Skip to content

T
Third Party Mbedtls

OpenHarmony / Third Party Mbedtls
大约 2 年 前同步成功

通知 0
Star 19
Fork 0
T
Third Party Mbedtls
未验证 提交 8856df66 编写于 作者: O openharmony_ci 提交者: Gitee
浏览文件
操作

!40 升级Mbedtls到2.16.11 

Merge pull request !40 from 毛宇锋/master
上级 dbea0ea3 2687ccbb
展开全部 隐藏空白更改
内联 并排
Showing with 4058 addition and 2897 deletion
.travis.yml 100755 → 100644
浏览文件 @ 8856df66
...@@ -32,12 +32,6 @@ jobs: ...@@ -32,12 +32,6 @@ jobs:
script: script:
- tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges' - tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges'
- name: macOS
os: osx
compiler: clang
script:
- tests/scripts/all.sh -k test_default_out_of_box
- name: Windows - name: Windows
os: windows os: windows
script: script:
......
ChangeLog
浏览文件 @ 8856df66
mbed TLS ChangeLog (Sorted per branch, date) mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.16.11 branch released 2021-07-07
Security
* Fix a bias in the generation of finite-field Diffie-Hellman-Merkle (DHM)
private keys and of blinding values for DHM and elliptic curves (ECP)
computations. Reported by FlorianF89 in #4245.
* Fix a potential side channel vulnerability in ECDSA ephemeral key generation.
An adversary who is capable of very precise timing measurements could
learn partial information about the leading bits of the nonce used for the
signature, allowing the recovery of the private key after observing a
large number of signature operations. This completes a partial fix in
Mbed TLS 2.16.4.
* It was possible to configure MBEDTLS_ECP_MAX_BITS to a value that is
too small, leading to buffer overflows in ECC operations. Fail the build
in such a case.
* An adversary with access to precise enough information about memory
accesses (typically, an untrusted operating system attacking a secure
enclave) could recover an RSA private key after observing the victim
performing a single private-key operation. Found and reported by
Zili KOU, Wenjian HE, Sharad Sinha, and Wei ZHANG.
* An adversary with access to precise enough timing information (typically, a
co-located process) could recover a Curve25519 or Curve448 static ECDH key
after inputting a chosen public key and observing the victim performing the
corresponding private-key operation. Found and reported by Leila Batina,
Lukas Chmielewski, Björn Haase, Niels Samwel and Peter Schwabe.
Bugfix
* Fix premature fopen() call in mbedtls_entropy_write_seed_file which may
lead to the seed file corruption in case if the path to the seed file is
equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE. Contributed by Victor
Krasnoshchok in #3616.
* Fix some cases in the bignum module where the library constructed an
unintended representation of the value 0 which was not processed
correctly by some bignum operations. This could happen when
mbedtls_mpi_read_string() was called on "-0", or when
mbedtls_mpi_mul_mpi() and mbedtls_mpi_mul_int() was called with one of
the arguments being negative and the other being 0. Fixes #4643.
* Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is
defined. Fixes #4217.
* Fix an incorrect error code when parsing a PKCS#8 private key.
* In a TLS client, enforce the Diffie-Hellman minimum parameter size
set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
minimum size was rounded down to the nearest multiple of 8.
* In library/net_sockets.c, _POSIX_C_SOURCE and _XOPEN_SOURCE are
defined to specific values. If the code is used in a context
where these are already defined, this can result in a compilation
error. Instead, assume that if they are defined, the values will
be adequate to build Mbed TLS.
* The cipher suite TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 was not available
when SHA-1 was disabled and was offered when SHA-1 was enabled but SHA-384
was disabled. Fix the dependency. Fixes #4472.
* Fix test suite code on platforms where int32_t is not int, such as
Arm Cortex-M. Fixes #4530.
* Fix some issues affecting MBEDTLS_ARIA_ALT implementations: a misplaced
directive in a header and a missing initialization in the self-test.
* Fix a missing initialization in the Camellia self-test, affecting
MBEDTLS_CAMELLIA_ALT implementations.
* Fix a regression introduced in 2.16.8 which broke (D)TLS CBC ciphersuites
(when the encrypt-then-MAC extension is not in use) with some ALT
implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing
the affected side to wrongly reject valid messages. Fixes #4118.
* Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with
MBEDTLS_ERR_NET_POLL_FAILED on Windows. Fixes #4465.
* Fix a resource leak in a test suite with an alternative AES
implementation. Fixes #4176.
* Fix a crash in mbedtls_mpi_debug_mpi on a bignum having 0 limbs.
Reported by lhuang04 in #4578. Fixes #4608.
* Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with
A=0 represented with 0 limbs. This bug could not be triggered by code
that constructed A with one of the mbedtls_mpi_read_xxx functions
(including in particular TLS code) since those always built an mpi object
with at least one limb. Credit to OSS-Fuzz. Fixes #4641.
* Fix mbedtls_mpi_gcd(G,A,B) when the value of B is zero. This had no
effect on Mbed TLS's internal use of mbedtls_mpi_gcd(), but may affect
applications that call mbedtls_mpi_gcd() directly. Fixes #4642.
* mbedtls_pk_sign() and mbedtls_pk_verify() and their extended and
restartable variants now require at least the specified hash length if
nonzero. Before, for RSA, hash_len was ignored in favor of the length of
the specified hash algorithm.
* Fix which alert is sent in some cases to conform to the
applicable RFC: on an invalid Finished message value, an
invalid max_fragment_length extension, or an
unsupported extension used by the server.
Changes
* Fix the setting of the read timeout in the DTLS sample programs.
* Remove the AES sample application programs/aes/aescrypt2 which shows
bad cryptographic practice. Fix #1906.
* When building the test suites with GNU make, invoke python3 or python, not
python2. The build still works with either Python 2.7 or 3.5+, but we
recommend using a version of Python that is supported upstream.
= mbed TLS 2.16.10 branch released 2021-03-12 = mbed TLS 2.16.10 branch released 2021-03-12
Default behavior changes Default behavior changes
......
Makefile 100755 → 100644
浏览文件 @ 8856df66
...@@ -124,11 +124,11 @@ endif ...@@ -124,11 +124,11 @@ endif
## Editor navigation files ## Editor navigation files
C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function) C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function)
# Exuberant-ctags invocation. Other ctags implementations may require different options. # Exuberant-ctags invocation. Other ctags implementations may require different options.
CTAGS = ctags --langmap=c:+.h.function -o CTAGS = ctags --langmap=c:+.h.function --line-directives=no -o
tags: $(C_SOURCE_FILES) tags: $(C_SOURCE_FILES)
$(CTAGS) $@ $(C_SOURCE_FILES) $(CTAGS) $@ $(C_SOURCE_FILES)
TAGS: $(C_SOURCE_FILES) TAGS: $(C_SOURCE_FILES)
etags -o $@ $(C_SOURCE_FILES) etags --no-line-directive -o $@ $(C_SOURCE_FILES)
global: GPATH GRTAGS GSYMS GTAGS global: GPATH GRTAGS GSYMS GTAGS
GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES) GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES)
ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc
......
README.OpenSource 100755 → 100644
浏览文件 @ 8856df66
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
"Name": "mbed TLS", "Name": "mbed TLS",
"License": "Apache License V2.0; GPL V2.0", "License": "Apache License V2.0; GPL V2.0",
"License File": "LICENSE", "License File": "LICENSE",
"Version Number": "2.16.10", "Version Number": "2.16.11",
"Owner": "shituanhui@huawei.com", "Owner": "shituanhui@huawei.com",
"Upstream URL": "https://tls.mbed.org/", "Upstream URL": "https://tls.mbed.org/",
"Description": "An open source, portable, easy to use, readable and flexible SSL library." "Description": "An open source, portable, easy to use, readable and flexible SSL library."
......
doxygen/input/doc_mainpage.h
浏览文件 @ 8856df66
...@@ -49,7 +49,7 @@ ...@@ -49,7 +49,7 @@
*/ */
/** /**
* @mainpage mbed TLS v2.16.10 source code documentation * @mainpage mbed TLS v2.16.11 source code documentation
* *
* This documentation describes the internal structure of mbed TLS. It was * This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in * automatically generated from specially formatted comment blocks in
......
doxygen/mbedtls.doxyfile
浏览文件 @ 8856df66
...@@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 ...@@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8
# identify the project. Note that if you do not use Doxywizard you need # identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces. # to put quotes around the project name if it contains spaces.
PROJECT_NAME = "mbed TLS v2.16.10" PROJECT_NAME = "mbed TLS v2.16.11"
# The PROJECT_NUMBER tag can be used to enter a project or revision number. # The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or # This could be handy for archiving the generated documentation or
......
include/mbedtls/aria.h 100755 → 100644
浏览文件 @ 8856df66
...@@ -88,14 +88,14 @@ ...@@ -88,14 +88,14 @@
/* MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED is deprecated and should not be used. */ /* MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED -0x0058 /**< ARIA hardware accelerator failed. */ #define MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED -0x0058 /**< ARIA hardware accelerator failed. */
#if !defined(MBEDTLS_ARIA_ALT)
// Regular implementation
//
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_ARIA_ALT)
// Regular implementation
//
/** /**
* \brief The ARIA context-type definition. * \brief The ARIA context-type definition.
*/ */
......
include/mbedtls/bn_mul.h 100755 → 100644
浏览文件 @ 8856df66
...@@ -71,6 +71,46 @@ ...@@ -71,6 +71,46 @@
#include "bignum.h" #include "bignum.h"
/*
* Conversion macros for embedded constants:
* build lists of mbedtls_mpi_uint's from lists of unsigned char's grouped by 8, 4 or 2
*/
#if defined(MBEDTLS_HAVE_INT32)
#define MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ) \
( (mbedtls_mpi_uint) (a) << 0 ) | \
( (mbedtls_mpi_uint) (b) << 8 ) | \
( (mbedtls_mpi_uint) (c) << 16 ) | \
( (mbedtls_mpi_uint) (d) << 24 )
#define MBEDTLS_BYTES_TO_T_UINT_2( a, b ) \
MBEDTLS_BYTES_TO_T_UINT_4( a, b, 0, 0 )
#define MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ), \
MBEDTLS_BYTES_TO_T_UINT_4( e, f, g, h )
#else /* 64-bits */
#define MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
( (mbedtls_mpi_uint) (a) << 0 ) | \
( (mbedtls_mpi_uint) (b) << 8 ) | \
( (mbedtls_mpi_uint) (c) << 16 ) | \
( (mbedtls_mpi_uint) (d) << 24 ) | \
( (mbedtls_mpi_uint) (e) << 32 ) | \
( (mbedtls_mpi_uint) (f) << 40 ) | \
( (mbedtls_mpi_uint) (g) << 48 ) | \
( (mbedtls_mpi_uint) (h) << 56 )
#define MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ) \
MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, 0, 0, 0, 0 )
#define MBEDTLS_BYTES_TO_T_UINT_2( a, b ) \
MBEDTLS_BYTES_TO_T_UINT_8( a, b, 0, 0, 0, 0, 0, 0 )
#endif /* bits in mbedtls_mpi_uint */
#if defined(MBEDTLS_HAVE_ASM) #if defined(MBEDTLS_HAVE_ASM)
#ifndef asm #ifndef asm
......
include/mbedtls/ecp.h 100755 → 100644
浏览文件 @ 8856df66
...@@ -154,6 +154,40 @@ typedef struct mbedtls_ecp_point ...@@ -154,6 +154,40 @@ typedef struct mbedtls_ecp_point
} }
mbedtls_ecp_point; mbedtls_ecp_point;
/* Determine the minimum safe value of MBEDTLS_ECP_MAX_BITS. */
#if !defined(MBEDTLS_ECP_C)
#define MBEDTLS_ECP_MAX_BITS_MIN 0
/* Note: the curves must be listed in DECREASING size! */
#elif defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 521
#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 512
#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 448
#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 384
#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 384
#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 256
#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 256
#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 256
#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 255
#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 225 // n is slightly above 2^224
#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 224
#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 192
#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 192
#else
#error "MBEDTLS_ECP_C enabled, but no curve?"
#endif
#if !defined(MBEDTLS_ECP_ALT) #if !defined(MBEDTLS_ECP_ALT)
/* /*
* default mbed TLS elliptic curve arithmetic implementation * default mbed TLS elliptic curve arithmetic implementation
...@@ -228,7 +262,13 @@ mbedtls_ecp_group; ...@@ -228,7 +262,13 @@ mbedtls_ecp_group;
* \{ * \{
*/ */
#if !defined(MBEDTLS_ECP_MAX_BITS) #if defined(MBEDTLS_ECP_MAX_BITS)
#if MBEDTLS_ECP_MAX_BITS < MBEDTLS_ECP_MAX_BITS_MIN
#error "MBEDTLS_ECP_MAX_BITS is smaller than the largest supported curve"
#endif
#else
/** /**
* The maximum size of the groups, that is, of \c N and \c P. * The maximum size of the groups, that is, of \c N and \c P.
*/ */
......
include/mbedtls/padlock.h 100755 → 100644
浏览文件 @ 8856df66
...@@ -98,7 +98,7 @@ extern "C" { ...@@ -98,7 +98,7 @@ extern "C" {
* *
* \param feature The feature to detect * \param feature The feature to detect
* *
* \return 1 if CPU has support for the feature, 0 otherwise * \return non-zero if CPU has support for the feature, 0 otherwise
*/ */
int mbedtls_padlock_has_support( int feature ); int mbedtls_padlock_has_support( int feature );
......
include/mbedtls/ssl.h 100755 → 100644
浏览文件 @ 8856df66
...@@ -2237,7 +2237,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, ...@@ -2237,7 +2237,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
/** /**
* \brief Set the allowed curves in order of preference. * \brief Set the allowed curves in order of preference.
* (Default: all defined curves.) * (Default: all defined curves in order of decreasing size.)
* *
* On server: this only affects selection of the ECDHE curve; * On server: this only affects selection of the ECDHE curve;
* the curves used for ECDH and ECDSA are determined by the * the curves used for ECDH and ECDSA are determined by the
...@@ -2269,7 +2269,9 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, ...@@ -2269,7 +2269,9 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
/** /**
* \brief Set the allowed hashes for signatures during the handshake. * \brief Set the allowed hashes for signatures during the handshake.
* (Default: all available hashes except MD5.) * (Default: all SHA-2 hashes, largest first. Also SHA-1 if
* the compile-time option
* `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE` is enabled.)
* *
* \note This only affects which hashes are offered and can be used * \note This only affects which hashes are offered and can be used
* for signatures during the handshake. Hashes for message * for signatures during the handshake. Hashes for message
......
include/mbedtls/ssl_ticket.h 100755 → 100644
浏览文件 @ 8856df66
...@@ -124,7 +124,7 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ); ...@@ -124,7 +124,7 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
* Recommended value: 86400 (one day). * Recommended value: 86400 (one day).
* *
* \note It is highly recommended to select a cipher that is at * \note It is highly recommended to select a cipher that is at
* least as strong as the the strongest ciphersuite * least as strong as the strongest ciphersuite
* supported. Usually that means a 256-bit key. * supported. Usually that means a 256-bit key.
* *
* \note The lifetime of the keys is twice the lifetime of tickets. * \note The lifetime of the keys is twice the lifetime of tickets.
......
include/mbedtls/version.h 100755 → 100644
浏览文件 @ 8856df66
...@@ -65,16 +65,16 @@ ...@@ -65,16 +65,16 @@
*/ */
#define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 16 #define MBEDTLS_VERSION_MINOR 16
#define MBEDTLS_VERSION_PATCH 10 #define MBEDTLS_VERSION_PATCH 11
/** /**
* The single version number has the following structure: * The single version number has the following structure:
* MMNNPP00 * MMNNPP00
* Major version | Minor version | Patch version * Major version | Minor version | Patch version
*/ */
#define MBEDTLS_VERSION_NUMBER 0x02100A00 #define MBEDTLS_VERSION_NUMBER 0x02100B00
#define MBEDTLS_VERSION_STRING "2.16.10" #define MBEDTLS_VERSION_STRING "2.16.11"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.10" #define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.11"
#if defined(MBEDTLS_VERSION_C) #if defined(MBEDTLS_VERSION_C)
......
include/mbedtls/x509_crt.h 100755 → 100644
浏览文件 @ 8856df66
...@@ -229,12 +229,21 @@ typedef void mbedtls_x509_crt_restart_ctx; ...@@ -229,12 +229,21 @@ typedef void mbedtls_x509_crt_restart_ctx;
/** /**
* Default security profile. Should provide a good balance between security * Default security profile. Should provide a good balance between security
* and compatibility with current deployments. * and compatibility with current deployments.
*
* This profile permits:
* - SHA2 hashes.
* - All supported elliptic curves.
* - RSA with 2048 bits and above.
*
* New minor versions of Mbed TLS may extend this profile, for example if
* new curves are added to the library. New minor versions of Mbed TLS will
* not reduce this profile unless serious security concerns require it.
*/ */
extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default; extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
/** /**
* Expected next default profile. Recommended for new deployments. * Expected next default profile. Recommended for new deployments.
* Currently targets a 128-bit security level, except for RSA-2048. * Currently targets a 128-bit security level, except for allowing RSA-2048.
*/ */
extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next; extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;
......
library/CMakeLists.txt
浏览文件 @ 8856df66
...@@ -165,15 +165,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) ...@@ -165,15 +165,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedcrypto SHARED ${src_crypto}) add_library(mbedcrypto SHARED ${src_crypto})
set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.10 SOVERSION 3) set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.11 SOVERSION 3)
target_link_libraries(mbedcrypto ${libs}) target_link_libraries(mbedcrypto ${libs})
add_library(mbedx509 SHARED ${src_x509}) add_library(mbedx509 SHARED ${src_x509})
set_target_properties(mbedx509 PROPERTIES VERSION 2.16.10 SOVERSION 0) set_target_properties(mbedx509 PROPERTIES VERSION 2.16.11 SOVERSION 0)
target_link_libraries(mbedx509 ${libs} mbedcrypto) target_link_libraries(mbedx509 ${libs} mbedcrypto)
add_library(mbedtls SHARED ${src_tls}) add_library(mbedtls SHARED ${src_tls})
set_target_properties(mbedtls PROPERTIES VERSION 2.16.10 SOVERSION 12) set_target_properties(mbedtls PROPERTIES VERSION 2.16.11 SOVERSION 12)
target_link_libraries(mbedtls ${libs} mbedx509) target_link_libraries(mbedtls ${libs} mbedx509)
install(TARGETS mbedtls mbedx509 mbedcrypto install(TARGETS mbedtls mbedx509 mbedcrypto
......
library/aria.c
浏览文件 @ 8856df66
...@@ -952,7 +952,7 @@ static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertext ...@@ -952,7 +952,7 @@ static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertext
{ \ { \
if( verbose ) \ if( verbose ) \
mbedtls_printf( "failed\n" ); \ mbedtls_printf( "failed\n" ); \
return( 1 ); \ goto exit; \
} else { \ } else { \
if( verbose ) \ if( verbose ) \
mbedtls_printf( "passed\n" ); \ mbedtls_printf( "passed\n" ); \
...@@ -966,6 +966,7 @@ int mbedtls_aria_self_test( int verbose ) ...@@ -966,6 +966,7 @@ int mbedtls_aria_self_test( int verbose )
int i; int i;
uint8_t blk[MBEDTLS_ARIA_BLOCKSIZE]; uint8_t blk[MBEDTLS_ARIA_BLOCKSIZE];
mbedtls_aria_context ctx; mbedtls_aria_context ctx;
int ret = 1;
#if (defined(MBEDTLS_CIPHER_MODE_CFB) || defined(MBEDTLS_CIPHER_MODE_CTR)) #if (defined(MBEDTLS_CIPHER_MODE_CFB) || defined(MBEDTLS_CIPHER_MODE_CTR))
size_t j; size_t j;
...@@ -977,6 +978,8 @@ int mbedtls_aria_self_test( int verbose ) ...@@ -977,6 +978,8 @@ int mbedtls_aria_self_test( int verbose )
uint8_t buf[48], iv[MBEDTLS_ARIA_BLOCKSIZE]; uint8_t buf[48], iv[MBEDTLS_ARIA_BLOCKSIZE];
#endif #endif
mbedtls_aria_init( &ctx );
/* /*
* Test set 1 * Test set 1
*/ */
...@@ -1096,7 +1099,11 @@ int mbedtls_aria_self_test( int verbose ) ...@@ -1096,7 +1099,11 @@ int mbedtls_aria_self_test( int verbose )
mbedtls_printf( "\n" ); mbedtls_printf( "\n" );
#endif /* MBEDTLS_CIPHER_MODE_CTR */ #endif /* MBEDTLS_CIPHER_MODE_CTR */
return( 0 ); ret = 0;
exit:
mbedtls_aria_free( &ctx );
return( ret );
} }
#endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_SELF_TEST */
......
library/bignum.c
浏览文件 @ 8856df66
...@@ -267,6 +267,36 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ) ...@@ -267,6 +267,36 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y )
memcpy( Y, &T, sizeof( mbedtls_mpi ) ); memcpy( Y, &T, sizeof( mbedtls_mpi ) );
} }
/**
* Select between two sign values in constant-time.
*
* This is functionally equivalent to second ? a : b but uses only bit
* operations in order to avoid branches.
*
* \param[in] a The first sign; must be either +1 or -1.
* \param[in] b The second sign; must be either +1 or -1.
* \param[in] second Must be either 1 (return b) or 0 (return a).
*
* \return The selected sign value.
*/
static int mpi_safe_cond_select_sign( int a, int b, unsigned char second )
{
/* In order to avoid questions about what we can reasonnably assume about
* the representations of signed integers, move everything to unsigned
* by taking advantage of the fact that a and b are either +1 or -1. */
unsigned ua = a + 1;
unsigned ub = b + 1;
/* second was 0 or 1, mask is 0 or 2 as are ua and ub */
const unsigned mask = second << 1;
/* select ua or ub */
unsigned ur = ( ua & ~mask ) | ( ub & mask );
/* ur is now 0 or 2, convert back to -1 or +1 */
return( (int) ur - 1 );
}
/* /*
* Conditionally assign dest = src, without leaking information * Conditionally assign dest = src, without leaking information
* about whether the assignment was made or not. * about whether the assignment was made or not.
