_PSA_ACCEL_ALG_HMAC 1
#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1
#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1
#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER 1
#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF 1
#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS 1
#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1
#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1
#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1
#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 1
#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 1
#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 1
#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 1
#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 1
#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 1
#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 1
#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 1
#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1
#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1
#endif
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4 1
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 1
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY 1

2
tests/include/test/drivers/hash.h
View file

@ -74,7 +74,7 @@ psa_status_t mbedtls_test_transparent_hash_finish(
size_t *hash_length );
psa_status_t mbedtls_test_transparent_hash_abort(
mbedtls_psa_hash_operation_t *operation );
mbedtls_transparent_test_driver_hash_operation_t *operation );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_HASH_H */

5
tests/include/test/drivers/key_management.h
View file

@ -56,6 +56,11 @@ static inline mbedtls_test_driver_key_management_hooks_t
extern mbedtls_test_driver_key_management_hooks_t
mbedtls_test_driver_key_management_hooks;
psa_status_t mbedtls_test_transparent_init( void );
void mbedtls_test_transparent_free( void );
psa_status_t mbedtls_test_opaque_init( void );
void mbedtls_test_opaque_free( void );
psa_status_t mbedtls_test_transparent_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length );

28
tests/include/test/psa_exercise_key.h
View file

@ -56,6 +56,34 @@
#undef KNOWN_SUPPORTED_HASH_ALG
#endif
/** \def KNOWN_MBEDTLS_SUPPORTED_HASH_ALG
*
* A hash algorithm that is known to be supported by Mbed TLS APIs.
*
* This is used in some smoke tests where the hash algorithm is used as
* part of another algorithm like a signature algorithm and the hashing is
* completed through an Mbed TLS hash API, not the PSA one.
*/
#if defined(MBEDTLS_MD2_C)
#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_MD2
#elif defined(MBEDTLS_MD4_C)
#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_MD4
#elif defined(MBEDTLS_MD5_C)
#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_MD5
/* MBEDTLS_RIPEMD160_C omitted. This is necessary for the sake of
* exercise_signature_key() because Mbed TLS doesn't support RIPEMD160
* in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be
* implausible anyway. */
#elif defined(MBEDTLS_SHA1_C)
#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_SHA_1
#elif defined(MBEDTLS_SHA256_C)
#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_SHA_256
#elif defined(MBEDTLS_SHA512_C)
#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_SHA_512
#else
#undef KNOWN_MBEDLTS_SUPPORTED_HASH_ALG
#endif
/** \def KNOWN_SUPPORTED_BLOCK_CIPHER
*
* A block cipher that is known to be supported.

207
tests/scripts/all.sh
View file

@ -1591,15 +1591,179 @@ component_test_no_use_psa_crypto_full_cmake_asan() {
env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
}
component_test_psa_crypto_config_basic() {
# Test the library excluding all Mbed TLS cryptographic support for which
# we have an accelerator support. Acceleration is faked with the
# transparent test driver.
msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG + as much acceleration as supported"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
component_test_psa_crypto_config_accel_ecdsa () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
# partial support for cipher operations in the driver test library.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
# SHA384 needed for some ECDSA signature tests.
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
# Restore test driver base configuration
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
unset loc_accel_flags
unset loc_accel_list
if_build_succeeded not grep mbedtls_ecdsa_ library/ecdsa.o
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
make test
}
component_test_psa_crypto_config_accel_rsa_signature () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
# partial support for cipher operations in the driver test library.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
# It seems it is not possible to remove only the support for RSA signature
# in the library. Thus we have to remove all RSA support (signature and
# encryption/decryption). AS there is no driver support for asymmetric
# encryption/decryption so far remove RSA encryption/decryption from the
# application algorithm list.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
# Make sure both the library and the test library support the SHA hash
# algorithms and only those ones (SHA256 is included by default). That way:
# - the test library can compute the RSA signatures even in the case of a
# composite RSA signature algorithm based on a SHA hash (no other hash
# used in the unit tests).
# - the dependency of RSA signature tests on PSA_WANT_ALG_SHA_xyz is
# fulfilled as the hash SHA algorithm is supported by the library, and
# thus the tests are run, not skipped.
# - when testing a signature key with an algorithm wildcard built from
# PSA_ALG_ANY_HASH as algorithm to test with the key, the chosen hash
# algorithm based on the hashes supported by the library is also
# supported by the test library.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA1_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C
# We need PEM parsing in the test library as well to support the import
# of PEM encoded RSA keys.
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_PEM_PARSE_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_BASE64_C
loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY"
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
# Restore test driver base configuration
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA1_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_PEM_PARSE_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_BASE64_C
# Mbed TLS library build
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
# Remove RSA support and its dependencies
scripts/config.py unset MBEDTLS_PKCS1_V15
scripts/config.py unset MBEDTLS_PKCS1_V21
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
scripts/config.py unset MBEDTLS_RSA_C
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
scripts/config.py unset MBEDTLS_MD2_C
scripts/config.py unset MBEDTLS_MD4_C
scripts/config.py unset MBEDTLS_MD5_C
scripts/config.py unset MBEDTLS_RIPEMD160_C
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_1
scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
unset loc_accel_flags
unset loc_accel_list
if_build_succeeded not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o
if_build_succeeded not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
make test
}
component_test_psa_crypto_config_accel_hash () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
# partial support for cipher operations in the driver test library.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
loc_accel_list="ALG_MD4 ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_MD2_C
scripts/config.py unset MBEDTLS_MD4_C
scripts/config.py unset MBEDTLS_MD5_C
scripts/config.py unset MBEDTLS_RIPEMD160_C
scripts/config.py unset MBEDTLS_SHA1_C
# Don't unset MBEDTLS_SHA256_C as it is needed by PSA crypto core.
scripts/config.py unset MBEDTLS_SHA512_C
# Unset MBEDTLS_SSL_PROTO_SSL3, MBEDTLS_SSL_PROTO_TLS1 and MBEDTLS_SSL_PROTO_TLS1_1 as they depend on MBEDTLS_SHA1_C
scripts/config.py unset MBEDTLS_SSL_PROTO_SSL3
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_1
# Unset MBEDTLS_SSL_CBC_RECORD_SPLITTING as it depends on MBEDTLS_SSL_PROTO_TLS1 in the default configuration.
scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
unset loc_accel_flags
unset loc_accel_list
if_build_succeeded not grep mbedtls_sha512_init library/sha512.o
if_build_succeeded not grep mbedtls_sha1_init library/sha1.o
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
make test
}
component_test_psa_crypto_config_accel_cipher () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher"
loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB ALG_OFB ALG_XTS KEY_TYPE_DES"
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
# There is no intended accelerator support for ALG STREAM_CIPHER and
# ALG_ECB_NO_PADDING. Therefore, asking for them in the build implies the
@ -1608,26 +1772,25 @@ component_test_psa_crypto_config_basic() {
# PSA configuration options.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CMAC
# Don't test DES encryption as:
# 1) It is not an issue if we don't test all cipher types here.
# 2) That way we don't have to modify in psa_crypto.c the compilation
# guards MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES for the code they guard to be
# available to the test driver. Modifications that we would need to
# revert when we move to compile the test driver separately.
# We also disable MBEDTLS_DES_C as the dependencies on DES in PSA test
# suites are still based on MBEDTLS_DES_C and not PSA_WANT_KEY_TYPE_DES.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_DES
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7
scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR
scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB
scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB
scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
scripts/config.py unset MBEDTLS_DES_C
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
loc_cflags="${loc_cflags} -I../tests/include -O2"
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
make CC=gcc CFLAGS="$loc_cflags" LDFLAGS="$ASAN_CFLAGS"
unset loc_cflags
unset loc_accel_flags
unset loc_accel_list
msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG"
if_build_succeeded not grep mbedtls_des* library/des.o
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
make test
}

