TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-02 18:46:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'mbedtls-3.6' into merge-3.6-restricted-20260304

Browse Source
This commit is contained in:
Gilles Peskine
2026-03-04 14:39:06 +01:00
parent 7c2f728178 95be019fb2
commit 685a1ce6f4
30 changed files with 337 additions and 2331 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
CMakeLists.txt
View File

@@ -352,7 +352,29 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS)
${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/src/*.c
${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/src/drivers/*.c)
add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES})
if(GEN_FILES)
add_custom_command(
OUTPUT
${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/psa_test_wrappers.h
${CMAKE_CURRENT_BINARY_DIR}/tests/src/psa_test_wrappers.c
COMMAND ${CMAKE_COMMAND} -E make_directory
${CMAKE_CURRENT_BINARY_DIR}/tests/include/test
${CMAKE_CURRENT_BINARY_DIR}/tests/src
COMMAND
"${MBEDTLS_PYTHON_EXECUTABLE}"
"${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_psa_wrappers.py"
"--output-h" "${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/psa_test_wrappers.h"
"--output-c" "${CMAKE_CURRENT_BINARY_DIR}/tests/src/psa_test_wrappers.c"
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_psa_wrappers.py
)
add_custom_target(psa_test_wrappers
DEPENDS
${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/psa_test_wrappers.h
${CMAKE_CURRENT_BINARY_DIR}/tests/src/psa_test_wrappers.c)
add_dependencies(mbedtls_test psa_test_wrappers)
add_custom_command(
OUTPUT
${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h
@@ -367,6 +389,8 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS)
)
add_custom_target(test_keys_header
DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h)
add_dependencies(mbedtls_test test_keys_header)
add_custom_command(
OUTPUT
${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_certs.h
@@ -382,8 +406,9 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS)
${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_cert_macros.py
)
add_custom_target(test_certs_header DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_certs.h)
add_dependencies(mbedtls_test test_keys_header test_certs_header)
add_dependencies(mbedtls_test test_certs_header)
endif()
target_include_directories(mbedtls_test
PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/include

4
ChangeLog.d/fix-mingw-ansi-stdio.txt Normal file
View File

@@ -0,0 +1,4 @@
Bugfix
* Fix a build failure with MinGW when the __USE_MINGW_ANSI_STDIO option
is set. This was caused by the wrong format specifier being used to
print long long values (MBEDTLS_PRINTF_LONGLONG).

6
ChangeLog.d/issue665.txt Normal file
View File

@@ -0,0 +1,6 @@
Bugfix
* Fix a bug that caused GCM tag calculations to fail, so that data was
correctly encrypted but could not be authenticated. The bug was only
observed with GCC 10.0 to 14.2 inclusive, when compiling with -O3, and
running without AESNI or AESCE.
Fixes #665.

2
docs/architecture/psa-shared-memory.md
View File

@@ -663,7 +663,7 @@ psa_status_t mem_poison_psa_aead_update(psa_aead_operation_t *operation,
There now exists a more generic mechanism for making exactly this kind of transformation - the PSA test wrappers, which exist in the files `tests/include/test/psa_test_wrappers.h` and `tests/src/psa_test_wrappers.c`. These are wrappers around all PSA functions that allow testing code to be inserted at the start and end of a PSA function call.
The test wrappers are generated by a script, although they are not automatically generated as part of the build process. Instead, they are checked into source control and must be manually updated when functions change by running `framework/scripts/generate_psa_wrappers.py`.
The test wrappers are generated by a script `framework/scripts/generate_psa_wrappers.py` as part of the product build.
Poisoning code is added to these test wrappers where relevant in order to pre-poison and post-unpoison the parameters to the functions.

2
framework

Submodule framework updated: 875ec308e7...8ed11c99fe

4
include/mbedtls/asn1write.h
View File

@@ -381,10 +381,10 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(mbedtls_asn1_named_data *
const unsigned char *val,
size_t val_len);
#endif /* MBEDTLS_ASN1_WRITE_C */
#ifdef __cplusplus
}
#endif
#endif /* MBEDTLS_ASN1_WRITE_C */
#endif /* MBEDTLS_ASN1_WRITE_H */

2
include/mbedtls/debug.h
View File

@@ -111,7 +111,7 @@
#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900)
#include <inttypes.h>
#define MBEDTLS_PRINTF_SIZET PRIuPTR
#define MBEDTLS_PRINTF_LONGLONG "I64d"
#define MBEDTLS_PRINTF_LONGLONG PRId64
#else \
/* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */
#define MBEDTLS_PRINTF_SIZET "zu"

6
library/aesce.c
View File

@@ -88,7 +88,11 @@
# define MBEDTLS_POP_TARGET_PRAGMA
# endif
# elif defined(__clang__)
# pragma clang attribute push (__attribute__((target("aes"))), apply_to=function)
# if __clang_major__ < 7
# pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function)
# else
# pragma clang attribute push (__attribute__((target("aes"))), apply_to=function)
# endif
# define MBEDTLS_POP_TARGET_PRAGMA
# elif defined(__GNUC__)
# pragma GCC push_options

23
library/alignment.h
View File

@@ -15,6 +15,7 @@
#include <string.h>
#include <stdlib.h>
#if !defined(MBEDTLS_ALIGNMENT_DISABLE_EFFICENT_UNALIGNED_ACCESS) //no-check-names
/*
* Define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS for architectures where unaligned memory
* accesses are known to be efficient.
@@ -35,7 +36,9 @@
* device memory).
*/
#define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS
#endif
#endif /* __ARM_FEATURE_UNALIGNED || MBEDTLS_ARCH_IS_X86 || MBEDTLS_ARCH_IS_X64 ||
* MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64 */
#endif /* MBEDTLS_ALIGNMENT_DISABLE_EFFICENT_UNALIGNED_ACCESS */ //no-check-names
#if defined(__IAR_SYSTEMS_ICC__) && \
(defined(MBEDTLS_ARCH_IS_ARM64) || defined(MBEDTLS_ARCH_IS_ARM32) \
@@ -85,13 +88,13 @@ typedef uint64_t __packed mbedtls_uint64_unaligned_t;
#define UINT_UNALIGNED_STRUCT
typedef struct {
uint16_t x;
} __attribute__((packed)) mbedtls_uint16_unaligned_t;
} __attribute__((packed, may_alias)) mbedtls_uint16_unaligned_t;
typedef struct {
uint32_t x;
} __attribute__((packed)) mbedtls_uint32_unaligned_t;
} __attribute__((packed, may_alias)) mbedtls_uint32_unaligned_t;
typedef struct {
uint64_t x;
} __attribute__((packed)) mbedtls_uint64_unaligned_t;
} __attribute__((packed, may_alias)) mbedtls_uint64_unaligned_t;
#endif
/*
@@ -277,15 +280,15 @@ static inline void mbedtls_put_unaligned_uint64(void *p, uint64_t x)
/*
* Detect GCC built-in byteswap routines
*/
#if defined(__GNUC__) && defined(__GNUC_PREREQ)
#if __GNUC_PREREQ(4, 8)
#if defined(__GNUC__)
#if MBEDTLS_GCC_VERSION >= 40800
#define MBEDTLS_BSWAP16 __builtin_bswap16
#endif /* __GNUC_PREREQ(4,8) */
#if __GNUC_PREREQ(4, 3)
#endif
#if MBEDTLS_GCC_VERSION >= 40300
#define MBEDTLS_BSWAP32 __builtin_bswap32
#define MBEDTLS_BSWAP64 __builtin_bswap64
#endif /* __GNUC_PREREQ(4,3) */
#endif /* defined(__GNUC__) && defined(__GNUC_PREREQ) */
#endif
#endif /* defined(__GNUC__) */
/*
* Detect Clang built-in byteswap routines

5
library/check_crypto_config.h
View File

@@ -128,11 +128,6 @@
#error "PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE defined, but feature is not supported"
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_USE_PSA_CRYPTO) && \
!(defined(PSA_WANT_ALG_SHA_1) || defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_512))
#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
#endif
#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) && \
!defined(PSA_WANT_ALG_SHA_256)
#error "PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS defined, but not all prerequisites"

26
library/pkwrite.c
View File

@@ -64,22 +64,24 @@ static int pk_write_rsa_der(unsigned char **p, unsigned char *buf,
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
uint8_t tmp[PSA_EXPORT_KEY_PAIR_MAX_SIZE];
size_t tmp_len = 0;
psa_status_t status;
size_t buf_size = (size_t) (*p - buf);
size_t key_len = 0;
if (psa_export_key(pk->priv_id, tmp, sizeof(tmp), &tmp_len) != PSA_SUCCESS) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
/* Ensure there's enough space in the provided buffer before copying data into it. */
if (tmp_len > (size_t) (*p - buf)) {
mbedtls_platform_zeroize(tmp, sizeof(tmp));
status = psa_export_key(pk->priv_id, buf, buf_size, &key_len);
if (status == PSA_ERROR_BUFFER_TOO_SMALL) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
} else if (status != PSA_SUCCESS) {
return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
}
*p -= tmp_len;
memcpy(*p, tmp, tmp_len);
mbedtls_platform_zeroize(tmp, sizeof(tmp));
return (int) tmp_len;
/* We wrote to the beginning of the buffer while
* we were supposed to write to its end. */
*p -= key_len;
memmove(*p, buf, key_len);
mbedtls_platform_zeroize(buf, *p - buf);
return (int) key_len;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
return mbedtls_rsa_write_key(mbedtls_pk_rsa(*pk), buf, p);

17
library/sha256.c
View File

@@ -15,10 +15,6 @@
#define _GNU_SOURCE
#endif
#include "common.h"
#if defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA224_C)
#if defined(__clang__) && (__clang_major__ >= 4)
/* Ideally, we would simply use MBEDTLS_ARCH_IS_ARMV8_A in the following #if,
@@ -30,15 +26,18 @@
#endif
#if defined(MBEDTLS_SHA256_ARCH_IS_ARMV8_A) && !defined(__ARM_FEATURE_CRYPTO)
/* TODO: Re-consider above after https://reviews.llvm.org/D131064 merged.
*
/*
* The intrinsic declaration are guarded by predefined ACLE macros in clang:
* these are normally only enabled by the -march option on the command line.
* By defining the macros ourselves we gain access to those declarations without
* requiring -march on the command line.
*
* `arm_neon.h` is included by common.h, so we put these defines
* at the top of this file, before any includes.
* at the top of this file, before any includes but after the intrinsic
* declaration. This is necessary with
* Clang <=15.x. With Clang 16.0 and above, these macro definitions are
* no longer required, but they're harmless. See
* https://reviews.llvm.org/D131064
*/
#define __ARM_FEATURE_CRYPTO 1
/* See: https://arm-software.github.io/acle/main/acle.html#cryptographic-extensions
@@ -52,6 +51,10 @@
#endif /* defined(__clang__) && (__clang_major__ >= 4) */
#include "common.h"
#if defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA224_C)
#include "mbedtls/sha256.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"