...@@ -279,8 +309,23 @@ static void mpi_safe_cond_assign( size_t n, ...@@ -279,8 +309,23 @@ static void mpi_safe_cond_assign( size_t n,
unsigned char assign ) unsigned char assign )
{ {
size_t i; size_t i;
/* MSVC has a warning about unary minus on unsigned integer types,
* but this is well-defined and precisely what we want to do here. */
#if defined(_MSC_VER)
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
/* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */
const mbedtls_mpi_uint mask = -assign;
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
for( i = 0; i < n; i++ ) for( i = 0; i < n; i++ )
dest[i] = dest[i] * ( 1 - assign ) + src[i] * assign; dest[i] = ( src[i] & mask ) | ( dest[i] & ~mask );
} }
/* /*
...@@ -292,20 +337,34 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned ...@@ -292,20 +337,34 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned
{ {
int ret = 0; int ret = 0;
size_t i; size_t i;
mbedtls_mpi_uint limb_mask;
MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( Y != NULL ); MPI_VALIDATE_RET( Y != NULL );
/* MSVC has a warning about unary minus on unsigned integer types,
* but this is well-defined and precisely what we want to do here. */
#if defined(_MSC_VER)
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
/* make sure assign is 0 or 1 in a time-constant manner */ /* make sure assign is 0 or 1 in a time-constant manner */
assign = (assign | (unsigned char)-assign) >> 7; assign = (assign | (unsigned char)-assign) >> (sizeof( assign ) * 8 - 1);
/* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */
limb_mask = -assign;
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
X->s = X->s * ( 1 - assign ) + Y->s * assign; X->s = mpi_safe_cond_select_sign( X->s, Y->s, assign );
mpi_safe_cond_assign( Y->n, X->p, Y->p, assign ); mpi_safe_cond_assign( Y->n, X->p, Y->p, assign );
for( i = Y->n; i < X->n; i++ ) for( i = Y->n; i < X->n; i++ )
X->p[i] *= ( 1 - assign ); X->p[i] &= ~limb_mask;
cleanup: cleanup:
return( ret ); return( ret );
...@@ -321,6 +380,7 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char sw ...@@ -321,6 +380,7 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char sw
{ {
int ret, s; int ret, s;
size_t i; size_t i;
mbedtls_mpi_uint limb_mask;
mbedtls_mpi_uint tmp; mbedtls_mpi_uint tmp;
MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( Y != NULL ); MPI_VALIDATE_RET( Y != NULL );
...@@ -328,22 +388,35 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char sw ...@@ -328,22 +388,35 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char sw
if( X == Y ) if( X == Y )
return( 0 ); return( 0 );
/* MSVC has a warning about unary minus on unsigned integer types,
* but this is well-defined and precisely what we want to do here. */
#if defined(_MSC_VER)
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
/* make sure swap is 0 or 1 in a time-constant manner */ /* make sure swap is 0 or 1 in a time-constant manner */
swap = (swap | (unsigned char)-swap) >> 7; swap = (swap | (unsigned char)-swap) >> (sizeof( swap ) * 8 - 1);
/* all-bits 1 if swap is 1, all-bits 0 if swap is 0 */
limb_mask = -swap;
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( Y, X->n ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( Y, X->n ) );
s = X->s; s = X->s;
X->s = X->s * ( 1 - swap ) + Y->s * swap; X->s = mpi_safe_cond_select_sign( X->s, Y->s, swap );
Y->s = Y->s * ( 1 - swap ) + s * swap; Y->s = mpi_safe_cond_select_sign( Y->s, s, swap );
for( i = 0; i < X->n; i++ ) for( i = 0; i < X->n; i++ )
{ {
tmp = X->p[i]; tmp = X->p[i];
X->p[i] = X->p[i] * ( 1 - swap ) + Y->p[i] * swap; X->p[i] = ( X->p[i] & ~limb_mask ) | ( Y->p[i] & limb_mask );
Y->p[i] = Y->p[i] * ( 1 - swap ) + tmp * swap; Y->p[i] = ( Y->p[i] & ~limb_mask ) | ( tmp & limb_mask );
} }
cleanup: cleanup:
...@@ -500,6 +573,7 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ) ...@@ -500,6 +573,7 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
{ {
int ret; int ret;
size_t i, j, slen, n; size_t i, j, slen, n;
int sign = 1;
mbedtls_mpi_uint d; mbedtls_mpi_uint d;
mbedtls_mpi T; mbedtls_mpi T;
MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( X != NULL );
...@@ -510,6 +584,12 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ) ...@@ -510,6 +584,12 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T );
if( s[0] == '-' )
{
++s;
sign = -1;
}
slen = strlen( s ); slen = strlen( s );
if( radix == 16 ) if( radix == 16 )
...@@ -524,12 +604,6 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ) ...@@ -524,12 +604,6 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
for( i = slen, j = 0; i > 0; i--, j++ ) for( i = slen, j = 0; i > 0; i--, j++ )
{ {
if( i == 1 && s[i - 1] == '-' )
{
X->s = -1;
break;
}
MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) ); MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) );
X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 ); X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 );
} }
...@@ -540,26 +614,15 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ) ...@@ -540,26 +614,15 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
for( i = 0; i < slen; i++ ) for( i = 0; i < slen; i++ )
{ {
if( i == 0 && s[i] == '-' )
{
X->s = -1;
continue;
}
MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i] ) ); MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i] ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T, X, radix ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T, X, radix ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) );
if( X->s == 1 )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) );
}
else
{
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( X, &T, d ) );
}
} }
} }
if( sign < 0 && mbedtls_mpi_bitlen( X ) != 0 )
X->s = -1;
cleanup: cleanup:
mbedtls_mpi_free( &T ); mbedtls_mpi_free( &T );
...@@ -1570,6 +1633,7 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi ...@@ -1570,6 +1633,7 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
int ret; int ret;
size_t i, j; size_t i, j;
mbedtls_mpi TA, TB; mbedtls_mpi TA, TB;
int result_is_zero = 0;
MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( A != NULL ); MPI_VALIDATE_RET( A != NULL );
MPI_VALIDATE_RET( B != NULL ); MPI_VALIDATE_RET( B != NULL );
...@@ -1582,10 +1646,14 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi ...@@ -1582,10 +1646,14 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
for( i = A->n; i > 0; i-- ) for( i = A->n; i > 0; i-- )
if( A->p[i - 1] != 0 ) if( A->p[i - 1] != 0 )
break; break;
if( i == 0 )
result_is_zero = 1;
for( j = B->n; j > 0; j-- ) for( j = B->n; j > 0; j-- )
if( B->p[j - 1] != 0 ) if( B->p[j - 1] != 0 )
break; break;
if( j == 0 )
result_is_zero = 1;
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
...@@ -1593,7 +1661,14 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi ...@@ -1593,7 +1661,14 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
for( ; j > 0; j-- ) for( ; j > 0; j-- )
mpi_mul_hlp( i, A->p, X->p + j - 1, B->p[j - 1] ); mpi_mul_hlp( i, A->p, X->p + j - 1, B->p[j - 1] );
X->s = A->s * B->s; /* If the result is 0, we don't shortcut the operation, which reduces
* but does not eliminate side channels leaking the zero-ness. We do
* need to take care to set the sign bit properly since the library does
* not fully support an MPI object with a value of 0 and s == -1. */
if( result_is_zero )
X->s = 1;
else
X->s = A->s * B->s;
cleanup: cleanup:
...@@ -2041,6 +2116,72 @@ static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, ...@@ -2041,6 +2116,72 @@ static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N,
mpi_montmul( A, &U, N, mm, T ); mpi_montmul( A, &U, N, mm, T );
} }
/*
* Constant-flow boolean "equal" comparison:
* return x == y
*
* This function can be used to write constant-time code by replacing branches
* with bit operations - it can be used in conjunction with
* mbedtls_ssl_cf_mask_from_bit().
*
* This function is implemented without using comparison operators, as those
* might be translated to branches by some compilers on some platforms.
*/
static size_t mbedtls_mpi_cf_bool_eq( size_t x, size_t y )
{
/* diff = 0 if x == y, non-zero otherwise */
const size_t diff = x ^ y;
/* MSVC has a warning about unary minus on unsigned integer types,
* but this is well-defined and precisely what we want to do here. */
#if defined(_MSC_VER)
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
/* diff_msb's most significant bit is equal to x != y */
const size_t diff_msb = ( diff | (size_t) -diff );
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
/* diff1 = (x != y) ? 1 : 0 */
const size_t diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 );
return( 1 ^ diff1 );
}
/**
* Select an MPI from a table without leaking the index.
*
* This is functionally equivalent to mbedtls_mpi_copy(R, T[idx]) except it
* reads the entire table in order to avoid leaking the value of idx to an
* attacker able to observe memory access patterns.
*
* \param[out] R Where to write the selected MPI.
* \param[in] T The table to read from.
* \param[in] T_size The number of elements in the table.
* \param[in] idx The index of the element to select;
* this must satisfy 0 <= idx < T_size.
*
* \return \c 0 on success, or a negative error code.
*/
static int mpi_select( mbedtls_mpi *R, const mbedtls_mpi *T, size_t T_size, size_t idx )
{
int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
size_t i;
for( i = 0; i < T_size; i++ )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( R, &T[i],
(unsigned char) mbedtls_mpi_cf_bool_eq( i, idx ) ) );
}
cleanup:
return( ret );
}
/* /*
* Sliding-window exponentiation: X = A^E mod N (HAC 14.85) * Sliding-window exponentiation: X = A^E mod N (HAC 14.85)
*/ */
...@@ -2053,7 +2194,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, ...@@ -2053,7 +2194,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
size_t i, j, nblimbs; size_t i, j, nblimbs;
size_t bufsize, nbits; size_t bufsize, nbits;
mbedtls_mpi_uint ei, mm, state; mbedtls_mpi_uint ei, mm, state;
mbedtls_mpi RR, T, W[ 1 << MBEDTLS_MPI_WINDOW_SIZE ], Apos; mbedtls_mpi RR, T, W[ 1 << MBEDTLS_MPI_WINDOW_SIZE ], WW, Apos;
int neg; int neg;
MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( X != NULL );
...@@ -2077,6 +2218,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, ...@@ -2077,6 +2218,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
mpi_montg_init( &mm, N ); mpi_montg_init( &mm, N );
mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &T );
mbedtls_mpi_init( &Apos ); mbedtls_mpi_init( &Apos );
mbedtls_mpi_init( &WW );
memset( W, 0, sizeof( W ) ); memset( W, 0, sizeof( W ) );
i = mbedtls_mpi_bitlen( E ); i = mbedtls_mpi_bitlen( E );
...@@ -2090,6 +2232,11 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, ...@@ -2090,6 +2232,11 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
#endif #endif
j = N->n + 1; j = N->n + 1;
/* All W[i] and X must have at least N->n limbs for the mpi_montmul()
* and mpi_montred() calls later. Here we ensure that W[1] and X are
* large enough, and later we'll grow other W[i] to the same length.
* They must not be shrunk midway through this function!
*/
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], j ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], j ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) );
...@@ -2127,6 +2274,10 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, ...@@ -2127,6 +2274,10 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &W[1], A, N ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &W[1], A, N ) );
else else
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) );
/* Re-grow W[1] if necessary. This should be only necessary in one corner
* case: when A == 0 represented with A.n == 0, mbedtls_mpi_copy shrinks
* W[1] to 0 limbs. */
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], N->n +1 ) );
mpi_montmul( &W[1], &RR, N, mm, &T ); mpi_montmul( &W[1], &RR, N, mm, &T );
...@@ -2217,7 +2368,8 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, ...@@ -2217,7 +2368,8 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
/* /*
* X = X * W[wbits] R^-1 mod N * X = X * W[wbits] R^-1 mod N
*/ */
mpi_montmul( X, &W[wbits], N, mm, &T ); MBEDTLS_MPI_CHK( mpi_select( &WW, W, (size_t) 1 << wsize, wbits ) );
mpi_montmul( X, &WW, N, mm, &T );
state--; state--;
nbits = 0; nbits = 0;
...@@ -2255,6 +2407,7 @@ cleanup: ...@@ -2255,6 +2407,7 @@ cleanup:
mbedtls_mpi_free( &W[i] ); mbedtls_mpi_free( &W[i] );
mbedtls_mpi_free( &W[1] ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &Apos ); mbedtls_mpi_free( &W[1] ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &Apos );
mbedtls_mpi_free( &WW );
if( _RR == NULL || _RR->p == NULL ) if( _RR == NULL || _RR->p == NULL )
mbedtls_mpi_free( &RR ); mbedtls_mpi_free( &RR );
...@@ -2283,6 +2436,16 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B ...@@ -2283,6 +2436,16 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B
lz = mbedtls_mpi_lsb( &TA ); lz = mbedtls_mpi_lsb( &TA );
lzt = mbedtls_mpi_lsb( &TB ); lzt = mbedtls_mpi_lsb( &TB );
/* The loop below gives the correct result when A==0 but not when B==0.
* So have a special case for B==0. Leverage the fact that we just
* calculated the lsb and lsb(B)==0 iff B is odd or 0 to make the test
* slightly more efficient than cmp_int(). */
if( lzt == 0 && mbedtls_mpi_get_bit( &TB, 0 ) == 0 )
{
ret = mbedtls_mpi_copy( G, A );
goto cleanup;
}
if( lzt < lz ) if( lzt < lz )
lz = lzt; lz = lzt;
...@@ -2291,11 +2454,52 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B ...@@ -2291,11 +2454,52 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B
TA.s = TB.s = 1; TA.s = TB.s = 1;
/* We mostly follow the procedure described in HAC 14.54, but with some
* minor differences:
* - Sequences of multiplications or divisions by 2 are grouped into a
* single shift operation.
* - The procedure in HAC assumes that 0 < TB <= TA.
* - The condition TB <= TA is not actually necessary for correctness.
* TA and TB have symmetric roles except for the loop termination
* condition, and the shifts at the beginning of the loop body
* remove any significance from the ordering of TA vs TB before
* the shifts.
* - If TA = 0, the loop goes through 0 iterations and the result is
* correctly TB.
* - The case TB = 0 was short-circuited above.
*
* For the correctness proof below, decompose the original values of
* A and B as
* A = sa * 2^a * A' with A'=0 or A' odd, and sa = +-1
* B = sb * 2^b * B' with B'=0 or B' odd, and sb = +-1
* Then gcd(A, B) = 2^{min(a,b)} * gcd(A',B'),
* and gcd(A',B') is odd or 0.
*
* At the beginning, we have TA = |A|/2^a and TB = |B|/2^b.
* The code maintains the following invariant:
* gcd(A,B) = 2^k * gcd(TA,TB) for some k (I)
*/
/* Proof that the loop terminates:
* At each iteration, either the right-shift by 1 is made on a nonzero
* value and the nonnegative integer bitlen(TA) + bitlen(TB) decreases
* by at least 1, or the right-shift by 1 is made on zero and then
* TA becomes 0 which ends the loop (TB cannot be 0 if it is right-shifted
* since in that case TB is calculated from TB-TA with the condition TB>TA).
*/
while( mbedtls_mpi_cmp_int( &TA, 0 ) != 0 ) while( mbedtls_mpi_cmp_int( &TA, 0 ) != 0 )
{ {
/* Divisions by 2 preserve the invariant (I). */
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, mbedtls_mpi_lsb( &TA ) ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, mbedtls_mpi_lsb( &TA ) ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, mbedtls_mpi_lsb( &TB ) ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, mbedtls_mpi_lsb( &TB ) ) );
/* Set either TA or TB to |TA-TB|/2. Since TA and TB are both odd,
* TA-TB is even so the division by 2 has an integer result.
* Invariant (I) is preserved since any odd divisor of both TA and TB
* also divides |TA-TB|/2, and any odd divisor of both TA and |TA-TB|/2
* also divides TB, and any odd divisior of both TB and |TA-TB|/2 also
* divides TA.
*/
if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 ) if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 )
{ {
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TA, &TA, &TB ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TA, &TA, &TB ) );
...@@ -2306,8 +2510,18 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B ...@@ -2306,8 +2510,18 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TB, &TB, &TA ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TB, &TB, &TA ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, 1 ) );
} }
/* Note that one of TA or TB is still odd. */
} }
/* By invariant (I), gcd(A,B) = 2^k * gcd(TA,TB) for some k.
* At the loop exit, TA = 0, so gcd(TA,TB) = TB.
* - If there was at least one loop iteration, then one of TA or TB is odd,
* and TA = 0, so TB is odd and gcd(TA,TB) = gcd(A',B'). In this case,
* lz = min(a,b) so gcd(A,B) = 2^lz * TB.
* - If there was no loop iteration, then A was 0, and gcd(A,B) = B.
* In this case, lz = 0 and B = TB so gcd(A,B) = B = 2^lz * TB as well.
*/
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &TB, lz ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &TB, lz ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( G, &TB ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( G, &TB ) );
......
library/camellia.c
浏览文件 @ 8856df66
...@@ -973,9 +973,11 @@ int mbedtls_camellia_self_test( int verbose ) ...@@ -973,9 +973,11 @@ int mbedtls_camellia_self_test( int verbose )
unsigned char nonce_counter[16]; unsigned char nonce_counter[16];
unsigned char stream_block[16]; unsigned char stream_block[16];
#endif #endif
int ret = 1;
mbedtls_camellia_context ctx; mbedtls_camellia_context ctx;
mbedtls_camellia_init( &ctx );
memset( key, 0, 32 ); memset( key, 0, 32 );
for( j = 0; j < 6; j++ ) { for( j = 0; j < 6; j++ ) {
...@@ -1005,8 +1007,7 @@ int mbedtls_camellia_self_test( int verbose ) ...@@ -1005,8 +1007,7 @@ int mbedtls_camellia_self_test( int verbose )
{ {
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( "failed\n" ); mbedtls_printf( "failed\n" );
goto exit;
return( 1 );
} }
} }
...@@ -1058,8 +1059,7 @@ int mbedtls_camellia_self_test( int verbose ) ...@@ -1058,8 +1059,7 @@ int mbedtls_camellia_self_test( int verbose )
{ {
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( "failed\n" ); mbedtls_printf( "failed\n" );
goto exit;
return( 1 );
} }
} }
...@@ -1102,8 +1102,7 @@ int mbedtls_camellia_self_test( int verbose ) ...@@ -1102,8 +1102,7 @@ int mbedtls_camellia_self_test( int verbose )
{ {
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( "failed\n" ); mbedtls_printf( "failed\n" );
goto exit;
return( 1 );
} }
} }
else else
...@@ -1118,8 +1117,7 @@ int mbedtls_camellia_self_test( int verbose ) ...@@ -1118,8 +1117,7 @@ int mbedtls_camellia_self_test( int verbose )
{ {
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( "failed\n" ); mbedtls_printf( "failed\n" );
goto exit;
return( 1 );
} }
} }
...@@ -1131,7 +1129,11 @@ int mbedtls_camellia_self_test( int verbose ) ...@@ -1131,7 +1129,11 @@ int mbedtls_camellia_self_test( int verbose )
mbedtls_printf( "\n" ); mbedtls_printf( "\n" );
#endif /* MBEDTLS_CIPHER_MODE_CTR */ #endif /* MBEDTLS_CIPHER_MODE_CTR */
return( 0 ); ret = 0;
exit:
mbedtls_camellia_free( &ctx );
return( ret );
} }
#endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_SELF_TEST */
......
library/debug.c
浏览文件 @ 8856df66
...@@ -261,8 +261,8 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level, ...@@ -261,8 +261,8 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
const char *text, const mbedtls_mpi *X ) const char *text, const mbedtls_mpi *X )
{ {
char str[DEBUG_BUF_SIZE]; char str[DEBUG_BUF_SIZE];
int j, k, zeros = 1; size_t bitlen;
size_t i, n, idx = 0; size_t idx = 0;
if( NULL == ssl || if( NULL == ssl ||
NULL == ssl->conf || NULL == ssl->conf ||
...@@ -273,55 +273,43 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level, ...@@ -273,55 +273,43 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
return; return;
} }
for( n = X->n - 1; n > 0; n-- ) bitlen = mbedtls_mpi_bitlen( X );
if( X->p[n] != 0 )
break;
for( j = ( sizeof(mbedtls_mpi_uint) << 3 ) - 1; j >= 0; j-- )
if( ( ( X->p[n] >> j ) & 1 ) != 0 )
break;
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "value of '%s' (%d bits) is:\n",
text, (int) ( ( n * ( sizeof(mbedtls_mpi_uint) << 3 ) ) + j + 1 ) );
mbedtls_snprintf( str, sizeof( str ), "value of '%s' (%u bits) is:\n",
text, (unsigned) bitlen );
debug_send_line( ssl, level, file, line, str ); debug_send_line( ssl, level, file, line, str );
idx = 0; if( bitlen == 0 )
for( i = n + 1, j = 0; i > 0; i-- )
{ {
if( zeros && X->p[i - 1] == 0 ) str[0] = ' '; str[1] = '0'; str[2] = '0';
continue; idx = 3;
}
for( k = sizeof( mbedtls_mpi_uint ) - 1; k >= 0; k-- ) else
{
int n;
for( n = (int) ( ( bitlen - 1 ) / 8 ); n >= 0; n-- )
{ {
if( zeros && ( ( X->p[i - 1] >> ( k << 3 ) ) & 0xFF ) == 0 ) size_t limb_offset = n / sizeof( mbedtls_mpi_uint );
continue; size_t offset_in_limb = n % sizeof( mbedtls_mpi_uint );
else unsigned char octet =
zeros = 0; ( X->p[limb_offset] >> ( offset_in_limb * 8 ) ) & 0xff;
mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x", octet );
if( j % 16 == 0 ) idx += 3;
/* Wrap lines after 16 octets that each take 3 columns */
if( idx >= 3 * 16 )
{ {
if( j > 0 ) mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
{ debug_send_line( ssl, level, file, line, str );
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" ); idx = 0;
debug_send_line( ssl, level, file, line, str );
idx = 0;
}
} }
idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x", (unsigned int)
( X->p[i - 1] >> ( k << 3 ) ) & 0xFF );
j++;
} }
} }
if( zeros == 1 ) if( idx != 0 )
idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " 00" ); {
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" ); debug_send_line( ssl, level, file, line, str );
debug_send_line( ssl, level, file, line, str ); }
} }
#endif /* MBEDTLS_BIGNUM_C */ #endif /* MBEDTLS_BIGNUM_C */
......
library/dhm.c
浏览文件 @ 8856df66
...@@ -130,22 +130,21 @@ static int dhm_read_bignum( mbedtls_mpi *X, ...@@ -130,22 +130,21 @@ static int dhm_read_bignum( mbedtls_mpi *X,
*/ */
static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P ) static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P )
{ {
mbedtls_mpi L, U; mbedtls_mpi U;
int ret = 0; int ret = 0;
mbedtls_mpi_init( &L ); mbedtls_mpi_init( &U ); mbedtls_mpi_init( &U );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &L, 2 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) );
if( mbedtls_mpi_cmp_mpi( param, &L ) < 0 || if( mbedtls_mpi_cmp_int( param, 2 ) < 0 ||
mbedtls_mpi_cmp_mpi( param, &U ) > 0 ) mbedtls_mpi_cmp_mpi( param, &U ) > 0 )
{ {
ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA; ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
} }
cleanup: cleanup:
mbedtls_mpi_free( &L ); mbedtls_mpi_free( &U ); mbedtls_mpi_free( &U );
return( ret ); return( ret );
} }
...@@ -181,38 +180,54 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, ...@@ -181,38 +180,54 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
} }
/* /*
* Setup and write the ServerKeyExchange parameters * Pick a random R in the range [2, M-2] for blinding or key generation.
