TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-05-08 18:54:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10517 from valeriosetti/issue10460

Browse Source 
Remove use of pk_debug()
This commit is contained in:
Valerio Setti
2026-01-09 15:22:13 +00:00
committed by GitHub
parent 193401cce1 fdccbbb91f
commit f7173e4389
6 changed files with 155 additions and 417 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
include/mbedtls/debug.h
View File

@@ -28,14 +28,12 @@
#define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) \
mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len)
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if !defined(MBEDTLS_X509_REMOVE_INFO)
#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \
mbedtls_debug_print_crt(ssl, level, __FILE__, __LINE__, text, crt)
#else
#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) do { } while (0)
#endif /* MBEDTLS_X509_REMOVE_INFO */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_INFO */
#else /* MBEDTLS_DEBUG_C */
@@ -90,10 +88,12 @@
#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900)
#include <inttypes.h>
#define MBEDTLS_PRINTF_SIZET PRIuPTR
#define MBEDTLS_PRINTF_SIZET_HEX PRIxPTR
#define MBEDTLS_PRINTF_LONGLONG "I64d"
#else \
/* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */
#define MBEDTLS_PRINTF_SIZET "zu"
#define MBEDTLS_PRINTF_SIZET_HEX "zx"
#define MBEDTLS_PRINTF_LONGLONG "lld"
#endif \
/* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */

381
library/debug.c
View File

@@ -112,325 +112,94 @@ void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level,
debug_send_line(ssl, level, file, line, str);
}
#define MBEDTLS_DEBUG_PRINT_BUF_NO_TEXT 0
#define MBEDTLS_DEBUG_PRINT_BUF_ADD_TEXT 1
static void mbedtls_debug_print_buf_one_line(char *out_buf, size_t out_size,
const unsigned char *in_buf, size_t in_size,
int add_text)
{
char txt[17] = { 0 };
size_t i, idx = 0;
for (i = 0; i < 16; i++) {
if (i < in_size) {
idx += mbedtls_snprintf(out_buf + idx, out_size - idx, " %02x",
(unsigned int) in_buf[i]);
txt[i] = (in_buf[i] > 31 && in_buf[i] < 127) ? in_buf[i] : '.';
} else {
/* Just add spaces until the end of the line */
idx += mbedtls_snprintf(out_buf + idx, out_size - idx, " ");
}
}
if (add_text) {
idx += mbedtls_snprintf(out_buf + idx, out_size - idx, " %s", txt);
}
mbedtls_snprintf(out_buf + idx, out_size - idx, "\n");
}
static void mbedtls_debug_print_buf_ext(const mbedtls_ssl_context *ssl, int level,
const char *file, int line, const char *text,
const unsigned char *buf, size_t len,
int add_text)
{
char str[DEBUG_BUF_SIZE] = { 0 };
size_t curr_offset = 0, idx = 0, chunk_len;
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold) {
return;
}
mbedtls_snprintf(str, sizeof(str), "dumping '%s' (%" MBEDTLS_PRINTF_SIZET " bytes)\n",
text, len);
debug_send_line(ssl, level, file, line, str);
while (len > 0) {
memset(str, 0, sizeof(str));
idx = mbedtls_snprintf(str, sizeof(str), "%04" MBEDTLS_PRINTF_SIZET_HEX ": ", curr_offset);
chunk_len = (len >= 16) ? 16 : len;
mbedtls_debug_print_buf_one_line(str + idx, sizeof(str) - idx,
&buf[curr_offset], chunk_len,
add_text);
debug_send_line(ssl, level, file, line, str);
curr_offset += 16;
len -= chunk_len;
}
}
void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level,
const char *file, int line, const char *text,
const unsigned char *buf, size_t len)
{
char str[DEBUG_BUF_SIZE];
char txt[17];
size_t i, idx = 0;
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold) {
return;
}
mbedtls_snprintf(str + idx, sizeof(str) - idx, "dumping '%s' (%u bytes)\n",
text, (unsigned int) len);
debug_send_line(ssl, level, file, line, str);
memset(txt, 0, sizeof(txt));
for (i = 0; i < len; i++) {
if (i >= 4096) {
break;
}
if (i % 16 == 0) {
if (i > 0) {
mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt);
debug_send_line(ssl, level, file, line, str);
idx = 0;
memset(txt, 0, sizeof(txt));
}
idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, "%04x: ",
(unsigned int) i);
}
idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x",
(unsigned int) buf[i]);
txt[i % 16] = (buf[i] > 31 && buf[i] < 127) ? buf[i] : '.';
}
if (len > 0) {
for (/* i = i */; i % 16 != 0; i++) {
idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " ");
}
mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt);
debug_send_line(ssl, level, file, line, str);
}
mbedtls_debug_print_buf_ext(ssl, level, file, line, text, buf, len,
MBEDTLS_DEBUG_PRINT_BUF_ADD_TEXT);
}
#if defined(MBEDTLS_BIGNUM_C)
void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_mpi *X)
{
char str[DEBUG_BUF_SIZE];
size_t bitlen;
size_t idx = 0;
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
NULL == X ||
level > debug_threshold) {
return;
}
bitlen = mbedtls_mpi_bitlen(X);
mbedtls_snprintf(str, sizeof(str), "value of '%s' (%u bits) is:\n",
text, (unsigned) bitlen);