3
tests/scripts/check_names.py
View file

@ -779,7 +779,8 @@ class NameChecker():
match.name
for match
in self.parse_result["macros"] + self.parse_result["enum_consts"]}
typo_exclusion = re.compile(r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$")
typo_exclusion = re.compile(r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$|"
r"MBEDTLS_TEST_LIBTESTDRIVER*")
for name_match in self.parse_result["mbed_words"]:
found = name_match.name in all_caps_names

86
tests/src/drivers/hash.c
View file

@ -28,6 +28,10 @@
#include "test/drivers/hash.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/library/psa_crypto_hash.h"
#endif
mbedtls_test_driver_hash_hooks_t
mbedtls_test_driver_hash_hooks = MBEDTLS_TEST_DRIVER_HASH_INIT;
@ -45,10 +49,26 @@ psa_status_t mbedtls_test_transparent_hash_compute(
}
else
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_transparent_test_driver_hash_compute(
libtestdriver1_mbedtls_psa_hash_compute(
alg, input, input_length,
hash, hash_size, hash_length );
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_psa_hash_compute(
alg, input, input_length,
hash, hash_size, hash_length );
#else
(void) alg;
(void) input;
(void) input_length;
(void) hash;
(void) hash_size;
(void) hash_length;
mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return( mbedtls_test_driver_hash_hooks.driver_status );
@ -67,8 +87,18 @@ psa_status_t mbedtls_test_transparent_hash_setup(
}
else
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_transparent_test_driver_hash_setup( operation, alg );
libtestdriver1_mbedtls_psa_hash_setup( operation, alg );
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_psa_hash_setup( operation, alg );
#else
(void) operation;
(void) alg;
mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return( mbedtls_test_driver_hash_hooks.driver_status );
@ -87,9 +117,19 @@ psa_status_t mbedtls_test_transparent_hash_clone(
}
else
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_transparent_test_driver_hash_clone( source_operation,
target_operation );
libtestdriver1_mbedtls_psa_hash_clone( source_operation,
target_operation );
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_psa_hash_clone( source_operation, target_operation );
#else
(void) source_operation;
(void) target_operation;
mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return( mbedtls_test_driver_hash_hooks.driver_status );
@ -109,9 +149,20 @@ psa_status_t mbedtls_test_transparent_hash_update(
}
else
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_transparent_test_driver_hash_update(
libtestdriver1_mbedtls_psa_hash_update(
operation, input, input_length );
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_psa_hash_update( operation, input, input_length );
#else
(void) operation;
(void) input;
(void) input_length;
mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return( mbedtls_test_driver_hash_hooks.driver_status );
@ -132,9 +183,21 @@ psa_status_t mbedtls_test_transparent_hash_finish(
}
else
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_transparent_test_driver_hash_finish(
libtestdriver1_mbedtls_psa_hash_finish(
operation, hash, hash_size, hash_length );
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_psa_hash_finish( operation, hash, hash_size, hash_length );
#else
(void) operation;
(void) hash;
(void) hash_size;
(void) hash_length;
mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return( mbedtls_test_driver_hash_hooks.driver_status );
@ -152,8 +215,17 @@ psa_status_t mbedtls_test_transparent_hash_abort(
}
else
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_transparent_test_driver_hash_abort( operation );
libtestdriver1_mbedtls_psa_hash_abort( operation );
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
mbedtls_test_driver_hash_hooks.driver_status =
mbedtls_psa_hash_abort( operation );
#else
(void) operation;
mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return( mbedtls_test_driver_hash_hooks.driver_status );