*/ */
int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M,
unsigned char *output, size_t *olen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{ {
int ret, count = 0; int ret, count;
size_t n1, n2, n3; size_t m_size = mbedtls_mpi_size( M );
unsigned char *p; size_t m_bitlen = mbedtls_mpi_bitlen( M );
DHM_VALIDATE_RET( ctx != NULL );
DHM_VALIDATE_RET( output != NULL ); count = 0;
DHM_VALIDATE_RET( olen != NULL ); do
DHM_VALIDATE_RET( f_rng != NULL ); {
if( count++ > 30 )
return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( R, m_size, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( R, ( m_size * 8 ) - m_bitlen ) );
}
while( dhm_check_range( R, M ) != 0 );
cleanup:
return( ret );
}
static int dhm_make_common( mbedtls_dhm_context *ctx, int x_size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret = 0;
if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 ) if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( x_size < 0 )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
/* if( (unsigned) x_size < mbedtls_mpi_size( &ctx->P ) )
* Generate X as large as possible ( < P )
*/
do
{ {
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) );
}
while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) else
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) ); {
/* Generate X as large as possible ( <= P - 2 ) */
if( count++ > 10 ) ret = dhm_random_below( &ctx->X, &ctx->P, f_rng, p_rng );
if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED ); return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED );
if( ret != 0 )
return( ret );
} }
while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
/* /*
* Calculate GX = G^X mod P * Calculate GX = G^X mod P
...@@ -223,8 +238,33 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, ...@@ -223,8 +238,33 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 ) if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
return( ret ); return( ret );
cleanup:
return( ret );
}
/*
* Setup and write the ServerKeyExchange parameters
*/
int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
unsigned char *output, size_t *olen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
size_t n1, n2, n3;
unsigned char *p;
DHM_VALIDATE_RET( ctx != NULL );
DHM_VALIDATE_RET( output != NULL );
DHM_VALIDATE_RET( olen != NULL );
DHM_VALIDATE_RET( f_rng != NULL );
ret = dhm_make_common( ctx, x_size, f_rng, p_rng );
if( ret != 0 )
goto cleanup;
/* /*
* export P, G, GX * Export P, G, GX. RFC 5246 §4.4 states that "leading zero octets are
* not required". We omit leading zeros for compactness.
*/ */
#define DHM_MPI_EXPORT( X, n ) \ #define DHM_MPI_EXPORT( X, n ) \
do { \ do { \
...@@ -250,11 +290,9 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, ...@@ -250,11 +290,9 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
ctx->len = n1; ctx->len = n1;
cleanup: cleanup:
if( ret != 0 && ret > -128 )
if( ret != 0 )
return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED + ret ); return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED + ret );
return( ret );
return( 0 );
} }
/* /*
...@@ -306,7 +344,7 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, ...@@ -306,7 +344,7 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng ) void *p_rng )
{ {
int ret, count = 0; int ret;
DHM_VALIDATE_RET( ctx != NULL ); DHM_VALIDATE_RET( ctx != NULL );
DHM_VALIDATE_RET( output != NULL ); DHM_VALIDATE_RET( output != NULL );
DHM_VALIDATE_RET( f_rng != NULL ); DHM_VALIDATE_RET( f_rng != NULL );
...@@ -314,62 +352,18 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, ...@@ -314,62 +352,18 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
if( olen < 1 || olen > ctx->len ) if( olen < 1 || olen > ctx->len )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 ) ret = dhm_make_common( ctx, x_size, f_rng, p_rng );
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); if( ret == MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED )
return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED );
/* if( ret != 0 )
* generate X and calculate GX = G^X mod P goto cleanup;
*/
do
{
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) );
while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) );
if( count++ > 10 )
return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED );
}
while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
&ctx->P , &ctx->RP ) );
if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
return( ret );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->GX, output, olen ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->GX, output, olen ) );
cleanup: cleanup:
if( ret != 0 && ret > -128 )
if( ret != 0 )
return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED + ret ); return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED + ret );
return( 0 );
}
/*
* Pick a random R in the range [2, M) for blinding purposes
*/
static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret, count;
count = 0;
do
{
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( R, mbedtls_mpi_size( M ), f_rng, p_rng ) );
while( mbedtls_mpi_cmp_mpi( R, M ) >= 0 )
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( R, 1 ) );
if( count++ > 10 )
return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
}
while( mbedtls_mpi_cmp_int( R, 1 ) <= 0 );
cleanup:
return( ret ); return( ret );
} }
...@@ -420,7 +414,7 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx, ...@@ -420,7 +414,7 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx,
* We need to generate blinding values from scratch * We need to generate blinding values from scratch
*/ */
/* Vi = random( 2, P-1 ) */ /* Vi = random( 2, P-2 ) */
MBEDTLS_MPI_CHK( dhm_random_below( &ctx->Vi, &ctx->P, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( dhm_random_below( &ctx->Vi, &ctx->P, f_rng, p_rng ) );
/* Vf = Vi^-X mod P /* Vf = Vi^-X mod P
...@@ -484,8 +478,9 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, ...@@ -484,8 +478,9 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );
} }
/* Output the secret without any leading zero byte. This is mandatory
* for TLS per RFC 5246 §8.1.2. */
*olen = mbedtls_mpi_size( &ctx->K ); *olen = mbedtls_mpi_size( &ctx->K );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->K, output, *olen ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->K, output, *olen ) );
cleanup: cleanup:
......
library/ecp.c
浏览文件 @ 8856df66
...@@ -106,6 +106,7 @@ ...@@ -106,6 +106,7 @@
#include "mbedtls/ecp.h" #include "mbedtls/ecp.h"
#include "mbedtls/threading.h" #include "mbedtls/threading.h"
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
#include "mbedtls/bn_mul.h"
#include <string.h> #include <string.h>
...@@ -1738,18 +1739,17 @@ static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *p ...@@ -1738,18 +1739,17 @@ static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *p
/* Generate l such that 1 < l < p */ /* Generate l such that 1 < l < p */
do do
{ {
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); if( count++ > 30 )
while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 )
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) );
if( count++ > 10 )
{ {
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup; goto cleanup;
} }
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, ( p_size * 8 ) - grp->pbits ) );
} }
while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 ); while( ( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 ) ||
( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) );
/* Z = l * Z */ /* Z = l * Z */
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Z, &pt->Z, &l ) ); MOD_MUL( pt->Z ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Z, &pt->Z, &l ) ); MOD_MUL( pt->Z );
...@@ -2505,7 +2505,7 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P ...@@ -2505,7 +2505,7 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P
#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) #if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
if( mbedtls_internal_ecp_grp_capable( grp ) ) if( mbedtls_internal_ecp_grp_capable( grp ) )
return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ); return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ) );
#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */ #endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
p_size = ( grp->pbits + 7 ) / 8; p_size = ( grp->pbits + 7 ) / 8;
...@@ -2514,18 +2514,17 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P ...@@ -2514,18 +2514,17 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P
/* Generate l such that 1 < l < p */ /* Generate l such that 1 < l < p */
do do
{ {
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); if( count++ > 30 )
while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 )
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) );
if( count++ > 10 )
{ {
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup; goto cleanup;
} }
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, ( p_size * 8 ) - grp->pbits ) );
} }
while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 ); while( ( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 ) ||
( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->X, &P->X, &l ) ); MOD_MUL( P->X ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->X, &P->X, &l ) ); MOD_MUL( P->X );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->Z, &P->Z, &l ) ); MOD_MUL( P->Z ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->Z, &P->Z, &l ) ); MOD_MUL( P->Z );
...@@ -2970,6 +2969,97 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, ...@@ -2970,6 +2969,97 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
} }
#if defined(ECP_MONTGOMERY) #if defined(ECP_MONTGOMERY)
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
#define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)}
#define ECP_MPI_INIT_ARRAY(x) \
ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x)
/*
* Constants for the two points other than 0, 1, -1 (mod p) in
* https://cr.yp.to/ecdh.html#validate
* See ecp_check_pubkey_x25519().
*/
static const mbedtls_mpi_uint x25519_bad_point_1[] = {
MBEDTLS_BYTES_TO_T_UINT_8( 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae ),
MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a ),
MBEDTLS_BYTES_TO_T_UINT_8( 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd ),
MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 ),
};
static const mbedtls_mpi_uint x25519_bad_point_2[] = {
MBEDTLS_BYTES_TO_T_UINT_8( 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24 ),
MBEDTLS_BYTES_TO_T_UINT_8( 0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b ),
MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86 ),
MBEDTLS_BYTES_TO_T_UINT_8( 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57 ),
};
static const mbedtls_mpi ecp_x25519_bad_point_1 = ECP_MPI_INIT_ARRAY(
x25519_bad_point_1 );
static const mbedtls_mpi ecp_x25519_bad_point_2 = ECP_MPI_INIT_ARRAY(
x25519_bad_point_2 );
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
/*
* Check that the input point is not one of the low-order points.
* This is recommended by the "May the Fourth" paper:
* https://eprint.iacr.org/2017/806.pdf
* Those points are never sent by an honest peer.
*/
static int ecp_check_bad_points_mx( const mbedtls_mpi *X, const mbedtls_mpi *P,
const mbedtls_ecp_group_id grp_id )
{
int ret;
mbedtls_mpi XmP;
mbedtls_mpi_init( &XmP );
/* Reduce X mod P so that we only need to check values less than P.
* We know X < 2^256 so we can proceed by subtraction. */
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &XmP, X ) );
while( mbedtls_mpi_cmp_mpi( &XmP, P ) >= 0 )
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &XmP, &XmP, P ) );
/* Check against the known bad values that are less than P. For Curve448
* these are 0, 1 and -1. For Curve25519 we check the values less than P
* from the following list: https://cr.yp.to/ecdh.html#validate */
if( mbedtls_mpi_cmp_int( &XmP, 1 ) <= 0 ) /* takes care of 0 and 1 */
{
ret = MBEDTLS_ERR_ECP_INVALID_KEY;
goto cleanup;
}
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
if( grp_id == MBEDTLS_ECP_DP_CURVE25519 )
{
if( mbedtls_mpi_cmp_mpi( &XmP, &ecp_x25519_bad_point_1 ) == 0 )
{
ret = MBEDTLS_ERR_ECP_INVALID_KEY;
goto cleanup;
}
if( mbedtls_mpi_cmp_mpi( &XmP, &ecp_x25519_bad_point_2 ) == 0 )
{
ret = MBEDTLS_ERR_ECP_INVALID_KEY;
goto cleanup;
}
}
#else
(void) grp_id;
#endif
/* Final check: check if XmP + 1 is P (final because it changes XmP!) */
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &XmP, &XmP, 1 ) );
if( mbedtls_mpi_cmp_mpi( &XmP, P ) == 0 )
{
ret = MBEDTLS_ERR_ECP_INVALID_KEY;
goto cleanup;
}
ret = 0;
cleanup:
mbedtls_mpi_free( &XmP );
return( ret );
}
/* /*
* Check validity of a public key for Montgomery curves with x-only schemes * Check validity of a public key for Montgomery curves with x-only schemes
*/ */
...@@ -2981,7 +3071,13 @@ static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_ ...@@ -2981,7 +3071,13 @@ static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_
if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 ) if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 )
return( MBEDTLS_ERR_ECP_INVALID_KEY ); return( MBEDTLS_ERR_ECP_INVALID_KEY );
return( 0 ); /* Implicit in all standards (as they don't consider negative numbers):
* X must be non-negative. This is normally ensured by the way it's
* encoded for transmission, but let's be extra sure. */
if( mbedtls_mpi_cmp_int( &pt->X, 0 ) < 0 )
return( MBEDTLS_ERR_ECP_INVALID_KEY );
return( ecp_check_bad_points_mx( &pt->X, &grp->P, grp->id ) );
} }
#endif /* ECP_MONTGOMERY */ #endif /* ECP_MONTGOMERY */
...@@ -3059,6 +3155,11 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, ...@@ -3059,6 +3155,11 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
{ {
int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
size_t n_size; size_t n_size;
#if defined(ECP_SHORTWEIERSTRASS)
mbedtls_mpi one;
mbedtls_mpi_init( &one );
#endif
ECP_VALIDATE_RET( grp != NULL ); ECP_VALIDATE_RET( grp != NULL );
ECP_VALIDATE_RET( d != NULL ); ECP_VALIDATE_RET( d != NULL );
...@@ -3099,7 +3200,10 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, ...@@ -3099,7 +3200,10 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
{ {
/* SEC1 3.2.1: Generate d such that 1 <= n < N */ /* SEC1 3.2.1: Generate d such that 1 <= n < N */
int count = 0; int count = 0;
unsigned cmp = 0; unsigned lt_lower = 1, lt_upper = 0;
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &one, grp->N.n ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &one, 1 ) );
/* /*
* Match the procedure given in RFC 6979 (deterministic ECDSA): * Match the procedure given in RFC 6979 (deterministic ECDSA):
...@@ -3123,19 +3227,22 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, ...@@ -3123,19 +3227,22 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
* such as secp224k1 are actually very close to the worst case. * such as secp224k1 are actually very close to the worst case.
*/ */
if( ++count > 30 ) if( ++count > 30 )
return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
ret = mbedtls_mpi_lt_mpi_ct( d, &grp->N, &cmp );
if( ret != 0 )
{ {
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup; goto cleanup;
} }
MBEDTLS_MPI_CHK( mbedtls_mpi_lt_mpi_ct( d, &grp->N, &lt_upper ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lt_mpi_ct( d, &one, &lt_lower ) );
} }
while( mbedtls_mpi_cmp_int( d, 1 ) < 0 || cmp != 1 ); while( lt_lower != 0 || lt_upper == 0 );
} }
#endif /* ECP_SHORTWEIERSTRASS */ #endif /* ECP_SHORTWEIERSTRASS */
cleanup: cleanup:
#if defined(ECP_SHORTWEIERSTRASS)
mbedtls_mpi_free( &one );
#endif
return( ret ); return( ret );
} }
......
library/ecp_curves.c
浏览文件 @ 8856df66
此差异已折叠。
library/entropy.c
浏览文件 @ 8856df66
...@@ -494,14 +494,20 @@ int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx ) ...@@ -494,14 +494,20 @@ int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path ) int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path )
{ {
int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
FILE *f; FILE *f = NULL;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
if( ( f = fopen( path, "wb" ) ) == NULL )
return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
{
ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
goto exit;
}
if( ( f = fopen( path, "wb" ) ) == NULL )
{
ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
goto exit; goto exit;
}
if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != MBEDTLS_ENTROPY_BLOCK_SIZE ) if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != MBEDTLS_ENTROPY_BLOCK_SIZE )
{ {
...@@ -514,7 +520,9 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p ...@@ -514,7 +520,9 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p
exit: exit:
mbedtls_platform_zeroize( buf, sizeof( buf ) ); mbedtls_platform_zeroize( buf, sizeof( buf ) );
fclose( f ); if( f != NULL )
fclose( f );
return( ret ); return( ret );
} }
......
library/net_sockets.c
浏览文件 @ 8856df66
...@@ -47,11 +47,15 @@ ...@@ -47,11 +47,15 @@
/* Enable definition of getaddrinfo() even when compiling with -std=c99. Must /* Enable definition of getaddrinfo() even when compiling with -std=c99. Must
* be set before config.h, which pulls in glibc's features.h indirectly. * be set before config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */ * Harmless on other platforms. */
#ifndef _POSIX_C_SOURCE
#define _POSIX_C_SOURCE 200112L #define _POSIX_C_SOURCE 200112L
#endif
#if defined(__NetBSD__) #if defined(__NetBSD__)
#ifndef _XOPEN_SOURCE
#define _XOPEN_SOURCE 600 /* sockaddr_storage */ #define _XOPEN_SOURCE 600 /* sockaddr_storage */
#endif #endif
#endif
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
...@@ -162,6 +166,31 @@ static int net_prepare( void ) ...@@ -162,6 +166,31 @@ static int net_prepare( void )
return( 0 ); return( 0 );
} }
/*
* Return 0 if the file descriptor is valid, an error otherwise.
* If for_select != 0, check whether the file descriptor is within the range
* allowed for fd_set used for the FD_xxx macros and the select() function.
*/
static int check_fd( int fd, int for_select )
{
if( fd < 0 )
return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
!defined(EFI32)
(void) for_select;
#else
/* A limitation of select() is that it only works with file descriptors
* that are strictly less than FD_SETSIZE. This is a limitation of the
* fd_set type. Error out early, because attempting to call FD_SET on a
* large file descriptor is a buffer overflow on typical platforms. */
if( for_select && fd >= FD_SETSIZE )
return( MBEDTLS_ERR_NET_POLL_FAILED );
#endif
return( 0 );
}
/* /*
* Initialize a context * Initialize a context
*/ */
...@@ -493,15 +522,9 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) ...@@ -493,15 +522,9 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout )
int fd = ctx->fd; int fd = ctx->fd;
if( fd < 0 ) ret = check_fd( fd, 1 );
return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); if( ret != 0 )
return( ret );
/* A limitation of select() is that it only works with file descriptors
* that are strictly less than FD_SETSIZE. This is a limitation of the
* fd_set type. Error out early, because attempting to call FD_SET on a
* large file descriptor is a buffer overflow on typical platforms. */
if( fd >= FD_SETSIZE )
return( MBEDTLS_ERR_NET_POLL_FAILED );
#if defined(__has_feature) #if defined(__has_feature)
#if __has_feature(memory_sanitizer) #if __has_feature(memory_sanitizer)
...@@ -580,8 +603,9 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ) ...@@ -580,8 +603,9 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
int ret; int ret;
int fd = ((mbedtls_net_context *) ctx)->fd; int fd = ((mbedtls_net_context *) ctx)->fd;
if( fd < 0 ) ret = check_fd( fd, 0 );
return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); if( ret != 0 )
return( ret );
ret = (int) read( fd, buf, len ); ret = (int) read( fd, buf, len );
...@@ -619,15 +643,9 @@ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, ...@@ -619,15 +643,9 @@ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf,
fd_set read_fds; fd_set read_fds;
int fd = ((mbedtls_net_context *) ctx)->fd; int fd = ((mbedtls_net_context *) ctx)->fd;
if( fd < 0 ) ret = check_fd( fd, 1 );
return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); if( ret != 0 )
return( ret );
/* A limitation of select() is that it only works with file descriptors
* that are strictly less than FD_SETSIZE. This is a limitation of the
* fd_set type. Error out early, because attempting to call FD_SET on a
* large file descriptor is a buffer overflow on typical platforms. */
if( fd >= FD_SETSIZE )
return( MBEDTLS_ERR_NET_POLL_FAILED );
FD_ZERO( &read_fds ); FD_ZERO( &read_fds );
FD_SET( fd, &read_fds ); FD_SET( fd, &read_fds );
...@@ -667,8 +685,9 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ) ...@@ -667,8 +685,9 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
int ret; int ret;
int fd = ((mbedtls_net_context *) ctx)->fd; int fd = ((mbedtls_net_context *) ctx)->fd;
if( fd < 0 ) ret = check_fd( fd, 0 );
return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); if( ret != 0 )
return( ret );
ret = (int) write( fd, buf, len ); ret = (int) write( fd, buf, len );
......
library/nist_kw.c
浏览文件 @ 8856df66
...@@ -219,8 +219,6 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, ...@@ -219,8 +219,6 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx,
uint64_t t = 0; uint64_t t = 0;
unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2]; unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2]; unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2];
unsigned char *R2 = output + KW_SEMIBLOCK_LENGTH;
unsigned char *A = output;
*out_len = 0; *out_len = 0;
/* /*
...@@ -296,6 +294,9 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, ...@@ -296,6 +294,9 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx,
} }
else else
{ {
unsigned char *R2 = output + KW_SEMIBLOCK_LENGTH;
unsigned char *A = output;
/* /*
* Do the wrapping function W, as defined in RFC 3394 section 2.2.1 * Do the wrapping function W, as defined in RFC 3394 section 2.2.1
*/ */
...@@ -359,7 +360,7 @@ static int unwrap( mbedtls_nist_kw_context *ctx, ...@@ -359,7 +360,7 @@ static int unwrap( mbedtls_nist_kw_context *ctx,
uint64_t t = 0; uint64_t t = 0;
unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2]; unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2]; unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2];
unsigned char *R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH; unsigned char *R = NULL;
*out_len = 0; *out_len = 0;
if( semiblocks < MIN_SEMIBLOCKS_COUNT ) if( semiblocks < MIN_SEMIBLOCKS_COUNT )
...@@ -369,6 +370,7 @@ static int unwrap( mbedtls_nist_kw_context *ctx, ...@@ -369,6 +370,7 @@ static int unwrap( mbedtls_nist_kw_context *ctx,
memcpy( A, input, KW_SEMIBLOCK_LENGTH ); memcpy( A, input, KW_SEMIBLOCK_LENGTH );
memmove( output, input + KW_SEMIBLOCK_LENGTH, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH ); memmove( output, input + KW_SEMIBLOCK_LENGTH, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH );
R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH;
/* Calculate intermediate values */ /* Calculate intermediate values */
for( t = s; t >= 1; t-- ) for( t = s; t >= 1; t-- )
......
library/pk.c
浏览文件 @ 8856df66
...@@ -225,12 +225,15 @@ static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len ...@@ -225,12 +225,15 @@ static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len
{ {
const mbedtls_md_info_t *md_info; const mbedtls_md_info_t *md_info;
if( *hash_len != 0 ) if( *hash_len != 0 && md_alg == MBEDTLS_MD_NONE )
return( 0 ); return( 0 );
if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
return( -1 ); return( -1 );
if ( *hash_len != 0 && *hash_len < mbedtls_md_get_size( md_info ) )
return ( -1 );
*hash_len = mbedtls_md_get_size( md_info ); *hash_len = mbedtls_md_get_size( md_info );
return( 0 ); return( 0 );
} }
......
library/pkparse.c
浏览文件 @ 8856df66
...@@ -1070,7 +1070,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( ...@@ -1070,7 +1070,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret ); return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret );
if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 ) if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( ret );
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
......
library/ssl_ciphersuites.c
浏览文件 @ 8856df66
...@@ -918,13 +918,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = ...@@ -918,13 +918,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
0 }, 0 },
#endif /* MBEDTLS_SHA256_C */ #endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA1_C) #if defined(MBEDTLS_SHA512_C)
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 }, 0 },
#endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_SHA512_C */
#endif /* MBEDTLS_GCM_C */ #endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */ #endif /* MBEDTLS_CAMELLIA_C */
......