17
library/sha512.c
View File

@@ -10,26 +10,29 @@
* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
*/
#include "common.h"
#if defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA384_C)
#if defined(__aarch64__) && !defined(__ARM_FEATURE_SHA512) && \
defined(__clang__) && __clang_major__ >= 7
/* TODO: Re-consider above after https://reviews.llvm.org/D131064 merged.
*
/*
* The intrinsic declaration are guarded by predefined ACLE macros in clang:
* these are normally only enabled by the -march option on the command line.
* By defining the macros ourselves we gain access to those declarations without
* requiring -march on the command line.
*
* `arm_neon.h` is included by common.h, so we put these defines
* at the top of this file, before any includes.
* at the top of this file, before any includes but after the intrinsic
* declaration. This is necessary with
* Clang <=15.x. With Clang 16.0 and above, these macro definitions are
* no longer required, but they're harmless. See
* https://reviews.llvm.org/D131064
*/
#define __ARM_FEATURE_SHA512 1
#define MBEDTLS_ENABLE_ARM_SHA3_EXTENSIONS_COMPILER_FLAG
#endif
#include "common.h"
#if defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA384_C)
#include "mbedtls/sha512.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"

2
library/ssl_debug_helpers.h
View File

@@ -38,6 +38,8 @@ const char *mbedtls_ssl_named_group_to_str(uint16_t in);
const char *mbedtls_ssl_get_extension_name(unsigned int extension_type);
const char *mbedtls_ssl_get_hs_msg_name(int hs_msg_type);
void mbedtls_ssl_print_extensions(const mbedtls_ssl_context *ssl,
int level, const char *file, int line,
int hs_msg_type, uint32_t extensions_mask,

8
library/ssl_msg.c
View File

@@ -19,6 +19,7 @@
#include "mbedtls/ssl.h"
#include "ssl_misc.h"
#include "debug_internal.h"
#include "ssl_debug_helpers.h"
#include "mbedtls/error.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/version.h"
@@ -2618,7 +2619,8 @@ int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl)
max_hs_frag_len : rem_len;
if (frag_off == 0 && cur_hs_frag_len != hs_len) {
MBEDTLS_SSL_DEBUG_MSG(2, ("fragmenting handshake message (%u > %u)",
MBEDTLS_SSL_DEBUG_MSG(2, ("fragmenting %s handshake message (%u > %u)",
mbedtls_ssl_get_hs_msg_name(cur->p[0]),
(unsigned) cur_hs_frag_len,
(unsigned) max_hs_frag_len));
}
@@ -4449,7 +4451,9 @@ static int ssl_load_buffered_message(mbedtls_ssl_context *ssl)
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message has been buffered - load"));
MBEDTLS_SSL_DEBUG_MSG(2, ("%s handshake message has been buffered%s",
mbedtls_ssl_get_hs_msg_name(hs_buf->data[0]),
hs_buf->is_fragmented ? " and reassembled" : ""));
MBEDTLS_SSL_DEBUG_BUF(3, "Buffered handshake message (incl. header)",
hs_buf->data, msg_len + 12);

18
library/ssl_tls.c
View File

@@ -685,7 +685,7 @@ const char *mbedtls_ssl_get_extension_name(unsigned int extension_type)
mbedtls_ssl_get_extension_id(extension_type)];
}
static const char *ssl_tls13_get_hs_msg_name(int hs_msg_type)
const char *mbedtls_ssl_get_hs_msg_name(int hs_msg_type)
{
switch (hs_msg_type) {
case MBEDTLS_SSL_HS_CLIENT_HELLO:
@@ -700,8 +700,16 @@ static const char *ssl_tls13_get_hs_msg_name(int hs_msg_type)
return "EncryptedExtensions";
case MBEDTLS_SSL_HS_CERTIFICATE:
return "Certificate";
case MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE:
return "ServerKeyExchange";
case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST:
return "CertificateRequest";
case MBEDTLS_SSL_HS_CERTIFICATE_VERIFY:
return "CertificateVerify";
case MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE:
return "ClientKeyExchange";
case MBEDTLS_SSL_HS_FINISHED:
return "Finished";
}
return "Unknown";
}
@@ -716,7 +724,7 @@ void mbedtls_ssl_print_extension(const mbedtls_ssl_context *ssl,
mbedtls_debug_print_msg(
ssl, level, file, line,
"%s: %s(%u) extension %s %s.",
ssl_tls13_get_hs_msg_name(hs_msg_type),
mbedtls_ssl_get_hs_msg_name(hs_msg_type),
mbedtls_ssl_get_extension_name(extension_type),
extension_type,
extra_msg0, extra_msg1);
@@ -727,7 +735,7 @@ void mbedtls_ssl_print_extension(const mbedtls_ssl_context *ssl,
if (extra_msg) {
mbedtls_debug_print_msg(
ssl, level, file, line,
"%s: %s(%u) extension %s.", ssl_tls13_get_hs_msg_name(hs_msg_type),
"%s: %s(%u) extension %s.", mbedtls_ssl_get_hs_msg_name(hs_msg_type),
mbedtls_ssl_get_extension_name(extension_type), extension_type,
extra_msg);
return;
@@ -735,7 +743,7 @@ void mbedtls_ssl_print_extension(const mbedtls_ssl_context *ssl,
mbedtls_debug_print_msg(
ssl, level, file, line,
"%s: %s(%u) extension.", ssl_tls13_get_hs_msg_name(hs_msg_type),
"%s: %s(%u) extension.", mbedtls_ssl_get_hs_msg_name(hs_msg_type),
mbedtls_ssl_get_extension_name(extension_type), extension_type);
}
@@ -10121,7 +10129,7 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl,
const size_t context_len)
{
const psa_algorithm_t psa_hash_alg = mbedtls_md_psa_alg_from_type(hash_alg);
const size_t hash_len = PSA_HASH_LENGTH(hash_alg);
const size_t hash_len = PSA_HASH_LENGTH(psa_hash_alg);
const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret;
/* The length of the label must be at most 249 bytes to fit into the HkdfLabel

8
programs/ssl/ssl_server2.c
View File

@@ -3592,6 +3592,7 @@ handshake:
* 5. Verify the client certificate
*/
mbedtls_printf(" . Verifying peer X.509 certificate...");
fflush(stdout);
if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
char vrfy_buf[512];
@@ -3609,6 +3610,7 @@ handshake:
char crt_buf[512];
mbedtls_printf(" . Peer certificate information ...\n");
fflush(stdout);
mbedtls_x509_crt_info(crt_buf, sizeof(crt_buf), " ",
mbedtls_ssl_get_peer_cert(&ssl));
mbedtls_printf("%s\n", crt_buf);
@@ -4061,6 +4063,7 @@ data_exchange:
size_t buf_len;
mbedtls_printf(" . Serializing live connection...");
fflush(stdout);
ret = mbedtls_ssl_context_save(&ssl, NULL, 0, &buf_len);
if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
@@ -4095,6 +4098,7 @@ data_exchange:
size_t b64_len;
mbedtls_printf(" . Save serialized context to a file... ");
fflush(stdout);
mbedtls_base64_encode(NULL, 0, &b64_len, context_buf, buf_len);
@@ -4143,6 +4147,7 @@ data_exchange:
if (opt.serialize == 1) {
/* nothing to do here, done by context_save() already */
mbedtls_printf(" . Context has been reset... ok\n");
fflush(stdout);
}
/*
@@ -4155,6 +4160,7 @@ data_exchange:
*/
if (opt.serialize == 2) {
mbedtls_printf(" . Freeing and reinitializing context...");
fflush(stdout);
mbedtls_ssl_free(&ssl);
@@ -4191,6 +4197,7 @@ data_exchange:
}
mbedtls_printf(" . Deserializing connection...");
fflush(stdout);
if ((ret = mbedtls_ssl_context_load(&ssl, context_buf,
buf_len)) != 0) {
@@ -4220,6 +4227,7 @@ data_exchange:
*/
close_notify:
mbedtls_printf(" . Closing the connection...");
fflush(stdout);
/* No error checking, the connection might be closed already */
do {

3
scripts/bump_version.sh
View File

@@ -15,7 +15,6 @@
set -e
VERSION=""
SOVERSION=""
# Parse arguments
#
@@ -52,7 +51,7 @@ do
echo -e " --so-x509 <version>\tSO version to bump libmbedx509 to."
echo -e " --so-tls <version>\tSO version to bump libmbedtls to."
echo -e " -v|--verbose\t\tVerbose."
exit 1
exit 0
;;
*)
# print error

17
scripts/generate_tls_handshake_tests.py Executable file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/env python3
"""
Generate miscellaneous TLS test cases relating to the handshake.
"""
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import sys
import framework_scripts_path # pylint: disable=unused-import
from mbedtls_framework import tls_handshake_tests
if __name__ == '__main__':
sys.argv[1:1] = ["--no-tls12-client-hello-defragmentation-support"]
tls_handshake_tests.main()

3
scripts/make_generated_files.bat
View File

@@ -23,9 +23,10 @@ python framework\scripts\generate_bignum_tests.py || exit /b 1
python framework\scripts\generate_config_tests.py || exit /b 1
python framework\scripts\generate_ecp_tests.py || exit /b 1
python framework\scripts\generate_psa_tests.py || exit /b 1
python framework\scripts\generate_psa_wrappers.py || exit /b 1
python framework\scripts\generate_test_keys.py --output tests\include\test\test_keys.h || exit /b 1
python framework\scripts\generate_test_cert_macros.py --output tests\include\test\test_certs.h || exit /b 1
python framework\scripts\generate_tls_handshake_tests.py || exit /b 1
python scripts\generate_tls_handshake_tests.py || exit /b 1
python framework\scripts\generate_tls13_compat_tests.py || exit /b 1
@rem @@@@ Build @@@@

2
tests/.gitignore vendored
View File

@@ -20,11 +20,13 @@
# Generated source files
/opt-testcases/handshake-generated.sh
/opt-testcases/tls13-compat.sh
/src/psa_test_wrappers.c
/suites/*.generated.data
/suites/test_suite_config.mbedtls_boolean.data
/suites/test_suite_config.psa_boolean.data
/suites/test_suite_psa_crypto_storage_format.v[0-9]*.data
/suites/test_suite_psa_crypto_storage_format.current.data
/include/test/psa_test_wrappers.h
/include/test/test_keys.h
/include/test/test_certs.h
###END_GENERATED_FILES###