95
tests/src/drivers/test_driver_cipher.c
View file

@ -34,6 +34,10 @@
#include "test/random.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/library/psa_crypto_cipher.h"
#endif
#include <string.h>
mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks =
@ -70,10 +74,21 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt(
psa_generate_random( output, PSA_CIPHER_IV_LENGTH( attributes->core.type, alg ) );
return( mbedtls_transparent_test_driver_cipher_encrypt(
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
return( libtestdriver1_mbedtls_psa_cipher_encrypt(
(const libtestdriver1_psa_key_attributes_t *)attributes,
key_buffer, key_buffer_size,
alg, input, input_length,
output, output_size, output_length ) );
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return( mbedtls_psa_cipher_encrypt(
attributes, key_buffer, key_buffer_size,
alg, input, input_length,
output, output_size, output_length ) );
#endif
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_test_transparent_cipher_decrypt(
@ -105,10 +120,21 @@ psa_status_t mbedtls_test_transparent_cipher_decrypt(
if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
return( mbedtls_test_driver_cipher_hooks.forced_status );
return( mbedtls_transparent_test_driver_cipher_decrypt(
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
return( libtestdriver1_mbedtls_psa_cipher_decrypt(
(const libtestdriver1_psa_key_attributes_t *)attributes,
key_buffer, key_buffer_size,
alg, input, input_length,
output, output_size, output_length ) );
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return( mbedtls_psa_cipher_decrypt(
attributes, key_buffer, key_buffer_size,
alg, input, input_length,
output, output_size, output_length ) );
#endif
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_test_transparent_cipher_encrypt_setup(
@ -128,8 +154,18 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt_setup(
if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
return( mbedtls_test_driver_cipher_hooks.forced_status );
return ( mbedtls_transparent_test_driver_cipher_encrypt_setup(
operation, attributes, key, key_length, alg ) );
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
return( libtestdriver1_mbedtls_psa_cipher_encrypt_setup(
operation,
(const libtestdriver1_psa_key_attributes_t *)attributes,
key, key_length, alg ) );
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return( mbedtls_psa_cipher_encrypt_setup(
operation, attributes, key, key_length, alg ) );
#endif
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_test_transparent_cipher_decrypt_setup(
@ -143,8 +179,18 @@ psa_status_t mbedtls_test_transparent_cipher_decrypt_setup(
if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
return( mbedtls_test_driver_cipher_hooks.forced_status );
return ( mbedtls_transparent_test_driver_cipher_decrypt_setup(
operation, attributes, key, key_length, alg ) );
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
return( libtestdriver1_mbedtls_psa_cipher_decrypt_setup(
operation,
(const libtestdriver1_psa_key_attributes_t *)attributes,
key, key_length, alg ) );
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return( mbedtls_psa_cipher_decrypt_setup(
operation, attributes, key, key_length, alg ) );
#endif
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_test_transparent_cipher_abort(
@ -155,7 +201,12 @@ psa_status_t mbedtls_test_transparent_cipher_abort(
if( operation->alg == 0 )
return( PSA_SUCCESS );
mbedtls_transparent_test_driver_cipher_abort( operation );
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
libtestdriver1_mbedtls_psa_cipher_abort( operation );
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
mbedtls_psa_cipher_abort( operation );
#endif
/* Wiping the entire struct here, instead of member-by-member. This is
* useful for the test suite, since it gives a chance of catching memory
@ -176,8 +227,15 @@ psa_status_t mbedtls_test_transparent_cipher_set_iv(
if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
return( mbedtls_test_driver_cipher_hooks.forced_status );
return( mbedtls_transparent_test_driver_cipher_set_iv(
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
return( libtestdriver1_mbedtls_psa_cipher_set_iv(
operation, iv, iv_length ) );
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return( mbedtls_psa_cipher_set_iv( operation, iv, iv_length ) );
#endif
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_test_transparent_cipher_update(
@ -206,9 +264,18 @@ psa_status_t mbedtls_test_transparent_cipher_update(
if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
return( mbedtls_test_driver_cipher_hooks.forced_status );
return( mbedtls_transparent_test_driver_cipher_update(
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
return( libtestdriver1_mbedtls_psa_cipher_update(
operation, input, input_length,
output, output_size, output_length ) );
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return( mbedtls_psa_cipher_update(
operation, input, input_length,
output, output_size, output_length ) );
#endif
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_test_transparent_cipher_finish(
@ -235,8 +302,16 @@ psa_status_t mbedtls_test_transparent_cipher_finish(
if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
return( mbedtls_test_driver_cipher_hooks.forced_status );
return( mbedtls_transparent_test_driver_cipher_finish(
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
return( libtestdriver1_mbedtls_psa_cipher_finish(
operation, output, output_size, output_length ) );
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return( mbedtls_psa_cipher_finish(
operation, output, output_size, output_length ) );
#endif
return( PSA_ERROR_NOT_SUPPORTED );
}
/*