debug_send_line(ssl, level, file, line, str);
if (bitlen == 0) {
str[0] = ' '; str[1] = '0'; str[2] = '0';
idx = 3;
} else {
int n;
for (n = (int) ((bitlen - 1) / 8); n >= 0; n--) {
size_t limb_offset = n / sizeof(mbedtls_mpi_uint);
size_t offset_in_limb = n % sizeof(mbedtls_mpi_uint);
unsigned char octet =
(X->p[limb_offset] >> (offset_in_limb * 8)) & 0xff;
mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", octet);
idx += 3;
/* Wrap lines after 16 octets that each take 3 columns */
if (idx >= 3 * 16) {
mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
debug_send_line(ssl, level, file, line, str);
idx = 0;
}
}
}
if (idx != 0) {
mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
debug_send_line(ssl, level, file, line, str);
}
}
#endif /* MBEDTLS_BIGNUM_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
static void mbedtls_debug_print_integer(const mbedtls_ssl_context *ssl, int level,
const char *file, int line, const char *text,
const unsigned char *buf, size_t bitlen)
{
char str[DEBUG_BUF_SIZE];
size_t i, len_bytes = PSA_BITS_TO_BYTES(bitlen), idx = 0;
mbedtls_snprintf(str + idx, sizeof(str) - idx, "value of '%s' (%u bits) is:\n",
text, (unsigned int) bitlen);
debug_send_line(ssl, level, file, line, str);
for (i = 0; i < len_bytes; i++) {
if (i >= 4096) {
break;
}
if (i % 16 == 0) {
if (i > 0) {
mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
debug_send_line(ssl, level, file, line, str);
idx = 0;
}
}
idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x",
(unsigned int) buf[i]);
}
if (len_bytes > 0) {
mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
debug_send_line(ssl, level, file, line, str);
}
}
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_pk_context *pk)
{
char str[DEBUG_BUF_SIZE];
const uint8_t *coord_start;
size_t coord_len;
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold) {
return;
}
/* For the description of pk->pk_raw content please refer to the description
* psa_export_public_key() function. */
coord_len = (pk->pub_raw_len - 1)/2;
/* X coordinate */
coord_start = pk->pub_raw + 1;
mbedtls_snprintf(str, sizeof(str), "%s(X)", text);
mbedtls_debug_print_integer(ssl, level, file, line, str, coord_start, coord_len * 8);
/* Y coordinate */
coord_start = coord_start + coord_len;
mbedtls_snprintf(str, sizeof(str), "%s(Y)", text);
mbedtls_debug_print_integer(ssl, level, file, line, str, coord_start, coord_len * 8);
}
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
static size_t debug_count_valid_bits(unsigned char **buf, size_t len)
{
size_t i, bits;
/* Ignore initial null bytes (if any). */
while ((len > 0) && (**buf == 0x00)) {
(*buf)++;
len--;
}
if (len == 0) {
return 0;
}
bits = len * 8;
/* Ignore initial null bits (if any). */
for (i = 7; i > 0; i--) {
if ((**buf & (0x1 << i)) != 0) {
break;
}
bits--;
}
return bits;
}
static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_pk_context *pk)
{
char str[DEBUG_BUF_SIZE];
/* no-check-names will be removed in mbedtls#10229. */
unsigned char key_der[MBEDTLS_PK_MAX_RSA_PUBKEY_RAW_LEN]; //no-check-names
unsigned char *start_cur;
unsigned char *end_cur;
size_t len, bits;
int ret;
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold) {
return;
}
if (pk->pub_raw_len > sizeof(key_der)) {
snprintf(str, sizeof(str),
"RSA public key too large: %" MBEDTLS_PRINTF_SIZET " > %" MBEDTLS_PRINTF_SIZET,