4
tests/CMakeLists.txt
View File

@@ -132,10 +132,10 @@ if(GEN_FILES)
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
"${MBEDTLS_PYTHON_EXECUTABLE}"
"${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py"
"${PROJECT_SOURCE_DIR}/scripts/generate_tls_handshake_tests.py"
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/tls_test_case.py
${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py
${PROJECT_SOURCE_DIR}/scripts/generate_tls_handshake_tests.py
)
add_custom_target(handshake-generated.sh
DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh)

10
tests/Makefile
View File

@@ -54,14 +54,15 @@ GENERATED_DATA_FILES += $(GENERATED_PSA_DATA_FILES)
GENERATED_FILES = $(GENERATED_DATA_FILES)
GENERATED_FILES += include/test/test_keys.h include/test/test_certs.h
GENERATED_FILES += include/test/psa_test_wrappers.h src/psa_test_wrappers.c
# Generated files needed to (fully) run ssl-opt.sh
.PHONY: ssl-opt
opt-testcases/handshake-generated.sh: ../framework/scripts/mbedtls_framework/tls_test_case.py
opt-testcases/handshake-generated.sh: ../framework/scripts/generate_tls_handshake_tests.py
opt-testcases/handshake-generated.sh: ../scripts/generate_tls_handshake_tests.py
echo " Gen $@"
$(PYTHON) ../framework/scripts/generate_tls_handshake_tests.py -o $@
$(PYTHON) ../scripts/generate_tls_handshake_tests.py -o $@
GENERATED_FILES += opt-testcases/handshake-generated.sh
ssl-opt: opt-testcases/handshake-generated.sh
@@ -164,6 +165,10 @@ all: $(BINARIES)
mbedtls_test: $(MBEDTLS_TEST_OBJS)
include/test/psa_test_wrappers.h src/psa_test_wrappers.c: ../framework/scripts/generate_psa_wrappers.py
echo " Gen $@"
cd .. && $(PYTHON) framework/scripts/generate_psa_wrappers.py
include/test/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \
$($(PYTHON) ../framework/scripts/generate_test_cert_macros.py --list-dependencies)
echo " Gen $@"
@@ -180,6 +185,7 @@ ifdef RECORD_PSA_STATUS_COVERAGE_LOG
# therefore the wildcard enumeration above doesn't include it.
TEST_OBJS_DEPS += ../framework/tests/include/test/instrument_record_status.h
endif
TEST_OBJS_DEPS += include/test/psa_test_wrappers.h
TEST_OBJS_DEPS += include/test/test_certs.h include/test/test_keys.h
# Rule to compile common test C files in framework