208
tests/src/drivers/test_driver_key_management.c
View file

@ -33,9 +33,13 @@
#include "mbedtls/error.h"
#include "test/drivers/key_management.h"
#include "test/random.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/library/psa_crypto_ecp.h"
#include "libtestdriver1/library/psa_crypto_rsa.h"
#endif
#include <string.h>
mbedtls_test_driver_key_management_hooks_t
@ -60,6 +64,39 @@ const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] =
0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79,
0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c };
psa_status_t mbedtls_test_transparent_init( void )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
status = libtestdriver1_psa_crypto_init( );
if( status != PSA_SUCCESS )
return( status );
#endif
(void)status;
return( PSA_SUCCESS );
}
void mbedtls_test_transparent_free( void )
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
libtestdriver1_mbedtls_psa_crypto_free( );
#endif
return;
}
psa_status_t mbedtls_test_opaque_init( void )
{
return( PSA_SUCCESS );
}
void mbedtls_test_opaque_free( void )
{
return;
}
psa_status_t mbedtls_test_transparent_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length )
@ -80,27 +117,34 @@ psa_status_t mbedtls_test_transparent_generate_key(
return( PSA_SUCCESS );
}
/* Copied from psa_crypto.c */
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR)
if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) )
&& PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) )
if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) )
&& PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) )
{
return( mbedtls_transparent_test_driver_ecp_generate_key(
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
return( libtestdriver1_mbedtls_psa_ecp_generate_key(
(const libtestdriver1_psa_key_attributes_t *)attributes,
key, key_size, key_length ) );
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
return( mbedtls_psa_ecp_generate_key(
attributes, key, key_size, key_length ) );
#endif
}
else if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
return( libtestdriver1_mbedtls_psa_rsa_generate_key(
(const libtestdriver1_psa_key_attributes_t *)attributes,
key, key_size, key_length ) );
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
return( mbedtls_psa_rsa_generate_key(
attributes, key, key_size, key_length ) );
#endif
}
else
#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) */
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
if ( psa_get_key_type( attributes ) == PSA_KEY_TYPE_RSA_KEY_PAIR )
return( mbedtls_transparent_test_driver_rsa_generate_key(
attributes, key, key_size, key_length ) );
else
#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) */
{
(void)attributes;
return( PSA_ERROR_NOT_SUPPORTED );
}
(void)attributes;
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_test_opaque_generate_key(
@ -128,45 +172,56 @@ psa_status_t mbedtls_test_transparent_import_key(
if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
return( mbedtls_test_driver_key_management_hooks.forced_status );
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_type_t type = psa_get_key_type( attributes );
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
if( PSA_KEY_TYPE_IS_ECC( type ) )
{
status = mbedtls_transparent_test_driver_ecp_import_key(
attributes,
data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits );
}
else
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) )
return( libtestdriver1_mbedtls_psa_ecp_import_key(
(const libtestdriver1_psa_key_attributes_t *)attributes,
data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits ) );
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
return( mbedtls_psa_ecp_import_key(
attributes,
data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits ) );
#endif
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
if( PSA_KEY_TYPE_IS_RSA( type ) )
{
status = mbedtls_transparent_test_driver_rsa_import_key(
attributes,
data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits );
}
else
#endif
else if( PSA_KEY_TYPE_IS_RSA( type ) )
{
status = PSA_ERROR_NOT_SUPPORTED;
(void)data;
(void)data_length;
(void)key_buffer;
(void)key_buffer_size;
(void)key_buffer_length;
(void)bits;
(void)type;
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) )
return( libtestdriver1_mbedtls_psa_rsa_import_key(
(const libtestdriver1_psa_key_attributes_t *)attributes,
data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits ) );
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
return( mbedtls_psa_rsa_import_key(
attributes,
data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits ) );
#endif
}
return( status );
(void)data;
(void)data_length;
(void)key_buffer;
(void)key_buffer_size;
(void)key_buffer_length;
(void)bits;
(void)type;
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_test_opaque_export_key(
@ -255,39 +310,48 @@ psa_status_t mbedtls_test_transparent_export_public_key(
return( PSA_SUCCESS );
}
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_type_t key_type = psa_get_key_type( attributes );
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
if( PSA_KEY_TYPE_IS_ECC( key_type ) )
{
status = mbedtls_transparent_test_driver_ecp_export_public_key(
attributes,
key_buffer, key_buffer_size,
data, data_size, data_length );
}
else
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) )
return( libtestdriver1_mbedtls_psa_ecp_export_public_key(
(const libtestdriver1_psa_key_attributes_t *)attributes,
key_buffer, key_buffer_size,
data, data_size, data_length ) );
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
return( mbedtls_psa_ecp_export_public_key(
attributes,
key_buffer, key_buffer_size,
data, data_size, data_length ) );
#endif
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
if( PSA_KEY_TYPE_IS_RSA( key_type ) )
{
status = mbedtls_transparent_test_driver_rsa_export_public_key(
attributes,
key_buffer, key_buffer_size,
data, data_size, data_length );
}
else
#endif
else if( PSA_KEY_TYPE_IS_RSA( key_type ) )
{
status = PSA_ERROR_NOT_SUPPORTED;
(void)key_buffer;
(void)key_buffer_size;
(void)key_type;
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) )
return( libtestdriver1_mbedtls_psa_rsa_export_public_key(
(const libtestdriver1_psa_key_attributes_t *)attributes,
key_buffer, key_buffer_size,
data, data_size, data_length ) );
#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
return( mbedtls_psa_rsa_export_public_key(
attributes,
key_buffer, key_buffer_size,
data, data_size, data_length ) );
#endif
}
return( status );
(void)key_buffer;
(void)key_buffer_size;
(void)key_type;
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_test_opaque_export_public_key(