pk->pub_raw_len, sizeof(key_der));
debug_send_line(ssl, level, file, line, str);
return;
}
memcpy(key_der, pk->pub_raw, pk->pub_raw_len);
start_cur = key_der;
end_cur = key_der + pk->pub_raw_len;
/* This integer parsing solution should be replaced with mbedtls_asn1_get_integer().
* See #10238. */
ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len,
MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED);
if (ret != 0) {
return;
}
ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len, MBEDTLS_ASN1_INTEGER);
if (ret != 0) {
return;
}
bits = debug_count_valid_bits(&start_cur, len);
if (bits == 0) {
return;
}
len = PSA_BITS_TO_BYTES(bits);
mbedtls_snprintf(str, sizeof(str), "%s.N", text);
mbedtls_debug_print_integer(ssl, level, file, line, str, start_cur, bits);
start_cur += len;
ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len, MBEDTLS_ASN1_INTEGER);
if (ret != 0) {
return;
}
bits = debug_count_valid_bits(&start_cur, len);
if (bits == 0) {
return;
}
mbedtls_snprintf(str, sizeof(str), "%s.E", text);
mbedtls_debug_print_integer(ssl, level, file, line, str, start_cur, bits);
}
#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
#if defined(MBEDTLS_PK_WRITE_C)
static void debug_print_pk(const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_pk_context *pk)
{
size_t i;
mbedtls_pk_debug_item items[MBEDTLS_PK_DEBUG_MAX_ITEMS];
char name[16];
unsigned char buf[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
size_t buf_len;
int ret;
memset(items, 0, sizeof(items));
if (mbedtls_pk_debug(pk, items) != 0) {
debug_send_line(ssl, level, file, line,
"invalid PK context\n");
return;
}
for (i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++) {
if (items[i].type == MBEDTLS_PK_DEBUG_NONE) {
return;
}
mbedtls_snprintf(name, sizeof(name), "%s%s", text, items[i].name);
name[sizeof(name) - 1] = '\0';
#if defined(MBEDTLS_RSA_C)
if (items[i].type == MBEDTLS_PK_DEBUG_MPI) {
mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value);
} else
#endif /* MBEDTLS_RSA_C */
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
if (items[i].type == MBEDTLS_PK_DEBUG_PSA_RSA) {
mbedtls_debug_print_psa_rsa(ssl, level, file, line, name, items[i].value);
} else
#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
if (items[i].type == MBEDTLS_PK_DEBUG_PSA_EC) {
mbedtls_debug_print_psa_ec(ssl, level, file, line, name, items[i].value);
} else
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
{ debug_send_line(ssl, level, file, line,
"should not happen\n"); }
ret = mbedtls_pk_write_pubkey_psa(pk, buf, sizeof(buf), &buf_len);
if (ret == 0) {
mbedtls_debug_print_buf_ext(ssl, level, file, line, text, buf, buf_len,
MBEDTLS_DEBUG_PRINT_BUF_NO_TEXT);
} else {
mbedtls_debug_print_msg(ssl, level, file, line,
"failed to export public key from PK context");
}
}
#endif /* MBEDTLS_PK_WRITE_C */
static void debug_print_line_by_line(const mbedtls_ssl_context *ssl, int level,
const char *file, int line, const char *text)
@@ -480,7 +249,9 @@ void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level,
mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt);
debug_print_line_by_line(ssl, level, file, line, buf);
debug_print_pk(ssl, level, file, line, "crt->", &crt->pk);
#if defined(MBEDTLS_PK_WRITE_C)
debug_print_pk(ssl, level, file, line, "crt->PK", &crt->pk);
#endif /* MBEDTLS_PK_WRITE_C */
crt = crt->next;
}