789
tests/include/test/psa_test_wrappers.h
View File

@@ -1,789 +0,0 @@
/* Automatically generated by generate_psa_wrappers.py, do not edit! */
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef TEST_PSA_TEST_WRAPPERS_H
#define TEST_PSA_TEST_WRAPPERS_H
#ifdef __cplusplus
extern "C" {
#endif
#include <mbedtls/build_info.h>
#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_TEST_HOOKS) && \
!defined(RECORD_PSA_STATUS_COVERAGE_LOG)
#include <psa/crypto.h>
#include <test/memory.h>
#include <test/psa_crypto_helpers.h>
#include <test/psa_test_wrappers.h>
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
psa_status_t mbedtls_test_wrap_mbedtls_psa_inject_entropy(
const uint8_t *arg0_seed,
size_t arg1_seed_size);
#define mbedtls_psa_inject_entropy(arg0_seed, arg1_seed_size) \
mbedtls_test_wrap_mbedtls_psa_inject_entropy(arg0_seed, arg1_seed_size)
#endif /* defined(MBEDTLS_PSA_INJECT_ENTROPY) */
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
psa_status_t mbedtls_test_wrap_mbedtls_psa_platform_get_builtin_key(
mbedtls_svc_key_id_t arg0_key_id,
psa_key_lifetime_t *arg1_lifetime,
psa_drv_slot_number_t *arg2_slot_number);
#define mbedtls_psa_platform_get_builtin_key(arg0_key_id, arg1_lifetime, arg2_slot_number) \
mbedtls_test_wrap_mbedtls_psa_platform_get_builtin_key(arg0_key_id, arg1_lifetime, arg2_slot_number)
#endif /* defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
psa_status_t mbedtls_test_wrap_mbedtls_psa_register_se_key(
const psa_key_attributes_t *arg0_attributes);
#define mbedtls_psa_register_se_key(arg0_attributes) \
mbedtls_test_wrap_mbedtls_psa_register_se_key(arg0_attributes)
#endif /* defined(MBEDTLS_PSA_CRYPTO_SE_C) */
psa_status_t mbedtls_test_wrap_psa_aead_abort(
psa_aead_operation_t *arg0_operation);
#define psa_aead_abort(arg0_operation) \
mbedtls_test_wrap_psa_aead_abort(arg0_operation)
psa_status_t mbedtls_test_wrap_psa_aead_decrypt(
mbedtls_svc_key_id_t arg0_key,
psa_algorithm_t arg1_alg,
const uint8_t *arg2_nonce,
size_t arg3_nonce_length,
const uint8_t *arg4_additional_data,
size_t arg5_additional_data_length,
const uint8_t *arg6_ciphertext,
size_t arg7_ciphertext_length,
uint8_t *arg8_plaintext,
size_t arg9_plaintext_size,
size_t *arg10_plaintext_length);
#define psa_aead_decrypt(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_ciphertext, arg7_ciphertext_length, arg8_plaintext, arg9_plaintext_size, arg10_plaintext_length) \
mbedtls_test_wrap_psa_aead_decrypt(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_ciphertext, arg7_ciphertext_length, arg8_plaintext, arg9_plaintext_size, arg10_plaintext_length)
psa_status_t mbedtls_test_wrap_psa_aead_decrypt_setup(
psa_aead_operation_t *arg0_operation,
mbedtls_svc_key_id_t arg1_key,
psa_algorithm_t arg2_alg);
#define psa_aead_decrypt_setup(arg0_operation, arg1_key, arg2_alg) \
mbedtls_test_wrap_psa_aead_decrypt_setup(arg0_operation, arg1_key, arg2_alg)
psa_status_t mbedtls_test_wrap_psa_aead_encrypt(
mbedtls_svc_key_id_t arg0_key,
psa_algorithm_t arg1_alg,
const uint8_t *arg2_nonce,
size_t arg3_nonce_length,
const uint8_t *arg4_additional_data,
size_t arg5_additional_data_length,
const uint8_t *arg6_plaintext,
size_t arg7_plaintext_length,
uint8_t *arg8_ciphertext,
size_t arg9_ciphertext_size,
size_t *arg10_ciphertext_length);
#define psa_aead_encrypt(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_plaintext, arg7_plaintext_length, arg8_ciphertext, arg9_ciphertext_size, arg10_ciphertext_length) \
mbedtls_test_wrap_psa_aead_encrypt(arg0_key, arg1_alg, arg2_nonce, arg3_nonce_length, arg4_additional_data, arg5_additional_data_length, arg6_plaintext, arg7_plaintext_length, arg8_ciphertext, arg9_ciphertext_size, arg10_ciphertext_length)
psa_status_t mbedtls_test_wrap_psa_aead_encrypt_setup(
psa_aead_operation_t *arg0_operation,
mbedtls_svc_key_id_t arg1_key,
psa_algorithm_t arg2_alg);
#define psa_aead_encrypt_setup(arg0_operation, arg1_key, arg2_alg) \
mbedtls_test_wrap_psa_aead_encrypt_setup(arg0_operation, arg1_key, arg2_alg)
psa_status_t mbedtls_test_wrap_psa_aead_finish(
psa_aead_operation_t *arg0_operation,
uint8_t *arg1_ciphertext,
size_t arg2_ciphertext_size,
size_t *arg3_ciphertext_length,
uint8_t *arg4_tag,
size_t arg5_tag_size,
size_t *arg6_tag_length);
#define psa_aead_finish(arg0_operation, arg1_ciphertext, arg2_ciphertext_size, arg3_ciphertext_length, arg4_tag, arg5_tag_size, arg6_tag_length) \
mbedtls_test_wrap_psa_aead_finish(arg0_operation, arg1_ciphertext, arg2_ciphertext_size, arg3_ciphertext_length, arg4_tag, arg5_tag_size, arg6_tag_length)
psa_status_t mbedtls_test_wrap_psa_aead_generate_nonce(
psa_aead_operation_t *arg0_operation,
uint8_t *arg1_nonce,
size_t arg2_nonce_size,
size_t *arg3_nonce_length);
#define psa_aead_generate_nonce(arg0_operation, arg1_nonce, arg2_nonce_size, arg3_nonce_length) \
mbedtls_test_wrap_psa_aead_generate_nonce(arg0_operation, arg1_nonce, arg2_nonce_size, arg3_nonce_length)
psa_status_t mbedtls_test_wrap_psa_aead_set_lengths(
psa_aead_operation_t *arg0_operation,
size_t arg1_ad_length,
size_t arg2_plaintext_length);
#define psa_aead_set_lengths(arg0_operation, arg1_ad_length, arg2_plaintext_length) \
mbedtls_test_wrap_psa_aead_set_lengths(arg0_operation, arg1_ad_length, arg2_plaintext_length)
psa_status_t mbedtls_test_wrap_psa_aead_set_nonce(
psa_aead_operation_t *arg0_operation,
const uint8_t *arg1_nonce,
size_t arg2_nonce_length);
#define psa_aead_set_nonce(arg0_operation, arg1_nonce, arg2_nonce_length) \
mbedtls_test_wrap_psa_aead_set_nonce(arg0_operation, arg1_nonce, arg2_nonce_length)
psa_status_t mbedtls_test_wrap_psa_aead_update(
psa_aead_operation_t *arg0_operation,
const uint8_t *arg1_input,
size_t arg2_input_length,
uint8_t *arg3_output,
size_t arg4_output_size,
size_t *arg5_output_length);
#define psa_aead_update(arg0_operation, arg1_input, arg2_input_length, arg3_output, arg4_output_size, arg5_output_length) \
mbedtls_test_wrap_psa_aead_update(arg0_operation, arg1_input, arg2_input_length, arg3_output, arg4_output_size, arg5_output_length)
psa_status_t mbedtls_test_wrap_psa_aead_update_ad(
psa_aead_operation_t *arg0_operation,
const uint8_t *arg1_input,
size_t arg2_input_length);
#define psa_aead_update_ad(arg0_operation, arg1_input, arg2_input_length) \
mbedtls_test_wrap_psa_aead_update_ad(arg0_operation, arg1_input, arg2_input_length)
psa_status_t mbedtls_test_wrap_psa_aead_verify(
psa_aead_operation_t *arg0_operation,
uint8_t *arg1_plaintext,
size_t arg2_plaintext_size,
size_t *arg3_plaintext_length,
const uint8_t *arg4_tag,
size_t arg5_tag_length);
#define psa_aead_verify(arg0_operation, arg1_plaintext, arg2_plaintext_size, arg3_plaintext_length, arg4_tag, arg5_tag_length) \
mbedtls_test_wrap_psa_aead_verify(arg0_operation, arg1_plaintext, arg2_plaintext_size, arg3_plaintext_length, arg4_tag, arg5_tag_length)
psa_status_t mbedtls_test_wrap_psa_asymmetric_decrypt(
mbedtls_svc_key_id_t arg0_key,
psa_algorithm_t arg1_alg,
const uint8_t *arg2_input,
size_t arg3_input_length,
const uint8_t *arg4_salt,
size_t arg5_salt_length,
uint8_t *arg6_output,
size_t arg7_output_size,
size_t *arg8_output_length);
#define psa_asymmetric_decrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length) \
mbedtls_test_wrap_psa_asymmetric_decrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length)
psa_status_t mbedtls_test_wrap_psa_asymmetric_encrypt(
mbedtls_svc_key_id_t arg0_key,
psa_algorithm_t arg1_alg,
const uint8_t *arg2_input,
size_t arg3_input_length,
const uint8_t *arg4_salt,
size_t arg5_salt_length,
uint8_t *arg6_output,
size_t arg7_output_size,
size_t *arg8_output_length);
#define psa_asymmetric_encrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length) \
mbedtls_test_wrap_psa_asymmetric_encrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_salt, arg5_salt_length, arg6_output, arg7_output_size, arg8_output_length)
psa_status_t mbedtls_test_wrap_psa_cipher_abort(
psa_cipher_operation_t *arg0_operation);
#define psa_cipher_abort(arg0_operation) \
mbedtls_test_wrap_psa_cipher_abort(arg0_operation)
psa_status_t mbedtls_test_wrap_psa_cipher_decrypt(
mbedtls_svc_key_id_t arg0_key,
psa_algorithm_t arg1_alg,
const uint8_t *arg2_input,
size_t arg3_input_length,
uint8_t *arg4_output,
size_t arg5_output_size,
size_t *arg6_output_length);
#define psa_cipher_decrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length) \
mbedtls_test_wrap_psa_cipher_decrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length)
psa_status_t mbedtls_test_wrap_psa_cipher_decrypt_setup(
psa_cipher_operation_t *arg0_operation,
mbedtls_svc_key_id_t arg1_key,
psa_algorithm_t arg2_alg);
#define psa_cipher_decrypt_setup(arg0_operation, arg1_key, arg2_alg) \
mbedtls_test_wrap_psa_cipher_decrypt_setup(arg0_operation, arg1_key, arg2_alg)
psa_status_t mbedtls_test_wrap_psa_cipher_encrypt(
mbedtls_svc_key_id_t arg0_key,
psa_algorithm_t arg1_alg,
const uint8_t *arg2_input,
size_t arg3_input_length,
uint8_t *arg4_output,
size_t arg5_output_size,
size_t *arg6_output_length);
#define psa_cipher_encrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length) \
mbedtls_test_wrap_psa_cipher_encrypt(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_output, arg5_output_size, arg6_output_length)
psa_status_t mbedtls_test_wrap_psa_cipher_encrypt_setup(
psa_cipher_operation_t *arg0_operation,
mbedtls_svc_key_id_t arg1_key,
psa_algorithm_t arg2_alg);
#define psa_cipher_encrypt_setup(arg0_operation, arg1_key, arg2_alg) \
mbedtls_test_wrap_psa_cipher_encrypt_setup(arg0_operation, arg1_key, arg2_alg)
psa_status_t mbedtls_test_wrap_psa_cipher_finish(
psa_cipher_operation_t *arg0_operation,
uint8_t *arg1_output,
size_t arg2_output_size,
size_t *arg3_output_length);
#define psa_cipher_finish(arg0_operation, arg1_output, arg2_output_size, arg3_output_length) \
mbedtls_test_wrap_psa_cipher_finish(arg0_operation, arg1_output, arg2_output_size, arg3_output_length)
psa_status_t mbedtls_test_wrap_psa_cipher_generate_iv(
psa_cipher_operation_t *arg0_operation,
uint8_t *arg1_iv,
size_t arg2_iv_size,
size_t *arg3_iv_length);
#define psa_cipher_generate_iv(arg0_operation, arg1_iv, arg2_iv_size, arg3_iv_length) \
mbedtls_test_wrap_psa_cipher_generate_iv(arg0_operation, arg1_iv, arg2_iv_size, arg3_iv_length)
psa_status_t mbedtls_test_wrap_psa_cipher_set_iv(
psa_cipher_operation_t *arg0_operation,
const uint8_t *arg1_iv,
size_t arg2_iv_length);
#define psa_cipher_set_iv(arg0_operation, arg1_iv, arg2_iv_length) \
mbedtls_test_wrap_psa_cipher_set_iv(arg0_operation, arg1_iv, arg2_iv_length)
psa_status_t mbedtls_test_wrap_psa_cipher_update(
psa_cipher_operation_t *arg0_operation,
const uint8_t *arg1_input,
size_t arg2_input_length,
uint8_t *arg3_output,
size_t arg4_output_size,
size_t *arg5_output_length);
#define psa_cipher_update(arg0_operation, arg1_input, arg2_input_length, arg3_output, arg4_output_size, arg5_output_length) \
mbedtls_test_wrap_psa_cipher_update(arg0_operation, arg1_input, arg2_input_length, arg3_output, arg4_output_size, arg5_output_length)
psa_status_t mbedtls_test_wrap_psa_copy_key(
mbedtls_svc_key_id_t arg0_source_key,
const psa_key_attributes_t *arg1_attributes,
mbedtls_svc_key_id_t *arg2_target_key);
#define psa_copy_key(arg0_source_key, arg1_attributes, arg2_target_key) \
mbedtls_test_wrap_psa_copy_key(arg0_source_key, arg1_attributes, arg2_target_key)