176
tests/src/drivers/test_driver_mac.c
View file

@ -28,6 +28,10 @@
#include "test/drivers/mac.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/library/psa_crypto_mac.h"
#endif
mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks =
MBEDTLS_TEST_DRIVER_MAC_INIT;
@ -51,11 +55,32 @@ psa_status_t mbedtls_test_transparent_mac_compute(
}
else
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_transparent_test_driver_mac_compute(
libtestdriver1_mbedtls_psa_mac_compute(
(const libtestdriver1_psa_key_attributes_t *)attributes,
key_buffer, key_buffer_size, alg,
input, input_length,
mac, mac_size, mac_length );
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_compute(
attributes, key_buffer, key_buffer_size, alg,
input, input_length,
mac, mac_size, mac_length );
#else
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
(void) input;
(void) input_length;
(void) mac;
(void) mac_size;
(void) mac_length;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return( mbedtls_test_driver_mac_hooks.driver_status );
@ -77,9 +102,25 @@ psa_status_t mbedtls_test_transparent_mac_sign_setup(
}
else
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_transparent_test_driver_mac_sign_setup(
libtestdriver1_mbedtls_psa_mac_sign_setup(
operation,
(const libtestdriver1_psa_key_attributes_t *)attributes,
key_buffer, key_buffer_size, alg );
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_sign_setup(
operation, attributes, key_buffer, key_buffer_size, alg );
#else
(void) operation;
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return( mbedtls_test_driver_mac_hooks.driver_status );
@ -101,9 +142,25 @@ psa_status_t mbedtls_test_transparent_mac_verify_setup(
}
else
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_transparent_test_driver_mac_verify_setup(
libtestdriver1_mbedtls_psa_mac_verify_setup(
operation,
(const libtestdriver1_psa_key_attributes_t *)attributes,
key_buffer, key_buffer_size, alg );
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_verify_setup(
operation, attributes, key_buffer, key_buffer_size, alg );
#else
(void) operation;
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return( mbedtls_test_driver_mac_hooks.driver_status );
@ -123,9 +180,21 @@ psa_status_t mbedtls_test_transparent_mac_update(
}
else
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_transparent_test_driver_mac_update(
libtestdriver1_mbedtls_psa_mac_update(
operation, input, input_length );
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_update(
operation, input, input_length );
#else
(void) operation;
(void) input;
(void) input_length;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return( mbedtls_test_driver_mac_hooks.driver_status );
@ -146,9 +215,22 @@ psa_status_t mbedtls_test_transparent_mac_sign_finish(
}
else
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_transparent_test_driver_mac_sign_finish(
libtestdriver1_mbedtls_psa_mac_sign_finish(
operation, mac, mac_size, mac_length );
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_sign_finish(
operation, mac, mac_size, mac_length );
#else
(void) operation;
(void) mac;
(void) mac_size;
(void) mac_length;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return( mbedtls_test_driver_mac_hooks.driver_status );
@ -168,9 +250,21 @@ psa_status_t mbedtls_test_transparent_mac_verify_finish(
}
else
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_transparent_test_driver_mac_verify_finish(
libtestdriver1_mbedtls_psa_mac_verify_finish(
operation, mac, mac_length );
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_verify_finish(
operation, mac, mac_length );
#else
(void) operation;
(void) mac;
(void) mac_length;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return( mbedtls_test_driver_mac_hooks.driver_status );
@ -188,8 +282,17 @@ psa_status_t mbedtls_test_transparent_mac_abort(
}
else
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_transparent_test_driver_mac_abort( operation );
libtestdriver1_mbedtls_psa_mac_abort( operation );
#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_psa_mac_abort( operation );
#else
(void) operation;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
#endif
}
return( mbedtls_test_driver_mac_hooks.driver_status );
@ -215,11 +318,16 @@ psa_status_t mbedtls_test_opaque_mac_compute(
}
else
{
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_opaque_test_driver_mac_compute(
attributes, key_buffer, key_buffer_size, alg,
input, input_length,
mac, mac_size, mac_length );
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
(void) input;
(void) input_length;
(void) mac;
(void) mac_size;
(void) mac_length;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
return( mbedtls_test_driver_mac_hooks.driver_status );
@ -241,9 +349,12 @@ psa_status_t mbedtls_test_opaque_mac_sign_setup(
}
else
{
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_opaque_test_driver_mac_sign_setup(
operation, attributes, key_buffer, key_buffer_size, alg );
(void) operation;
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
return( mbedtls_test_driver_mac_hooks.driver_status );
@ -265,9 +376,12 @@ psa_status_t mbedtls_test_opaque_mac_verify_setup(
}
else
{
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_opaque_test_driver_mac_verify_setup(
operation, attributes, key_buffer, key_buffer_size, alg );
(void) operation;
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) alg;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
return( mbedtls_test_driver_mac_hooks.driver_status );
@ -287,9 +401,10 @@ psa_status_t mbedtls_test_opaque_mac_update(
}
else
{
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_opaque_test_driver_mac_update(
operation, input, input_length );
(void) operation;
(void) input;
(void) input_length;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
return( mbedtls_test_driver_mac_hooks.driver_status );
@ -310,9 +425,11 @@ psa_status_t mbedtls_test_opaque_mac_sign_finish(
}
else
{
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_opaque_test_driver_mac_sign_finish(
operation, mac, mac_size, mac_length );
(void) operation;
(void) mac;
(void) mac_size;
(void) mac_length;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
return( mbedtls_test_driver_mac_hooks.driver_status );
@ -332,9 +449,10 @@ psa_status_t mbedtls_test_opaque_mac_verify_finish(
}
else
{
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_opaque_test_driver_mac_verify_finish(
operation, mac, mac_length );
(void) operation;
(void) mac;
(void) mac_length;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
return( mbedtls_test_driver_mac_hooks.driver_status );
@ -352,8 +470,8 @@ psa_status_t mbedtls_test_opaque_mac_abort(
}
else
{
mbedtls_test_driver_mac_hooks.driver_status =
mbedtls_opaque_test_driver_mac_abort( operation );
(void) operation;
mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
}
return( mbedtls_test_driver_mac_hooks.driver_status );