library/ssl_cli.c
浏览文件 @ 8856df66
...@@ -1318,7 +1318,7 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, ...@@ -1318,7 +1318,7 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
mbedtls_ssl_send_alert_message( mbedtls_ssl_send_alert_message(
ssl, ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
} }
...@@ -1365,7 +1365,7 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, ...@@ -1365,7 +1365,7 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
mbedtls_ssl_send_alert_message( mbedtls_ssl_send_alert_message(
ssl, ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
} }
...@@ -1391,7 +1391,7 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, ...@@ -1391,7 +1391,7 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
mbedtls_ssl_send_alert_message( mbedtls_ssl_send_alert_message(
ssl, ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
} }
...@@ -1416,7 +1416,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, ...@@ -1416,7 +1416,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
mbedtls_ssl_send_alert_message( mbedtls_ssl_send_alert_message(
ssl, ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
} }
...@@ -1522,7 +1522,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, ...@@ -1522,7 +1522,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
mbedtls_ssl_send_alert_message( mbedtls_ssl_send_alert_message(
ssl, ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
} }
...@@ -2209,6 +2209,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, ...@@ -2209,6 +2209,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
unsigned char *end ) unsigned char *end )
{ {
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
size_t dhm_actual_bitlen;
/* /*
* Ephemeral DH parameters: * Ephemeral DH parameters:
...@@ -2226,10 +2227,11 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, ...@@ -2226,10 +2227,11 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
} }
if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen ) dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P );
if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d", MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %u < %u",
ssl->handshake->dhm_ctx.len * 8, (unsigned) dhm_actual_bitlen,
ssl->conf->dhm_min_bitlen ) ); ssl->conf->dhm_min_bitlen ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
} }
......
library/ssl_tls.c
浏览文件 @ 8856df66
...@@ -301,10 +301,6 @@ static int ssl_session_copy( mbedtls_ssl_session *dst, const mbedtls_ssl_session ...@@ -301,10 +301,6 @@ static int ssl_session_copy( mbedtls_ssl_session *dst, const mbedtls_ssl_session
mbedtls_ssl_session_free( dst ); mbedtls_ssl_session_free( dst );
memcpy( dst, src, sizeof( mbedtls_ssl_session ) ); memcpy( dst, src, sizeof( mbedtls_ssl_session ) );
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
dst->ticket = NULL;
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
if( src->peer_cert != NULL ) if( src->peer_cert != NULL )
{ {
...@@ -1899,6 +1895,9 @@ int mbedtls_ssl_cf_hmac( ...@@ -1899,6 +1895,9 @@ int mbedtls_ssl_cf_hmac(
MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) ); MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) );
} }
/* The context needs to finish() before it starts() again */
MD_CHK( mbedtls_md_finish( ctx, aux_out ) );
/* Now compute HASH(okey + inner_hash) */ /* Now compute HASH(okey + inner_hash) */
MD_CHK( mbedtls_md_starts( ctx ) ); MD_CHK( mbedtls_md_starts( ctx ) );
MD_CHK( mbedtls_md_update( ctx, okey, block_size ) ); MD_CHK( mbedtls_md_update( ctx, okey, block_size ) );
...@@ -6368,8 +6367,6 @@ static void ssl_calc_finished_tls_sha256( ...@@ -6368,8 +6367,6 @@ static void ssl_calc_finished_tls_sha256(
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
typedef int (*finish_sha384_t)(mbedtls_sha512_context*, unsigned char*);
static void ssl_calc_finished_tls_sha384( static void ssl_calc_finished_tls_sha384(
mbedtls_ssl_context *ssl, unsigned char *buf, int from ) mbedtls_ssl_context *ssl, unsigned char *buf, int from )
{ {
...@@ -6377,12 +6374,6 @@ static void ssl_calc_finished_tls_sha384( ...@@ -6377,12 +6374,6 @@ static void ssl_calc_finished_tls_sha384(
const char *sender; const char *sender;
mbedtls_sha512_context sha512; mbedtls_sha512_context sha512;
unsigned char padbuf[48]; unsigned char padbuf[48];
/*
* For SHA-384, we can save 16 bytes by keeping padbuf 48 bytes long.
* However, to avoid stringop-overflow warning in gcc, we have to cast
* mbedtls_sha512_finish_ret().
*/
finish_sha384_t finish_sha384 = (finish_sha384_t)mbedtls_sha512_finish_ret;
mbedtls_ssl_session *session = ssl->session_negotiate; mbedtls_ssl_session *session = ssl->session_negotiate;
if( !session ) if( !session )
...@@ -6408,8 +6399,19 @@ static void ssl_calc_finished_tls_sha384( ...@@ -6408,8 +6399,19 @@ static void ssl_calc_finished_tls_sha384(
sender = ( from == MBEDTLS_SSL_IS_CLIENT ) sender = ( from == MBEDTLS_SSL_IS_CLIENT )
? "client finished" ? "client finished"
: "server finished"; : "server finished";
/* mbedtls_sha512_finish_ret's output parameter is declared as a
finish_sha384( &sha512, padbuf ); * 64-byte buffer, but sice we're using SHA-384, we know that the
* output fits in 48 bytes. This is correct C, but GCC 11.1 warns
* about it.
*/
#if defined(__GNUC__) && __GNUC__ >= 11
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wstringop-overflow"
#endif
mbedtls_sha512_finish_ret( &sha512, padbuf );
#if defined(__GNUC__) && __GNUC__ >= 11
#pragma GCC diagnostic pop
#endif
ssl->handshake->tls_prf( session->master, 48, sender, ssl->handshake->tls_prf( session->master, 48, sender,
padbuf, 48, buf, len ); padbuf, 48, buf, len );
...@@ -6682,7 +6684,7 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) ...@@ -6682,7 +6684,7 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED ); return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED );
} }
......
library/x509_crt.c
浏览文件 @ 8856df66
...@@ -116,9 +116,8 @@ typedef struct { ...@@ -116,9 +116,8 @@ typedef struct {
*/ */
#define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) #define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
/* /* Default profile. Do not remove items unless there are serious security
* Default profile * concerns. */
*/
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
{ {
#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES) #if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES)
......
programs/.gitignore
浏览文件 @ 8856df66
...@@ -2,7 +2,6 @@ ...@@ -2,7 +2,6 @@
*.sln *.sln
*.vcxproj *.vcxproj
aes/aescrypt2
aes/crypt_and_hash aes/crypt_and_hash
hash/generic_sum hash/generic_sum
hash/hello hash/hello
......
programs/Makefile
浏览文件 @ 8856df66
...@@ -47,7 +47,7 @@ ifdef ZLIB ...@@ -47,7 +47,7 @@ ifdef ZLIB
LOCAL_LDFLAGS += -lz LOCAL_LDFLAGS += -lz
endif endif
APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \ APPS = aes/crypt_and_hash$(EXEXT) \
hash/hello$(EXEXT) hash/generic_sum$(EXEXT) \ hash/hello$(EXEXT) hash/generic_sum$(EXEXT) \
pkey/dh_client$(EXEXT) \ pkey/dh_client$(EXEXT) \
pkey/dh_genprime$(EXEXT) pkey/dh_server$(EXEXT) \ pkey/dh_genprime$(EXEXT) pkey/dh_server$(EXEXT) \
...@@ -93,10 +93,6 @@ all: $(APPS) ...@@ -93,10 +93,6 @@ all: $(APPS)
$(DEP): $(DEP):
$(MAKE) -C ../library $(MAKE) -C ../library
aes/aescrypt2$(EXEXT): aes/aescrypt2.c $(DEP)
echo " CC aes/aescrypt2.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/aescrypt2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
aes/crypt_and_hash$(EXEXT): aes/crypt_and_hash.c $(DEP) aes/crypt_and_hash$(EXEXT): aes/crypt_and_hash.c $(DEP)
echo " CC aes/crypt_and_hash.c" echo " CC aes/crypt_and_hash.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/crypt_and_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/crypt_and_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
......
programs/README.md
浏览文件 @ 8856df66
...@@ -5,9 +5,6 @@ This subdirectory mostly contains sample programs that illustrate specific featu ...@@ -5,9 +5,6 @@ This subdirectory mostly contains sample programs that illustrate specific featu
## Symmetric cryptography (AES) examples ## Symmetric cryptography (AES) examples
* [`aes/aescrypt2.c`](aes/aescrypt2.c): file encryption and authentication with a key derived from a low-entropy secret, demonstrating the low-level AES interface, the digest interface and HMAC.
Warning: this program illustrates how to use low-level functions in the library. It should not be taken as an example of how to build a secure encryption mechanism. To derive a key from a low-entropy secret such as a password, use a standard key stretching mechanism such as PBKDF2 (provided by the `pkcs5` module). To encrypt and authenticate data, use a standard mode such as GCM or CCM (both available as library module).
* [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface. * [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface.
## Hash (digest) examples ## Hash (digest) examples
......
programs/aes/CMakeLists.txt
浏览文件 @ 8856df66
add_executable(aescrypt2 aescrypt2.c)
target_link_libraries(aescrypt2 mbedtls)
add_executable(crypt_and_hash crypt_and_hash.c) add_executable(crypt_and_hash crypt_and_hash.c)
target_link_libraries(crypt_and_hash mbedtls) target_link_libraries(crypt_and_hash mbedtls)
install(TARGETS aescrypt2 crypt_and_hash install(TARGETS crypt_and_hash
DESTINATION "bin" DESTINATION "bin"
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
programs/aes/aescrypt2.c 已删除 100755 → 0
浏览文件 @ dbea0ea3
/*
* AES-256 file encryption program
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
* GNU General Public License v2.0 or later.
*
* **********
* Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* **********
*
* **********
* GNU General Public License v2.0 or later:
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
*/
/* Enable definition of fileno() even when compiling with -std=c99. Must be
* set before config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */
#define _POSIX_C_SOURCE 1
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
#include "mbedtls/aes.h"
#include "mbedtls/md.h"
#include "mbedtls/platform_util.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#if defined(_WIN32)
#include <windows.h>
#if !defined(_WIN32_WCE)
#include <io.h>
#endif
#else
#include <sys/types.h>
#include <unistd.h>
#endif
#define MODE_ENCRYPT 0
#define MODE_DECRYPT 1
#define USAGE \
"\n aescrypt2 <mode> <input filename> <output filename> <key>\n" \
"\n <mode>: 0 = encrypt, 1 = decrypt\n" \
"\n example: aescrypt2 0 file file.aes hex:E76B2413958B00E193\n" \
"\n"
#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_SHA256_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_MD_C)
int main( void )
{
mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_SHA256_C "
"and/or MBEDTLS_FS_IO and/or MBEDTLS_MD_C "
"not defined.\n");
mbedtls_exit( 0 );
}
#else
int main( int argc, char *argv[] )
{
int ret = 0;
int exit_code = MBEDTLS_EXIT_FAILURE;
unsigned int i, n;
int mode, lastn;
size_t keylen;
FILE *fkey, *fin = NULL, *fout = NULL;
char *p;
unsigned char IV[16];
unsigned char tmp[16];
unsigned char key[512];
unsigned char digest[32];
unsigned char buffer[1024];
unsigned char diff;
mbedtls_aes_context aes_ctx;
mbedtls_md_context_t sha_ctx;
#if defined(_WIN32_WCE)
long filesize, offset;
#elif defined(_WIN32)
LARGE_INTEGER li_size;
__int64 filesize, offset;
#else
off_t filesize, offset;
#endif
mbedtls_aes_init( &aes_ctx );
mbedtls_md_init( &sha_ctx );
ret = mbedtls_md_setup( &sha_ctx, mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), 1 );
if( ret != 0 )
{
mbedtls_printf( " ! mbedtls_md_setup() returned -0x%04x\n", -ret );
goto exit;
}
/*
* Parse the command-line arguments.
*/
if( argc != 5 )
{
mbedtls_printf( USAGE );
#if defined(_WIN32)
mbedtls_printf( "\n Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
goto exit;
}
mode = atoi( argv[1] );
memset( IV, 0, sizeof( IV ) );
memset( key, 0, sizeof( key ) );
memset( digest, 0, sizeof( digest ) );
memset( buffer, 0, sizeof( buffer ) );
if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
{
mbedtls_fprintf( stderr, "invalide operation mode\n" );
goto exit;
}
if( strcmp( argv[2], argv[3] ) == 0 )
{
mbedtls_fprintf( stderr, "input and output filenames must differ\n" );
goto exit;
}
if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
{
mbedtls_fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] );
goto exit;
}
if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
{
mbedtls_fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] );
goto exit;
}
/*
* Read the secret key from file or command line
*/
if( ( fkey = fopen( argv[4], "rb" ) ) != NULL )
{
keylen = fread( key, 1, sizeof( key ), fkey );
fclose( fkey );
}
else
{
if( memcmp( argv[4], "hex:", 4 ) == 0 )
{
p = &argv[4][4];
keylen = 0;
while( sscanf( p, "%02X", &n ) > 0 &&
keylen < (int) sizeof( key ) )
{
key[keylen++] = (unsigned char) n;
p += 2;
}
}
else
{
keylen = strlen( argv[4] );
if( keylen > (int) sizeof( key ) )
keylen = (int) sizeof( key );
memcpy( key, argv[4], keylen );
}
}
#if defined(_WIN32_WCE)
filesize = fseek( fin, 0L, SEEK_END );
#else
#if defined(_WIN32)
/*
* Support large files (> 2Gb) on Win32
*/
li_size.QuadPart = 0;
li_size.LowPart =
SetFilePointer( (HANDLE) _get_osfhandle( _fileno( fin ) ),
li_size.LowPart, &li_size.HighPart, FILE_END );
if( li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR )
{
mbedtls_fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" );
goto exit;
}
filesize = li_size.QuadPart;
#else
if( ( filesize = lseek( fileno( fin ), 0, SEEK_END ) ) < 0 )
{
perror( "lseek" );
goto exit;
}
#endif
#endif
if( fseek( fin, 0, SEEK_SET ) < 0 )
{
mbedtls_fprintf( stderr, "fseek(0,SEEK_SET) failed\n" );
goto exit;
}
if( mode == MODE_ENCRYPT )
{
/*
* Generate the initialization vector as:
* IV = SHA-256( filesize || filename )[0..15]
*/
for( i = 0; i < 8; i++ )
buffer[i] = (unsigned char)( filesize >> ( i << 3 ) );
p = argv[2];
mbedtls_md_starts( &sha_ctx );
mbedtls_md_update( &sha_ctx, buffer, 8 );
mbedtls_md_update( &sha_ctx, (unsigned char *) p, strlen( p ) );
mbedtls_md_finish( &sha_ctx, digest );
memcpy( IV, digest, 16 );
/*
* The last four bits in the IV are actually used
* to store the file size modulo the AES block size.
*/
lastn = (int)( filesize & 0x0F );
IV[15] = (unsigned char)
( ( IV[15] & 0xF0 ) | lastn );
/*
* Append the IV at the beginning of the output.
*/
if( fwrite( IV, 1, 16, fout ) != 16 )
{
mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
goto exit;
}
/*
* Hash the IV and the secret key together 8192 times
* using the result to setup the AES context and HMAC.
*/
memset( digest, 0, 32 );
memcpy( digest, IV, 16 );
for( i = 0; i < 8192; i++ )
{
mbedtls_md_starts( &sha_ctx );
mbedtls_md_update( &sha_ctx, digest, 32 );
mbedtls_md_update( &sha_ctx, key, keylen );
mbedtls_md_finish( &sha_ctx, digest );
}
mbedtls_aes_setkey_enc( &aes_ctx, digest, 256 );
mbedtls_md_hmac_starts( &sha_ctx, digest, 32 );
/*
* Encrypt and write the ciphertext.
*/
for( offset = 0; offset < filesize; offset += 16 )
{
n = ( filesize - offset > 16 ) ? 16 : (int)
( filesize - offset );
if( fread( buffer, 1, n, fin ) != (size_t) n )
{
mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", n );
goto exit;
}
for( i = 0; i < 16; i++ )
buffer[i] = (unsigned char)( buffer[i] ^ IV[i] );
mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, buffer, buffer );
mbedtls_md_hmac_update( &sha_ctx, buffer, 16 );
if( fwrite( buffer, 1, 16, fout ) != 16 )
{
mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
goto exit;
}
memcpy( IV, buffer, 16 );
}
/*
* Finally write the HMAC.
*/
mbedtls_md_hmac_finish( &sha_ctx, digest );
if( fwrite( digest, 1, 32, fout ) != 32 )
{
mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
goto exit;
}
}
if( mode == MODE_DECRYPT )
{
/*
* The encrypted file must be structured as follows:
*
* 00 .. 15 Initialization Vector
* 16 .. 31 AES Encrypted Block #1
* ..
* N*16 .. (N+1)*16 - 1 AES Encrypted Block #N
* (N+1)*16 .. (N+1)*16 + 32 HMAC-SHA-256(ciphertext)
*/
if( filesize < 48 )
{
mbedtls_fprintf( stderr, "File too short to be encrypted.\n" );
goto exit;
}
if( ( filesize & 0x0F ) != 0 )
{
mbedtls_fprintf( stderr, "File size not a multiple of 16.\n" );
goto exit;
}
/*
* Subtract the IV + HMAC length.
*/
filesize -= ( 16 + 32 );
/*
* Read the IV and original filesize modulo 16.
*/
if( fread( buffer, 1, 16, fin ) != 16 )
{
mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
goto exit;
}
memcpy( IV, buffer, 16 );
lastn = IV[15] & 0x0F;
/*
* Hash the IV and the secret key together 8192 times
* using the result to setup the AES context and HMAC.
*/
memset( digest, 0, 32 );
memcpy( digest, IV, 16 );
for( i = 0; i < 8192; i++ )
{
mbedtls_md_starts( &sha_ctx );
mbedtls_md_update( &sha_ctx, digest, 32 );
mbedtls_md_update( &sha_ctx, key, keylen );
mbedtls_md_finish( &sha_ctx, digest );
}
mbedtls_aes_setkey_dec( &aes_ctx, digest, 256 );
mbedtls_md_hmac_starts( &sha_ctx, digest, 32 );
/*
* Decrypt and write the plaintext.
*/
for( offset = 0; offset < filesize; offset += 16 )
{
if( fread( buffer, 1, 16, fin ) != 16 )
{
mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
goto exit;
}
memcpy( tmp, buffer, 16 );
mbedtls_md_hmac_update( &sha_ctx, buffer, 16 );
mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_DECRYPT, buffer, buffer );
for( i = 0; i < 16; i++ )
buffer[i] = (unsigned char)( buffer[i] ^ IV[i] );
memcpy( IV, tmp, 16 );
n = ( lastn > 0 && offset == filesize - 16 )
? lastn : 16;
if( fwrite( buffer, 1, n, fout ) != (size_t) n )
{
mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", n );
goto exit;
}
}
/*
* Verify the message authentication code.
*/
mbedtls_md_hmac_finish( &sha_ctx, digest );
if( fread( buffer, 1, 32, fin ) != 32 )
{
mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 32 );
goto exit;
}
/* Use constant-time buffer comparison */
diff = 0;
for( i = 0; i < 32; i++ )
diff |= digest[i] ^ buffer[i];
if( diff != 0 )
{
mbedtls_fprintf( stderr, "HMAC check failed: wrong key, "
"or file corrupted.\n" );
goto exit;
}
}
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
if( fin )
fclose( fin );
if( fout )
fclose( fout );
/* Zeroize all command line arguments to also cover
the case when the user has missed or reordered some,
in which case the key might not be in argv[4]. */
for( i = 0; i < (unsigned int) argc; i++ )
mbedtls_platform_zeroize( argv[i], strlen( argv[i] ) );
mbedtls_platform_zeroize( IV, sizeof( IV ) );
mbedtls_platform_zeroize( key, sizeof( key ) );
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
mbedtls_platform_zeroize( buffer, sizeof( buffer ) );
mbedtls_platform_zeroize( digest, sizeof( digest ) );
mbedtls_aes_free( &aes_ctx );
mbedtls_md_free( &sha_ctx );
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_AES_C && MBEDTLS_SHA256_C && MBEDTLS_FS_IO */
programs/pkey/rsa_priv.txt
浏览文件 @ 8856df66
N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211 N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211
E = 010001 E = 010001
D = 589552BB4F2F023ADDDD5586D0C8FD857512D82080436678D07F984A29D892D31F1F7000FC5A39A0F73E27D885E47249A4148C8A5653EF69F91F8F736BA9F84841C2D99CD8C24DE8B72B5C9BE0EDBE23F93D731749FEA9CFB4A48DD2B7F35A2703E74AA2D4DB7DE9CEEA7D763AF0ADA7AC176C4E9A22C4CDA65CEC0C65964401 D = 589552BB4F2F023ADDDD5586D0C8FD857512D82080436678D07F984A29D892D31F1F7000FC5A39A0F73E27D885E47249A4148C8A5653EF69F91F8F736BA9F84841C2D99CD8C24DE8B72B5C9BE0EDBE23F93D731749FEA9CFB4A48DD2B7F35A2703E74AA2D4DB7DE9CEEA7D763AF0ADA7AC176C4E9A22C4CDA65CEC0C65964401
P = CD083568D2D46C44C40C1FA0101AF2155E59C70B08423112AF0C1202514BBA5210765E29FF13036F56C7495894D80CF8C3BAEE2839BACBB0B86F6A2965F60DB1 P = CD083568D2D46C44C40C1FA0101AF2155E59C70B08423112AF0C1202514BBA5210765E29FF13036F56C7495894D80CF8C3BAEE2839BACBB0B86F6A2965F60DB1
Q = CA0EEEA5E710E8E9811A6B846399420E3AE4A4C16647E426DDF8BBBCB11CD3F35CE2E4B6BCAD07AE2C0EC2ECBFCC601B207CDD77B5673E16382B1130BF465261 Q = CA0EEEA5E710E8E9811A6B846399420E3AE4A4C16647E426DDF8BBBCB11CD3F35CE2E4B6BCAD07AE2C0EC2ECBFCC601B207CDD77B5673E16382B1130BF465261
DP = 0D0E21C07BF434B4A83B116472C2147A11D8EB98A33CFBBCF1D275EF19D815941622435AAF3839B6C432CA53CE9E772CFBE1923A937A766FD93E96E6EDEC1DF1 DP = 0D0E21C07BF434B4A83B116472C2147A11D8EB98A33CFBBCF1D275EF19D815941622435AAF3839B6C432CA53CE9E772CFBE1923A937A766FD93E96E6EDEC1DF1
DQ = 269CEBE6305DFEE4809377F078C814E37B45AE6677114DFC4F76F5097E1F3031D592567AC55B9B98213B40ECD54A4D2361F5FAACA1B1F51F71E4690893C4F081 DQ = 269CEBE6305DFEE4809377F078C814E37B45AE6677114DFC4F76F5097E1F3031D592567AC55B9B98213B40ECD54A4D2361F5FAACA1B1F51F71E4690893C4F081
QP = 97AC5BB885ABCA314375E9E4DB1BA4B2218C90619F61BD474F5785075ECA81750A735199A8C191FE2D3355E7CF601A70E5CABDE0E02C2538BB9FB4871540B3C1 QP = 97AC5BB885ABCA314375E9E4DB1BA4B2218C90619F61BD474F5785075ECA81750A735199A8C191FE2D3355E7CF601A70E5CABDE0E02C2538BB9FB4871540B3C1
programs/pkey/rsa_pub.txt
浏览文件 @ 8856df66
N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211 N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211
E = 010001 E = 010001
programs/ssl/dtls_client.c
浏览文件 @ 8856df66
...@@ -218,6 +218,7 @@ int main( int argc, char *argv[] ) ...@@ -218,6 +218,7 @@ int main( int argc, char *argv[] )
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_conf_read_timeout( &conf, READ_TIMEOUT_MS );
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{ {
......
programs/ssl/dtls_server.c
浏览文件 @ 8856df66
...@@ -114,7 +114,7 @@ int main( void ) ...@@ -114,7 +114,7 @@ int main( void )
#include "mbedtls/ssl_cache.h" #include "mbedtls/ssl_cache.h"
#endif #endif
#define READ_TIMEOUT_MS 10000 /* 5 seconds */ #define READ_TIMEOUT_MS 10000 /* 10 seconds */
#define DEBUG_LEVEL 0 #define DEBUG_LEVEL 0
...@@ -250,6 +250,7 @@ int main( void ) ...@@ -250,6 +250,7 @@ int main( void )
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_conf_read_timeout( &conf, READ_TIMEOUT_MS );
#if defined(MBEDTLS_SSL_CACHE_C) #if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_conf_session_cache( &conf, &cache, mbedtls_ssl_conf_session_cache( &conf, &cache,
......
programs/test/udp_proxy.c
浏览文件 @ 8856df66
...@@ -991,8 +991,8 @@ exit: ...@@ -991,8 +991,8 @@ exit:
for( delay_idx = 0; delay_idx < MAX_DELAYED_HS; delay_idx++ ) for( delay_idx = 0; delay_idx < MAX_DELAYED_HS; delay_idx++ )
{ {
mbedtls_free( opt.delay_cli + delay_idx ); mbedtls_free( opt.delay_cli[delay_idx] );
mbedtls_free( opt.delay_srv + delay_idx ); mbedtls_free( opt.delay_srv[delay_idx] );
} }
mbedtls_net_free( &client_fd ); mbedtls_net_free( &client_fd );
......
scripts/assemble_changelog.py 100755 → 100644
浏览文件 @ 8856df66
...@@ -101,6 +101,9 @@ STANDARD_CATEGORIES = ( ...@@ -101,6 +101,9 @@ STANDARD_CATEGORIES = (
b'Changes', b'Changes',
) )
# The maximum line length for an entry
MAX_LINE_LENGTH = 80
CategoryContent = namedtuple('CategoryContent', [ CategoryContent = namedtuple('CategoryContent', [
'name', 'title_line', # Title text and line number of the title 'name', 'title_line', # Title text and line number of the title
'body', 'body_line', # Body text and starting line number of the body 'body', 'body_line', # Body text and starting line number of the body
...@@ -225,6 +228,8 @@ class ChangeLog: ...@@ -225,6 +228,8 @@ class ChangeLog:
# a version that is not yet released. Something like "3.1a" is accepted. # a version that is not yet released. Something like "3.1a" is accepted.