#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_cipher_suite(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
psa_pake_cipher_suite_t *arg1_cipher_suite);
#define psa_crypto_driver_pake_get_cipher_suite(arg0_inputs, arg1_cipher_suite) \
mbedtls_test_wrap_psa_crypto_driver_pake_get_cipher_suite(arg0_inputs, arg1_cipher_suite)
#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
uint8_t *arg1_buffer,
size_t arg2_buffer_size,
size_t *arg3_buffer_length);
#define psa_crypto_driver_pake_get_password(arg0_inputs, arg1_buffer, arg2_buffer_size, arg3_buffer_length) \
mbedtls_test_wrap_psa_crypto_driver_pake_get_password(arg0_inputs, arg1_buffer, arg2_buffer_size, arg3_buffer_length)
#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password_len(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
size_t *arg1_password_len);
#define psa_crypto_driver_pake_get_password_len(arg0_inputs, arg1_password_len) \
mbedtls_test_wrap_psa_crypto_driver_pake_get_password_len(arg0_inputs, arg1_password_len)
#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
uint8_t *arg1_peer_id,
size_t arg2_peer_id_size,
size_t *arg3_peer_id_length);
#define psa_crypto_driver_pake_get_peer(arg0_inputs, arg1_peer_id, arg2_peer_id_size, arg3_peer_id_length) \
mbedtls_test_wrap_psa_crypto_driver_pake_get_peer(arg0_inputs, arg1_peer_id, arg2_peer_id_size, arg3_peer_id_length)
#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer_len(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
size_t *arg1_peer_len);
#define psa_crypto_driver_pake_get_peer_len(arg0_inputs, arg1_peer_len) \
mbedtls_test_wrap_psa_crypto_driver_pake_get_peer_len(arg0_inputs, arg1_peer_len)
#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
uint8_t *arg1_user_id,
size_t arg2_user_id_size,
size_t *arg3_user_id_len);
#define psa_crypto_driver_pake_get_user(arg0_inputs, arg1_user_id, arg2_user_id_size, arg3_user_id_len) \
mbedtls_test_wrap_psa_crypto_driver_pake_get_user(arg0_inputs, arg1_user_id, arg2_user_id_size, arg3_user_id_len)
#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user_len(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
size_t *arg1_user_len);
#define psa_crypto_driver_pake_get_user_len(arg0_inputs, arg1_user_len) \
mbedtls_test_wrap_psa_crypto_driver_pake_get_user_len(arg0_inputs, arg1_user_len)
#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
psa_status_t mbedtls_test_wrap_psa_crypto_init(void);
#define psa_crypto_init() \
mbedtls_test_wrap_psa_crypto_init()
psa_status_t mbedtls_test_wrap_psa_destroy_key(
mbedtls_svc_key_id_t arg0_key);
#define psa_destroy_key(arg0_key) \
mbedtls_test_wrap_psa_destroy_key(arg0_key)
psa_status_t mbedtls_test_wrap_psa_export_key(
mbedtls_svc_key_id_t arg0_key,
uint8_t *arg1_data,
size_t arg2_data_size,
size_t *arg3_data_length);
#define psa_export_key(arg0_key, arg1_data, arg2_data_size, arg3_data_length) \
mbedtls_test_wrap_psa_export_key(arg0_key, arg1_data, arg2_data_size, arg3_data_length)
psa_status_t mbedtls_test_wrap_psa_export_public_key(
mbedtls_svc_key_id_t arg0_key,
uint8_t *arg1_data,
size_t arg2_data_size,
size_t *arg3_data_length);
#define psa_export_public_key(arg0_key, arg1_data, arg2_data_size, arg3_data_length) \
mbedtls_test_wrap_psa_export_public_key(arg0_key, arg1_data, arg2_data_size, arg3_data_length)
psa_status_t mbedtls_test_wrap_psa_generate_key(
const psa_key_attributes_t *arg0_attributes,
mbedtls_svc_key_id_t *arg1_key);
#define psa_generate_key(arg0_attributes, arg1_key) \
mbedtls_test_wrap_psa_generate_key(arg0_attributes, arg1_key)
psa_status_t mbedtls_test_wrap_psa_generate_key_custom(
const psa_key_attributes_t *arg0_attributes,
const psa_custom_key_parameters_t *arg1_custom,
const uint8_t *arg2_custom_data,
size_t arg3_custom_data_length,
mbedtls_svc_key_id_t *arg4_key);
#define psa_generate_key_custom(arg0_attributes, arg1_custom, arg2_custom_data, arg3_custom_data_length, arg4_key) \
mbedtls_test_wrap_psa_generate_key_custom(arg0_attributes, arg1_custom, arg2_custom_data, arg3_custom_data_length, arg4_key)
psa_status_t mbedtls_test_wrap_psa_generate_key_ext(
const psa_key_attributes_t *arg0_attributes,
const psa_key_production_parameters_t *arg1_params,
size_t arg2_params_data_length,
mbedtls_svc_key_id_t *arg3_key);
#define psa_generate_key_ext(arg0_attributes, arg1_params, arg2_params_data_length, arg3_key) \
mbedtls_test_wrap_psa_generate_key_ext(arg0_attributes, arg1_params, arg2_params_data_length, arg3_key)
psa_status_t mbedtls_test_wrap_psa_generate_random(
uint8_t *arg0_output,
size_t arg1_output_size);
#define psa_generate_random(arg0_output, arg1_output_size) \
mbedtls_test_wrap_psa_generate_random(arg0_output, arg1_output_size)
psa_status_t mbedtls_test_wrap_psa_get_key_attributes(
mbedtls_svc_key_id_t arg0_key,
psa_key_attributes_t *arg1_attributes);
#define psa_get_key_attributes(arg0_key, arg1_attributes) \
mbedtls_test_wrap_psa_get_key_attributes(arg0_key, arg1_attributes)
psa_status_t mbedtls_test_wrap_psa_hash_abort(
psa_hash_operation_t *arg0_operation);
#define psa_hash_abort(arg0_operation) \
mbedtls_test_wrap_psa_hash_abort(arg0_operation)
psa_status_t mbedtls_test_wrap_psa_hash_clone(
const psa_hash_operation_t *arg0_source_operation,
psa_hash_operation_t *arg1_target_operation);
#define psa_hash_clone(arg0_source_operation, arg1_target_operation) \
mbedtls_test_wrap_psa_hash_clone(arg0_source_operation, arg1_target_operation)
psa_status_t mbedtls_test_wrap_psa_hash_compare(
psa_algorithm_t arg0_alg,
const uint8_t *arg1_input,
size_t arg2_input_length,
const uint8_t *arg3_hash,
size_t arg4_hash_length);
#define psa_hash_compare(arg0_alg, arg1_input, arg2_input_length, arg3_hash, arg4_hash_length) \
mbedtls_test_wrap_psa_hash_compare(arg0_alg, arg1_input, arg2_input_length, arg3_hash, arg4_hash_length)
psa_status_t mbedtls_test_wrap_psa_hash_compute(
psa_algorithm_t arg0_alg,
const uint8_t *arg1_input,
size_t arg2_input_length,
uint8_t *arg3_hash,
size_t arg4_hash_size,
size_t *arg5_hash_length);
#define psa_hash_compute(arg0_alg, arg1_input, arg2_input_length, arg3_hash, arg4_hash_size, arg5_hash_length) \
mbedtls_test_wrap_psa_hash_compute(arg0_alg, arg1_input, arg2_input_length, arg3_hash, arg4_hash_size, arg5_hash_length)
psa_status_t mbedtls_test_wrap_psa_hash_finish(
psa_hash_operation_t *arg0_operation,
uint8_t *arg1_hash,
size_t arg2_hash_size,
size_t *arg3_hash_length);
#define psa_hash_finish(arg0_operation, arg1_hash, arg2_hash_size, arg3_hash_length) \
mbedtls_test_wrap_psa_hash_finish(arg0_operation, arg1_hash, arg2_hash_size, arg3_hash_length)
psa_status_t mbedtls_test_wrap_psa_hash_setup(
psa_hash_operation_t *arg0_operation,
psa_algorithm_t arg1_alg);
#define psa_hash_setup(arg0_operation, arg1_alg) \
mbedtls_test_wrap_psa_hash_setup(arg0_operation, arg1_alg)
psa_status_t mbedtls_test_wrap_psa_hash_update(
psa_hash_operation_t *arg0_operation,
const uint8_t *arg1_input,
size_t arg2_input_length);
#define psa_hash_update(arg0_operation, arg1_input, arg2_input_length) \
mbedtls_test_wrap_psa_hash_update(arg0_operation, arg1_input, arg2_input_length)
psa_status_t mbedtls_test_wrap_psa_hash_verify(
psa_hash_operation_t *arg0_operation,
const uint8_t *arg1_hash,
size_t arg2_hash_length);
#define psa_hash_verify(arg0_operation, arg1_hash, arg2_hash_length) \
mbedtls_test_wrap_psa_hash_verify(arg0_operation, arg1_hash, arg2_hash_length)
psa_status_t mbedtls_test_wrap_psa_import_key(
const psa_key_attributes_t *arg0_attributes,
const uint8_t *arg1_data,
size_t arg2_data_length,
mbedtls_svc_key_id_t *arg3_key);
#define psa_import_key(arg0_attributes, arg1_data, arg2_data_length, arg3_key) \
mbedtls_test_wrap_psa_import_key(arg0_attributes, arg1_data, arg2_data_length, arg3_key)
psa_status_t mbedtls_test_wrap_psa_key_derivation_abort(
psa_key_derivation_operation_t *arg0_operation);
#define psa_key_derivation_abort(arg0_operation) \
mbedtls_test_wrap_psa_key_derivation_abort(arg0_operation)
psa_status_t mbedtls_test_wrap_psa_key_derivation_get_capacity(
const psa_key_derivation_operation_t *arg0_operation,
size_t *arg1_capacity);
#define psa_key_derivation_get_capacity(arg0_operation, arg1_capacity) \
mbedtls_test_wrap_psa_key_derivation_get_capacity(arg0_operation, arg1_capacity)
psa_status_t mbedtls_test_wrap_psa_key_derivation_input_bytes(
psa_key_derivation_operation_t *arg0_operation,
psa_key_derivation_step_t arg1_step,
const uint8_t *arg2_data,
size_t arg3_data_length);
#define psa_key_derivation_input_bytes(arg0_operation, arg1_step, arg2_data, arg3_data_length) \
mbedtls_test_wrap_psa_key_derivation_input_bytes(arg0_operation, arg1_step, arg2_data, arg3_data_length)
psa_status_t mbedtls_test_wrap_psa_key_derivation_input_integer(
psa_key_derivation_operation_t *arg0_operation,
psa_key_derivation_step_t arg1_step,
uint64_t arg2_value);
#define psa_key_derivation_input_integer(arg0_operation, arg1_step, arg2_value) \
mbedtls_test_wrap_psa_key_derivation_input_integer(arg0_operation, arg1_step, arg2_value)
psa_status_t mbedtls_test_wrap_psa_key_derivation_input_key(
psa_key_derivation_operation_t *arg0_operation,
psa_key_derivation_step_t arg1_step,
mbedtls_svc_key_id_t arg2_key);
#define psa_key_derivation_input_key(arg0_operation, arg1_step, arg2_key) \
mbedtls_test_wrap_psa_key_derivation_input_key(arg0_operation, arg1_step, arg2_key)
psa_status_t mbedtls_test_wrap_psa_key_derivation_key_agreement(
psa_key_derivation_operation_t *arg0_operation,
psa_key_derivation_step_t arg1_step,
mbedtls_svc_key_id_t arg2_private_key,
const uint8_t *arg3_peer_key,
size_t arg4_peer_key_length);
#define psa_key_derivation_key_agreement(arg0_operation, arg1_step, arg2_private_key, arg3_peer_key, arg4_peer_key_length) \
mbedtls_test_wrap_psa_key_derivation_key_agreement(arg0_operation, arg1_step, arg2_private_key, arg3_peer_key, arg4_peer_key_length)
psa_status_t mbedtls_test_wrap_psa_key_derivation_output_bytes(
psa_key_derivation_operation_t *arg0_operation,
uint8_t *arg1_output,
size_t arg2_output_length);
#define psa_key_derivation_output_bytes(arg0_operation, arg1_output, arg2_output_length) \
mbedtls_test_wrap_psa_key_derivation_output_bytes(arg0_operation, arg1_output, arg2_output_length)
psa_status_t mbedtls_test_wrap_psa_key_derivation_output_key(
const psa_key_attributes_t *arg0_attributes,
psa_key_derivation_operation_t *arg1_operation,
mbedtls_svc_key_id_t *arg2_key);
#define psa_key_derivation_output_key(arg0_attributes, arg1_operation, arg2_key) \
mbedtls_test_wrap_psa_key_derivation_output_key(arg0_attributes, arg1_operation, arg2_key)
psa_status_t mbedtls_test_wrap_psa_key_derivation_output_key_custom(
const psa_key_attributes_t *arg0_attributes,
psa_key_derivation_operation_t *arg1_operation,
const psa_custom_key_parameters_t *arg2_custom,
const uint8_t *arg3_custom_data,
size_t arg4_custom_data_length,
mbedtls_svc_key_id_t *arg5_key);
#define psa_key_derivation_output_key_custom(arg0_attributes, arg1_operation, arg2_custom, arg3_custom_data, arg4_custom_data_length, arg5_key) \
mbedtls_test_wrap_psa_key_derivation_output_key_custom(arg0_attributes, arg1_operation, arg2_custom, arg3_custom_data, arg4_custom_data_length, arg5_key)
psa_status_t mbedtls_test_wrap_psa_key_derivation_output_key_ext(
const psa_key_attributes_t *arg0_attributes,