217
tests/src/drivers/test_driver_signature.c
View file

@ -33,13 +33,21 @@
#include "psa_crypto_rsa.h"
#include "mbedtls/ecp.h"
#include "test/drivers/hash.h"
#include "test/drivers/signature.h"
#include "test/drivers/hash.h"
#include "mbedtls/md.h"
#include "mbedtls/ecdsa.h"
#include "test/random.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/library/psa_crypto_ecp.h"
#include "libtestdriver1/library/psa_crypto_hash.h"
#include "libtestdriver1/library/psa_crypto_rsa.h"
#endif
#include <string.h>
mbedtls_test_driver_signature_hooks_t
@ -58,58 +66,70 @@ psa_status_t sign_hash(
size_t signature_size,
size_t *signature_length )
{
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
return( mbedtls_transparent_test_driver_rsa_sign_hash(
attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_size, signature_length ) );
}
else
#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) ||
* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */
#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \
defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
{
if(
#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
PSA_ALG_IS_ECDSA( alg )
#else
PSA_ALG_IS_RANDOMIZED_ECDSA( alg )
#endif
)
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ||
PSA_ALG_IS_RSA_PSS( alg) )
{
return( mbedtls_transparent_test_driver_ecdsa_sign_hash(
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) )
return( libtestdriver1_mbedtls_psa_rsa_sign_hash(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_size, signature_length ) );
#elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
return( mbedtls_psa_rsa_sign_hash(
attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_size, signature_length ) );
#endif
}
else
{
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
else
#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) ||
* defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */
else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
{
(void)attributes;
(void)key_buffer;
(void)key_buffer_size;
(void)alg;
(void)hash;
(void)hash_length;
(void)signature;
(void)signature_size;
(void)signature_length;
return( PSA_ERROR_NOT_SUPPORTED );
if( PSA_ALG_IS_ECDSA( alg ) )
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) )
return( libtestdriver1_mbedtls_psa_ecdsa_sign_hash(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_size, signature_length ) );
#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
return( mbedtls_psa_ecdsa_sign_hash(
attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_size, signature_length ) );
#endif
}
else
{
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
(void)attributes;
(void)key_buffer;
(void)key_buffer_size;
(void)alg;
(void)hash;
(void)hash_length;
(void)signature;
(void)signature_size;
(void)signature_length;
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t verify_hash(
@ -122,52 +142,69 @@ psa_status_t verify_hash(
const uint8_t *signature,
size_t signature_length )
{
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
{
return( mbedtls_transparent_test_driver_rsa_verify_hash(
attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_length ) );
}
else
#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) ||
* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */
#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \
defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
{
if( PSA_ALG_IS_ECDSA( alg ) )
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ||
PSA_ALG_IS_RSA_PSS( alg) )
{
return( mbedtls_transparent_test_driver_ecdsa_verify_hash(
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) )
return( libtestdriver1_mbedtls_psa_rsa_verify_hash(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_length ) );
#elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
return( mbedtls_psa_rsa_verify_hash(
attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_length ) );
#endif
}
else
{
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
else
#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) ||
* defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */
else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
{
(void)attributes;
(void)key_buffer;
(void)key_buffer_size;
(void)alg;
(void)hash;
(void)hash_length;
(void)signature;
(void)signature_length;
return( PSA_ERROR_NOT_SUPPORTED );
if( PSA_ALG_IS_ECDSA( alg ) )
{
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) )
return( libtestdriver1_mbedtls_psa_ecdsa_verify_hash(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_length ) );
#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
return( mbedtls_psa_ecdsa_verify_hash(
attributes,
key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_length ) );
#endif
}
else
{
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
(void)attributes;
(void)key_buffer;
(void)key_buffer_size;
(void)alg;
(void)hash;
(void)hash_length;
(void)signature;
(void)signature_length;
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t mbedtls_test_transparent_signature_sign_message(
@ -202,16 +239,26 @@ psa_status_t mbedtls_test_transparent_signature_sign_message(
return( PSA_SUCCESS );
}
status = mbedtls_transparent_test_driver_hash_compute(
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
status = libtestdriver1_mbedtls_psa_hash_compute(
PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
hash, sizeof( hash ), &hash_length );
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
status = mbedtls_psa_hash_compute(
PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
hash, sizeof( hash ), &hash_length );
#else
(void) input;
(void) input_length;
status = PSA_ERROR_NOT_SUPPORTED;
#endif
if( status != PSA_SUCCESS )
return status;
return sign_hash( attributes, key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_size, signature_length );
return( sign_hash( attributes, key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_size, signature_length ) );
}
psa_status_t mbedtls_test_opaque_signature_sign_message(
@ -257,16 +304,26 @@ psa_status_t mbedtls_test_transparent_signature_verify_message(
if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS )
return( mbedtls_test_driver_signature_verify_hooks.forced_status );
status = mbedtls_transparent_test_driver_hash_compute(
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
status = libtestdriver1_mbedtls_psa_hash_compute(
PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
hash, sizeof( hash ), &hash_length );
#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
status = mbedtls_psa_hash_compute(
PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
hash, sizeof( hash ), &hash_length );
#else
(void) input;
(void) input_length;
status = PSA_ERROR_NOT_SUPPORTED;
#endif
if( status != PSA_SUCCESS )
return status;
return verify_hash( attributes, key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_length );
return( verify_hash( attributes, key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_length ) );
}
psa_status_t mbedtls_test_opaque_signature_verify_message(
@ -313,9 +370,9 @@ psa_status_t mbedtls_test_transparent_signature_sign_hash(
return( PSA_SUCCESS );
}
return sign_hash( attributes, key_buffer, key_buffer_size,
return( sign_hash( attributes, key_buffer, key_buffer_size,
alg, hash, hash_length,
signature, signature_size, signature_length );
signature, signature_size, signature_length ) );
}
psa_status_t mbedtls_test_opaque_signature_sign_hash(

12
tests/src/psa_exercise_key.c
View file

@ -309,8 +309,8 @@ static int exercise_signature_key( mbedtls_svc_key_id_t key,
/* If the policy allows signing with any hash, just pick one. */
if( PSA_ALG_IS_SIGN_HASH( alg ) && hash_alg == PSA_ALG_ANY_HASH )
{
#if defined(KNOWN_SUPPORTED_HASH_ALG)
hash_alg = KNOWN_SUPPORTED_HASH_ALG;
#if defined(KNOWN_MBEDTLS_SUPPORTED_HASH_ALG)
hash_alg = KNOWN_MBEDTLS_SUPPORTED_HASH_ALG;
alg ^= PSA_ALG_ANY_HASH ^ hash_alg;
#else
TEST_ASSERT( ! "No hash algorithm for hash-and-sign testing" );
@ -643,7 +643,7 @@ int mbedtls_test_psa_exported_key_sanity_check(
TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) );
else
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C)
#if defined(MBEDTLS_ASN1_PARSE_C)
if( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
uint8_t *p = (uint8_t*) exported;
@ -690,7 +690,7 @@ int mbedtls_test_psa_exported_key_sanity_check(
TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
}
else
#endif /* MBEDTLS_RSA_C */
#endif /* MBEDTLS_ASN1_PARSE_C */
#if defined(MBEDTLS_ECP_C)
if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
@ -703,7 +703,7 @@ int mbedtls_test_psa_exported_key_sanity_check(
else
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_RSA_C)
#if defined(MBEDTLS_ASN1_PARSE_C)
if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY )
{
uint8_t *p = (uint8_t*) exported;
@ -731,7 +731,7 @@ int mbedtls_test_psa_exported_key_sanity_check(
PSA_EXPORT_PUBLIC_KEY_MAX_SIZE );
}
else
#endif /* MBEDTLS_RSA_C */
#endif /* MBEDTLS_ASN1_PARSE_C */
#if defined(MBEDTLS_ECP_C)
if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) )