20
library/debug_internal.h
View File

@@ -71,26 +71,6 @@ void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level,
const char *file, int line, const char *text,
const unsigned char *buf, size_t len);
#if defined(MBEDTLS_BIGNUM_C)
/**
* \brief Print a MPI variable to the debug output.
*
* \param ssl SSL context
* \param level error level of the debug message
* \param file file the error has occurred in
* \param line line number the error has occurred in
* \param text a name or label for the MPI being output. Normally the
* variable name
* \param X the MPI variable
*
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_mpi *X);
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
/**
* \brief Print a X.509 certificate structure to the debug output. This

85
tests/scripts/components-configuration-crypto.sh
View File

@@ -9,6 +9,8 @@
#### Configuration Testing - Crypto
################################################################
CMAKE_BUILTIN_BUILD_DIR="tf-psa-crypto/drivers/builtin/CMakeFiles/builtin.dir/src"
component_test_psa_crypto_key_id_encodes_owner () {
msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
scripts/config.py full
@@ -234,10 +236,12 @@ component_test_psa_external_rng_no_drbg_use_psa () {
scripts/config.py unset MBEDTLS_CTR_DRBG_C
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Requires HMAC_DRBG
$MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites"
$MAKE_COMMAND test
make test
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)"
tests/ssl-opt.sh -f 'Default\|opaque'
@@ -250,10 +254,12 @@ component_test_psa_external_rng_use_psa_crypto () {
scripts/config.py unset MBEDTLS_CTR_DRBG_C
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
$MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED"
$MAKE_COMMAND test
make test
msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED"
tests/ssl-opt.sh -f 'Default\|opaque'
@@ -266,14 +272,36 @@ component_full_no_pkparse_pkwrite () {
scripts/config.py unset MBEDTLS_PK_PARSE_C
scripts/config.py unset MBEDTLS_PK_WRITE_C
$MAKE_COMMAND CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
# Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config).
not grep mbedtls_pk_parse_key ${BUILTIN_SRC_PATH}/pkparse.o
not grep mbedtls_pk_write_key_der ${BUILTIN_SRC_PATH}/pkwrite.o
msg "test: full without pkparse and pkwrite"
$MAKE_COMMAND test
make test
}
component_full_no_pkwrite () {
msg "build: full without pkwrite"
# Using "full" config here instead of "crypto_full" as in "component_full_no_pkparse_pkwrite"
# because here we would like to run "test_suite_debug" test cases.
scripts/config.py full
scripts/config.py unset MBEDTLS_PK_WRITE_C
# Disable modules that depend on PK_WRITE_C
scripts/config.py unset MBEDTLS_X509_CRT_WRITE_C
scripts/config.py unset MBEDTLS_X509_CSR_WRITE_C
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
# Ensure that PK_WRITE_C was not re-enabled accidentally (additive config).
not grep mbedtls_pk_write_key_der ${BUILTIN_SRC_PATH}/pkwrite.o
msg "test: full without pkwrite"
make test
}
component_test_crypto_full_md_light_only () {
@@ -293,14 +321,15 @@ component_test_crypto_full_md_light_only () {
# Note: MD-light is auto-enabled in build_info.h by modules that need it,
# which we haven't disabled, so no need to explicitly enable it.
$MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
# Make sure we don't have the HMAC functions, but the hashing functions
not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o
grep mbedtls_md ${BUILTIN_SRC_PATH}/md.o
not grep mbedtls_md_hmac ${CMAKE_BUILTIN_BUILD_DIR}/md.c.o
grep mbedtls_md ${CMAKE_BUILTIN_BUILD_DIR}/md.c.o
msg "test: crypto_full with only the light subset of MD"
$MAKE_COMMAND test
make test
}
component_test_full_no_cipher () {
@@ -436,10 +465,11 @@ component_test_everest_curve25519_only () {
scripts/config.py unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$"
scripts/config.py set PSA_WANT_ECC_MONTGOMERY_255
$MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: Everest ECDH context, only Curve25519" # ~ 50s
$MAKE_COMMAND test
make test
}
component_test_psa_collect_statuses () {
@@ -1266,7 +1296,8 @@ component_test_tfm_config_p256m_driver_accel_ec () {
common_tfm_config
# Build crypto library
$MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../framework/tests/include/spe" LDFLAGS="$ASAN_CFLAGS"
CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../framework/tests/include/spe" cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
@@ -1285,7 +1316,7 @@ component_test_tfm_config_p256m_driver_accel_ec () {
# Run the tests
msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
$MAKE_COMMAND test
make test
}
# Keep this in sync with component_test_tfm_config_p256m_driver_accel_ec() as
@@ -1333,10 +1364,11 @@ build_and_test_psa_want_key_pair_partial () {
# crypto_config.h so we just disable the one we don't want.
scripts/config.py unset "$disabled_psa_want"
$MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: $base_config - ${disabled_psa_want}"
$MAKE_COMMAND test
make test
}
component_test_psa_ecc_key_pair_no_derive () {
@@ -1861,10 +1893,12 @@ component_test_aead_chachapoly_disabled () {
msg "build: full minus CHACHAPOLY"
scripts/config.py full
scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305
$MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: full minus CHACHAPOLY"
$MAKE_COMMAND test
make test
}
component_test_aead_only_ccm () {
@@ -1872,10 +1906,12 @@ component_test_aead_only_ccm () {
scripts/config.py full
scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305
scripts/config.py unset PSA_WANT_ALG_GCM
$MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: full minus CHACHAPOLY and GCM"
$MAKE_COMMAND test
make test
}
component_test_ccm_aes_sha256 () {
@@ -2322,13 +2358,14 @@ component_test_psa_crypto_drivers () {
# config_adjust_test_accelerators.h for more information.
msg "build: full + test drivers dispatching to builtins"
scripts/config.py full
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS"
loc_cflags="${loc_cflags} -I../framework/tests/include"
loc_cflags="-DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS"
loc_cflags="${loc_cflags} -I../framework/tests/include -I${MBEDTLS_ROOT_DIR}/include"
$MAKE_COMMAND CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
CC=$ASAN_CC CFLAGS="${loc_cflags}" cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: full + test drivers dispatching to builtins"
$MAKE_COMMAND test
make test
}
component_build_psa_config_file () {