_version_number_re = re.compile(br'[0-9]+\.[0-9A-Za-z.]+') _version_number_re = re.compile(br'[0-9]+\.[0-9A-Za-z.]+')
_incomplete_version_number_re = re.compile(br'.*\.[A-Za-z]') _incomplete_version_number_re = re.compile(br'.*\.[A-Za-z]')
_only_url_re = re.compile(br'^\s*\w+://\S+\s*$')
_has_url_re = re.compile(br'.*://.*')
def add_categories_from_text(self, filename, line_offset, def add_categories_from_text(self, filename, line_offset,
text, allow_unknown_category): text, allow_unknown_category):
...@@ -241,6 +246,21 @@ class ChangeLog: ...@@ -241,6 +246,21 @@ class ChangeLog:
line_offset + category.title_line, line_offset + category.title_line,
'Unknown category: "{}"', 'Unknown category: "{}"',
category.name.decode('utf8')) category.name.decode('utf8'))
body_split = category.body.splitlines()
for line_number, line in enumerate(body_split, 1):
if not self._only_url_re.match(line) and \
len(line) > MAX_LINE_LENGTH:
long_url_msg = '. URL exceeding length limit must be alone in its line.' \
if self._has_url_re.match(line) else ""
raise InputFormatError(filename,
category.body_line + line_number,
'Line is longer than allowed: '
'Length {} (Max {}){}',
len(line), MAX_LINE_LENGTH,
long_url_msg)
self.categories[category.name] += category.body self.categories[category.name] += category.body
def __init__(self, input_stream, changelog_format): def __init__(self, input_stream, changelog_format):
......
scripts/config.pl 100755 → 100644
浏览文件 @ 8856df66
...@@ -66,8 +66,9 @@ ...@@ -66,8 +66,9 @@
# #
# The baremetal configuration excludes options that require a library or # The baremetal configuration excludes options that require a library or
# operating system feature that is typically not present on bare metal # operating system feature that is typically not present on bare metal
# systems. Features that are excluded from "full" won't be in "baremetal" # systems. It also excludes debugging features that increase the code size
# either. # of other modules.
# Features that are excluded from "full" won't be in "baremetal" either.
use warnings; use warnings;
use strict; use strict;
...@@ -136,6 +137,7 @@ _ALT\s*$ ...@@ -136,6 +137,7 @@ _ALT\s*$
# Things that should be disabled in "baremetal" # Things that should be disabled in "baremetal"
my @excluded_baremetal = qw( my @excluded_baremetal = qw(
MBEDTLS_DEBUG_C
MBEDTLS_ENTROPY_NV_SEED MBEDTLS_ENTROPY_NV_SEED
MBEDTLS_FS_IO MBEDTLS_FS_IO
MBEDTLS_HAVEGE_C MBEDTLS_HAVEGE_C
...@@ -147,6 +149,7 @@ MBEDTLS_NET_C ...@@ -147,6 +149,7 @@ MBEDTLS_NET_C
MBEDTLS_PLATFORM_FPRINTF_ALT MBEDTLS_PLATFORM_FPRINTF_ALT
MBEDTLS_PLATFORM_NV_SEED_ALT MBEDTLS_PLATFORM_NV_SEED_ALT
MBEDTLS_PLATFORM_TIME_ALT MBEDTLS_PLATFORM_TIME_ALT
MBEDTLS_TEST_HOOKS
MBEDTLS_THREADING_C MBEDTLS_THREADING_C
MBEDTLS_THREADING_PTHREAD MBEDTLS_THREADING_PTHREAD
MBEDTLS_TIMING_C MBEDTLS_TIMING_C
......
tests/Makefile
浏览文件 @ 8856df66
...@@ -44,8 +44,7 @@ else ...@@ -44,8 +44,7 @@ else
DLEXT ?= so DLEXT ?= so
EXEXT= EXEXT=
SHARED_SUFFIX= SHARED_SUFFIX=
# python2 for POSIX since FreeBSD has only python2 as default. PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi)
PYTHON ?= python2
endif endif
# Zlib shared library extensions: # Zlib shared library extensions:
...@@ -63,7 +62,7 @@ BINARIES := $(addsuffix $(EXEXT),$(APPS)) ...@@ -63,7 +62,7 @@ BINARIES := $(addsuffix $(EXEXT),$(APPS))
.SILENT: .SILENT:
.PHONY: all check test clean .PHONY: all c_files check test clean
all: $(BINARIES) all: $(BINARIES)
...@@ -71,6 +70,7 @@ $(DEP): ...@@ -71,6 +70,7 @@ $(DEP):
$(MAKE) -C ../library $(MAKE) -C ../library
C_FILES := $(addsuffix .c,$(APPS)) C_FILES := $(addsuffix .c,$(APPS))
c_files: $(C_FILES)
# Wildcard target for test code generation: # Wildcard target for test code generation:
# A .c file is generated for each .data file in the suites/ directory. Each .c # A .c file is generated for each .data file in the suites/ directory. Each .c
......
tests/compat.sh
浏览文件 @ 8856df66
...@@ -932,10 +932,23 @@ setup_arguments() ...@@ -932,10 +932,23 @@ setup_arguments()
fi fi
M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1" M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem" O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE"
G_SERVER_ARGS="-p $PORT --http $G_MODE" G_SERVER_ARGS="-p $PORT --http $G_MODE"
G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
# The default prime for `openssl s_server` depends on the version:
# * OpenSSL <= 1.0.2a: 512-bit
# * OpenSSL 1.0.2b to 1.1.1b: 1024-bit
# * OpenSSL >= 1.1.1c: 2048-bit
# Mbed TLS wants >=1024, so force that for older versions. Don't force
# it for newer versions, which reject a 1024-bit prime. Indifferently
# force it or not for intermediate versions.
case $($OPENSSL_CMD version) in
"OpenSSL 1.0"*)
O_SERVER_ARGS="$O_SERVER_ARGS -dhparam data_files/dhparams.pem"
;;
esac
# with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes
if is_dtls "$MODE"; then if is_dtls "$MODE"; then
O_SERVER_ARGS="$O_SERVER_ARGS" O_SERVER_ARGS="$O_SERVER_ARGS"
......
tests/data_files/Makefile 100755 → 100644
浏览文件 @ 8856df66
...@@ -1052,6 +1052,16 @@ cert_md5.crt: cert_md5.csr ...@@ -1052,6 +1052,16 @@ cert_md5.crt: cert_md5.csr
$(MBEDTLS_CERT_WRITE) request_file=$< serial=6 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=MD5 version=3 output_file=$@ $(MBEDTLS_CERT_WRITE) request_file=$< serial=6 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=MD5 version=3 output_file=$@
all_final += cert_md5.crt all_final += cert_md5.crt
################################################################
#### Diffie-Hellman parameters
################################################################
dh.998.pem:
$(OPENSSL) dhparam -out $@ -text 998
dh.999.pem:
$(OPENSSL) dhparam -out $@ -text 999
################################################################ ################################################################
#### Meta targets #### Meta targets
################################################################ ################################################################
......
tests/data_files/bitstring-in-dn.pem
浏览文件 @ 8856df66
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIEATCCAumgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBxMRMwEQYDVQQDDApUZXN0 MIIEATCCAumgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBxMRMwEQYDVQQDDApUZXN0
IENBIDAxMREwDwYDVQQIDAhFY25pdm9ycDELMAkGA1UEBhMCWFgxHjAcBgkqhkiG IENBIDAxMREwDwYDVQQIDAhFY25pdm9ycDELMAkGA1UEBhMCWFgxHjAcBgkqhkiG
9w0BCQEWD3RjYUBleGFtcGxlLmNvbTEaMBgGA1UECgwRVGVzdCBDQSBBdXRob3Jp 9w0BCQEWD3RjYUBleGFtcGxlLmNvbTEaMBgGA1UECgwRVGVzdCBDQSBBdXRob3Jp
dHkwHhcNMTUwMzExMTIwNjUxWhcNMjUwMzA4MTIwNjUxWjCBmzELMAkGA1UEBhMC dHkwHhcNMTUwMzExMTIwNjUxWhcNMjUwMzA4MTIwNjUxWjCBmzELMAkGA1UEBhMC
WFgxDDAKBgNVBAoMA3RjYTERMA8GA1UECAwIRWNuaXZvcnAxDDAKBgNVBAsMA1RD WFgxDDAKBgNVBAoMA3RjYTERMA8GA1UECAwIRWNuaXZvcnAxDDAKBgNVBAsMA1RD
QTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRAZXhhbXBs QTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRAZXhhbXBs
ZS5jb20xEzARBgNVBAUTCjcxMDEwMTIyNTUxFDASBgNVBC0DCwA3MTAxMDEyMjU1 ZS5jb20xEzARBgNVBAUTCjcxMDEwMTIyNTUxFDASBgNVBC0DCwA3MTAxMDEyMjU1
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQS0JLb8Dqy8V2mszkWk MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQS0JLb8Dqy8V2mszkWk
V8c/NPQcG3ivueXZHqOT9JTiPqrigGcLHtlmlaJ0aUUxix7q60aOds041TFyeknT V8c/NPQcG3ivueXZHqOT9JTiPqrigGcLHtlmlaJ0aUUxix7q60aOds041TFyeknT
SUFYY4ppOhiP+fOpWKPv4ZMwhSI2XzcgYhQSNHV0lIG1we9RAAfumomDMq7oMJhb SUFYY4ppOhiP+fOpWKPv4ZMwhSI2XzcgYhQSNHV0lIG1we9RAAfumomDMq7oMJhb
EGf0ihibbwZXPUwBlm10GaB4K93PNY8Bz4ekBxzQ1WJkQ5LGsQnVZSuLnvp5dWSe EGf0ihibbwZXPUwBlm10GaB4K93PNY8Bz4ekBxzQ1WJkQ5LGsQnVZSuLnvp5dWSe
J2axxyY4hPXR30jzEyZvy4kv4nzAu5lqZ5XKLrRO4TKwZrtr+CCPVkPJRE36rWYt J2axxyY4hPXR30jzEyZvy4kv4nzAu5lqZ5XKLrRO4TKwZrtr+CCPVkPJRE36rWYt
tQaJEEpNOo0ZPpTtG6F8/tGh5r8jFx/f6wG+nyANJJ98kEP8i6TPjRrg+697mLcd tQaJEEpNOo0ZPpTtG6F8/tGh5r8jFx/f6wG+nyANJJ98kEP8i6TPjRrg+697mLcd
iQIDAQABo3kwdzAJBgNVHRMEAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9j iQIDAQABo3kwdzAJBgNVHRMEAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9j
cmwuZXhhbXBsZS5jb20vdGVzdF9jYV8wMS5jcmwwEwYDVR0lBAwwCgYIKwYBBQUH cmwuZXhhbXBsZS5jb20vdGVzdF9jYV8wMS5jcmwwEwYDVR0lBAwwCgYIKwYBBQUH
AwIwHQYDVR0RBBYwFIESY2xpZW50QGV4YW1wbGUuY29tMA0GCSqGSIb3DQEBBQUA AwIwHQYDVR0RBBYwFIESY2xpZW50QGV4YW1wbGUuY29tMA0GCSqGSIb3DQEBBQUA
A4IBAQBySELCnU8/PtGIG3dwhJENOSU5R7w8jpRXxHCuSBR+W6nuUCISz+z+EdF/ A4IBAQBySELCnU8/PtGIG3dwhJENOSU5R7w8jpRXxHCuSBR+W6nuUCISz+z+EdF/
A7AOJDASuS+4gkrSSmQhGFpf7E5VbF8trVZhLAZrXqKMcUreKH6v0I8MAUXmIs3G A7AOJDASuS+4gkrSSmQhGFpf7E5VbF8trVZhLAZrXqKMcUreKH6v0I8MAUXmIs3G
tqiBGf7pSYJN9DvVOOgANjdy6THuUzYv5qSvBZ4pNYEfHSlMNrV7niynd8dgPOML tqiBGf7pSYJN9DvVOOgANjdy6THuUzYv5qSvBZ4pNYEfHSlMNrV7niynd8dgPOML
pA7GUfv5k2mMkMbSD15pTMgcavrBKYgyqcvF1C3qghfoL5+i38H8sKzF8hy7wHtE pA7GUfv5k2mMkMbSD15pTMgcavrBKYgyqcvF1C3qghfoL5+i38H8sKzF8hy7wHtE
ESHtBq20RYA3m0UcA0e64GcanO2Ps/AQVBc7qMeHbqnqj3uUhtTkQcMUWnMgy1NR ESHtBq20RYA3m0UcA0e64GcanO2Ps/AQVBc7qMeHbqnqj3uUhtTkQcMUWnMgy1NR
5RbzoLMOxq7hoOCyIaQeM/wgxeGE 5RbzoLMOxq7hoOCyIaQeM/wgxeGE
-----END CERTIFICATE----- -----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY----- -----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAnQS0JLb8Dqy8V2mszkWkV8c/NPQcG3ivueXZHqOT9JTiPqri MIIEpAIBAAKCAQEAnQS0JLb8Dqy8V2mszkWkV8c/NPQcG3ivueXZHqOT9JTiPqri
gGcLHtlmlaJ0aUUxix7q60aOds041TFyeknTSUFYY4ppOhiP+fOpWKPv4ZMwhSI2 gGcLHtlmlaJ0aUUxix7q60aOds041TFyeknTSUFYY4ppOhiP+fOpWKPv4ZMwhSI2
XzcgYhQSNHV0lIG1we9RAAfumomDMq7oMJhbEGf0ihibbwZXPUwBlm10GaB4K93P XzcgYhQSNHV0lIG1we9RAAfumomDMq7oMJhbEGf0ihibbwZXPUwBlm10GaB4K93P
NY8Bz4ekBxzQ1WJkQ5LGsQnVZSuLnvp5dWSeJ2axxyY4hPXR30jzEyZvy4kv4nzA NY8Bz4ekBxzQ1WJkQ5LGsQnVZSuLnvp5dWSeJ2axxyY4hPXR30jzEyZvy4kv4nzA
u5lqZ5XKLrRO4TKwZrtr+CCPVkPJRE36rWYttQaJEEpNOo0ZPpTtG6F8/tGh5r8j u5lqZ5XKLrRO4TKwZrtr+CCPVkPJRE36rWYttQaJEEpNOo0ZPpTtG6F8/tGh5r8j
Fx/f6wG+nyANJJ98kEP8i6TPjRrg+697mLcdiQIDAQABAoIBAF7i3MnjGmbz080v Fx/f6wG+nyANJJ98kEP8i6TPjRrg+697mLcdiQIDAQABAoIBAF7i3MnjGmbz080v
OxJb23iAG54wdlvTjr3UPGTbjSmcXyxnsADQRFQcJHYAekCzY8EiqewL80OvuMx8 OxJb23iAG54wdlvTjr3UPGTbjSmcXyxnsADQRFQcJHYAekCzY8EiqewL80OvuMx8
2SU1P81hA70Dg5tsBHWT3Z6HUwsKG6QYjKr1cUhTwLyazhyAVgogSN6v7GzO9M3I 2SU1P81hA70Dg5tsBHWT3Z6HUwsKG6QYjKr1cUhTwLyazhyAVgogSN6v7GzO9M3I
DOBw8Xb0mz5oqGVre4S7TapN8n8ZG5oWm0XKGACXy0KbzY0KvWdkUzumFQ8X/ARE DOBw8Xb0mz5oqGVre4S7TapN8n8ZG5oWm0XKGACXy0KbzY0KvWdkUzumFQ8X/ARE
FsWyu+O69EbMqZRUKu45SrcubsdVGjOwseZHkmp5V6pc6Q/OrTHZqXJtDva5UIRq FsWyu+O69EbMqZRUKu45SrcubsdVGjOwseZHkmp5V6pc6Q/OrTHZqXJtDva5UIRq
+Lof5scy9jiwwRnM/klvh23mz0ySU4YA3645m5KqyWR4YJCR1MnMANmXUSeYWfYz +Lof5scy9jiwwRnM/klvh23mz0ySU4YA3645m5KqyWR4YJCR1MnMANmXUSeYWfYz
19+R1gECgYEAzm83lI7eIhTH38H0/jFpf3R7vNjPX3TR5waa4EXsCxhTOpoL89mR 19+R1gECgYEAzm83lI7eIhTH38H0/jFpf3R7vNjPX3TR5waa4EXsCxhTOpoL89mR
iNmzH0aOC4OR8rz/9PCnwmtH1lyQ4r/RokBmCp3pBxeWSlenFfV3rLCeEDo0Q/OL iNmzH0aOC4OR8rz/9PCnwmtH1lyQ4r/RokBmCp3pBxeWSlenFfV3rLCeEDo0Q/OL
SX5DL4IbZD0VmNDt606WS7AEv93GhpN03Anw6kgHQUm1l030PR9DYZECgYEAwrgO SX5DL4IbZD0VmNDt606WS7AEv93GhpN03Anw6kgHQUm1l030PR9DYZECgYEAwrgO
/RyB/Ehw7smlysZb2sn1lvd6z8fg+pcu8ZNRKODaYCCOb8p1lnHrnIQdEmjhlmVp /RyB/Ehw7smlysZb2sn1lvd6z8fg+pcu8ZNRKODaYCCOb8p1lnHrnIQdEmjhlmVp
HAEuJ5jxCb+lyruV+dlx+0W/p6lHtKr0iBHG8EFkHnjN6Y+59Qu0HfSm0pZw7Ftr HAEuJ5jxCb+lyruV+dlx+0W/p6lHtKr0iBHG8EFkHnjN6Y+59Qu0HfSm0pZw7Ftr
QcUDPuDJkTVUAvrZqciWlwzTWCC9KYXtasT+AHkCgYEAnP80dAUbpyvKvr/RxShr QcUDPuDJkTVUAvrZqciWlwzTWCC9KYXtasT+AHkCgYEAnP80dAUbpyvKvr/RxShr
JYW/PWZegChmIp+BViOXWvDLC3xwrqm+5yc59QVBrjwH2WYn+26zB0dzwPFxNyHP JYW/PWZegChmIp+BViOXWvDLC3xwrqm+5yc59QVBrjwH2WYn+26zB0dzwPFxNyHP
GuiDMnvZ54zmve9foXGn7Gv+KjU53pvwSJqAGjeHAXr7W9c5uoVwBGv/kLPn8h1e GuiDMnvZ54zmve9foXGn7Gv+KjU53pvwSJqAGjeHAXr7W9c5uoVwBGv/kLPn8h1e
+KGO2X6iFeMq+cFNiNan9iECgYBj+oGnsKWFVeS2ls8LyMGNGzmAZF2opiZ8RHgU +KGO2X6iFeMq+cFNiNan9iECgYBj+oGnsKWFVeS2ls8LyMGNGzmAZF2opiZ8RHgU
DeIULS+zP8Qi3j92GdQyLxuGQlfiEvvfJzP9nOfWa5LC/4JIIUAHFo8LlT1+JHEe DeIULS+zP8Qi3j92GdQyLxuGQlfiEvvfJzP9nOfWa5LC/4JIIUAHFo8LlT1+JHEe
FJKi9dBkXP7NN8DxcyruXpnxctFUarQttuytslmMt2cFiKuOI7I+qJUzoMu/sEZx FJKi9dBkXP7NN8DxcyruXpnxctFUarQttuytslmMt2cFiKuOI7I+qJUzoMu/sEZx
FeidcQKBgQCuralmtbl4nxjn3aR/ZgFTAKCL9WaJPh5hFJ9q4UuWxJdBX5z3Ey3/ FeidcQKBgQCuralmtbl4nxjn3aR/ZgFTAKCL9WaJPh5hFJ9q4UuWxJdBX5z3Ey3/
70ehLKYPumjmZtXynzz4BTWj1W9X+tgj/499uzV6LdQERGjT6WVy8xR9RELWW0an 70ehLKYPumjmZtXynzz4BTWj1W9X+tgj/499uzV6LdQERGjT6WVy8xR9RELWW0an
N9N1IAc4qTSjbI4EIMwMBSAoFfCux/jfDkG4g+RDnpV92sqxz2CtKg== N9N1IAc4qTSjbI4EIMwMBSAoFfCux/jfDkG4g+RDnpV92sqxz2CtKg==
-----END RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----
\ No newline at end of file
tests/data_files/dh.998.pem 0 → 100644
浏览文件 @ 8856df66
DH Parameters: (998 bit)
prime:
39:5f:30:c0:7b:06:b7:6a:49:c6:c0:81:1f:39:77:
b3:35:e2:8d:66:fc:6a:6e:94:f3:df:97:f2:89:31:
6c:75:39:08:16:d1:a4:b8:0c:68:c5:63:21:61:eb:
48:2d:77:99:08:1d:67:38:37:0a:cd:cf:39:b6:3c:
9d:8a:e5:85:3c:71:e3:4b:3e:1e:b9:80:e3:cc:7a:
fd:84:05:b0:df:36:15:29:4e:3e:23:3b:c3:ae:6b:
c7:11:b9:64:43:40:75:c7:4a:ef:a7:2d:00:e2:62:
8f:93:78:96:8f:2c:25:8d:7d:1f:eb:5c:3c:bf:51:
de:f8:08:25:db
generator: 2 (0x2)
-----BEGIN DH PARAMETERS-----
MIGCAn05XzDAewa3aknGwIEfOXezNeKNZvxqbpTz35fyiTFsdTkIFtGkuAxoxWMh
YetILXeZCB1nODcKzc85tjydiuWFPHHjSz4euYDjzHr9hAWw3zYVKU4+IzvDrmvH
EblkQ0B1x0rvpy0A4mKPk3iWjywljX0f61w8v1He+Agl2wIBAg==
-----END DH PARAMETERS-----
tests/data_files/dh.999.pem 0 → 100644
浏览文件 @ 8856df66
DH Parameters: (999 bit)
prime:
4f:b8:d2:d8:3c:b3:02:c9:64:f5:99:fe:61:cc:b3:
69:1c:ba:bb:a2:33:db:38:2f:85:87:b7:12:fb:69:
6e:a5:32:3e:ff:24:df:c4:61:07:0c:e1:88:72:fa:
14:d4:22:65:18:66:09:7e:43:35:c4:5a:62:f7:0a:
69:be:45:71:6e:ac:c5:56:d8:22:9e:c4:9c:23:2b:
bd:6d:3b:b6:02:4f:5d:12:a7:ac:90:b8:9e:be:93:
82:bc:09:7c:cd:e1:09:21:1e:3d:69:2a:76:41:00:
68:6d:b7:e8:e8:df:d6:1b:82:93:d9:21:4a:ea:71:
f2:e6:c4:94:03
generator: 2 (0x2)
-----BEGIN DH PARAMETERS-----
MIGCAn1PuNLYPLMCyWT1mf5hzLNpHLq7ojPbOC+Fh7cS+2lupTI+/yTfxGEHDOGI
cvoU1CJlGGYJfkM1xFpi9wppvkVxbqzFVtginsScIyu9bTu2Ak9dEqeskLievpOC
vAl8zeEJIR49aSp2QQBobbfo6N/WG4KT2SFK6nHy5sSUAwIBAg==
-----END DH PARAMETERS-----
tests/scripts/all.sh
浏览文件 @ 8856df66
...@@ -691,6 +691,18 @@ component_check_doxygen_warnings () { ...@@ -691,6 +691,18 @@ component_check_doxygen_warnings () {