42
tests/suites/test_suite_psa_crypto.data
View file

@ -1252,11 +1252,11 @@ depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_HMAC
mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_INVALID_ARGUMENT
PSA MAC setup: algorithm known but not supported, long key
depends_on:!MBEDTLS_MD5_C
depends_on:!PSA_WANT_ALG_MD5
mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f":PSA_ALG_HMAC(PSA_ALG_MD5):PSA_ERROR_NOT_SUPPORTED
PSA MAC setup: algorithm known but not supported, short key
depends_on:!MBEDTLS_MD5_C
depends_on:!PSA_WANT_ALG_MD5
mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708":PSA_ALG_HMAC(PSA_ALG_MD5):PSA_ERROR_NOT_SUPPORTED
PSA MAC: bad order function calls
@ -2512,7 +2512,7 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TY
sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
PSA sign hash: deterministic ECDSA SECP256R1 SHA-384
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C:MBEDLTS_PSA_BUILTIN_ALG_SHA_384
sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca"
PSA sign hash: deterministic ECDSA SECP384R1 SHA-256
@ -2608,11 +2608,11 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TY
sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
PSA sign/verify hash: randomized ECDSA SECP256R1 SHA-384
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384
sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f"
PSA sign/verify hash: deterministic ECDSA SECP256R1 SHA-384
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_384
sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f"
PSA sign/verify hash: randomized ECDSA SECP384R1 SHA-256
@ -2632,7 +2632,7 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE
verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong hash length
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_1
verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_1):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_ARGUMENT
PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (same size)
@ -2688,35 +2688,35 @@ depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLI
verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"44a09fa66f1b2e790474960e90517e418747cfcd18423dff957516a598569d74f26ef1eae4a200d12d801e16fc6fde375330c79c0d8430825e0a7f69c664faefccfa25e7fbfc68af02af0f67fe4c49f68f6abc68c8f66d3fd77fc838961f4415827340c66e39c79ed7dae0738c08ce8272aebe50c72e31994b9b6db640b51800"
PSA verify hash: RSA-1024 PSS SHA-512, slen=61 (bad)
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_512
verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"23f5b30c8d612d8f31206c177ac2023c4f44754d03c7ff67daff99f24fa369b3e5f7c15b228a4417a1ff1c93fb8d645d619c2f4f559ac6c7f7bac20ba9df32353d19941265a4e74261adaf45d48682c0bc86cea6128f11ad172ff461fb1d97bded615861843996e2a98e7b8313b695519d001ae35305d6cbf3c0ee6c7ab06d1a":PSA_ERROR_INVALID_SIGNATURE
PSA verify hash: RSA-1024 PSS-any-salt SHA-512, slen=61
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_512
verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"23f5b30c8d612d8f31206c177ac2023c4f44754d03c7ff67daff99f24fa369b3e5f7c15b228a4417a1ff1c93fb8d645d619c2f4f559ac6c7f7bac20ba9df32353d19941265a4e74261adaf45d48682c0bc86cea6128f11ad172ff461fb1d97bded615861843996e2a98e7b8313b695519d001ae35305d6cbf3c0ee6c7ab06d1a"
PSA verify hash: RSA-1024 PSS SHA-512, slen=62
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_512
verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"6b215d77cf88b2d08be53b4f3ac6e72ebfbf7e0dc6c1e77b238cfb661c247a011b8746709fbefe4bc05d37343391683e9489d720ecbb7df37f4e36967918958996939461703465c2014a4c12faf875f8def70070e55b765b165c7e9c6f2eb05c98351b1e82219c31a2fb3ddce05f8988f552ff92f0b3471f63c0e53824c550a4"
PSA verify hash: RSA-1024 PSS-any-salt SHA-512, slen=62
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_512
verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"6b215d77cf88b2d08be53b4f3ac6e72ebfbf7e0dc6c1e77b238cfb661c247a011b8746709fbefe4bc05d37343391683e9489d720ecbb7df37f4e36967918958996939461703465c2014a4c12faf875f8def70070e55b765b165c7e9c6f2eb05c98351b1e82219c31a2fb3ddce05f8988f552ff92f0b3471f63c0e53824c550a4"
PSA verify hash: RSA-528 PSS SHA-512, slen=0
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_512
verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"304a024300e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f0203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"a14ad0fef77d36c28658a66129ee632e40e1032003eefe7fcda8e52b06675a051c80b2ca1cb99ed0762e90c9a48c434cd1063638eed7895a9c770e5435af750a1955"
PSA verify hash: RSA-528 PSS-any-salt SHA-512, slen=0
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_512
verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"304a024300e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f0203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"a14ad0fef77d36c28658a66129ee632e40e1032003eefe7fcda8e52b06675a051c80b2ca1cb99ed0762e90c9a48c434cd1063638eed7895a9c770e5435af750a1955"
PSA verify hash: RSA-520 PSS SHA-512 (hash too large)
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_512
verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"3049024200d5a06f86e5b9d87428540165ca966fa8893a62e2a59d0bfd7617780bb039f9165a373a8e119d0766f8de556710f33f67019153bad8223775e797d451d48206f3bf0203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"deaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddead42":PSA_ERROR_INVALID_ARGUMENT
PSA verify hash: RSA-520 PSS-any-salt SHA-512 (hash too large)
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_512
verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"3049024200d5a06f86e5b9d87428540165ca966fa8893a62e2a59d0bfd7617780bb039f9165a373a8e119d0766f8de556710f33f67019153bad8223775e797d451d48206f3bf0203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"deaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddead42":PSA_ERROR_INVALID_ARGUMENT
PSA verify hash: RSA PSS SHA-256, wrong hash length (0 bytes)
@ -2780,7 +2780,7 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TY
sign_message_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548"
PSA sign message: deterministic ECDSA SECP256R1 SHA-384
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C:MBEDLTS_PSA_BUILTIN_ALG_SHA_384
sign_message_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"616263":"7ea712a20e3a8cbe0c6e64195362ba7635bbe78af51ddedd7a5fd858395250c592654c35d3b0614ae0e3b329c25cf5b4a5fcb243af3e3ad15c8446fe401be066"
PSA sign message: deterministic ECDSA SECP384R1 SHA-256
@ -2900,7 +2900,7 @@ depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAI
sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"616263"
PSA sign/verify message: deterministic ECDSA SECP256R1 SHA-384
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C:MBEDLTS_PSA_BUILTIN_ALG_SHA_384
sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"616263"
PSA sign/verify message: randomized ECDSA SECP384R1 SHA-256
@ -3036,11 +3036,11 @@ depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBL
asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"746869730069730061006c6162656c00":128:PSA_SUCCESS
PSA encrypt: RSA OAEP-SHA-384, good
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_384
asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":"":128:PSA_SUCCESS
PSA encrypt: RSA OAEP-SHA-384, good, with label
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_384
asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":"746869730069730061006c6162656c00":128:PSA_SUCCESS
PSA encrypt: RSA PKCS#1 v1.5, key pair
@ -3060,7 +3060,7 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBED
asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee":0:PSA_ERROR_INVALID_ARGUMENT
PSA encrypt: RSA OAEP-SHA-384, input too large
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_384
asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"":0:PSA_ERROR_INVALID_ARGUMENT
PSA encrypt: invalid algorithm
@ -3088,7 +3088,7 @@ depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_
asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"746869730069730061006c6162656c00"
PSA encrypt-decrypt: RSA OAEP-SHA-384
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_384
asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":""
PSA decrypt: RSA PKCS#1 v1.5: good #1
@ -3124,7 +3124,7 @@ depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_
asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"746869730069730061006c6162656c00":"74686973206973206e6f2073717565616d697368206f7373696672616765"
PSA decrypt: RSA OAEP-SHA-384, 30 bytes
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_384
asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0df6750b8fed749359c016887d2cf097cc512c065526a91a7ee9b345a1bfff833737e7326e54d03f6bb65971962885a7661a16858d53ea55821052f4c7798d395b5c5495332fd4174451a1a437f36c27f446b96f309ff1cb6837274aa8ae2b51a8a479d736d25b8d2ca8ab96fe589553a3e52818b7df75544eb5469977b29aa4":"":"74686973206973206e6f2073717565616d697368206f7373696672616765"
PSA decrypt: RSA OAEP-SHA-256, 30 bytes, wrong label (should be empty)