39
tests/suites/test_suite_debug.data
View File

@@ -46,31 +46,20 @@ mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A
Debug print buffer #5
mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n"
Debug print mbedtls_mpi: 0 (empty representation)
mbedtls_debug_print_mpi:"":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n"
Debug print mbedtls_mpi: 0 (non-empty representation)
mbedtls_debug_print_mpi:"00000000000000":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n"
Debug print mbedtls_mpi #2: 3 bits
mbedtls_debug_print_mpi:"00000000000007":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (3 bits) is\:\nMyFile(0999)\: 07\n"
Debug print mbedtls_mpi: 49 bits
mbedtls_debug_print_mpi:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n"
Debug print mbedtls_mpi: 759 bits
mbedtls_debug_print_mpi:"0000000000000000000000000000000000000000000000000000000041379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (759 bits) is\:\nMyFile(0999)\: 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a 14\nMyFile(0999)\: 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90 ff\nMyFile(0999)\: e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c 09\nMyFile(0999)\: 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89 af\nMyFile(0999)\: 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b 52\nMyFile(0999)\: 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
Debug print mbedtls_mpi: 764 bits #1
mbedtls_debug_print_mpi:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
Debug print mbedtls_mpi: 764 bits #2
mbedtls_debug_print_mpi:"0000000000000000000000000000000000000000000000000000000941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
Debug print certificate #1 (RSA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO
mbedtls_debug_print_crt:"../framework/data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_PK_WRITE_C
mbedtls_debug_print_crt:"../framework/data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: dumping 'crt->PK' (270 bytes)\nMyFile(0999)\: 0000\: 30 82 01 0a 02 82 01 01 00 a9 02 1f 3d 40 6a d5\nMyFile(0999)\: 0010\: 55 53 8b fd 36 ee 82 65 2e 15 61 5e 89 bf b8 e8\nMyFile(0999)\: 0020\: 45 90 db ee 88 16 52 d3 f1 43 50 47 96 12 59 64\nMyFile(0999)\: 0030\: 87 6b fd 2b e0 46 f9 73 be dd cf 92 e1 91 5b ed\nMyFile(0999)\: 0040\: 66 a0 6f 89 29 79 45 80 d0 83 6a d5 41 43 77 5f\nMyFile(0999)\: 0050\: 39 7c 09 04 47 82 b0 57 39 70 ed a3 ec 15 19 1e\nMyFile(0999)\: 0060\: a8 33 08 47 c1 05 42 a9 fd 4c c3 b4 df dd 06 1f\nMyFile(0999)\: 0070\: 4d 10 51 40 67 73 13 0f 40 f8 6d 81 25 5f 0a b1\nMyFile(0999)\: 0080\: 53 c6 30 7e 15 39 ac f9 5a ee 7f 92 9e a6 05 5b\nMyFile(0999)\: 0090\: e7 13 97 85 b5 23 92 d9 d4 24 06 d5 09 25 89 75\nMyFile(0999)\: 00a0\: 07 dd a6 1a 8f 3f 09 19 be ad 65 2c 64 eb 95 9b\nMyFile(0999)\: 00b0\: dc fe 41 5e 17 a6 da 6c 5b 69 cc 02 ba 14 2c 16\nMyFile(0999)\: 00c0\: 24 9c 4a dc cd d0 f7 52 67 73 f1 2d a0 23 fd 7e\nMyFile(0999)\: 00d0\: f4 31 ca 2d 70 ca 89 0b 04 db 2e a6 4f 70 6e 9e\nMyFile(0999)\: 00e0\: ce bd 58 89 e2 53 59 9e 6e 5a 92 65 e2 88 3f 0c\nMyFile(0999)\: 00f0\: 94 19 a3 dd e5 e8 9d 95 13 ed 29 db ab 70 12 dc\nMyFile(0999)\: 0100\: 5a ca 6b 17 ab 52 82 54 b1 02 03 01 00 01 \n"
# Same as above, but with !MBEDTLS_PK_WRITE_C
Debug print certificate #1.1 (RSA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO:!MBEDTLS_PK_WRITE_C
mbedtls_debug_print_crt:"../framework/data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\n"
Debug print certificate #2 (EC)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO
mbedtls_debug_print_crt:"../framework/data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_PK_WRITE_C
mbedtls_debug_print_crt:"../framework/data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: dumping 'crt->PK' (97 bytes)\nMyFile(0999)\: 0000\: 04 c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29\nMyFile(0999)\: 0010\: 43 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91\nMyFile(0999)\: 0020\: 95 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c\nMyFile(0999)\: 0030\: 2d 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e\nMyFile(0999)\: 0040\: 58 b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7\nMyFile(0999)\: 0050\: 47 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33\nMyFile(0999)\: 0060\: 1e \n"
# Same as above, but with !MBEDTLS_PK_WRITE_C
Debug print certificate #2.1 (EC)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO:!MBEDTLS_PK_WRITE_C
mbedtls_debug_print_crt:"../framework/data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\n"

39
tests/suites/test_suite_debug.function
View File

@@ -283,42 +283,3 @@ exit:
MD_OR_USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C:MBEDTLS_BIGNUM_C */
void mbedtls_debug_print_mpi(char *value, char *file, int line,
char *prefix, char *result_str)
{
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
struct buffer_data buffer;
mbedtls_mpi val;
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_mpi_init(&val);
MD_OR_USE_PSA_INIT();
memset(buffer.buf, 0, 2000);
buffer.ptr = buffer.buf;
TEST_EQUAL(mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT),
0);
mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
TEST_ASSERT(mbedtls_test_read_mpi(&val, value) == 0);
mbedtls_debug_print_mpi(&ssl, 0, file, line, prefix, &val);
TEST_ASSERT(strcmp(buffer.buf, result_str) == 0);
exit:
mbedtls_mpi_free(&val);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
MD_OR_USE_PSA_DONE();
}
/* END_CASE */