record_status tests/scripts/doxygen.sh record_status tests/scripts/doxygen.sh
} }
component_check_python2 () {
# Check that what used to work with Python 2 still works with Python 2.
msg "check: python2 compatibility"
mkdir -p tests/with_python2 tests/with_python3
make -C tests PYTHON=python2 c_files
mv tests/test_suite_*.c tests/with_python2/
make -C tests PYTHON=python3 c_files
mv tests/test_suite_*.c tests/with_python3/
diff -r tests/with_python2 tests/with_python3
rm -rf tests/with_python2 tests/with_python3
}
################################################################ ################################################################
......
tests/scripts/check-names.sh
浏览文件 @ 8856df66
...@@ -55,11 +55,6 @@ EOF ...@@ -55,11 +55,6 @@ EOF
exit exit
fi fi
if grep --version|head -n1|grep GNU >/dev/null; then :; else
echo "This script requires GNU grep.">&2
exit 1
fi
trace= trace=
if [ $# -ne 0 ] && [ "$1" = "-v" ]; then if [ $# -ne 0 ] && [ "$1" = "-v" ]; then
shift shift
......
tests/scripts/generate_test_code.py
浏览文件 @ 8856df66
#!/usr/bin/env python3 #!/usr/bin/env python3
# This script should still be compatible with Python 2 in Mbed TLS 2.16.x.
# Test suites code generator. # Test suites code generator.
# #
# Copyright The Mbed TLS Contributors # Copyright The Mbed TLS Contributors
......
tests/ssl-opt.sh
浏览文件 @ 8856df66
...@@ -130,8 +130,8 @@ print_usage() { ...@@ -130,8 +130,8 @@ print_usage() {
echo "Usage: $0 [options]" echo "Usage: $0 [options]"
printf " -h|--help\tPrint this help.\n" printf " -h|--help\tPrint this help.\n"
printf " -m|--memcheck\tCheck memory leaks and errors.\n" printf " -m|--memcheck\tCheck memory leaks and errors.\n"
printf " -f|--filter\tOnly matching tests are executed (BRE)\n" printf " -f|--filter\tOnly matching tests are executed (substring or BRE)\n"
printf " -e|--exclude\tMatching tests are excluded (BRE)\n" printf " -e|--exclude\tMatching tests are excluded (substring or BRE)\n"
printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n"
printf " -s|--show-numbers\tShow test numbers in front of test names\n" printf " -s|--show-numbers\tShow test numbers in front of test names\n"
printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n"
...@@ -184,6 +184,14 @@ get_options() { ...@@ -184,6 +184,14 @@ get_options() {
done done
} }
# Read boolean configuration options from config.h for easy and quick
# testing. Skip non-boolean options (with something other than spaces
# and a comment after "#define SYMBOL"). The variable contains a
# space-separated list of symbols.
CONFIGS_ENABLED=" $(<"$CONFIG_H" \
sed -n 's!^ *#define *\([A-Za-z][0-9A-Z_a-z]*\) *\(/*\)*!\1!p' |
tr '\n' ' ')"
# Skip next test; use this macro to skip tests which are legitimate # Skip next test; use this macro to skip tests which are legitimate
# in theory and expected to be re-introduced at some point, but # in theory and expected to be re-introduced at some point, but
# aren't expected to succeed at the moment due to problems outside # aren't expected to succeed at the moment due to problems outside
...@@ -194,16 +202,17 @@ skip_next_test() { ...@@ -194,16 +202,17 @@ skip_next_test() {
# skip next test if the flag is not enabled in config.h # skip next test if the flag is not enabled in config.h
requires_config_enabled() { requires_config_enabled() {
if grep "^#define $1" $CONFIG_H > /dev/null; then :; else case $CONFIGS_ENABLED in
SKIP_NEXT="YES" *" $1 "*) :;;
fi *) SKIP_NEXT="YES";;
esac
} }
# skip next test if the flag is enabled in config.h # skip next test if the flag is enabled in config.h
requires_config_disabled() { requires_config_disabled() {
if grep "^#define $1" $CONFIG_H > /dev/null; then case $CONFIGS_ENABLED in
SKIP_NEXT="YES" *" $1 "*) SKIP_NEXT="YES";;
fi esac
} }
get_config_value_or_default() { get_config_value_or_default() {
...@@ -422,17 +431,21 @@ fail() { ...@@ -422,17 +431,21 @@ fail() {
# is_polar <cmd_line> # is_polar <cmd_line>
is_polar() { is_polar() {
echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null case "$1" in
*ssl_client2*) true;;
*ssl_server2*) true;;
*) false;;
esac
} }
# openssl s_server doesn't have -www with DTLS # openssl s_server doesn't have -www with DTLS
check_osrv_dtls() { check_osrv_dtls() {
if echo "$SRV_CMD" | grep 's_server.*-dtls' >/dev/null; then case "$SRV_CMD" in
NEEDS_INPUT=1 *s_server*-dtls*)
SRV_CMD="$( echo $SRV_CMD | sed s/-www// )" NEEDS_INPUT=1
else SRV_CMD="$( echo $SRV_CMD | sed s/-www// )";;
NEEDS_INPUT=0 *) NEEDS_INPUT=0;;
fi esac
} }
# provide input to commands that need it # provide input to commands that need it
...@@ -548,11 +561,10 @@ wait_client_done() { ...@@ -548,11 +561,10 @@ wait_client_done() {
# check if the given command uses dtls and sets global variable DTLS # check if the given command uses dtls and sets global variable DTLS
detect_dtls() { detect_dtls() {
if echo "$1" | grep 'dtls=1\|-dtls1\|-u' >/dev/null; then case "$1" in
DTLS=1 *dtls=1*|-dtls|-u) DTLS=1;;
else *) DTLS=0;;
DTLS=0 esac
fi
} }
# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] # Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
...@@ -568,8 +580,7 @@ run_test() { ...@@ -568,8 +580,7 @@ run_test() {
NAME="$1" NAME="$1"
shift 1 shift 1
if echo "$NAME" | grep "$FILTER" | grep -v "$EXCLUDE" >/dev/null; then : if is_excluded "$NAME"; then
else
SKIP_NEXT="NO" SKIP_NEXT="NO"
return return
fi fi
...@@ -577,10 +588,11 @@ run_test() { ...@@ -577,10 +588,11 @@ run_test() {
print_name "$NAME" print_name "$NAME"
# Do we only run numbered tests? # Do we only run numbered tests?
if [ "X$RUN_TEST_NUMBER" = "X" ]; then : if [ -n "$RUN_TEST_NUMBER" ]; then
elif echo ",$RUN_TEST_NUMBER," | grep ",$TESTS," >/dev/null; then : case ",$RUN_TEST_NUMBER," in
else *",$TESTS,"*) :;;
SKIP_NEXT="YES" *) SKIP_NEXT="YES";;
esac
fi fi
# should we skip? # should we skip?
...@@ -606,10 +618,10 @@ run_test() { ...@@ -606,10 +618,10 @@ run_test() {
shift 3 shift 3
# Check if test uses files # Check if test uses files
TEST_USES_FILES=$(echo "$SRV_CMD $CLI_CMD" | grep "\.\(key\|crt\|pem\)" ) case "$SRV_CMD $CLI_CMD" in
if [ ! -z "$TEST_USES_FILES" ]; then *data_files/*)
requires_config_enabled MBEDTLS_FS_IO requires_config_enabled MBEDTLS_FS_IO;;
fi esac
# should we skip? # should we skip?
if [ "X$SKIP_NEXT" = "XYES" ]; then if [ "X$SKIP_NEXT" = "XYES" ]; then
...@@ -840,6 +852,46 @@ cleanup() { ...@@ -840,6 +852,46 @@ cleanup() {
get_options "$@" get_options "$@"
# Optimize filters: if $FILTER and $EXCLUDE can be expressed as shell
# patterns rather than regular expressions, use a case statement instead
# of calling grep. To keep the optimizer simple, it is incomplete and only
# detects simple cases: plain substring, everything, nothing.
#
# As an exception, the character '.' is treated as an ordinary character
# if it is the only special character in the string. This is because it's
# rare to need "any one character", but needing a literal '.' is common
# (e.g. '-f "DTLS 1.2"').
need_grep=
case "$FILTER" in
'^$') simple_filter=;;
'.*') simple_filter='*';;
*[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep
need_grep=1;;
*) # No regexp or shell-pattern special character
simple_filter="*$FILTER*";;
esac
case "$EXCLUDE" in
'^$') simple_exclude=;;
'.*') simple_exclude='*';;
*[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep
need_grep=1;;
*) # No regexp or shell-pattern special character
simple_exclude="*$EXCLUDE*";;
esac
if [ -n "$need_grep" ]; then
is_excluded () {
! echo "$1" | grep "$FILTER" | grep -q -v "$EXCLUDE"
}
else
is_excluded () {
case "$1" in
$simple_exclude) true;;
$simple_filter) false;;
*) true;;
esac
}
fi
# sanity checks, avoid an avalanche of errors # sanity checks, avoid an avalanche of errors
P_SRV_BIN="${P_SRV%%[ ]*}" P_SRV_BIN="${P_SRV%%[ ]*}"
P_CLI_BIN="${P_CLI%%[ ]*}" P_CLI_BIN="${P_CLI%%[ ]*}"
...@@ -900,7 +952,7 @@ SRV_DELAY_SECONDS=0 ...@@ -900,7 +952,7 @@ SRV_DELAY_SECONDS=0
P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" O_SRV="$O_SRV -accept $SRV_PORT"
O_CLI="$O_CLI -connect localhost:+SRV_PORT" O_CLI="$O_CLI -connect localhost:+SRV_PORT"
G_SRV="$G_SRV -p $SRV_PORT" G_SRV="$G_SRV -p $SRV_PORT"
G_CLI="$G_CLI -p +SRV_PORT" G_CLI="$G_CLI -p +SRV_PORT"
...@@ -3908,6 +3960,20 @@ run_test "DHM size: server 1024, client default, OK" \ ...@@ -3908,6 +3960,20 @@ run_test "DHM size: server 1024, client default, OK" \
0 \ 0 \
-C "DHM prime too short:" -C "DHM prime too short:"
run_test "DHM size: server 999, client 999, OK" \
"$P_SRV dhm_file=data_files/dh.999.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=999" \
0 \
-C "DHM prime too short:"
run_test "DHM size: server 1000, client 1000, OK" \
"$P_SRV dhm_file=data_files/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=1000" \
0 \
-C "DHM prime too short:"
run_test "DHM size: server 1000, client default, rejected" \ run_test "DHM size: server 1000, client default, rejected" \
"$P_SRV dhm_file=data_files/dh.1000.pem" \ "$P_SRV dhm_file=data_files/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
...@@ -3915,6 +3981,27 @@ run_test "DHM size: server 1000, client default, rejected" \ ...@@ -3915,6 +3981,27 @@ run_test "DHM size: server 1000, client default, rejected" \
1 \ 1 \
-c "DHM prime too short:" -c "DHM prime too short:"
run_test "DHM size: server 1000, client 1001, rejected" \
"$P_SRV dhm_file=data_files/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=1001" \
1 \
-c "DHM prime too short:"
run_test "DHM size: server 999, client 1000, rejected" \
"$P_SRV dhm_file=data_files/dh.999.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=1000" \
1 \
-c "DHM prime too short:"
run_test "DHM size: server 998, client 999, rejected" \
"$P_SRV dhm_file=data_files/dh.998.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=999" \
1 \
-c "DHM prime too short:"
run_test "DHM size: server default, client 2049, rejected" \ run_test "DHM size: server default, client 2049, rejected" \
"$P_SRV" \ "$P_SRV" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
...@@ -4036,7 +4123,7 @@ run_test "ECJPAKE: working, TLS" \ ...@@ -4036,7 +4123,7 @@ run_test "ECJPAKE: working, TLS" \
-S "SSL - Verification of the message MAC failed" -S "SSL - Verification of the message MAC failed"
server_needs_more_time 1 server_needs_more_time 1
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
run_test "ECJPAKE: password mismatch, TLS" \ run_test "ECJPAKE: password mismatch, TLS" \
"$P_SRV debug_level=3 ecjpake_pw=bla" \ "$P_SRV debug_level=3 ecjpake_pw=bla" \
"$P_CLI debug_level=3 ecjpake_pw=bad \ "$P_CLI debug_level=3 ecjpake_pw=bad \
...@@ -4045,7 +4132,7 @@ run_test "ECJPAKE: password mismatch, TLS" \ ...@@ -4045,7 +4132,7 @@ run_test "ECJPAKE: password mismatch, TLS" \
-C "re-using cached ecjpake parameters" \ -C "re-using cached ecjpake parameters" \
-s "SSL - Verification of the message MAC failed" -s "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
run_test "ECJPAKE: working, DTLS" \ run_test "ECJPAKE: working, DTLS" \
"$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
"$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
...@@ -4054,7 +4141,7 @@ run_test "ECJPAKE: working, DTLS" \ ...@@ -4054,7 +4141,7 @@ run_test "ECJPAKE: working, DTLS" \
-c "re-using cached ecjpake parameters" \ -c "re-using cached ecjpake parameters" \
-S "SSL - Verification of the message MAC failed" -S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
run_test "ECJPAKE: working, DTLS, no cookie" \ run_test "ECJPAKE: working, DTLS, no cookie" \
"$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \ "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \
"$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
...@@ -4064,7 +4151,7 @@ run_test "ECJPAKE: working, DTLS, no cookie" \ ...@@ -4064,7 +4151,7 @@ run_test "ECJPAKE: working, DTLS, no cookie" \
-S "SSL - Verification of the message MAC failed" -S "SSL - Verification of the message MAC failed"
server_needs_more_time 1 server_needs_more_time 1
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
run_test "ECJPAKE: password mismatch, DTLS" \ run_test "ECJPAKE: password mismatch, DTLS" \
"$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
"$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \ "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \
...@@ -4074,7 +4161,7 @@ run_test "ECJPAKE: password mismatch, DTLS" \ ...@@ -4074,7 +4161,7 @@ run_test "ECJPAKE: password mismatch, DTLS" \
-s "SSL - Verification of the message MAC failed" -s "SSL - Verification of the message MAC failed"
# for tests with configs/config-thread.h # for tests with configs/config-thread.h
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
run_test "ECJPAKE: working, DTLS, nolog" \ run_test "ECJPAKE: working, DTLS, nolog" \
"$P_SRV dtls=1 ecjpake_pw=bla" \ "$P_SRV dtls=1 ecjpake_pw=bla" \
"$P_CLI dtls=1 ecjpake_pw=bla \ "$P_CLI dtls=1 ecjpake_pw=bla \
......
tests/suites/helpers.function
浏览文件 @ 8856df66
...@@ -46,6 +46,10 @@ typedef UINT32 uint32_t; ...@@ -46,6 +46,10 @@ typedef UINT32 uint32_t;
#include <strings.h> #include <strings.h>
#endif #endif
#if defined(MBEDTLS_BIGNUM_C)
#include "mbedtls/bignum.h"
#endif
#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \ #if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \
defined(MBEDTLS_TEST_HOOKS) defined(MBEDTLS_TEST_HOOKS)
#include "mbedtls/threading.h" #include "mbedtls/threading.h"
...@@ -160,6 +164,66 @@ typedef enum ...@@ -160,6 +164,66 @@ typedef enum
} \ } \
} while( 0 ) } while( 0 )
/** Evaluate two expressions and fail the test case if they have different
* values.
*
* \param expr1 An expression to evaluate.
* \param expr2 The expected value of \p expr1. This can be any
* expression, but it is typically a constant.
*/
#define TEST_EQUAL( expr1, expr2 ) \
TEST_ASSERT( ( expr1 ) == ( expr2 ) )
/** Allocate memory dynamically and fail the test case if this fails.
* The allocated memory will be filled with zeros.
*
* You must set \p pointer to \c NULL before calling this macro and
* put `mbedtls_free( pointer )` in the test's cleanup code.
*
* If \p length is zero, the resulting \p pointer will be \c NULL.
* This is usually what we want in tests since API functions are
* supposed to accept null pointers when a buffer size is zero.
*
* This macro expands to an instruction, not an expression.
* It may jump to the \c exit label.
*
* \param pointer An lvalue where the address of the allocated buffer
* will be stored.
* This expression may be evaluated multiple times.
* \param length Number of elements to allocate.
* This expression may be evaluated multiple times.
*
*/
#define ASSERT_ALLOC( pointer, length ) \
do \
{ \
TEST_ASSERT( ( pointer ) == NULL ); \
if( ( length ) != 0 ) \
{ \
( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \
( length ) ); \
TEST_ASSERT( ( pointer ) != NULL ); \
} \
} \
while( 0 )
/** Allocate memory dynamically. If the allocation fails, skip the test case.
*
* This macro behaves like #ASSERT_ALLOC, except that if the allocation
* fails, it marks the test as skipped rather than failed.
*/
#define ASSERT_ALLOC_WEAK( pointer, length ) \
do \
{ \
TEST_ASSERT( ( pointer ) == NULL ); \
if( ( length ) != 0 ) \
{ \
( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \
( length ) ); \
TEST_ASSUME( ( pointer ) != NULL ); \
} \
} \
while( 0 )
/** Compare two buffers and fail the test case if they differ. /** Compare two buffers and fail the test case if they differ.
* *
* This macro expands to an instruction, not an expression. * This macro expands to an instruction, not an expression.
...@@ -787,6 +851,21 @@ int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_le ...@@ -787,6 +851,21 @@ int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_le
return ret; return ret;
} }
#if defined(MBEDTLS_BIGNUM_C)
int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s )
{
/* mbedtls_mpi_read_string() currently retains leading zeros.
* It always allocates at least one limb for the value 0. */
if( s[0] == 0 )
{
mbedtls_mpi_free( X );
return( 0 );
}
else
return( mbedtls_mpi_read_string( X, radix, s ) );
}
#endif /* MBEDTLS_BIGNUM_C */
#if defined(MBEDTLS_TEST_MUTEX_USAGE) #if defined(MBEDTLS_TEST_MUTEX_USAGE)
/** Mutex usage verification framework. /** Mutex usage verification framework.