psa_key_derivation_operation_t *arg1_operation,
const psa_key_production_parameters_t *arg2_params,
size_t arg3_params_data_length,
mbedtls_svc_key_id_t *arg4_key);
#define psa_key_derivation_output_key_ext(arg0_attributes, arg1_operation, arg2_params, arg3_params_data_length, arg4_key) \
mbedtls_test_wrap_psa_key_derivation_output_key_ext(arg0_attributes, arg1_operation, arg2_params, arg3_params_data_length, arg4_key)
psa_status_t mbedtls_test_wrap_psa_key_derivation_set_capacity(
psa_key_derivation_operation_t *arg0_operation,
size_t arg1_capacity);
#define psa_key_derivation_set_capacity(arg0_operation, arg1_capacity) \
mbedtls_test_wrap_psa_key_derivation_set_capacity(arg0_operation, arg1_capacity)
psa_status_t mbedtls_test_wrap_psa_key_derivation_setup(
psa_key_derivation_operation_t *arg0_operation,
psa_algorithm_t arg1_alg);
#define psa_key_derivation_setup(arg0_operation, arg1_alg) \
mbedtls_test_wrap_psa_key_derivation_setup(arg0_operation, arg1_alg)
psa_status_t mbedtls_test_wrap_psa_mac_abort(
psa_mac_operation_t *arg0_operation);
#define psa_mac_abort(arg0_operation) \
mbedtls_test_wrap_psa_mac_abort(arg0_operation)
psa_status_t mbedtls_test_wrap_psa_mac_compute(
mbedtls_svc_key_id_t arg0_key,
psa_algorithm_t arg1_alg,
const uint8_t *arg2_input,
size_t arg3_input_length,
uint8_t *arg4_mac,
size_t arg5_mac_size,
size_t *arg6_mac_length);
#define psa_mac_compute(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_mac, arg5_mac_size, arg6_mac_length) \
mbedtls_test_wrap_psa_mac_compute(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_mac, arg5_mac_size, arg6_mac_length)
psa_status_t mbedtls_test_wrap_psa_mac_sign_finish(
psa_mac_operation_t *arg0_operation,
uint8_t *arg1_mac,
size_t arg2_mac_size,
size_t *arg3_mac_length);
#define psa_mac_sign_finish(arg0_operation, arg1_mac, arg2_mac_size, arg3_mac_length) \
mbedtls_test_wrap_psa_mac_sign_finish(arg0_operation, arg1_mac, arg2_mac_size, arg3_mac_length)
psa_status_t mbedtls_test_wrap_psa_mac_sign_setup(
psa_mac_operation_t *arg0_operation,
mbedtls_svc_key_id_t arg1_key,
psa_algorithm_t arg2_alg);
#define psa_mac_sign_setup(arg0_operation, arg1_key, arg2_alg) \
mbedtls_test_wrap_psa_mac_sign_setup(arg0_operation, arg1_key, arg2_alg)
psa_status_t mbedtls_test_wrap_psa_mac_update(
psa_mac_operation_t *arg0_operation,
const uint8_t *arg1_input,
size_t arg2_input_length);
#define psa_mac_update(arg0_operation, arg1_input, arg2_input_length) \
mbedtls_test_wrap_psa_mac_update(arg0_operation, arg1_input, arg2_input_length)
psa_status_t mbedtls_test_wrap_psa_mac_verify(
mbedtls_svc_key_id_t arg0_key,
psa_algorithm_t arg1_alg,
const uint8_t *arg2_input,
size_t arg3_input_length,
const uint8_t *arg4_mac,
size_t arg5_mac_length);
#define psa_mac_verify(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_mac, arg5_mac_length) \
mbedtls_test_wrap_psa_mac_verify(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_mac, arg5_mac_length)
psa_status_t mbedtls_test_wrap_psa_mac_verify_finish(
psa_mac_operation_t *arg0_operation,
const uint8_t *arg1_mac,
size_t arg2_mac_length);
#define psa_mac_verify_finish(arg0_operation, arg1_mac, arg2_mac_length) \
mbedtls_test_wrap_psa_mac_verify_finish(arg0_operation, arg1_mac, arg2_mac_length)
psa_status_t mbedtls_test_wrap_psa_mac_verify_setup(
psa_mac_operation_t *arg0_operation,
mbedtls_svc_key_id_t arg1_key,
psa_algorithm_t arg2_alg);
#define psa_mac_verify_setup(arg0_operation, arg1_key, arg2_alg) \
mbedtls_test_wrap_psa_mac_verify_setup(arg0_operation, arg1_key, arg2_alg)
#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_abort(
psa_pake_operation_t *arg0_operation);
#define psa_pake_abort(arg0_operation) \
mbedtls_test_wrap_psa_pake_abort(arg0_operation)
#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_get_implicit_key(
psa_pake_operation_t *arg0_operation,
psa_key_derivation_operation_t *arg1_output);
#define psa_pake_get_implicit_key(arg0_operation, arg1_output) \
mbedtls_test_wrap_psa_pake_get_implicit_key(arg0_operation, arg1_output)
#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_input(
psa_pake_operation_t *arg0_operation,
psa_pake_step_t arg1_step,
const uint8_t *arg2_input,
size_t arg3_input_length);
#define psa_pake_input(arg0_operation, arg1_step, arg2_input, arg3_input_length) \
mbedtls_test_wrap_psa_pake_input(arg0_operation, arg1_step, arg2_input, arg3_input_length)
#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_output(
psa_pake_operation_t *arg0_operation,
psa_pake_step_t arg1_step,
uint8_t *arg2_output,
size_t arg3_output_size,
size_t *arg4_output_length);
#define psa_pake_output(arg0_operation, arg1_step, arg2_output, arg3_output_size, arg4_output_length) \
mbedtls_test_wrap_psa_pake_output(arg0_operation, arg1_step, arg2_output, arg3_output_size, arg4_output_length)
#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_set_password_key(
psa_pake_operation_t *arg0_operation,
mbedtls_svc_key_id_t arg1_password);
#define psa_pake_set_password_key(arg0_operation, arg1_password) \
mbedtls_test_wrap_psa_pake_set_password_key(arg0_operation, arg1_password)
#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_set_peer(
psa_pake_operation_t *arg0_operation,
const uint8_t *arg1_peer_id,
size_t arg2_peer_id_len);
#define psa_pake_set_peer(arg0_operation, arg1_peer_id, arg2_peer_id_len) \
mbedtls_test_wrap_psa_pake_set_peer(arg0_operation, arg1_peer_id, arg2_peer_id_len)
#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_set_role(
psa_pake_operation_t *arg0_operation,
psa_pake_role_t arg1_role);
#define psa_pake_set_role(arg0_operation, arg1_role) \
mbedtls_test_wrap_psa_pake_set_role(arg0_operation, arg1_role)
#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_set_user(
psa_pake_operation_t *arg0_operation,
const uint8_t *arg1_user_id,
size_t arg2_user_id_len);
#define psa_pake_set_user(arg0_operation, arg1_user_id, arg2_user_id_len) \
mbedtls_test_wrap_psa_pake_set_user(arg0_operation, arg1_user_id, arg2_user_id_len)
#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_setup(
psa_pake_operation_t *arg0_operation,
const psa_pake_cipher_suite_t *arg1_cipher_suite);
#define psa_pake_setup(arg0_operation, arg1_cipher_suite) \
mbedtls_test_wrap_psa_pake_setup(arg0_operation, arg1_cipher_suite)
#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
psa_status_t mbedtls_test_wrap_psa_purge_key(
mbedtls_svc_key_id_t arg0_key);
#define psa_purge_key(arg0_key) \
mbedtls_test_wrap_psa_purge_key(arg0_key)
psa_status_t mbedtls_test_wrap_psa_raw_key_agreement(
psa_algorithm_t arg0_alg,
mbedtls_svc_key_id_t arg1_private_key,
const uint8_t *arg2_peer_key,
size_t arg3_peer_key_length,
uint8_t *arg4_output,
size_t arg5_output_size,
size_t *arg6_output_length);
#define psa_raw_key_agreement(arg0_alg, arg1_private_key, arg2_peer_key, arg3_peer_key_length, arg4_output, arg5_output_size, arg6_output_length) \
mbedtls_test_wrap_psa_raw_key_agreement(arg0_alg, arg1_private_key, arg2_peer_key, arg3_peer_key_length, arg4_output, arg5_output_size, arg6_output_length)
psa_status_t mbedtls_test_wrap_psa_sign_hash(
mbedtls_svc_key_id_t arg0_key,
psa_algorithm_t arg1_alg,
const uint8_t *arg2_hash,
size_t arg3_hash_length,
uint8_t *arg4_signature,
size_t arg5_signature_size,
size_t *arg6_signature_length);
#define psa_sign_hash(arg0_key, arg1_alg, arg2_hash, arg3_hash_length, arg4_signature, arg5_signature_size, arg6_signature_length) \
mbedtls_test_wrap_psa_sign_hash(arg0_key, arg1_alg, arg2_hash, arg3_hash_length, arg4_signature, arg5_signature_size, arg6_signature_length)
psa_status_t mbedtls_test_wrap_psa_sign_hash_abort(
psa_sign_hash_interruptible_operation_t *arg0_operation);
#define psa_sign_hash_abort(arg0_operation) \
mbedtls_test_wrap_psa_sign_hash_abort(arg0_operation)
psa_status_t mbedtls_test_wrap_psa_sign_hash_complete(
psa_sign_hash_interruptible_operation_t *arg0_operation,
uint8_t *arg1_signature,
size_t arg2_signature_size,
size_t *arg3_signature_length);
#define psa_sign_hash_complete(arg0_operation, arg1_signature, arg2_signature_size, arg3_signature_length) \
mbedtls_test_wrap_psa_sign_hash_complete(arg0_operation, arg1_signature, arg2_signature_size, arg3_signature_length)
psa_status_t mbedtls_test_wrap_psa_sign_hash_start(
psa_sign_hash_interruptible_operation_t *arg0_operation,
mbedtls_svc_key_id_t arg1_key,
psa_algorithm_t arg2_alg,
const uint8_t *arg3_hash,
size_t arg4_hash_length);
#define psa_sign_hash_start(arg0_operation, arg1_key, arg2_alg, arg3_hash, arg4_hash_length) \
mbedtls_test_wrap_psa_sign_hash_start(arg0_operation, arg1_key, arg2_alg, arg3_hash, arg4_hash_length)
psa_status_t mbedtls_test_wrap_psa_sign_message(
mbedtls_svc_key_id_t arg0_key,
psa_algorithm_t arg1_alg,
const uint8_t *arg2_input,
size_t arg3_input_length,
uint8_t *arg4_signature,
size_t arg5_signature_size,
size_t *arg6_signature_length);
#define psa_sign_message(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_signature, arg5_signature_size, arg6_signature_length) \
mbedtls_test_wrap_psa_sign_message(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_signature, arg5_signature_size, arg6_signature_length)
psa_status_t mbedtls_test_wrap_psa_verify_hash(
mbedtls_svc_key_id_t arg0_key,
psa_algorithm_t arg1_alg,
const uint8_t *arg2_hash,
size_t arg3_hash_length,
const uint8_t *arg4_signature,
size_t arg5_signature_length);
#define psa_verify_hash(arg0_key, arg1_alg, arg2_hash, arg3_hash_length, arg4_signature, arg5_signature_length) \
mbedtls_test_wrap_psa_verify_hash(arg0_key, arg1_alg, arg2_hash, arg3_hash_length, arg4_signature, arg5_signature_length)
psa_status_t mbedtls_test_wrap_psa_verify_hash_abort(
psa_verify_hash_interruptible_operation_t *arg0_operation);
#define psa_verify_hash_abort(arg0_operation) \
mbedtls_test_wrap_psa_verify_hash_abort(arg0_operation)
psa_status_t mbedtls_test_wrap_psa_verify_hash_complete(
psa_verify_hash_interruptible_operation_t *arg0_operation);
#define psa_verify_hash_complete(arg0_operation) \
mbedtls_test_wrap_psa_verify_hash_complete(arg0_operation)
psa_status_t mbedtls_test_wrap_psa_verify_hash_start(
psa_verify_hash_interruptible_operation_t *arg0_operation,
mbedtls_svc_key_id_t arg1_key,
psa_algorithm_t arg2_alg,
const uint8_t *arg3_hash,
size_t arg4_hash_length,
const uint8_t *arg5_signature,
size_t arg6_signature_length);
#define psa_verify_hash_start(arg0_operation, arg1_key, arg2_alg, arg3_hash, arg4_hash_length, arg5_signature, arg6_signature_length) \
mbedtls_test_wrap_psa_verify_hash_start(arg0_operation, arg1_key, arg2_alg, arg3_hash, arg4_hash_length, arg5_signature, arg6_signature_length)
psa_status_t mbedtls_test_wrap_psa_verify_message(
mbedtls_svc_key_id_t arg0_key,
psa_algorithm_t arg1_alg,
const uint8_t *arg2_input,
size_t arg3_input_length,
const uint8_t *arg4_signature,
size_t arg5_signature_length);
#define psa_verify_message(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_signature, arg5_signature_length) \
mbedtls_test_wrap_psa_verify_message(arg0_key, arg1_alg, arg2_input, arg3_input_length, arg4_signature, arg5_signature_length)
#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_TEST_HOOKS) && \
!defined(RECORD_PSA_STATUS_COVERAGE_LOG) */
#ifdef __cplusplus
}
#endif
#endif /* TEST_PSA_TEST_WRAPPERS_H */
/* End of automatically generated file. */