12
tests/suites/test_suite_psa_crypto_driver_wrappers.data
View file

@ -90,11 +90,11 @@ depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_
validate_key:PSA_SUCCESS:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS
validate key through transparent driver: fallback private key
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256
validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS
validate key through transparent driver: fallback public key
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256
validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS
validate key through transparent driver: error
@ -110,7 +110,7 @@ depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDT
export_key:PSA_SUCCESS:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_SUCCESS
export_key private to public through driver: fallback
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256
export_key:PSA_ERROR_NOT_SUPPORTED:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_SUCCESS
export_key private to public through driver: error
@ -126,11 +126,11 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
cipher_encrypt_validation:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317"
PSA symmetric encrypt validation: AES-CTR, 16 bytes, fallback
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER
depends_on:MBEDTLS_PSA_BUILTIN_ALG_CTR:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES
cipher_encrypt_validation:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
PSA symmetric encrypt validation: AES-CTR, 15 bytes, fallback
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER
depends_on:MBEDTLS_PSA_BUILTIN_ALG_CTR:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES
cipher_encrypt_validation:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317"
PSA symmetric encrypt multipart: AES-CTR, 16 bytes, good
@ -162,7 +162,7 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric decrypt: AES-CTR, 16 bytes, fallback
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER
depends_on:MBEDTLS_PSA_BUILTIN_ALG_CTR:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES
cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
PSA symmetric decrypt: AES-CTR, 16 bytes, fake

4
tests/suites/test_suite_psa_crypto_driver_wrappers.function
View file

@ -312,7 +312,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256 */
/* BEGIN_CASE */
void validate_key( int force_status_arg,
int key_type_arg,
data_t *key_input,
@ -348,7 +348,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256 */
/* BEGIN_CASE */
void export_key( int force_status_arg,
data_t *fake_output,
int key_in_type_arg,

4
tests/suites/test_suite_ssl.data
View file

@ -236,7 +236,7 @@ depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_CIPHER_MODE_CBC:MB
handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0
Handshake, PSK-WITH-AES-128-CBC-SHA
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0
DTLS Handshake, tls1_1
@ -268,7 +268,7 @@ depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_CIPHER_MODE_CBC:MB
handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1
DTLS Handshake, PSK-WITH-AES-128-CBC-SHA
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SHA1_C
handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1
DTLS Handshake with serialization, tls1_2

2
tests/suites/test_suite_x509parse.data
View file

@ -211,7 +211,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C:MBEDTLS_RSA_C
mbedtls_x509_crl_info:"data_files/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA with MD2\n"
X509 CRL Information MD4 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_RSA_C
mbedtls_x509_crl_info:"data_files/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD4\n"
X509 CRL Information MD5 Digest

2
visualc/VS2010/mbedTLS.vcxproj
View file

@ -248,6 +248,8 @@
<ClInclude Include="..\..\tests\include\test\random.h" />
<ClInclude Include="..\..\tests\include\test\drivers\aead.h" />
<ClInclude Include="..\..\tests\include\test\drivers\cipher.h" />
<ClInclude Include="..\..\tests\include\test\drivers\config_test_driver.h" />
<ClInclude Include="..\..\tests\include\test\drivers\crypto_config_test_driver_extension.h" />
<ClInclude Include="..\..\tests\include\test\drivers\hash.h" />
<ClInclude Include="..\..\tests\include\test\drivers\key_management.h" />
<ClInclude Include="..\..\tests\include\test\drivers\mac.h" />