* *
......
tests/suites/host_test.function
浏览文件 @ 8856df66
...@@ -33,7 +33,7 @@ int verify_string( char **str ) ...@@ -33,7 +33,7 @@ int verify_string( char **str )
* *
* \return 0 if success else 1 * \return 0 if success else 1
*/ */
int verify_int( char *str, int *value ) int verify_int( char *str, int32_t *value )
{ {
size_t i; size_t i;
int minus = 0; int minus = 0;
...@@ -238,7 +238,7 @@ static int parse_arguments( char *buf, size_t len, char **params, ...@@ -238,7 +238,7 @@ static int parse_arguments( char *buf, size_t len, char **params,
* *
* \return 0 for success else 1 * \return 0 for success else 1
*/ */
static int convert_params( size_t cnt , char ** params , int * int_params_store ) static int convert_params( size_t cnt , char ** params , int32_t * int_params_store )
{ {
char ** cur = params; char ** cur = params;
char ** out = params; char ** out = params;
...@@ -400,7 +400,7 @@ int execute_tests( int argc , const char ** argv ) ...@@ -400,7 +400,7 @@ int execute_tests( int argc , const char ** argv )
char buf[5000]; char buf[5000];
char *params[50]; char *params[50];
/* Store for proccessed integer params. */ /* Store for proccessed integer params. */
int int_params[50]; int32_t int_params[50];
void *pointer; void *pointer;
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
int stdout_fd = -1; int stdout_fd = -1;
......
tests/suites/test_suite_aes.function
浏览文件 @ 8856df66
...@@ -208,6 +208,8 @@ void aes_crypt_xts_size( int size, int retval ) ...@@ -208,6 +208,8 @@ void aes_crypt_xts_size( int size, int retval )
/* Valid pointers are passed for builds with MBEDTLS_CHECK_PARAMS, as /* Valid pointers are passed for builds with MBEDTLS_CHECK_PARAMS, as
* otherwise we wouldn't get to the size check we're interested in. */ * otherwise we wouldn't get to the size check we're interested in. */
TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, length, data_unit, src, output ) == retval ); TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, length, data_unit, src, output ) == retval );
exit:
mbedtls_aes_xts_free( &ctx );
} }
/* END_CASE */ /* END_CASE */
......
tests/suites/test_suite_debug.data
浏览文件 @ 8856df66
...@@ -37,28 +37,31 @@ mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A ...@@ -37,28 +37,31 @@ mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A
Debug print buffer #5 Debug print buffer #5
mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n" mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n"
Debug print certificate #1 (RSA) Debug print mbedtls_mpi: 0 (empty representation)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C mbedtls_debug_print_mpi:16:"":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n"
mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
Debug print certificate #2 (EC) Debug print mbedtls_mpi: 0 (non-empty representation)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C mbedtls_debug_print_mpi:16:"00000000000000":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n"
mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
Debug print mbedtls_mpi #1
mbedtls_debug_print_mpi:16:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n"
Debug print mbedtls_mpi #2 Debug print mbedtls_mpi #2: 3 bits
mbedtls_debug_print_mpi:16:"00000000000007":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (3 bits) is\:\nMyFile(0999)\: 07\n" mbedtls_debug_print_mpi:16:"00000000000007":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (3 bits) is\:\nMyFile(0999)\: 07\n"
Debug print mbedtls_mpi #3 Debug print mbedtls_mpi: 49 bits
mbedtls_debug_print_mpi:16:"00000000000000":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n" mbedtls_debug_print_mpi:16:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n"
Debug print mbedtls_mpi #4 Debug print mbedtls_mpi: 759 bits
mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000041379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (759 bits) is\:\nMyFile(0999)\: 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a 14\nMyFile(0999)\: 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90 ff\nMyFile(0999)\: e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c 09\nMyFile(0999)\: 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89 af\nMyFile(0999)\: 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b 52\nMyFile(0999)\: 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
Debug print mbedtls_mpi: 764 bits #1
mbedtls_debug_print_mpi:16:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n" mbedtls_debug_print_mpi:16:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
Debug print mbedtls_mpi #5 Debug print mbedtls_mpi: 764 bits #2
mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n" mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
Debug print mbedtls_mpi #6 Debug print certificate #1 (RSA)
mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000041379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (759 bits) is\:\nMyFile(0999)\: 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a 14\nMyFile(0999)\: 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90 ff\nMyFile(0999)\: e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c 09\nMyFile(0999)\: 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89 af\nMyFile(0999)\: 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b 52\nMyFile(0999)\: 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n" depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
Debug print certificate #2 (EC)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
tests/suites/test_suite_debug.function
浏览文件 @ 8856df66
...@@ -179,7 +179,7 @@ void mbedtls_debug_print_mpi( int radix, char * value, char * file, int line, ...@@ -179,7 +179,7 @@ void mbedtls_debug_print_mpi( int radix, char * value, char * file, int line,
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 ); TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &val, radix, value ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &val, radix, value ) == 0 );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer); mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
......
tests/suites/test_suite_dhm.data
浏览文件 @ 8856df66
Diffie-Hellman full exchange: tiny x_size
dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622":0
Diffie-Hellman parameter validation Diffie-Hellman parameter validation
dhm_invalid_params: dhm_invalid_params:
Diffie-Hellman full exchange #1 Diffie-Hellman full exchange: 5-bit, x_size=3
dhm_do_dhm:10:"23":10:"5":0 dhm_do_dhm:10:"23":3:10:"5":0
Diffie-Hellman full exchange: 5-bit, x_size=2
dhm_do_dhm:10:"23":2:10:"5":0
## Repeat this test case and a few similar ones several times. The RNG state
## changes, so we get to exercise the code with a few different values.
Diffie-Hellman full exchange: 5-bit #1
dhm_do_dhm:10:"23":1:10:"5":0
Diffie-Hellman full exchange: 5-bit #2
dhm_do_dhm:10:"23":1:10:"5":0
Diffie-Hellman full exchange: 5-bit #3
dhm_do_dhm:10:"23":1:10:"5":0
Diffie-Hellman full exchange: 5-bit #4
dhm_do_dhm:10:"23":1:10:"5":0
Diffie-Hellman full exchange: 5-bit #5
dhm_do_dhm:10:"23":1:10:"5":0
## This is x_size = P_size + 1. Arguably x_size > P_size makes no sense,
## but it's the current undocumented behavior to treat it the same as when
## x_size = P_size. If this behavior changes in the future, change the expected
## return status from 0 to MBEDTLS_ERR_DHM_BAD_INPUT_DATA.
Diffie-Hellman full exchange: 97-bit, x_size=14
dhm_do_dhm:10:"93450983094850938450983409623":14:10:"9345098304850938450983409622":0
Diffie-Hellman full exchange: 97-bit #1
dhm_do_dhm:10:"93450983094850938450983409623":13:10:"9345098304850938450983409622":0
Diffie-Hellman full exchange: 97-bit #2
dhm_do_dhm:10:"93450983094850938450983409623":13:10:"9345098304850938450983409622":0
Diffie-Hellman full exchange: 97-bit #3
dhm_do_dhm:10:"93450983094850938450983409623":13:10:"9345098304850938450983409622":0
Diffie-Hellman full exchange: 97-bit #4
dhm_do_dhm:10:"93450983094850938450983409623":13:10:"9345098304850938450983409622":0
Diffie-Hellman full exchange: 97-bit #5
dhm_do_dhm:10:"93450983094850938450983409623":13:10:"9345098304850938450983409622":0
Diffie-Hellman full exchange #2 Diffie-Hellman full exchange: 97-bit, x_size=12
dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622":0 dhm_do_dhm:10:"93450983094850938450983409623":12:10:"9345098304850938450983409622":0
Diffie-Hellman full exchange #3 Diffie-Hellman full exchange: 97-bit, x_size=11
dhm_do_dhm:10:"93450983094850938450983409623982317398171298719873918739182739712938719287391879381271":10:"9345098309485093845098340962223981329819812792137312973297123912791271":0 dhm_do_dhm:10:"93450983094850938450983409623":11:10:"9345098304850938450983409622":0
Diffie-Hellman trivial subgroup #1 Diffie-Hellman full exchange: 97-bit, x_size=1 #1
dhm_do_dhm:10:"23":10:"1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622":0
Diffie-Hellman trivial subgroup #2 Diffie-Hellman full exchange: 97-bit, x_size=1 #2
dhm_do_dhm:10:"23":10:"-1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622":0
Diffie-Hellman full exchange: 97-bit, x_size=1 #3
dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622":0
Diffie-Hellman full exchange: 97-bit, x_size=1 #4
dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622":0
Diffie-Hellman full exchange: 97-bit, x_size=1 #5
dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622":0
Diffie-Hellman full exchange: 286-bit
dhm_do_dhm:10:"93450983094850938450983409623982317398171298719873918739182739712938719287391879381271":36:10:"9345098309485093845098340962223981329819812792137312973297123912791271":0
Diffie-Hellman small modulus Diffie-Hellman small modulus
dhm_do_dhm:10:"3":10:"5":MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED dhm_do_dhm:10:"3":1:10:"5":MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED
Diffie-Hellman zero modulus Diffie-Hellman zero modulus
dhm_do_dhm:10:"0":10:"5":MBEDTLS_ERR_DHM_BAD_INPUT_DATA dhm_do_dhm:10:"0":1:10:"5":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
Diffie-Hellman: x_size < 0
dhm_do_dhm:10:"93450983094850938450983409623":-1:10:"9345098304850938450983409622":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
Diffie-Hellman with G=0
dhm_do_dhm:10:"93450983094850938450983409623":13:10:"0":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
Diffie-Hellman with G=1
dhm_do_dhm:10:"93450983094850938450983409623":13:10:"1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
Diffie-Hellman with G=-1
dhm_do_dhm:10:"93450983094850938450983409623":13:10:"-1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
Diffie-Hellman with G=P-1
dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409622":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
Diffie-Hellman with G=P-2
dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409621":0
Diffie-Hellman with G=P
dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409623":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
Diffie-Hellman with G=P+1
dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409624":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
Diffie-Hellman with G=P+2
dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409625":0
Diffie-Hellman MPI_MAX_SIZE modulus Diffie-Hellman MPI_MAX_SIZE modulus
dhm_make_public:MBEDTLS_MPI_MAX_SIZE:10:"5":0 dhm_make_public:MBEDTLS_MPI_MAX_SIZE:10:"5":0
......
tests/suites/test_suite_dhm.function
浏览文件 @ 8856df66
/* BEGIN_HEADER */ /* BEGIN_HEADER */
#include "mbedtls/dhm.h" #include "mbedtls/dhm.h"
/* Sanity checks on a Diffie-Hellman parameter: check the length-value
* syntax and check that the value is the expected one (taken from the
* DHM context by the caller). */
static int check_dhm_param_output( const mbedtls_mpi *expected,
const unsigned char *buffer,
size_t size,
size_t *offset )
{
size_t n;
mbedtls_mpi actual;
int ok = 0;
mbedtls_mpi_init( &actual );
TEST_ASSERT( size >= *offset + 2 );
n = ( buffer[*offset] << 8 ) | buffer[*offset + 1];
*offset += 2;
/* The DHM param output from Mbed TLS has leading zeros stripped, as
* permitted but not required by RFC 5246 \S4.4. */
TEST_EQUAL( n, mbedtls_mpi_size( expected ) );
TEST_ASSERT( size >= *offset + n );
TEST_EQUAL( 0, mbedtls_mpi_read_binary( &actual, buffer + *offset, n ) );
TEST_EQUAL( 0, mbedtls_mpi_cmp_mpi( expected, &actual ) );
*offset += n;
ok = 1;
exit:
mbedtls_mpi_free( &actual );
return( ok );
}
/* Sanity checks on Diffie-Hellman parameters: syntax, range, and comparison
* against the context. */
static int check_dhm_params( const mbedtls_dhm_context *ctx,
size_t x_size,
const unsigned char *ske, size_t ske_len )
{
size_t offset = 0;
/* Check that ctx->X and ctx->GX are within range. */
TEST_ASSERT( mbedtls_mpi_cmp_int( &ctx->X, 1 ) > 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) < 0 );
TEST_ASSERT( mbedtls_mpi_size( &ctx->X ) <= x_size );
TEST_ASSERT( mbedtls_mpi_cmp_int( &ctx->GX, 1 ) > 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx->GX, &ctx->P ) < 0 );
/* Check ske: it must contain P, G and G^X, each prefixed with a
* 2-byte size. */
if( !check_dhm_param_output( &ctx->P, ske, ske_len, &offset ) )
goto exit;
if( !check_dhm_param_output( &ctx->G, ske, ske_len, &offset ) )
goto exit;
if( !check_dhm_param_output( &ctx->GX, ske, ske_len, &offset ) )
goto exit;
TEST_EQUAL( offset, ske_len );
return( 1 );
exit:
return( 0 );
}
/* END_HEADER */ /* END_HEADER */
/* BEGIN_DEPENDENCIES /* BEGIN_DEPENDENCIES
...@@ -115,7 +176,7 @@ exit: ...@@ -115,7 +176,7 @@ exit:
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE */ /* BEGIN_CASE */
void dhm_do_dhm( int radix_P, char *input_P, void dhm_do_dhm( int radix_P, char *input_P, int x_size,
int radix_G, char *input_G, int result ) int radix_G, char *input_G, int result )
{ {
mbedtls_dhm_context ctx_srv; mbedtls_dhm_context ctx_srv;
...@@ -129,7 +190,7 @@ void dhm_do_dhm( int radix_P, char *input_P, ...@@ -129,7 +190,7 @@ void dhm_do_dhm( int radix_P, char *input_P,
size_t pub_cli_len = 0; size_t pub_cli_len = 0;
size_t sec_srv_len; size_t sec_srv_len;
size_t sec_cli_len; size_t sec_cli_len;
int x_size, i; int i;
rnd_pseudo_info rnd_info; rnd_pseudo_info rnd_info;
mbedtls_dhm_init( &ctx_srv ); mbedtls_dhm_init( &ctx_srv );
...@@ -143,17 +204,20 @@ void dhm_do_dhm( int radix_P, char *input_P, ...@@ -143,17 +204,20 @@ void dhm_do_dhm( int radix_P, char *input_P,
/* /*
* Set params * Set params
*/ */
TEST_ASSERT( mbedtls_mpi_read_string( &ctx_srv.P, radix_P, input_P ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &ctx_srv.P, radix_P, input_P ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &ctx_srv.G, radix_G, input_G ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &ctx_srv.G, radix_G, input_G ) == 0 );
x_size = mbedtls_mpi_size( &ctx_srv.P ); pub_cli_len = mbedtls_mpi_size( &ctx_srv.P );
pub_cli_len = x_size;
/* /*
* First key exchange * First key exchange
*/ */
TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &rnd_pseudo_rand, &rnd_info ) == result ); TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len,
&rnd_pseudo_rand,
&rnd_info ) == result );
if ( result != 0 ) if ( result != 0 )
goto exit; goto exit;
if( !check_dhm_params( &ctx_srv, x_size, ske, ske_len ) )
goto exit;
ske[ske_len++] = 0; ske[ske_len++] = 0;
ske[ske_len++] = 0; ske[ske_len++] = 0;
...@@ -185,7 +249,11 @@ void dhm_do_dhm( int radix_P, char *input_P, ...@@ -185,7 +249,11 @@ void dhm_do_dhm( int radix_P, char *input_P,
*/ */
p = ske; p = ske;
TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len,
&rnd_pseudo_rand,
&rnd_info ) == 0 );
if( !check_dhm_params( &ctx_srv, x_size, ske, ske_len ) )
goto exit;
ske[ske_len++] = 0; ske[ske_len++] = 0;
ske[ske_len++] = 0; ske[ske_len++] = 0;
TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 ); TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 );
...@@ -221,7 +289,7 @@ void dhm_make_public( int P_bytes, int radix_G, char *input_G, int result ) ...@@ -221,7 +289,7 @@ void dhm_make_public( int P_bytes, int radix_G, char *input_G, int result )
TEST_ASSERT( mbedtls_mpi_shift_l( &P, ( P_bytes * 8 ) - 1 ) == 0 ); TEST_ASSERT( mbedtls_mpi_shift_l( &P, ( P_bytes * 8 ) - 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_set_bit( &P, 0, 1 ) == 0 ); TEST_ASSERT( mbedtls_mpi_set_bit( &P, 0, 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &G, radix_G, input_G ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &G, radix_G, input_G ) == 0 );
TEST_ASSERT( mbedtls_dhm_set_group( &ctx, &P, &G ) == 0 ); TEST_ASSERT( mbedtls_dhm_set_group( &ctx, &P, &G ) == 0 );
TEST_ASSERT( mbedtls_dhm_make_public( &ctx, (int) mbedtls_mpi_size( &P ), TEST_ASSERT( mbedtls_dhm_make_public( &ctx, (int) mbedtls_mpi_size( &P ),
...@@ -245,8 +313,8 @@ void dhm_file( char * filename, char * p, char * g, int len ) ...@@ -245,8 +313,8 @@ void dhm_file( char * filename, char * p, char * g, int len )
mbedtls_dhm_init( &ctx ); mbedtls_dhm_init( &ctx );
mbedtls_mpi_init( &P ); mbedtls_mpi_init( &G ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &G );
TEST_ASSERT( mbedtls_mpi_read_string( &P, 16, p ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &P, 16, p ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &G, 16, g ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &G, 16, g ) == 0 );
TEST_ASSERT( mbedtls_dhm_parse_dhmfile( &ctx, filename ) == 0 ); TEST_ASSERT( mbedtls_dhm_parse_dhmfile( &ctx, filename ) == 0 );
......
tests/suites/test_suite_ecdh.function
浏览文件 @ 8856df66
...@@ -272,20 +272,20 @@ void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str, ...@@ -272,20 +272,20 @@ void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str,
TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA, TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA,
rnd_buffer_rand, &rnd_info_A ) == 0 ); rnd_buffer_rand, &rnd_info_A ) == 0 );
TEST_ASSERT( ! mbedtls_ecp_is_zero( &qA ) ); TEST_ASSERT( ! mbedtls_ecp_is_zero( &qA ) );
TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xA_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, xA_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.X, &check ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.X, &check ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, yA_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, yA_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.Y, &check ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.Y, &check ) == 0 );
TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB,
rnd_buffer_rand, &rnd_info_B ) == 0 ); rnd_buffer_rand, &rnd_info_B ) == 0 );
TEST_ASSERT( ! mbedtls_ecp_is_zero( &qB ) ); TEST_ASSERT( ! mbedtls_ecp_is_zero( &qB ) );
TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xB_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, xB_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.X, &check ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.X, &check ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, yB_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, yB_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.Y, &check ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.Y, &check ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, z_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, z_str ) == 0 );
TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA, NULL, NULL ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &check ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &check ) == 0 );
TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB, NULL, NULL ) == 0 );
......
tests/suites/test_suite_ecdsa.function
浏览文件 @ 8856df66
...@@ -277,9 +277,9 @@ void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str, ...@@ -277,9 +277,9 @@ void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str,
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 ); TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &d, 16, d_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &r_check, 16, r_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &s_check, 16, s_str ) == 0 );
rnd_info.buf = rnd_buf->x; rnd_info.buf = rnd_buf->x;
rnd_info.length = rnd_buf->len; rnd_info.length = rnd_buf->len;
...@@ -340,9 +340,9 @@ void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg, ...@@ -340,9 +340,9 @@ void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg,
memset( hash, 0, sizeof( hash ) ); memset( hash, 0, sizeof( hash ) );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &d, 16, d_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &r_check, 16, r_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &s_check, 16, s_str ) == 0 );
md_info = mbedtls_md_info_from_type( md_alg ); md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL ); TEST_ASSERT( md_info != NULL );
...@@ -513,7 +513,7 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg, ...@@ -513,7 +513,7 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg,
memset( sig, 0, sizeof( sig ) ); memset( sig, 0, sizeof( sig ) );
TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &ctx.d, 16, d_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &ctx.d, 16, d_str ) == 0 );
md_info = mbedtls_md_info_from_type( md_alg ); md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL ); TEST_ASSERT( md_info != NULL );
......
tests/suites/test_suite_ecp.data
浏览文件 @ 8856df66
...@@ -36,13 +36,133 @@ ECP curve info #8 ...@@ -36,13 +36,133 @@ ECP curve info #8
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_curve_info:MBEDTLS_ECP_DP_SECP192R1:19:192:"secp192r1" mbedtls_ecp_curve_info:MBEDTLS_ECP_DP_SECP192R1:19:192:"secp192r1"
ECP check pubkey Montgomery #1 (too big) ECP check pubkey Curve25519 #1 (biggest)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":0
ECP check pubkey Curve25519 #2 (too big)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"010000000000000000000000000000000000000000000000000000000000000000":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"010000000000000000000000000000000000000000000000000000000000000000":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
ECP check pubkey Montgomery #2 (biggest) ECP check pubkey Curve25519 #3 (DoS big)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":0 ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"0100000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
ECP check pubkey Curve25519 y ignored
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"2":"-1":"1":0
ECP check pubkey Curve25519 z is not 1
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"2":"0":"2":MBEDTLS_ERR_ECP_INVALID_KEY
ECP check pubkey Curve25519 x negative
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"-2":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
# see https://cr.yp.to/ecdh.html#validate
ECP check pubkey Curve25519 low-order point #1
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"0":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
# see https://cr.yp.to/ecdh.html#validate
ECP check pubkey Curve25519 low-order point #2
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"1":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
# see https://cr.yp.to/ecdh.html#validate
ECP check pubkey Curve25519 low-order point #3 (let's call this u)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"b8495f16056286fdb1329ceb8d09da6ac49ff1fae35616aeb8413b7c7aebe0":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
# see https://cr.yp.to/ecdh.html#validate
ECP check pubkey Curve25519 low-order point #4 (let's call this v)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"57119fd0dd4e22d8868e1c58c45c44045bef839c55b1d0b1248c50a3bc959c5f":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
# see https://cr.yp.to/ecdh.html#validate
ECP check pubkey Curve25519 low-order point #5 p-1
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
# see https://cr.yp.to/ecdh.html#validate
ECP check pubkey Curve25519 low-order point #6 p
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
# see https://cr.yp.to/ecdh.html#validate
ECP check pubkey Curve25519 low-order point #7 p+1
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffee":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
# see https://cr.yp.to/ecdh.html#validate
ECP check pubkey Curve25519 low-order point #8 p+u
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"80b8495f16056286fdb1329ceb8d09da6ac49ff1fae35616aeb8413b7c7aebcd":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
# see https://cr.yp.to/ecdh.html#validate
ECP check pubkey Curve25519 low-order point #9 p+v
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"d7119fd0dd4e22d8868e1c58c45c44045bef839c55b1d0b1248c50a3bc959c4c":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
# see https://cr.yp.to/ecdh.html#validate
ECP check pubkey Curve25519 low-order point #10 2p-1
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd9":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
# see https://cr.yp.to/ecdh.html#validate
ECP check pubkey Curve25519 low-order point #11 2p
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffda":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
# see https://cr.yp.to/ecdh.html#validate
ECP check pubkey Curve25519 low-order point #12 2p+1
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdb":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
ECP check pubkey Curve448 #1 (biggest)
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":0
ECP check pubkey Curve448 #2 (too big)
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
ECP check pubkey Curve448 #3 (DoS big)
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"0100000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
ECP check pubkey Curve448 y ignored
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"2":"-1":"1":0
ECP check pubkey Curve448 z is not 1
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"2":"0":"2":MBEDTLS_ERR_ECP_INVALID_KEY
ECP check pubkey Curve448 x negative
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"-2":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
ECP check pubkey Curve448 low-order point #1
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"0":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
ECP check pubkey Curve448 low-order point #2
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"1":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
ECP check pubkey Curve448 low-order point #3 p-1
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
ECP check pubkey Curve448 low-order point #4 p
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
ECP check pubkey Curve448 low-order point #5 p+1
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000000000000000000000000000000000000000000000":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
ECP check pubkey Koblitz #1 (point not on curve) ECP check pubkey Koblitz #1 (point not on curve)
depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
...@@ -344,6 +464,14 @@ ECP point multiplication rng fail Curve25519 ...@@ -344,6 +464,14 @@ ECP point multiplication rng fail Curve25519
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_test_mul_rng:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660" ecp_test_mul_rng:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660"
ECP point muladd secp256r1 #1
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_muladd:MBEDTLS_ECP_DP_SECP256R1:"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579":"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1ffffffff20e120e1e1e1e13a4e135157317b79d4ecf329fed4f9eb00dc67dbddae33faca8b6d8a0255b5ce":"04fab65e09aa5dd948320f86246be1d3fc571e7f799d9005170ed5cc868b67598431a668f96aa9fd0b0eb15f0edf4c7fe1be2885eadcb57e3db4fdd093585d3fa6"
ECP point muladd secp256r1 #2
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_muladd:MBEDTLS_ECP_DP_SECP256R1:"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1ffffffff20e120e1e1e1e13a4e135157317b79d4ecf329fed4f9eb00dc67dbddae33faca8b6d8a0255b5ce":"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579":"04fab65e09aa5dd948320f86246be1d3fc571e7f799d9005170ed5cc868b67598431a668f96aa9fd0b0eb15f0edf4c7fe1be2885eadcb57e3db4fdd093585d3fa6"
ECP test vectors secp192k1 ECP test vectors secp192k1
depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
ecp_test_vect:MBEDTLS_ECP_DP_SECP192K1:"D1E13A359F6E0F0698791938E6D60246030AE4B0D8D4E9DE":"281BCA982F187ED30AD5E088461EBE0A5FADBB682546DF79":"3F68A8E9441FB93A4DD48CB70B504FCC9AA01902EF5BE0F3":"BE97C5D2A1A94D081E3FACE53E65A27108B7467BDF58DE43":"5EB35E922CD693F7947124F5920022C4891C04F6A8B8DCB2":"60ECF73D0FC43E0C42E8E155FFE39F9F0B531F87B34B6C3C":"372F5C5D0E18313C82AEF940EC3AFEE26087A46F1EBAE923":"D5A9F9182EC09CEAEA5F57EA10225EC77FA44174511985FD" ecp_test_vect:MBEDTLS_ECP_DP_SECP192K1:"D1E13A359F6E0F0698791938E6D60246030AE4B0D8D4E9DE":"281BCA982F187ED30AD5E088461EBE0A5FADBB682546DF79":"3F68A8E9441FB93A4DD48CB70B504FCC9AA01902EF5BE0F3":"BE97C5D2A1A94D081E3FACE53E65A27108B7467BDF58DE43":"5EB35E922CD693F7947124F5920022C4891C04F6A8B8DCB2":"60ECF73D0FC43E0C42E8E155FFE39F9F0B531F87B34B6C3C":"372F5C5D0E18313C82AEF940EC3AFEE26087A46F1EBAE923":"D5A9F9182EC09CEAEA5F57EA10225EC77FA44174511985FD"
......