8
tests/scripts/check-generated-files.sh
View File

@@ -126,6 +126,7 @@ check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bi
check framework/scripts/generate_config_tests.py $(framework/scripts/generate_config_tests.py --list)
check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list)
check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list)
check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c
check framework/scripts/generate_test_keys.py tests/include/test/test_keys.h
check scripts/generate_driver_wrappers.py $library_dir/psa_crypto_driver_wrappers.h $library_dir/psa_crypto_driver_wrappers_no_static.c
@@ -135,7 +136,7 @@ if in_mbedtls_repo; then
check scripts/generate_query_config.pl programs/test/query_config.c
check scripts/generate_features.pl library/version_features.c
check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
check framework/scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh
check scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh
check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh
check framework/scripts/generate_test_cert_macros.py tests/include/test/test_certs.h
# generate_visualc_files enumerates source files (library/*.c). It doesn't
@@ -143,8 +144,3 @@ if in_mbedtls_repo; then
# the step that creates or updates these files.
check scripts/generate_visualc_files.pl visualc/VS2017
fi
# Generated files that are present in the repository even in the development
# branch. (This is intended to be temporary, until the generator scripts are
# fully reviewed and the build scripts support a generated header file.)
check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c

42
tests/scripts/components-compiler.sh
View File

@@ -172,3 +172,45 @@ component_test_zeroize () {
done
done
}
# This originated from an issue (https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/665) found
# in GCM when the library is built with GCC "10.0 <= version <= 14.2" on platforms other than
# x86 and ARM64.
component_test_tf_psa_crypto_optimized_alignment() {
msg "build: verify alignment with O3 optimizations in GCC"
# Disable optimizations for x86 (and ARM64) so that alignment related problems in
# "alignment.h" can be tested also on standard PC.
scripts/config.py unset MBEDTLS_AESNI_C
scripts/config.py unset MBEDTLS_AESCE_C
# "-O3" is the optimization level that causes issues: the compiler tries to
# optimize operations order and if memory dependencies are not respected
# (as it happens in issue tf-psa-crypto#665) this completely messes up results.
EXTRA_C_FLAGS="-O3"
# Forcedly ignore "MBEDTLS_EFFICIENT_UNALIGNED_ACCESS" on x86 so that we
# can test the problematic case, i.e. the case where uint64 integers are
# accessed through "mbedtls_uint64_unaligned_t" structs.
EXTRA_C_FLAGS="$EXTRA_C_FLAGS -DMBEDTLS_ALIGNMENT_DISABLE_EFFICENT_UNALIGNED_ACCESS"
# Adding '-g3' flag doesn't affect testing, BUT it allows to dump the generated
# assembly code for "gcm.o" module for inspection. To do this use the
# following command:
# > objdump -S --disassemble out_of_source_build/drivers/builtin/CMakeFiles/builtin.dir/src/gcm.c.o > gcm.s
# A file named "gcm.s" will be generated containing a mix of C and corresponding
# assembly code.
EXTRA_C_FLAGS="$EXTRA_C_FLAGS -g3"
make CC=gcc CFLAGS="$EXTRA_C_FLAGS"
msg "test: verify alignment with O3 optimizations in GCC"
make test
}
support_test_tf_psa_crypto_optimized_alignment() {
case $(gcc -dumpfullversion 2>/dev/null) in
""|?.*) false;; # too old
10.*|11.*|12.*|13.*) true;;
14.[012].*) true;;
*) false;; # too recent
esac
}

1389
tests/src/psa_test_wrappers.c
View File

File diff suppressed because it is too large Load Diff

100
tests/ssl-opt.sh
View File

@@ -10925,6 +10925,7 @@ run_test "DTLS reassembly: some fragmentation (gnutls server)" \
"$P_CLI dtls=1 debug_level=2" \
0 \
-c "found fragmented DTLS handshake message" \
-c "Certificate handshake message has been buffered and reassembled" \
-C "error"
requires_gnutls
@@ -10934,6 +10935,8 @@ run_test "DTLS reassembly: more fragmentation (gnutls server)" \
"$P_CLI dtls=1 debug_level=2" \
0 \
-c "found fragmented DTLS handshake message" \
-c "Certificate handshake message has been buffered and reassembled" \
-c "ServerKeyExchange handshake message has been buffered and reassembled" \
-C "error"
requires_gnutls
@@ -10943,6 +10946,8 @@ run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \
"$P_CLI dtls=1 nbio=2 debug_level=2" \
0 \
-c "found fragmented DTLS handshake message" \
-c "Certificate handshake message has been buffered and reassembled" \
-c "ServerKeyExchange handshake message has been buffered and reassembled" \
-C "error"
requires_gnutls
@@ -10953,6 +10958,7 @@ run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \
"$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \
0 \
-c "found fragmented DTLS handshake message" \
-c "Certificate handshake message has been buffered and reassembled" \
-c "client hello, adding renegotiation extension" \
-c "found renegotiation extension" \
-c "=> renegotiate" \
@@ -10968,6 +10974,7 @@ run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \
"$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \
0 \
-c "found fragmented DTLS handshake message" \
-c "Certificate handshake message has been buffered and reassembled" \
-c "client hello, adding renegotiation extension" \
-c "found renegotiation extension" \
-c "=> renegotiate" \
@@ -10983,20 +10990,17 @@ run_test "DTLS reassembly: no fragmentation (openssl server)" \
-C "found fragmented DTLS handshake message" \
-C "error"
# Minimum possible MTU for OpenSSL server: 256 bytes.
# We expect the server Certificate handshake to be fragmented and verify that
# this is the case. Depending on the configuration, other handshake messages may
# also be fragmented.
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: some fragmentation (openssl server)" \
"$O_SRV -dtls -mtu 256" \
"$P_CLI dtls=1 debug_level=2" \
0 \
-c "found fragmented DTLS handshake message" \
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: more fragmentation (openssl server)" \
run_test "DTLS reassembly: fragmentation (openssl server)" \
"$O_SRV -dtls -mtu 256" \
"$P_CLI dtls=1 debug_level=2" \
0 \
-c "found fragmented DTLS handshake message" \
-c "Certificate handshake message has been buffered and reassembled" \
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
@@ -11005,6 +11009,7 @@ run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \
"$P_CLI dtls=1 nbio=2 debug_level=2" \
0 \
-c "found fragmented DTLS handshake message" \
-c "Certificate handshake message has been buffered and reassembled" \
-C "error"
# Tests for sending fragmented handshake messages with DTLS
@@ -11673,7 +11678,7 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
key_file=$DATA_FILES_PATH/server8.key \
mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
-c "fragmenting Certificate handshake message" \
-C "error"
# We use --insecure for the GnuTLS client because it expects
@@ -11695,7 +11700,7 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
mtu=512 force_version=dtls12" \
"$G_CLI -u --insecure 127.0.0.1" \
0 \
-s "fragmenting handshake message"
-s "fragmenting Certificate handshake message"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
@@ -11707,7 +11712,7 @@ run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
key_file=$DATA_FILES_PATH/server8.key \
mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
-c "fragmenting Certificate handshake message" \
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
@@ -11720,7 +11725,7 @@ run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
mtu=512 force_version=dtls12" \
"$O_CLI -dtls1_2" \
0 \
-s "fragmenting handshake message"
-s "fragmenting Certificate handshake message"
# interop tests for DTLS fragmentating with unreliable connection
#
@@ -11739,7 +11744,7 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
-c "fragmenting Certificate handshake message" \
-C "error"
requires_gnutls_next
@@ -11755,7 +11760,7 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
"$G_NEXT_CLI -u --insecure 127.0.0.1" \
0 \
-s "fragmenting handshake message"
-s "fragmenting Certificate handshake message"
## The test below requires 1.1.1a or higher version of openssl, otherwise
## it might trigger a bug due to openssl server (https://github.com/openssl/openssl/issues/6902)
@@ -11772,7 +11777,7 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
-c "fragmenting Certificate handshake message" \
-C "error"
## the test below will time out with certain seed.
@@ -11790,7 +11795,7 @@ run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
"$O_CLI -dtls1_2" \
0 \
-s "fragmenting handshake message"
-s "fragmenting Certificate handshake message"
# Tests for DTLS-SRTP (RFC 5764)
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -12507,9 +12512,9 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on client" \
hs_timeout=2500-60000" \
0 \
-c "Buffering HS message" \
-c "Next handshake message has been buffered - load"\
-c "Certificate handshake message has been buffered$"\
-S "Buffering HS message" \
-S "Next handshake message has been buffered - load"\
-S "handshake message has been buffered"\
-C "Injecting buffered CCS message" \
-C "Remember CCS message" \
-S "Injecting buffered CCS message" \
@@ -12527,9 +12532,9 @@ run_test "DTLS reordering: Buffer out-of-order handshake message fragment on
-c "Buffering HS message" \
-c "found fragmented DTLS handshake message"\
-c "Next handshake message 1 not or only partially buffered" \
-c "Next handshake message has been buffered - load"\
-c "Certificate handshake message has been buffered and reassembled"\
-S "Buffering HS message" \
-S "Next handshake message has been buffered - load"\
-S "handshake message has been buffered" \
-C "Injecting buffered CCS message" \
-C "Remember CCS message" \
-S "Injecting buffered CCS message" \
@@ -12550,10 +12555,11 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex
hs_timeout=2500-60000" \
0 \
-c "Buffering HS message" \
-c "Next handshake message has been buffered - load"\
-c "Certificate handshake message has been buffered and reassembled"\
-c "ServerKeyExchange handshake message has been buffered$"\
-C "attempt to make space by freeing buffered messages" \
-S "Buffering HS message" \
-S "Next handshake message has been buffered - load"\
-S "handshake message has been buffered" \
-C "Injecting buffered CCS message" \
-C "Remember CCS message" \
-S "Injecting buffered CCS message" \
@@ -12577,7 +12583,7 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex
-c "attempt to make space by freeing buffered future messages" \
-c "Enough space available after freeing buffered HS messages" \
-S "Buffering HS message" \
-S "Next handshake message has been buffered - load"\
-S "handshake message has been buffered" \
-C "Injecting buffered CCS message" \
-C "Remember CCS message" \
-S "Injecting buffered CCS message" \
@@ -12593,9 +12599,9 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on server" \
hs_timeout=2500-60000" \
0 \
-C "Buffering HS message" \
-C "Next handshake message has been buffered - load"\
-C "handshake message has been buffered" \
-s "Buffering HS message" \
-s "Next handshake message has been buffered - load" \
-s "ClientKeyExchange handshake message has been buffered$" \
-C "Injecting buffered CCS message" \
-C "Remember CCS message" \
-S "Injecting buffered CCS message" \
@@ -12612,9 +12618,9 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on client"\
hs_timeout=2500-60000" \
0 \
-C "Buffering HS message" \
-C "Next handshake message has been buffered - load"\
-C "handshake message has been buffered" \
-S "Buffering HS message" \
-S "Next handshake message has been buffered - load" \
-S "handshake message has been buffered" \
-c "Injecting buffered CCS message" \
-c "Remember CCS message" \
-S "Injecting buffered CCS message" \
@@ -12630,9 +12636,9 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on server"\
hs_timeout=2500-60000" \
0 \
-C "Buffering HS message" \
-C "Next handshake message has been buffered - load"\
-C "handshake message has been buffered" \
-S "Buffering HS message" \
-S "Next handshake message has been buffered - load" \
-S "handshake message has been buffered" \
-C "Injecting buffered CCS message" \
-C "Remember CCS message" \
-s "Injecting buffered CCS message" \
@@ -12868,10 +12874,11 @@ not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl server, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_NEXT_SRV -dtls1_2 -mtu 768" \
"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \
"$O_NEXT_SRV -dtls1_2 -mtu 256" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 tickets=0" \
0 \
-c "HTTP/1.0 200 OK"
-c "HTTP/1.0 200 OK" \
-c "Certificate handshake message has been buffered and reassembled"
requires_openssl_next
client_needs_more_time 8
@@ -12879,10 +12886,11 @@ not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_NEXT_SRV -dtls1_2 -mtu 768" \
"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \
"$O_NEXT_SRV -dtls1_2 -mtu 256" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2 tickets=0" \
0 \
-c "HTTP/1.0 200 OK"
-c "HTTP/1.0 200 OK" \
-c "Certificate handshake message has been buffered and reassembled"
requires_gnutls
client_needs_more_time 6
@@ -12903,10 +12911,11 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_NEXT_SRV -u --mtu 512" \
"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000" \
0 \
-s "Extra-header:" \
-c "Extra-header:"
-c "Extra-header:" \
-c "Certificate handshake message has been buffered and reassembled"
requires_gnutls_next
client_needs_more_time 8
@@ -12915,10 +12924,11 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_NEXT_SRV -u --mtu 512" \
"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2" \
0 \
-s "Extra-header:" \
-c "Extra-header:"
-c "Extra-header:" \
-c "Certificate handshake message has been buffered and reassembled"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "export keys functionality" \
@@ -14793,16 +14803,6 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth
# Most test cases are in opt-testcases/handshake-generated.sh
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello (unsupported)" \
"$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
1 \
-s "The SSL configuration is tls12 only" \
-s "bad client hello message" \
-s "SSL - A message could not be parsed due to a syntactic error"
# Test server-side buffer resizing with fragmented handshake on TLS1.2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH

34
tests/suites/test_suite_debug.data
View File

@@ -1,12 +1,46 @@
printf "%" MBEDTLS_PRINTF_SIZET, 0
printf_int_expr:PRINTF_SIZET:sizeof(size_t):0:"0"
printf "%" MBEDTLS_PRINTF_SIZET, 1 byte
printf_int_expr:PRINTF_SIZET:sizeof(size_t):42:"42"
printf "%" MBEDTLS_PRINTF_SIZET, 4 bytes
printf_int_expr:PRINTF_SIZET:sizeof(size_t):0xfedcba98:"4275878552"
printf "%" MBEDTLS_PRINTF_SIZET, 8 bytes
depends_on:SIZE_MAX>=0xffffffffffffffff
printf_int_expr:PRINTF_SIZET:sizeof(size_t):0xfedcba9876543210:"18364758544493064720"
printf "%" MBEDTLS_PRINTF_LONGLONG, 0
printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0:"0"
printf "%" MBEDTLS_PRINTF_LONGLONG, 1 byte
printf_int_expr:PRINTF_LONGLONG:sizeof(long long):42:"42"
printf "%" MBEDTLS_PRINTF_LONGLONG, 4 bytes
printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0xfedcba98:"4275878552"
printf "%" MBEDTLS_PRINTF_LONGLONG, 8 bytes
printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0x7edcba9876543210:"9141386507638288912"
printf "%" MBEDTLS_PRINTF_LONGLONG, 8 bytes, negative
printf_int_expr:PRINTF_LONGLONG:sizeof(long long):-0x7edcba9876543210:"-9141386507638288912"
printf "%" MBEDTLS_PRINTF_MS_TIME, 0
printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0:"0"
printf "%" MBEDTLS_PRINTF_MS_TIME, 1 byte
printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):42:"42"
printf "%" MBEDTLS_PRINTF_MS_TIME, 4 bytes
printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0xfedcba98:"4275878552"
printf "%" MBEDTLS_PRINTF_MS_TIME, 8 bytes
printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0x7edcba9876543210:"9141386507638288912"
printf "%" MBEDTLS_PRINTF_MS_TIME, 8 bytes, negative
printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):-0x7edcba9876543210:"-9141386507638288912"
Debug print msg (threshold 1, level 0)
debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n"

90
tests/suites/test_suite_pkwrite.function
View File

@@ -66,15 +66,59 @@ static int pk_write_any_key(mbedtls_pk_context *pk, unsigned char **p,
return 0;
}
static int pk_write_check_context(mbedtls_pk_context *key,
int is_public_key, int is_der,
unsigned char *check_buf, size_t check_buf_len)
{
int ret = -1;
unsigned char *buf = NULL;
int expected_error = is_der ?
MBEDTLS_ERR_ASN1_BUF_TOO_SMALL :
MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
/* Test with:
* - buffer too small (all sizes)
* - buffer exactly the right size
* - buffer a bit larger - DER functions should write to the end of the
* buffer, and we can only tell the difference with a larger buffer
*/
for (size_t buf_size = 1; buf_size <= check_buf_len + 2; buf_size++) {
mbedtls_free(buf);
buf = NULL;
TEST_CALLOC(buf, buf_size);
unsigned char *start_buf = buf;
size_t out_len = buf_size;
int expected_result = buf_size < check_buf_len ? expected_error : 0;
mbedtls_test_set_step(buf_size);
TEST_EQUAL(pk_write_any_key(key, &start_buf, &out_len, is_public_key,
is_der), expected_result);
if (expected_result == 0) {
TEST_MEMORY_COMPARE(start_buf, out_len, check_buf, check_buf_len);
if (is_der) {
/* Data should be at the end of the buffer */
TEST_ASSERT(start_buf + out_len == buf + buf_size);
}
}
}
ret = 0;
exit:
mbedtls_free(buf);
return ret;
}
static void pk_write_check_common(char *key_file, int is_public_key, int is_der)
{
mbedtls_pk_context key;
mbedtls_pk_init(&key);
unsigned char *buf = NULL;
unsigned char *check_buf = NULL;
unsigned char *start_buf;
size_t buf_len, check_buf_len;
int expected_result;
size_t check_buf_len;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t opaque_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
@@ -100,8 +144,6 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der)
}
TEST_ASSERT(check_buf_len > 0);
TEST_CALLOC(buf, check_buf_len);
if (is_public_key) {
TEST_EQUAL(mbedtls_pk_parse_public_keyfile(&key, key_file), 0);
} else {
@@ -109,28 +151,14 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der)
mbedtls_test_rnd_std_rand, NULL), 0);
}
start_buf = buf;
buf_len = check_buf_len;
if (is_der) {
expected_result = MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
} else {
expected_result = MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
if (pk_write_check_context(&key, is_public_key, is_der,
check_buf, check_buf_len) != 0) {
goto exit;
}
/* Intentionally pass a wrong size for the provided output buffer and check
* that the writing functions fails as expected. */
for (size_t i = 1; i < buf_len; i++) {
TEST_EQUAL(pk_write_any_key(&key, &start_buf, &i, is_public_key,
is_der), expected_result);
}
TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key,
is_der), 0);
TEST_MEMORY_COMPARE(start_buf, buf_len, check_buf, check_buf_len);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Verify that pk_write works also for opaque private keys */
if (!is_public_key) {
memset(buf, 0, check_buf_len);
/* Turn the key PK context into an opaque one.
* Note: set some practical usage for the key to make get_psa_attributes() happy. */
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&key, PSA_KEY_USAGE_SIGN_MESSAGE, &key_attr), 0);
@@ -138,18 +166,11 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der)
mbedtls_pk_free(&key);
mbedtls_pk_init(&key);
TEST_EQUAL(mbedtls_pk_setup_opaque(&key, opaque_id), 0);
start_buf = buf;
buf_len = check_buf_len;
/* Intentionally pass a wrong size for the provided output buffer and check
* that the writing functions fails as expected. */
for (size_t i = 1; i < buf_len; i++) {
TEST_EQUAL(pk_write_any_key(&key, &start_buf, &i, is_public_key,
is_der), expected_result);
}
TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key,
is_der), 0);
TEST_MEMORY_COMPARE(start_buf, buf_len, check_buf, check_buf_len);
if (pk_write_check_context(&key, is_public_key, is_der,
check_buf, check_buf_len) != 0) {
goto exit;
}
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -157,7 +178,6 @@ exit:
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key(opaque_id);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_free(buf);
mbedtls_free(check_buf);
mbedtls_pk_free(&key);
USE_PSA_DONE();