tests/suites/test_suite_ecp.function
浏览文件 @ 8856df66
/* BEGIN_HEADER */ /* BEGIN_HEADER */
#include "mbedtls/ecp.h" #include "mbedtls/ecp.h"
/* Backported from Mbed TLS 2.x for test dependencies. */
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
#define MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED
#endif
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
#define MBEDTLS_ECP_MONTGOMERY_ENABLED
#endif
#define ECP_PF_UNKNOWN -1 #define ECP_PF_UNKNOWN -1
#define ECP_PT_RESET( x ) \ #define ECP_PT_RESET( x ) \
...@@ -374,6 +393,8 @@ void mbedtls_ecp_curve_info( int id, int tls_id, int size, char * name ) ...@@ -374,6 +393,8 @@ void mbedtls_ecp_curve_info( int id, int tls_id, int size, char * name )
TEST_ASSERT( by_id == by_name ); TEST_ASSERT( by_id == by_name );
TEST_ASSERT( by_id->bit_size == size ); TEST_ASSERT( by_id->bit_size == size );
TEST_ASSERT( size <= MBEDTLS_ECP_MAX_BITS );
TEST_ASSERT( size <= MBEDTLS_ECP_MAX_BYTES * 8 );
} }
/* END_CASE */ /* END_CASE */
...@@ -389,9 +410,9 @@ void ecp_check_pub( int grp_id, char * x_hex, char * y_hex, char * z_hex, ...@@ -389,9 +410,9 @@ void ecp_check_pub( int grp_id, char * x_hex, char * y_hex, char * z_hex,
TEST_ASSERT( mbedtls_ecp_group_load( &grp, grp_id ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, grp_id ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &P.X, 16, x_hex ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &P.X, 16, x_hex ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &P.Y, 16, y_hex ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &P.Y, 16, y_hex ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &P.Z, 16, z_hex ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &P.Z, 16, z_hex ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &P ) == ret ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &P ) == ret );
...@@ -440,13 +461,13 @@ void ecp_test_vect_restart( int id, ...@@ -440,13 +461,13 @@ void ecp_test_vect_restart( int id,
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &dA, 16, dA_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &dA, 16, dA_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &xA, 16, xA_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &xA, 16, xA_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &yA, 16, yA_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &yA, 16, yA_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &dB, 16, dB_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &dB, 16, dB_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &xZ, 16, xZ_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &xZ, 16, xZ_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &yZ, 16, yZ_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &yZ, 16, yZ_str ) == 0 );
mbedtls_ecp_set_max_ops( (unsigned) max_ops ); mbedtls_ecp_set_max_ops( (unsigned) max_ops );
...@@ -524,13 +545,13 @@ void ecp_muladd_restart( int id, char *xR_str, char *yR_str, ...@@ -524,13 +545,13 @@ void ecp_muladd_restart( int id, char *xR_str, char *yR_str,
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &u1, 16, u1_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &u1, 16, u1_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &u2, 16, u2_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &u2, 16, u2_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &xR, 16, xR_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &xR, 16, xR_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &yR, 16, yR_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &yR, 16, yR_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Q.X, 16, xQ_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &Q.X, 16, xQ_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Q.Y, 16, yQ_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &Q.Y, 16, yQ_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_lset( &Q.Z, 1 ) == 0 ); TEST_ASSERT( mbedtls_mpi_lset( &Q.Z, 1 ) == 0 );
mbedtls_ecp_set_max_ops( (unsigned) max_ops ); mbedtls_ecp_set_max_ops( (unsigned) max_ops );
...@@ -587,14 +608,14 @@ void ecp_test_vect( int id, char * dA_str, char * xA_str, char * yA_str, ...@@ -587,14 +608,14 @@ void ecp_test_vect( int id, char * dA_str, char * xA_str, char * yA_str,
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &dA, 16, dA_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &dA, 16, dA_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &xA, 16, xA_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &xA, 16, xA_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &yA, 16, yA_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &yA, 16, yA_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &dB, 16, dB_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &dB, 16, dB_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &xB, 16, xB_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &xB, 16, xB_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &yB, 16, yB_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &yB, 16, yB_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &xZ, 16, xZ_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &xZ, 16, xZ_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &yZ, 16, yZ_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &yZ, 16, yZ_str ) == 0 );
TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G,
&rnd_pseudo_rand, &rnd_info ) == 0 ); &rnd_pseudo_rand, &rnd_info ) == 0 );
...@@ -642,11 +663,11 @@ void ecp_test_vec_x( int id, char * dA_hex, char * xA_hex, char * dB_hex, ...@@ -642,11 +663,11 @@ void ecp_test_vec_x( int id, char * dA_hex, char * xA_hex, char * dB_hex,
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &dA, 16, dA_hex ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &dA, 16, dA_hex ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &dB, 16, dB_hex ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &dB, 16, dB_hex ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &xA, 16, xA_hex ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &xA, 16, xA_hex ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &xB, 16, xB_hex ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &xB, 16, xB_hex ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &xS, 16, xS_hex ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &xS, 16, xS_hex ) == 0 );
TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G,
&rnd_pseudo_rand, &rnd_info ) == 0 ); &rnd_pseudo_rand, &rnd_info ) == 0 );
...@@ -699,6 +720,53 @@ exit: ...@@ -699,6 +720,53 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
void ecp_muladd( int id,
data_t *u1_bin, data_t *P1_bin,
data_t *u2_bin, data_t *P2_bin,
data_t *expected_result )
{
/* Compute R = u1 * P1 + u2 * P2 */
mbedtls_ecp_group grp;
mbedtls_ecp_point P1, P2, R;
mbedtls_mpi u1, u2;
uint8_t actual_result[MBEDTLS_ECP_MAX_PT_LEN];
size_t len;
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &P1 );
mbedtls_ecp_point_init( &P2 );
mbedtls_ecp_point_init( &R );
mbedtls_mpi_init( &u1 );
mbedtls_mpi_init( &u2 );
TEST_EQUAL( 0, mbedtls_ecp_group_load( &grp, id ) );
TEST_EQUAL( 0, mbedtls_mpi_read_binary( &u1, u1_bin->x, u1_bin->len ) );
TEST_EQUAL( 0, mbedtls_mpi_read_binary( &u2, u2_bin->x, u2_bin->len ) );
TEST_EQUAL( 0, mbedtls_ecp_point_read_binary( &grp, &P1,
P1_bin->x, P1_bin->len ) );
TEST_EQUAL( 0, mbedtls_ecp_point_read_binary( &grp, &P2,
P2_bin->x, P2_bin->len ) );
TEST_EQUAL( 0, mbedtls_ecp_muladd( &grp, &R, &u1, &P1, &u2, &P2 ) );
TEST_EQUAL( 0, mbedtls_ecp_point_write_binary(
&grp, &R, MBEDTLS_ECP_PF_UNCOMPRESSED,
&len, actual_result, sizeof( actual_result ) ) );
TEST_ASSERT( len <= MBEDTLS_ECP_MAX_PT_LEN );
ASSERT_COMPARE( expected_result->x, expected_result->len,
actual_result, len );
exit:
mbedtls_ecp_group_free( &grp );
mbedtls_ecp_point_free( &P1 );
mbedtls_ecp_point_free( &P2 );
mbedtls_ecp_point_free( &R );
mbedtls_mpi_free( &u1 );
mbedtls_mpi_free( &u2 );
}
/* END_CASE */
/* BEGIN_CASE */ /* BEGIN_CASE */
void ecp_fast_mod( int id, char * N_str ) void ecp_fast_mod( int id, char * N_str )
{ {
...@@ -708,7 +776,7 @@ void ecp_fast_mod( int id, char * N_str ) ...@@ -708,7 +776,7 @@ void ecp_fast_mod( int id, char * N_str )
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &R );
mbedtls_ecp_group_init( &grp ); mbedtls_ecp_group_init( &grp );
TEST_ASSERT( mbedtls_mpi_read_string( &N, 16, N_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &N, 16, N_str ) == 0 );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( grp.modp != NULL ); TEST_ASSERT( grp.modp != NULL );
...@@ -747,15 +815,16 @@ void ecp_write_binary( int id, char * x, char * y, char * z, int format, ...@@ -747,15 +815,16 @@ void ecp_write_binary( int id, char * x, char * y, char * z, int format,
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &P.X, 16, x ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &P.X, 16, x ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &P.Y, 16, y ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &P.Y, 16, y ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &P.Z, 16, z ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &P.Z, 16, z ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_write_binary( &grp, &P, format, TEST_ASSERT( mbedtls_ecp_point_write_binary( &grp, &P, format,
&olen, buf, blen ) == ret ); &olen, buf, blen ) == ret );
if( ret == 0 ) if( ret == 0 )
{ {
TEST_ASSERT( olen <= MBEDTLS_ECP_MAX_PT_LEN );
TEST_ASSERT( mbedtls_test_hexcmp( buf, out->x, olen, out->len ) == 0 ); TEST_ASSERT( mbedtls_test_hexcmp( buf, out->x, olen, out->len ) == 0 );
} }
...@@ -778,9 +847,9 @@ void ecp_read_binary( int id, data_t * buf, char * x, char * y, char * z, ...@@ -778,9 +847,9 @@ void ecp_read_binary( int id, data_t * buf, char * x, char * y, char * z,
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, x ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, x ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, y ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Z, 16, z ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &Z, 16, z ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_read_binary( &grp, &P, buf->x, buf->len ) == ret ); TEST_ASSERT( mbedtls_ecp_point_read_binary( &grp, &P, buf->x, buf->len ) == ret );
...@@ -812,9 +881,9 @@ void mbedtls_ecp_tls_read_point( int id, data_t * buf, char * x, char * y, ...@@ -812,9 +881,9 @@ void mbedtls_ecp_tls_read_point( int id, data_t * buf, char * x, char * y,
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, x ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, x ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, y ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Z, 16, z ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &Z, 16, z ) == 0 );
TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &P, &vbuf, buf->len ) == ret ); TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &P, &vbuf, buf->len ) == ret );
...@@ -949,7 +1018,7 @@ void mbedtls_ecp_check_privkey( int id, char * key_hex, int ret ) ...@@ -949,7 +1018,7 @@ void mbedtls_ecp_check_privkey( int id, char * key_hex, int ret )
mbedtls_mpi_init( &d ); mbedtls_mpi_init( &d );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, key_hex ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &d, 16, key_hex ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_privkey( &grp, &d ) == ret ); TEST_ASSERT( mbedtls_ecp_check_privkey( &grp, &d ) == ret );
...@@ -976,7 +1045,7 @@ void mbedtls_ecp_check_pub_priv( int id_pub, char * Qx_pub, char * Qy_pub, ...@@ -976,7 +1045,7 @@ void mbedtls_ecp_check_pub_priv( int id_pub, char * Qx_pub, char * Qy_pub,
if( id != MBEDTLS_ECP_DP_NONE ) if( id != MBEDTLS_ECP_DP_NONE )
TEST_ASSERT( mbedtls_ecp_group_load( &prv.grp, id ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &prv.grp, id ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_read_string( &prv.Q, 16, Qx, Qy ) == 0 ); TEST_ASSERT( mbedtls_ecp_point_read_string( &prv.Q, 16, Qx, Qy ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &prv.d, 16, d ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &prv.d, 16, d ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pub_priv( &pub, &prv ) == ret ); TEST_ASSERT( mbedtls_ecp_check_pub_priv( &pub, &prv ) == ret );
......
tests/suites/test_suite_entropy.data
浏览文件 @ 8856df66
...@@ -13,6 +13,9 @@ entropy_seed_file:"data_files/entropy_seed":0 ...@@ -13,6 +13,9 @@ entropy_seed_file:"data_files/entropy_seed":0
Entropy write/update seed file Entropy write/update seed file
entropy_seed_file:"no_such_dir/file":MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR entropy_seed_file:"no_such_dir/file":MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR
Entropy write/update seed file: base NV seed file
entropy_write_base_seed_file:0
Entropy too many sources Entropy too many sources
entropy_too_many_sources: entropy_too_many_sources:
......
tests/suites/test_suite_entropy.function
浏览文件 @ 8856df66
...@@ -162,6 +162,21 @@ exit: ...@@ -162,6 +162,21 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
void entropy_write_base_seed_file( int ret )
{
mbedtls_entropy_context ctx;
mbedtls_entropy_init( &ctx );
TEST_ASSERT( mbedtls_entropy_write_seed_file( &ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE ) == ret );
TEST_ASSERT( mbedtls_entropy_update_seed_file( &ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE ) == ret );
exit:
mbedtls_entropy_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE */ /* BEGIN_CASE */
void entropy_too_many_sources( ) void entropy_too_many_sources( )
{ {
......
tests/suites/test_suite_mpi.data
浏览文件 @ 8856df66
此差异已折叠。
tests/suites/test_suite_pk.function
浏览文件 @ 8856df66
...@@ -569,8 +569,8 @@ void pk_rsa_verify_test_vec( data_t * message_str, int digest, int mod, ...@@ -569,8 +569,8 @@ void pk_rsa_verify_test_vec( data_t * message_str, int digest, int mod,
rsa = mbedtls_pk_rsa( pk ); rsa = mbedtls_pk_rsa( pk );
rsa->len = mod / 8; rsa->len = mod / 8;
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 );
if( mbedtls_md_info_from_type( digest ) != NULL ) if( mbedtls_md_info_from_type( digest ) != NULL )
...@@ -612,8 +612,8 @@ void pk_rsa_verify_ext_test_vec( data_t * message_str, int digest, ...@@ -612,8 +612,8 @@ void pk_rsa_verify_ext_test_vec( data_t * message_str, int digest,
rsa = mbedtls_pk_rsa( pk ); rsa = mbedtls_pk_rsa( pk );
rsa->len = mod / 8; rsa->len = mod / 8;
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 );
if( digest != MBEDTLS_MD_NONE ) if( digest != MBEDTLS_MD_NONE )
...@@ -698,7 +698,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, ...@@ -698,7 +698,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str,
TEST_ASSERT( mbedtls_pk_setup( &prv, mbedtls_pk_info_from_type( pk_type ) ) == 0 ); TEST_ASSERT( mbedtls_pk_setup( &prv, mbedtls_pk_info_from_type( pk_type ) ) == 0 );
TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( prv )->grp, grp_id ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( prv )->grp, grp_id ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &mbedtls_pk_ec( prv )->d, 16, d_str ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &mbedtls_pk_ec( prv )->d, 16, d_str ) == 0 );
TEST_ASSERT( mbedtls_pk_setup( &pub, mbedtls_pk_info_from_type( pk_type ) ) == 0 ); TEST_ASSERT( mbedtls_pk_setup( &pub, mbedtls_pk_info_from_type( pk_type ) ) == 0 );
TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( pub )->grp, grp_id ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( pub )->grp, grp_id ) == 0 );
...@@ -869,8 +869,8 @@ void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N, ...@@ -869,8 +869,8 @@ void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N,
rsa = mbedtls_pk_rsa( pk ); rsa = mbedtls_pk_rsa( pk );
rsa->len = mod / 8; rsa->len = mod / 8;
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len, TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len,
output, &olen, sizeof( output ), output, &olen, sizeof( output ),
...@@ -908,12 +908,12 @@ void pk_rsa_decrypt_test_vec( data_t * cipher, int mod, int radix_P, ...@@ -908,12 +908,12 @@ void pk_rsa_decrypt_test_vec( data_t * cipher, int mod, int radix_P,
rsa = mbedtls_pk_rsa( pk ); rsa = mbedtls_pk_rsa( pk );
/* load public key */ /* load public key */
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
/* load private key */ /* load private key */
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_complete( rsa ) == 0 ); TEST_ASSERT( mbedtls_rsa_complete( rsa ) == 0 );
......
tests/suites/test_suite_pkcs1_v15.function
浏览文件 @ 8856df66
...@@ -26,8 +26,8 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, ...@@ -26,8 +26,8 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N,
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
memset( output, 0x00, sizeof( output ) ); memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
...@@ -68,10 +68,10 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, ...@@ -68,10 +68,10 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P,
memset( output, 0x00, sizeof( output ) ); memset( output, 0x00, sizeof( output ) );
memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
...@@ -264,10 +264,10 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, ...@@ -264,10 +264,10 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q,
memset( hash_result, 0x00, sizeof( hash_result ) ); memset( hash_result, 0x00, sizeof( hash_result ) );
memset( output, 0x00, sizeof( output ) ); memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
...@@ -308,8 +308,8 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N, ...@@ -308,8 +308,8 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N,
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
memset( hash_result, 0x00, sizeof( hash_result ) ); memset( hash_result, 0x00, sizeof( hash_result ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
......
tests/suites/test_suite_pkcs1_v21.function
浏览文件 @ 8856df66
...@@ -26,8 +26,8 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N, ...@@ -26,8 +26,8 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N,
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
memset( output, 0x00, sizeof( output ) ); memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
...@@ -69,10 +69,10 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P, ...@@ -69,10 +69,10 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P,
memset( output, 0x00, sizeof( output ) ); memset( output, 0x00, sizeof( output ) );
memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
...@@ -120,10 +120,10 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q, ...@@ -120,10 +120,10 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q,
memset( hash_result, 0x00, sizeof( hash_result ) ); memset( hash_result, 0x00, sizeof( hash_result ) );
memset( output, 0x00, sizeof( output ) ); memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
...@@ -165,8 +165,8 @@ void pkcs1_rsassa_pss_verify( int mod, int radix_N, char * input_N, ...@@ -165,8 +165,8 @@ void pkcs1_rsassa_pss_verify( int mod, int radix_N, char * input_N,
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
memset( hash_result, 0x00, sizeof( hash_result ) ); memset( hash_result, 0x00, sizeof( hash_result ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
...@@ -202,8 +202,8 @@ void pkcs1_rsassa_pss_verify_ext( int mod, int radix_N, char * input_N, ...@@ -202,8 +202,8 @@ void pkcs1_rsassa_pss_verify_ext( int mod, int radix_N, char * input_N,
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, ctx_hash ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, ctx_hash );
memset( hash_result, 0x00, sizeof( hash_result ) ); memset( hash_result, 0x00, sizeof( hash_result ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
......
tests/suites/test_suite_pkparse.data
浏览文件 @ 8856df66
...@@ -989,7 +989,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED ...@@ -989,7 +989,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0 pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0
Parse EC Key #1 (SEC1 DER) Parse EC Key #1 (SEC1 DER)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0
Parse EC Key #2 (SEC1 PEM) Parse EC Key #2 (SEC1 PEM)
...@@ -1005,15 +1005,15 @@ depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED ...@@ -1005,15 +1005,15 @@ depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0
Parse EC Key #4a (PKCS8 DER, no public key) Parse EC Key #4a (PKCS8 DER, no public key)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0
Parse EC Key #4b (PKCS8 DER, no public key, with parameters) Parse EC Key #4b (PKCS8 DER, no public key, with parameters)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0
Parse EC Key #4c (PKCS8 DER, with parameters) Parse EC Key #4c (PKCS8 DER, with parameters)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0
Parse EC Key #5 (PKCS8 PEM) Parse EC Key #5 (PKCS8 PEM)
...@@ -1069,7 +1069,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED ...@@ -1069,7 +1069,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0
Parse EC Key #15 (SEC1 DER, secp256k1, SpecifiedECDomain) Parse EC Key #15 (SEC1 DER, secp256k1, SpecifiedECDomain)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED
pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0
Key ASN1 (No data) Key ASN1 (No data)
......
tests/suites/test_suite_rsa.data
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/aescrypt2.vcxproj 已删除 100644 → 0
浏览文件 @ dbea0ea3
此差异已折叠。
visualc/VS2010/benchmark.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/cert_app.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/cert_req.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/cert_write.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/crl_app.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/dh_client.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/dh_genprime.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/dh_server.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/dtls_client.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/dtls_server.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/ecdsa.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/gen_entropy.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/gen_key.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/generic_sum.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/hello.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/key_app.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/mbedTLS.sln
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/mini_client.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/mpi_demo.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/pem2der.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/pk_decrypt.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/pk_encrypt.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/pk_sign.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/pk_verify.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/req_app.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/rsa_decrypt.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/rsa_encrypt.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/rsa_genkey.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/rsa_sign.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/rsa_sign_pss.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/rsa_verify.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/selftest.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/ssl_client1.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/ssl_client2.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/ssl_server.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/ssl_server2.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/strerror.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/udp_proxy.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
visualc/VS2010/zeroize.vcxproj
浏览文件 @ 8856df66
此差异已折叠。
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册